AMOS Stealer Campaign Targeting macOS via ‘Cracked’ Apps
https://www.trendmicro.com/en_us/research/25/i/an-mdr-analysis-of-the-amos-stealer-campaign.html
https://www.trendmicro.com/en_us/research/25/i/an-mdr-analysis-of-the-amos-stealer-campaign.html
Trend Micro
An MDR Analysis of the AMOS Stealer Campaign Targeting macOS via Cracked Apps
Trend™ Research analyzed a campaign distributing Atomic macOS Stealer (AMOS), a malware family targeting macOS users. Attackers disguise the malware as “cracked” versions of legitimate apps, luring users into installation.
The Rise of RatOn: From NFC heists to remote control and ATS
https://www.threatfabric.com/blogs/the-rise-of-raton-from-nfc-heists-to-remote-control-and-ats
https://www.threatfabric.com/blogs/the-rise-of-raton-from-nfc-heists-to-remote-control-and-ats
ThreatFabric
The Rise of RatOn: From NFC heists to remote control and ATS
This new research by ThreatFabric exposes RatOn, a new banking trojan with powerful capabilities.
How an Attacker’s Blunder Gave Us a Rare Look Inside Their Day-to-Day Operations
https://www.huntress.com/blog/rare-look-inside-attacker-operation
https://www.huntress.com/blog/rare-look-inside-attacker-operation
Huntress
An Attacker’s Blunder Gave Us a Look Into Their Operations | Huntress
An attacker installed Huntress onto their operating machine, giving us a detailed look at how they’re using AI to build workflows, searching for tools like Evilginx, and researching targets like software development companies.
VMScape: Exposing and Exploiting Incomplete Branch Predictor Isolation in Cloud Environments
https://comsec.ethz.ch/research/microarch/vmscape-exposing-and-exploiting-incomplete-branch-predictor-isolation-in-cloud-environments/
https://comsec.ethz.ch/research/microarch/vmscape-exposing-and-exploiting-incomplete-branch-predictor-isolation-in-cloud-environments/
Satori Threat Intelligence Alert: SlopAds Covers Fraud with Layers of Obfuscation
https://www.humansecurity.com/learn/blog/satori-threat-intelligence-alert-slopads-covers-fraud-with-layers-of-obfuscation/
https://www.humansecurity.com/learn/blog/satori-threat-intelligence-alert-slopads-covers-fraud-with-layers-of-obfuscation/
Prompts as Code & Embedded Keys | The Hunt for LLM-Enabled Malware
https://www.sentinelone.com/labs/prompts-as-code-embedded-keys-the-hunt-for-llm-enabled-malware/
https://www.sentinelone.com/labs/prompts-as-code-embedded-keys-the-hunt-for-llm-enabled-malware/
SentinelOne
Prompts as Code & Embedded Keys | The Hunt for LLM-Enabled Malware
LLM-enabled malware poses new challenges for detection. SentinelLABS presents groundbreaking research on how to hunt for this new class of threats.
SystemBC – Bringing The Noise
“SystemBC” botnet, a network composed of over 80 C2s with a daily average of 1,500 victims, nearly 80% of which are compromised VPS systems from several large commercial providers..:
https://blog.lumen.com/systembc-bringing-the-noise/
“SystemBC” botnet, a network composed of over 80 C2s with a daily average of 1,500 victims, nearly 80% of which are compromised VPS systems from several large commercial providers..:
https://blog.lumen.com/systembc-bringing-the-noise/
Lumen Blog
SystemBC: Bringing the noise
Understand how the SystemBC botnet utilizes VPS networks to create powerful proxies for criminal threat groups and malicious activities.
Forwarded from Yevgeniy Goncharov
🚀 Open SysConf'25 → Старт через неделю! Трансляции быть!
4 Октября уже на след. неделе! Готовность и настрой присуствуют, при наличии хорошего Интернета в локации, будет трансляция с вероятностю 90%+!
Доклады, предварительная очередность:
- Мониторинг, как в нем не утонуть.
- Использование MCP и LLM для анализа вредоносного ПО.
- Как запустить два AI-стартапа за месяц и не сойти с ума.
- "Вопрос со звёздочкой" с собеседований: разбор и подходы.
- История о MacOS malware: от "безопасной по умолчанию" до реальных угроз криптографии и ядра.
- Архитектура ПО для сисадминов: монолит, микросервисы, C4, принципы и стили.
- Цепочки DNS на примере малвари под macOS
Встречаемся через неделю!
Все детали здесь: https://sysconf.io/2025
4 Октября уже на след. неделе! Готовность и настрой присуствуют, при наличии хорошего Интернета в локации, будет трансляция с вероятностю 90%+!
Доклады, предварительная очередность:
- Мониторинг, как в нем не утонуть.
- Использование MCP и LLM для анализа вредоносного ПО.
- Как запустить два AI-стартапа за месяц и не сойти с ума.
- "Вопрос со звёздочкой" с собеседований: разбор и подходы.
- История о MacOS malware: от "безопасной по умолчанию" до реальных угроз криптографии и ядра.
