marktsec
@marktsec.bsky.social
💫Threat Intel💫 Automation💫 Threat Analysis 💫OSINT💫 Testing 💫Network Security💫
https://github.com/marktsec
https://github.com/marktsec
Detection Artifact Generator for FortiWeb Authentication Bypass
github.com/watchtowrlab...
github.com/watchtowrlab...
GitHub - watchtowrlabs/watchTowr-vs-Fortiweb-AuthBypass
Contribute to watchtowrlabs/watchTowr-vs-Fortiweb-AuthBypass development by creating an account on GitHub.
github.com
November 14, 2025 at 6:59 AM
Detection Artifact Generator for FortiWeb Authentication Bypass
github.com/watchtowrlab...
github.com/watchtowrlab...
Operation Endgame - The actions targeted one of the biggest infostealer Rhadamanthys, the Remote Access Trojan VenomRAT, and the botnet Elysium.
November 13, 2025 at 12:47 PM
Operation Endgame - The actions targeted one of the biggest infostealer Rhadamanthys, the Remote Access Trojan VenomRAT, and the botnet Elysium.
Rhadamanthys infostealer disrupted as cybercriminals lose server access
www.bleepingcomputer.com/news/securit...
www.bleepingcomputer.com/news/securit...
Rhadamanthys infostealer disrupted as cybercriminals lose server access
The Rhadamanthys infostealer operation has been disrupted, with numerous "customers" of the malware-as-a-service reporting that they no longer have access to their servers.
www.bleepingcomputer.com
November 12, 2025 at 3:41 PM
Rhadamanthys infostealer disrupted as cybercriminals lose server access
www.bleepingcomputer.com/news/securit...
www.bleepingcomputer.com/news/securit...
Phishing kit targeting MS login pages
intelinsights.substack.com/p/intel-drop...
intelinsights.substack.com/p/intel-drop...
Intel Drops #4
Phishing kit targeting MS login pages
intelinsights.substack.com
November 10, 2025 at 2:02 PM
Phishing kit targeting MS login pages
intelinsights.substack.com/p/intel-drop...
intelinsights.substack.com/p/intel-drop...
November 9, 2025 at 11:55 AM
Phishing Campaigns “I Paid Twice” Targeting Booking.com Hotels and Customers
blog.sekoia.io/phishing-cam...
blog.sekoia.io/phishing-cam...
Booking.com
November 8, 2025 at 7:42 PM
Phishing Campaigns “I Paid Twice” Targeting Booking.com Hotels and Customers
blog.sekoia.io/phishing-cam...
blog.sekoia.io/phishing-cam...
Meta is earning a fortune on a deluge of fraudulent ads, documents show
www.reuters.com/investigatio...
www.reuters.com/investigatio...
Meta is earning a fortune on a deluge of fraudulent ads, documents show
Meta projected 10% of its 2024 revenue would come from ads for scams and banned goods, and it internally estimates that its platforms show users 15 billion scam ads a day, company documents show.
www.reuters.com
November 7, 2025 at 7:27 AM
Meta is earning a fortune on a deluge of fraudulent ads, documents show
www.reuters.com/investigatio...
www.reuters.com/investigatio...
Matanbuchus loader now ships as shellcode (BIN), supports in-memory .NET execution and payloads from ZIPs; sideload techniques refreshed. Operators added 2FA+CAPTCHA to the C2 and claim an unprecedented “white inject” #InfoSec #threatintel
November 6, 2025 at 5:51 PM
Matanbuchus loader now ships as shellcode (BIN), supports in-memory .NET execution and payloads from ZIPs; sideload techniques refreshed. Operators added 2FA+CAPTCHA to the C2 and claim an unprecedented “white inject” #InfoSec #threatintel
CLOP RANSOMWARE: DISSECTING NETWORK
theravenfile.com/2025/11/04/c...
theravenfile.com/2025/11/04/c...
CLOP RANSOMWARE: DISSECTING NETWORK
NOTE: This Research Investigates purely focuses on the Networks used by the Clop Ransomware Group during their infiltration at different victims. INTRODUCTION GETTING FOOTHOLD: CVE-2025–61882…
theravenfile.com
November 5, 2025 at 7:45 PM
CLOP RANSOMWARE: DISSECTING NETWORK
theravenfile.com/2025/11/04/c...
theravenfile.com/2025/11/04/c...
Alleged Jabber Zeus Coder ‘MrICQ’ in U.S. Custody
krebsonsecurity.com/2025/11/alle...
krebsonsecurity.com/2025/11/alle...
Alleged Jabber Zeus Coder ‘MrICQ’ in U.S. Custody
A Ukrainian man indicted in 2012 for conspiring with a prolific hacking group to steal tens of millions of dollars from U.S. businesses was arrested in Italy and is now in custody in the United States...
krebsonsecurity.com
November 3, 2025 at 3:11 PM
Alleged Jabber Zeus Coder ‘MrICQ’ in U.S. Custody
krebsonsecurity.com/2025/11/alle...
krebsonsecurity.com/2025/11/alle...
