Reposted by RandomAccessMusings
EFF teamed up with AV Comparatives to see how well anti-virus apps detect stalkerware on Android phones.
www.eff.org/deeplinks/20...
www.eff.org/deeplinks/20...
November 6, 2025 at 8:22 PM
EFF teamed up with AV Comparatives to see how well anti-virus apps detect stalkerware on Android phones.
www.eff.org/deeplinks/20...
www.eff.org/deeplinks/20...
Reposted by RandomAccessMusings
@stevenadair.bsky.social is back again!
Founder + President of Volexity leading a team of experts that deal w/ complex cyber intrusions from nation-state level intruders. His talk will cover a Chinese APT actor that Volexity tracks as UTA0388.
Check out the official agenda:
cyberwarcon.com
Founder + President of Volexity leading a team of experts that deal w/ complex cyber intrusions from nation-state level intruders. His talk will cover a Chinese APT actor that Volexity tracks as UTA0388.
Check out the official agenda:
cyberwarcon.com
October 15, 2025 at 3:11 PM
@stevenadair.bsky.social is back again!
Founder + President of Volexity leading a team of experts that deal w/ complex cyber intrusions from nation-state level intruders. His talk will cover a Chinese APT actor that Volexity tracks as UTA0388.
Check out the official agenda:
cyberwarcon.com
Founder + President of Volexity leading a team of experts that deal w/ complex cyber intrusions from nation-state level intruders. His talk will cover a Chinese APT actor that Volexity tracks as UTA0388.
Check out the official agenda:
cyberwarcon.com
This was an interesting one to work on! tldr: Chinese aligned actor uses LLM to empower their malware development, target gathering, and phishing operation. Goes wrong and starts randomly including pornographic material and other random files/info.
www.volexity.com/blog/2025/10...
www.volexity.com/blog/2025/10...
APT Meets GPT: Targeted Operations with Untamed LLMs
Starting in June 2025, Volexity detected a series of spear phishing campaigns targeting several customers and their users in North America, Asia, and Europe. The initial observed campaigns were tailor...
www.volexity.com
October 8, 2025 at 2:08 PM
This was an interesting one to work on! tldr: Chinese aligned actor uses LLM to empower their malware development, target gathering, and phishing operation. Goes wrong and starts randomly including pornographic material and other random files/info.
www.volexity.com/blog/2025/10...
www.volexity.com/blog/2025/10...
Reposted by RandomAccessMusings
@volexity.com has released updates to its #opensource GoResolver project and more! This work was part of a project for one of our #summerinternship students. Read more details about Volexity’s updated GoResolver projects + other #golang tools in our special blog post!
Go Get 'Em: Updates to Volexity Golang Tooling
Volexity’s GoResolver tool was released in April 2025 to help with analysis of these samples, reducing analyst load when working with obfuscated Golang binaries. However, there are still some difficul...
www.volexity.com
August 11, 2025 at 7:05 PM
@volexity.com has released updates to its #opensource GoResolver project and more! This work was part of a project for one of our #summerinternship students. Read more details about Volexity’s updated GoResolver projects + other #golang tools in our special blog post!
Reposted by RandomAccessMusings
This training course will be led by Andrew Case @attrc.bsky.social, Michael Ligh & Dave Lassalle. This is a great opportunity to gain valuable knowledge about #Volatility3 + learn all about #memoryforensics from Volatility core developers! Seats are filling up quickly so don't wait!
The next in-person Malware & Memory Forensics Training will be in Arlington VA, October 21–24, 2025! This is the only #memoryforensics course taught directly by the Volatility developers. Course registration includes a pass to #FTSCon!
Course details: memoryanalysis.net/courses-malw...
Course details: memoryanalysis.net/courses-malw...
July 9, 2025 at 8:54 PM
This training course will be led by Andrew Case @attrc.bsky.social, Michael Ligh & Dave Lassalle. This is a great opportunity to gain valuable knowledge about #Volatility3 + learn all about #memoryforensics from Volatility core developers! Seats are filling up quickly so don't wait!
Reposted by RandomAccessMusings
New by me - although Citrix say there is no evidence of exploitation of CitrixBleed 2 vulnerability, they are wrong - it has been under active exploitation since mid June by an IP associated to a ransomware group, with multiple IP addresses now involved.
doublepulsar.com/citrixbleed-...
doublepulsar.com/citrixbleed-...
