Forwarded from Freedom Fox 🏴☠
Please open Telegram to view this post
VIEW IN TELEGRAM
👍2
Starlink Star-Earth Asset Collection and Detection Framework Seestar and Starlink Star-Earth Intelligence Data Collection
https://mp.weixin.qq.com/s?__biz=MzkwNjM4NTg4OQ==&mid=2247495727&idx=1&sn=30b9ff98d3f76c09882ff922aa2b5f57
https://mp.weixin.qq.com/s?__biz=MzkwNjM4NTg4OQ==&mid=2247495727&idx=1&sn=30b9ff98d3f76c09882ff922aa2b5f57
👍3
Source Byte
Starlink Star-Earth Asset Collection and Detection Framework Seestar and Starlink Star-Earth Intelligence Data Collection https://mp.weixin.qq.com/s?__biz=MzkwNjM4NTg4OQ==&mid=2247495727&idx=1&sn=30b9ff98d3f76c09882ff922aa2b5f57
This media is not supported in your browser
VIEW IN TELEGRAM
Virus disguised Sogou input method, malicious noscript embedded in formal signature
https://zhuanlan.zhihu.com/p/1949553669189116360
https://zhuanlan.zhihu.com/p/1949553669189116360
👍3
Forwarded from Malware, Cats and Cryptography
GRAPH_RU-APT-ChainReaver-L_Report_EN.pdf
36.9 MB
The CTI team at Graph Inc. has successfully identified and tracked a large-scale campaign leveraging a supply chain attack, which spreads globally through the compromise of mirror websites and the poisoning of trusted Git repositories, backed by a large and well-structured infrastructure, multiple malware families, and advanced infostealer techniques.
The campaign represents a new level of operational maturity, combining:
- Compromised legitimate websites & GitHub repositories
- Cross-platform malware delivery at scale
- Credential, document, browser data, and access-token theft
- Evasion techniques designed to bypass traditional security controls
#apt #iran #hacking #malware #github #threathunting #threatintel
The campaign represents a new level of operational maturity, combining:
- Compromised legitimate websites & GitHub repositories
- Cross-platform malware delivery at scale
- Credential, document, browser data, and access-token theft
- Evasion techniques designed to bypass traditional security controls
#apt #iran #hacking #malware #github #threathunting #threatintel
❤7👍5👎3🔥1
The Central Bank of Iran has acquired US dollar stablecoins worth at least half a billion dollars
https://www.elliptic.co/blog/iran-has-acquired-us-dollar-stablecoins-worth-at-least-half-a-billion-dollars
https://www.elliptic.co/blog/iran-has-acquired-us-dollar-stablecoins-worth-at-least-half-a-billion-dollars
🤔3
Coinicap
هشدار: هر روز بیشتر از قبل به رقم 1میلیارد دلار مسدودی نزدیک میشیم ولی صدایی از هیچ نهاد، انجمن یا رسانه ای در نمیاد. جبران این حجم از مسدود سازی به هیچ عنوان برای بخش خصوصی قابل تصور هم نیست.
according to Coincap around 1 billion dollars being blocked by tether company !
following addresses are leaked and publicly available,this wallet addresses are related to Iran Central bank , even with small trace you can reach final node of this money flow which leads to Iran local crypto exchanges ! it's so scary Iran Gov still relay on Emirati companies to bypass sanctions, aren't they an ally to Israel ?
source : link
following addresses are leaked and publicly available,this wallet addresses are related to Iran Central bank , even with small trace you can reach final node of this money flow which leads to Iran local crypto exchanges ! it's so scary Iran Gov still relay on Emirati companies to bypass sanctions, aren't they an ally to Israel ?
TBaxHwoXQjAmiNZgRKECoA3b6fsrtmoZvB
THwJSxR9qREsgEQjX1cpRw4Rw9WbmPSHVh
source : link
👍3
Forwarded from Orca Cyber Weapons
Palo Alto Networks Blog
A Deep Dive Into Malicious Direct Syscall Detection - Palo Alto Networks Blog
This blog explains how attackers use direct syscalls to overcome most EDR solutions, by first discussing the conventional Windows syscall flow and how most EDR solutions monitor those calls.