Kubernetes Penetration Testing: Methodology & Guide
deepstrike.io/blog/kuberne...
deepstrike.io/blog/kuberne...
Kubernetes Penetration Testing: Methodology & Guide
Kubernetes Penetration Testing guide: reconnaissance, API/etcd/kubelet checks, RBAC & secrets testing, tools, exploit chains, and remediation for pentesters.
deepstrike.io
November 2, 2025 at 4:45 AM
Kubernetes Penetration Testing: Methodology & Guide
deepstrike.io/blog/kuberne...
deepstrike.io/blog/kuberne...
🚨 New KATREUS Miner (Silent XMR Miner)
Advertised on underground forums with:
• Anti-kill, watchdog, persistence & injection modules
• AV evasion claims (C + ASM)
• Targets Windows 8.1 → Server 2025
• Seller offering only 5 “licenses”
#ThreatIntel #Cryptomining #InfoSec
Advertised on underground forums with:
• Anti-kill, watchdog, persistence & injection modules
• AV evasion claims (C + ASM)
• Targets Windows 8.1 → Server 2025
• Seller offering only 5 “licenses”
#ThreatIntel #Cryptomining #InfoSec
November 1, 2025 at 6:03 PM
🚨 New KATREUS Miner (Silent XMR Miner)
Advertised on underground forums with:
• Anti-kill, watchdog, persistence & injection modules
• AV evasion claims (C + ASM)
• Targets Windows 8.1 → Server 2025
• Seller offering only 5 “licenses”
#ThreatIntel #Cryptomining #InfoSec
Advertised on underground forums with:
• Anti-kill, watchdog, persistence & injection modules
• AV evasion claims (C + ASM)
• Targets Windows 8.1 → Server 2025
• Seller offering only 5 “licenses”
#ThreatIntel #Cryptomining #InfoSec
Nova ransomware is seeking for
1. Girls phone voice callers to call CEOs/AI voice-spoofers.
2. Social-media “black ad” operators.
3. Offering a paid “Premium” panel with auto-activation via invoice.
#Nova #Ransomware #ThreatIntel #InfoSec
1. Girls phone voice callers to call CEOs/AI voice-spoofers.
2. Social-media “black ad” operators.
3. Offering a paid “Premium” panel with auto-activation via invoice.
#Nova #Ransomware #ThreatIntel #InfoSec
November 1, 2025 at 5:54 PM
Nova ransomware is seeking for
1. Girls phone voice callers to call CEOs/AI voice-spoofers.
2. Social-media “black ad” operators.
3. Offering a paid “Premium” panel with auto-activation via invoice.
#Nova #Ransomware #ThreatIntel #InfoSec
1. Girls phone voice callers to call CEOs/AI voice-spoofers.
2. Social-media “black ad” operators.
3. Offering a paid “Premium” panel with auto-activation via invoice.
#Nova #Ransomware #ThreatIntel #InfoSec
Proofpoint releases innovative detections for threat hunting: PDF Object Hashing
www.proofpoint.com/us/blog/thre...
www.proofpoint.com/us/blog/thre...
Proofpoint releases innovative detections for threat hunting: PDF Object Hashing | Proofpoint US
Key findings Proofpoint created a new open-source tool for creating threat detection rules based on unique characteristics in PDFs called “PDF Object Hashing”. This technique can
www.proofpoint.com
October 31, 2025 at 12:48 PM
Proofpoint releases innovative detections for threat hunting: PDF Object Hashing
www.proofpoint.com/us/blog/thre...
www.proofpoint.com/us/blog/thre...
Aisuru Botnet Shifts from DDoS to Residential Proxies
krebsonsecurity.com/2025/10/aisu...
krebsonsecurity.com/2025/10/aisu...
Aisuru Botnet Shifts from DDoS to Residential Proxies
Aisuru, the botnet responsible for a series of record-smashing distributed denial-of-service (DDoS) attacks this year, recently was overhauled to support a more low-key, lucrative and sustainable busi...
krebsonsecurity.com
October 30, 2025 at 3:26 PM
Aisuru Botnet Shifts from DDoS to Residential Proxies
krebsonsecurity.com/2025/10/aisu...
krebsonsecurity.com/2025/10/aisu...
Reposted by marktsec
Ravin Academy, the private school that recruits and trains hackers for Iran's MOIS intelligence service , has been hacked and its data leaked
www.iranintl.com/202510230171
blog.narimangharib.com/posts/2025%2...
Public searchable database: ravin-academy.com
www.iranintl.com/202510230171
blog.narimangharib.com/posts/2025%2...
Public searchable database: ravin-academy.com
October 26, 2025 at 7:58 PM
Ravin Academy, the private school that recruits and trains hackers for Iran's MOIS intelligence service , has been hacked and its data leaked
www.iranintl.com/202510230171
blog.narimangharib.com/posts/2025%2...
Public searchable database: ravin-academy.com
www.iranintl.com/202510230171
blog.narimangharib.com/posts/2025%2...