CitrixBleed 2 exploitation started mid-June — how to spot it
CitrixBleed 2 — CVE-2025–5777 — has been under active exploitation to hijack Netscaler sessions, bypassing MFA, globally for a month.
doublepulsar.com
July 8, 2025 at 2:46 PM
New by me - although Citrix say there is no evidence of exploitation of CitrixBleed 2 vulnerability, they are wrong - it has been under active exploitation since mid June by an IP associated to a ransomware group, with multiple IP addresses now involved.
doublepulsar.com/citrixbleed-...
doublepulsar.com/citrixbleed-...
Reposted by RandomAccessMusings
@volexity.com #threatintel: Multiple Russian threat actors are using Signal, WhatsApp & a compromised Ukrainian gov email address to impersonate EU officials. These phishing attacks abuse 1st-party Microsoft Entra apps + OAuth to compromise targets.
www.volexity.com/blog/2025/04... #dfir
www.volexity.com/blog/2025/04... #dfir
Phishing for Codes: Russian Threat Actors Target Microsoft 365 OAuth Workflows
Since early March 2025, Volexity has observed multiple suspected Russian threat actors conducting highly targeted social engineering operations aimed at gaining access to the Microsoft 365 (M365) acco...
www.volexity.com
April 22, 2025 at 4:39 PM
@volexity.com #threatintel: Multiple Russian threat actors are using Signal, WhatsApp & a compromised Ukrainian gov email address to impersonate EU officials. These phishing attacks abuse 1st-party Microsoft Entra apps + OAuth to compromise targets.
www.volexity.com/blog/2025/04... #dfir
www.volexity.com/blog/2025/04... #dfir
Reposted by RandomAccessMusings
The NCSC and partners have revealed new details about how malicious cyber actors are using two forms of spyware to target individuals in Uyghur, Tibetan and Taiwanese communities as well as civil society groups.
www.ncsc.gov.uk/news/ncsc-pa...
www.ncsc.gov.uk/news/ncsc-pa...
April 9, 2025 at 8:25 AM
The NCSC and partners have revealed new details about how malicious cyber actors are using two forms of spyware to target individuals in Uyghur, Tibetan and Taiwanese communities as well as civil society groups.
www.ncsc.gov.uk/news/ncsc-pa...
www.ncsc.gov.uk/news/ncsc-pa...
Reposted by RandomAccessMusings
tired of looking at email headers as disgusting plaintext? only want things of value to stand out?
look no further than this VSCode extension built by @jacoblatonis.me
marketplace.visualstudio.com/items?itemNa...
look no further than this VSCode extension built by @jacoblatonis.me
marketplace.visualstudio.com/items?itemNa...
March 21, 2025 at 8:02 PM
tired of looking at email headers as disgusting plaintext? only want things of value to stand out?
look no further than this VSCode extension built by @jacoblatonis.me
marketplace.visualstudio.com/items?itemNa...
look no further than this VSCode extension built by @jacoblatonis.me
marketplace.visualstudio.com/items?itemNa...
Reposted by RandomAccessMusings
"It is possible to bypass authorization checks within a Next.js application, if the authorization check occurs in middleware."
With the amount of Next.js-based sites around, especially on infosec sites, I'd say this looks like a problem.
CVSS: 9.1
github.com/vercel/next....
With the amount of Next.js-based sites around, especially on infosec sites, I'd say this looks like a problem.
CVSS: 9.1
github.com/vercel/next....
March 21, 2025 at 9:48 PM
"It is possible to bypass authorization checks within a Next.js application, if the authorization check occurs in middleware."
With the amount of Next.js-based sites around, especially on infosec sites, I'd say this looks like a problem.
CVSS: 9.1
github.com/vercel/next....
With the amount of Next.js-based sites around, especially on infosec sites, I'd say this looks like a problem.
CVSS: 9.1
github.com/vercel/next....
Reposted by RandomAccessMusings
We have been tracking multiple Russian APT groups aggressively targeting organizations with Microsoft Device Code authentication phishing. The attackers got creative with tricking users into granting them access to their accounts. Have a look at our blog for all the details!