🔥2👍1
Forwarded from HyperDbg News & Updates
Slides and recordings for our @FOSDEM talks are up! Join [Björn Ruytenberg] and [Sina Karvandi] for an in-depth introduction into @HyperDbg 's features and internals, or find out what's the latest in anti-anti-debugging techniques and HV transparency for malware reversing:
- https://fosdem.org/2026/schedule/event/APB9WC-mbec_slat_and_hyperdbg_hypervisor-based_kernel-_and_user-mode_debugging/
- https://fosdem.org/2026/schedule/event/CDPRDX-invisible_hypervisors_debugging_with_hyperdbg/
- https://fosdem.org/2026/schedule/event/APB9WC-mbec_slat_and_hyperdbg_hypervisor-based_kernel-_and_user-mode_debugging/
- https://fosdem.org/2026/schedule/event/CDPRDX-invisible_hypervisors_debugging_with_hyperdbg/
😁4👍2
Exclusive: US used cyber weapons to disrupt Iranian air defenses during 2025 strikes
The U.S. military last year digitally disrupted Iranian air missile defense systems as part of a coordinated operation to destroy the country’s nuclear program, according to several U.S. officials, another sign of America’s growing comfort with employing cyber weapons in warfare.The strike on a separate military system connected to the nuclear sites at Fordo, Natanz and Isfahan helped to prevent Iran from launching surface-to-air missiles at American warplanes that had entered Iranian airspace, the officials said.
https://therecord.media/iran-nuclear-cyber-strikes-us
The U.S. military last year digitally disrupted Iranian air missile defense systems as part of a coordinated operation to destroy the country’s nuclear program, according to several U.S. officials, another sign of America’s growing comfort with employing cyber weapons in warfare.The strike on a separate military system connected to the nuclear sites at Fordo, Natanz and Isfahan helped to prevent Iran from launching surface-to-air missiles at American warplanes that had entered Iranian airspace, the officials said.
https://therecord.media/iran-nuclear-cyber-strikes-us
🤯5❤2
Source Byte
Exclusive: US used cyber weapons to disrupt Iranian air defenses during 2025 strikes The U.S. military last year digitally disrupted Iranian air missile defense systems as part of a coordinated operation to destroy the country’s nuclear program, according…
Iranian,chines,north korea ... APTs trying their best to prove their attack have an impact like by sharing POCs
while
God tier APTs like 8200 , NSA , BND hear about about their impact in news and how their malware change whole cyber ecosystem, every time they do a sabotage. (their espionage is not something you detect)
while
God tier APTs like 8200 , NSA , BND hear about about their impact in news and how their malware change whole cyber ecosystem, every time they do a sabotage. (their espionage is not something you detect)
👎8🔥4❤1
Hackers, Epstein, & Zero-Days: An Insider's Guide to the Exploit Economy
What do the NSA, Mossad, a ransomware gang, and Hezbollah have in common? They all shop in the same marketplace.
The latest Epstein file dump revealed something my industry has known for years but rarely discusses publicly: the exploit economy has no loyalty. The same vulnerability that protects you can be weaponized against you—depending on who buys it first.
https://x.com/gothburz/status/2018695140718649469
What do the NSA, Mossad, a ransomware gang, and Hezbollah have in common? They all shop in the same marketplace.
The latest Epstein file dump revealed something my industry has known for years but rarely discusses publicly: the exploit economy has no loyalty. The same vulnerability that protects you can be weaponized against you—depending on who buys it first.
https://x.com/gothburz/status/2018695140718649469
😱3👍1🤯1
Metro4Shell: Exploitation of React Native’s Metro Server in the Wild
https://www.vulncheck.com/blog/metro4shell_eitw#network-infrastructure
#CVE-2025-11953 , #glassworm
Samples : [ Link ]
https://www.vulncheck.com/blog/metro4shell_eitw#network-infrastructure
#CVE-2025-11953 , #glassworm
Samples : [ Link ]
👍3❤1👾1
Decompiler internals: microcode
This presentation is about the Hex-Rays Decompiler. It is a de-facto standard tool used by the security
professionals. Its main features include:
https://blackhat.com/us-18/briefings/schedule/#decompiler-internals-microcode-10076
This presentation is about the Hex-Rays Decompiler. It is a de-facto standard tool used by the security
professionals. Its main features include:
• Interactive, fast, robust, and programmable decompiler
• Can handle x86, x64, ARM, ARM64, PowerPC
• Runs on top of the IDA Pro disassembler
• Has been evolving for more than 10 years
• Internals have not been published yet
• Namely, the intermediate language
https://blackhat.com/us-18/briefings/schedule/#decompiler-internals-microcode-10076
👍5
Israel’s zero-click future: How cyber veterans are reinventing offensive intelligence
https://www.jpost.com/israel-news/defense-news/article-885789
https://www.jpost.com/israel-news/defense-news/article-885789
👎2👍1😱1
Forwarded from Sec Note
New post: "Browser Dumping — The Core Tactic Behind Most Infostealers"
(This blog is mainly for sharing my personal notes and learning journey)
#stealer #browser #Chrome_AppBound
(This blog is mainly for sharing my personal notes and learning journey)
This blog contains my own research collected from the internet, along with ideas from other blogs and studies. While many parts are written in my own words, the Most sections were copied directly from external sources because they were already very well written and clearly expressed. This blog is mainly for sharing my personal notes and learning journey.
#stealer #browser #Chrome_AppBound
❤1