Public searchable database: ravin-academy.com
BreachForums Reinstated
October 28, 2025 at 8:07 AM
BreachForums Reinstated
Tykit Analysis: New Phishing Kit Stealing Hundreds of Microsoft Accounts in Finance
anyrun.substack.com/p/tykit-anal...
anyrun.substack.com/p/tykit-anal...
Tykit Analysis: New Phishing Kit Stealing Hundreds of Microsoft Accounts in Finance
Not long ago we reported a spike in phishing attacks that use an SVG file as the delivery vector.
anyrun.substack.com
October 27, 2025 at 7:49 AM
Tykit Analysis: New Phishing Kit Stealing Hundreds of Microsoft Accounts in Finance
anyrun.substack.com/p/tykit-anal...
anyrun.substack.com/p/tykit-anal...
Mem3nt0 mori – The Hacking Team is back!
securelist.com/forumtroll-a...
securelist.com/forumtroll-a...
Mem3nt0 mori – The Hacking Team is back!
Kaspersky researchers discovered previously unidentified commercial Dante spyware developed by Memento Labs (formerly Hacking Team) and linked it to the ForumTroll APT attacks.
securelist.com
October 27, 2025 at 7:36 AM
Mem3nt0 mori – The Hacking Team is back!
securelist.com/forumtroll-a...
securelist.com/forumtroll-a...
New LockBit 5.0 Targets Windows, Linux, ESXi
www.trendmicro.com/en_us/resear...
www.trendmicro.com/en_us/resear...
New LockBit 5.0 Targets Windows, Linux, ESXi
Trend™ Research analyzed source binaries from the latest activity from notorious LockBit ransomware with their 5.0 version that exhibits advanced obfuscation, anti-analysis techniques, and seamless cr...
www.trendmicro.com
October 25, 2025 at 3:32 PM
New LockBit 5.0 Targets Windows, Linux, ESXi
www.trendmicro.com/en_us/resear...
www.trendmicro.com/en_us/resear...
What's New in Impacket's 0.13 Release?
www.coresecurity.com/blog/whats-n...
www.coresecurity.com/blog/whats-n...
What's New in Impacket's 0.13 Release? | Core Security
Impacket 0.13 includes new attack paths and relay tricks, channel binding updates, MSSQL workflow upgrades, SMB Improvements, and examples enhancements.
www.coresecurity.com
October 24, 2025 at 6:48 AM
What's New in Impacket's 0.13 Release?
www.coresecurity.com/blog/whats-n...
www.coresecurity.com/blog/whats-n...
Spectre RAT v10 new capabilities: autorun, VNC, DLL sideloading, clipper, keylogger, Telegram notifications, anti-VM. Hunt for unexpected autorun registry changes, anomalous DLL loads and suspicious outbound connections.
#infosec #ThreatIntel
#infosec #ThreatIntel
October 24, 2025 at 6:19 AM
Spectre RAT v10 new capabilities: autorun, VNC, DLL sideloading, clipper, keylogger, Telegram notifications, anti-VM. Hunt for unexpected autorun registry changes, anomalous DLL loads and suspicious outbound connections.
#infosec #ThreatIntel
#infosec #ThreatIntel
🚨 Ransomware mimic pay2key v0.16.1 Selling fully autonomous ransomware: buyers control ALL encryption keys, custom affiliate programs, and guaranteed product updates. Mimic variant, evasive, and tailored for affiliates. #ransomware #infosec #threatintel
October 23, 2025 at 2:09 PM
🚨 Ransomware mimic pay2key v0.16.1 Selling fully autonomous ransomware: buyers control ALL encryption keys, custom affiliate programs, and guaranteed product updates. Mimic variant, evasive, and tailored for affiliates. #ransomware #infosec #threatintel
Trust Issues – Abusing Trust accounts & Trusted CA's
lorenzomeacci.com/trust-issues...
lorenzomeacci.com/trust-issues...
Trust Issues – Abusing Trust accounts & Trusted CA's | Lorenzo Meacci
Hi all. In this post I will share research I have conducted over the past few weeks on trust attacks in both One-Way Outbound and Bidirectional Trust scenarios. I present several attack chains that ca...
lorenzomeacci.com
October 23, 2025 at 1:39 PM
Trust Issues – Abusing Trust accounts & Trusted CA's
lorenzomeacci.com/trust-issues...
lorenzomeacci.com/trust-issues...
🚨 Darkweb alert: Blockchain-powered botnets now feature encrypted smart contracts, anti-VM, autorun, and parent process ID spoofing for advanced malware delivery. No domains, no servers, no takedowns. Source code + panel available
#infosec #threatintel
#infosec #threatintel
October 23, 2025 at 1:31 PM
🚨 Darkweb alert: Blockchain-powered botnets now feature encrypted smart contracts, anti-VM, autorun, and parent process ID spoofing for advanced malware delivery. No domains, no servers, no takedowns. Source code + panel available
#infosec #threatintel
#infosec #threatintel