@volexity.com recently identified multiple Russian threat actors targeting users via #socialengineering + #spearphishing campaigns with Microsoft 365 Device Code authentication (a well-known technique) with alarming success: www.volexity.com/blog/2025/02...
#dfir #threatintel #m365security
#dfir #threatintel #m365security
Multiple Russian Threat Actors Targeting Microsoft Device Code Authentication
Starting in mid-January 2025, Volexity identified several social-engineering and spear-phishing campaigns by Russian threat actors aimed at compromising Microsoft 365 (M365) accounts. These attack cam...
www.volexity.com
February 14, 2025 at 1:31 AM
We have been tracking multiple Russian APT groups aggressively targeting organizations with Microsoft Device Code authentication phishing. The attackers got creative with tricking users into granting them access to their accounts. Have a look at our blog for all the details!
Reposted by RandomAccessMusings
@volexity.com recently identified multiple Russian threat actors targeting users via #socialengineering + #spearphishing campaigns with Microsoft 365 Device Code authentication (a well-known technique) with alarming success: www.volexity.com/blog/2025/02...
#dfir #threatintel #m365security
#dfir #threatintel #m365security
Multiple Russian Threat Actors Targeting Microsoft Device Code Authentication
Starting in mid-January 2025, Volexity identified several social-engineering and spear-phishing campaigns by Russian threat actors aimed at compromising Microsoft 365 (M365) accounts. These attack cam...
www.volexity.com
February 13, 2025 at 10:39 PM
@volexity.com recently identified multiple Russian threat actors targeting users via #socialengineering + #spearphishing campaigns with Microsoft 365 Device Code authentication (a well-known technique) with alarming success: www.volexity.com/blog/2025/02...
#dfir #threatintel #m365security
#dfir #threatintel #m365security
Reposted by RandomAccessMusings
CTI is the cause of my brainrot but I really cooked on this #salttyphoon #telecomhack
November 26, 2024 at 10:18 PM
CTI is the cause of my brainrot but I really cooked on this #salttyphoon #telecomhack
Reposted by RandomAccessMusings
@volexity.bsky.social has published a blog post detailing variants of LIGHTSPY & DEEPDATA malware discovered in the summer of 2024, including exploitation of a vulnerability in FortiClient to extract credentials from memory. Read more here: www.volexity.com/blog/2024/11...
BrazenBamboo Weaponizes FortiClient Vulnerability to Steal VPN Credentials via DEEPDATA
In July 2024, Volexity identified exploitation of a zero-day credential disclosure vulnerability in Fortinet’s Windows VPN client that allowed credentials to be stolen from the memory of the client’s ...
www.volexity.com
November 15, 2024 at 8:02 PM
@volexity.bsky.social has published a blog post detailing variants of LIGHTSPY & DEEPDATA malware discovered in the summer of 2024, including exploitation of a vulnerability in FortiClient to extract credentials from memory. Read more here: www.volexity.com/blog/2024/11...
www.volexity.com/blog/2024/11...
Key:
- Unpatched credential disclosure 0day in VPN client that's actively exploited in the wild
- Volexity assesses with medium confidence that BrazenBamboo is a private enterprise that produces capabilities for governmental operators concerned with domestic targets
Key:
- Unpatched credential disclosure 0day in VPN client that's actively exploited in the wild
- Volexity assesses with medium confidence that BrazenBamboo is a private enterprise that produces capabilities for governmental operators concerned with domestic targets
BrazenBamboo Weaponizes FortiClient Vulnerability to Steal VPN Credentials via DEEPDATA
In July 2024, Volexity identified exploitation of a zero-day credential disclosure vulnerability in Fortinet’s Windows VPN client that allowed credentials to be stolen from the memory of the client’s ...
www.volexity.com
November 15, 2024 at 8:46 PM
www.volexity.com/blog/2024/11...
Key:
- Unpatched credential disclosure 0day in VPN client that's actively exploited in the wild
- Volexity assesses with medium confidence that BrazenBamboo is a private enterprise that produces capabilities for governmental operators concerned with domestic targets
Key:
- Unpatched credential disclosure 0day in VPN client that's actively exploited in the wild
- Volexity assesses with medium confidence that BrazenBamboo is a private enterprise that produces capabilities for governmental operators concerned with domestic targets