@pigondrugs.bsky.social
I sheer alpacas and try to defend the internet from malware
~Microsoft~
A novel backdoor, SesameOp, abuses the OpenAI Assistants API for covert command and control communications.
-
IOCs: Trojan:MSIL/Sesameop. A, Backdoor:MSIL/Sesameop. A
-
#C2 #OpenAI #SesameOp #ThreatIntel
~Sentinelone~
Spearphishing campaign uses a fake Cloudflare captcha to deliver a multi-stage WebSocket RAT to NGOs and government entities in Ukraine.
-
IOCs: bsnowcommunications. com, zoomconference. app, 193. 233. 23. 81
-
...
~Checkpoint~
Generative AI drastically reduces reverse engineering time for the complex XLoader malware from days to hours.
-
IOCs: taxi-in[. ]online, taskcomputer[. ]xyz, synergydrop[. ]xyz
-
#AI #Malware #ThreatIntel #XLoader
Seems like redishell is being exploited now
seen in the wild.
196.251.70.)215
401120
#redishell #exploit #reverseshell
~Checkpoint~
Multiple vulnerabilities in Windows GDI, including a critical RCE (CVE-2025-53766), are exploitable via crafted EMF files.
-
IOCs: CVE-2025-53766, CVE-2025-30388, CVE-2025-47984
-
#RCE #ThreatIntel #Windows
~Socket~
Experts debunk an MIT-linked report claiming 80% of ransomware is AI-driven, citing a lack of evidence and vendor bias.
-
IOCs: (None identified)
-
#AI #Ransomware #ThreatIntel
~Paloalto~
A new attack technique allows a malicious AI agent to inject covert instructions into a trusted cross-agent communication session, leading to data exfiltration or unauthorized actions.
-
IOCs: (None identified)
-
...
~Socket~
The Ruby core team, led by creator Matz, is assuming stewardship of RubyGems and Bundler following a governance dispute.
-
IOCs: (None identified)
-
#OpenSource #Ruby #RubyGems #ThreatIntel
~Microsoft~
AI is accelerating cyberattack speed and scale, forcing a strategic shift from prevention to building organizational resilience.
-
IOCs: (None identified)
-
#CISO #CyberResilience #ThreatIntel
~Microsoft~
Microsoft announces unified identity/endpoint sensors and enhanced ITDR capabilities to combat the rise in identity-based attacks.
-
IOCs: (None identified)
-
#ITDR #IdentitySecurity #ThreatIntel
~Microsoft~
Nation-state actors are leveraging generative AI for advanced attacks, introducing new threats like prompt injection, data poisoning, and evasion.
-
IOCs: (None identified)
-
#AI #CyberSecurity #ThreatIntel
~Sophos~
BRONZE BUTLER exploits CVE-2025-61932 in LANSCOPE software, deploying Gokcpdoor & Havoc C2 backdoors for data theft.
-
IOCs: 38. 54. 56. 57, 38. 54. 88. 172, 38. 54. 56. 10
-
#BronzeButler #CVE202561932 #ThreatIntel
~Cisa~
CISA adds actively exploited XWiki (CVE-2025-24893) and VMware (CVE-2025-41244) vulnerabilities to its KEV catalog.
-
IOCs: CVE-2025-24893, CVE-2025-41244
-
#CISA #ThreatIntel #Vulnerability
~Cisa~
CISA released two new ICS advisories for vulnerabilities in ISO 15118-2 and Hitachi Energy TropOS.
-
IOCs: (None identified)
-
#CISA #ICS #ThreatIntel
~Varonis~
A stealthy technique using AWS VPC endpoints and CloudTrail events could expose the Account ID of any S3 bucket owner without leaving logs on the target.
-
IOCs: (None identified)
-
#AWS #CloudSecurity #ThreatIntel
~Cisa~
CISA and partners released new best practices to harden on-premises Exchange servers against persistent threats.
-
IOCs: (None identified)
-
#Exchange #Hardening #ThreatIntel
~Socket~
10 typosquatted npm packages deploy a multi-stage, cross-platform credential harvester via obfuscated payloads.
-
IOCs: 195. 133. 79. 43
-
#Malware #SupplyChain #ThreatIntel #npm
~Sophos~
Attackers are exploiting a critical WSUS vulnerability (CVE-2025-59287) to exfiltrate Active Directory user lists and network data.
-
IOCs: CVE-2025-59287
-
#CVE202559287 #ThreatIntel #WSUS
~Paloalto~
New Airstalk malware used by suspected nation-state actor in a supply chain attack to steal browser data.
-
IOCs: (None identified)
-
#Airstalk #SupplyChain #ThreatIntel
~Cofense~
Attackers exploit major service outages for phishing campaigns, highlighting the critical need for a multi-layered defense strategy.
-
IOCs: (None identified)
-
#CyberResilience #Phishing #ThreatIntel
~Anyrun~
Attackers abuse trusted cloud services (Figma, ClickUp) for phishing, while new LockBit 5.0 ransomware targets ESXi/Linux systems.
-
IOCs: satoshicommands. com, 188. 114. 97. 3, microlambda. blob. core. windows. net
-
...
~Trendmicro~
Trend Vision One integrates with NVIDIA BlueField DPUs for hardware-accelerated security in AI infrastructure without performance impact.
-
IOCs: (None identified)
-
#AISecurity #NVIDIA #ThreatIntel
~Socket~
Socket launches Socket Firewall Enterprise to provide configurable protection against software supply chain attacks for developers.
-
IOCs: (None identified)
-
#DevSecOps #SupplyChain #ThreatIntel
~Mandiant~
Stolen credentials are a top initial access vector, requiring a defense-in-depth PAM strategy with tiering, JIT/JEA, and advanced behavioral monitoring.
-
IOCs: (None identified)
-
#IdentitySecurity #PAM #ThreatIntel
~Cisa~
CISA released three new ICS advisories impacting Schneider Electric and Vertikal Systems products.
-
IOCs: (None identified)
-
#CISA #ICS #ThreatIntel
~Cisa~
CISA adds two actively exploited Dassault Systèmes DELMIA Apriso vulnerabilities to its KEV catalog, urging immediate remediation.
-
IOCs: CVE-2025-6204, CVE-2025-6205
-
#CISA #KEV #ThreatIntel #Vulnerability
~Varonis~
Atroposia is a new, easy-to-use RAT sold on underground forums with stealth remote access, credential theft, and DNS hijacking capabilities.
-
IOCs: (None identified)
-
#Atroposia #RAT #ThreatIntel
~Elastic~
Monitoring TOR exit node activity is critical for detecting anonymized reconnaissance, C2 channels, and data exfiltration attempts.
-
IOCs: (None identified)
-
#TOR #ThreatDetection #ThreatIntel