- Архитектура ПО для сисадминов: монолит, микросервисы, C4, принципы и стили.
- Цепочки DNS на примере малвари под macOS
Встречаемся через неделю!
Все детали здесь: https://sysconf.io/2025
Forwarded from Sys-Admin Up (Yevgeniy Goncharov)
The God Mode Vulnerability That Should Kill “Trust Microsoft” Forever
https://tide.org/blog/god-mode-vulnerability-microsoft-authorityless-security
https://tide.org/blog/god-mode-vulnerability-microsoft-authorityless-security
Tide Foundation
The God Mode Vulnerability That Should Kill "Trust Microsoft"
How One Token Could Have Compromised Every Microsoft Entra ID Tenant on Earth, And Why It’s Time for Authorityless SecurityRecently, security researcher Dirk-Ja
Phishing attacks with new domains likely to continue
Unfortunately the string of phishing attacks using domain-confusion and legitimate-looking emails continues.
In short, there's a new phishing campaign targeting PyPI users occurring right now..:
https://blog.pypi.org/posts/2025-09-23-plenty-of-phish-in-the-sea/
Unfortunately the string of phishing attacks using domain-confusion and legitimate-looking emails continues.
In short, there's a new phishing campaign targeting PyPI users occurring right now..:
https://blog.pypi.org/posts/2025-09-23-plenty-of-phish-in-the-sea/
blog.pypi.org
Phishing attacks with new domains likely to continue - The Python Package Index Blog
A new phishing campaign targeting PyPI users using similar tactics to previous campaigns.
The Trifecta: How Three New Gemini Vulnerabilities in Cloud Assist, Search Model, and Browsing Allowed Private Data Exfiltration
https://www.tenable.com/blog/the-trifecta-how-three-new-gemini-vulnerabilities-in-cloud-assist-search-model-and-browsing
https://www.tenable.com/blog/the-trifecta-how-three-new-gemini-vulnerabilities-in-cloud-assist-search-model-and-browsing
Tenable®
The Trifecta: How Three New Gemini Vulnerabilities in Cloud Assist, Search Model, and Browsing Allowed Private Data Exfiltration
Tenable Research discovered three vulnerabilities (now remediated) within Google’s Gemini AI assistant suite, which we dubbed the Gemini Trifecta. These vulnerabilities exposed users to severe privacy risks. They made Gemini vulnerable to: search-injection…
Начнется 24 октября. Пройдет в Farabi Hub.
DevOpsDays — ежегодный обмен опытом, обсуждение актуальных практик и инноваций в мире IT. Организаторы обещают мероприятие чертовски привлекательным.
— Доклады от топовых экспертов
— 800 участников офлайн и еще 2000+ онлайн
— Инсайды с рынка DevOps
— Нетворкинг с комьюнити
— Мерч и подарки от партнеров
Все детали здесь: https://devopsdays.kz/
Please open Telegram to view this post
VIEW IN TELEGRAM
Shuyal Stealer: Advanced Infostealer Targeting 19 Browsers
https://www.pointwild.com/threat-intelligence/shuyal-stealer-advanced-infostealer-targeting-19-browsers
https://www.pointwild.com/threat-intelligence/shuyal-stealer-advanced-infostealer-targeting-19-browsers
Point Wild
Shuyal Stealer: Advanced Infostealer Targeting 19 Browsers | Point Wild
Introduction: Infection Flowchart: Technical Analysis: MD5: 9523086ab1c3ab505f3dfd170672af1e SHA-256: 8bbeafcc91a43936ae8a91de31795842cd93d2d8be3f72ce5c6ed27a08cdc092 Compiler: 64 bit C++ compiler executable file How Does Shuyal Stealer Stay Persistent?:…
Another Critical RCE Discovered in a Popular MCP Server
https://www.imperva.com/blog/another-critical-rce-discovered-in-a-popular-mcp-server/
https://www.imperva.com/blog/another-critical-rce-discovered-in-a-popular-mcp-server/
Blog
Another Critical RCE Discovered in a Popular MCP Server | Imperva
Artificial Intelligence development is moving faster than secure coding practices, and attackers are taking notice. Imperva Threat Research recently uncovered and disclosed a critical Remote Code Execution (RCE) vulnerability (CVE-2025-53967) in the Framelink…
Cache smuggling: When a picture isn’t a thousand words
https://expel.com/blog/cache-smuggling-when-a-picture-isnt-a-thousand-words/
https://expel.com/blog/cache-smuggling-when-a-picture-isnt-a-thousand-words/
Expel
Cache smuggling: When a picture isn’t a thousand words
We recently observed an innovative campaign using the ClickFix attack tactic for cache smuggling. Here's what you need to know.
Last chance to update Windows 10…
https://support.microsoft.com/en-us/windows/windows-10-support-ends-on-october-14-2025-2ca8b313-1946-43d3-b55c-2b95b107f281
https://support.microsoft.com/en-us/windows/windows-10-support-ends-on-october-14-2025-2ca8b313-1946-43d3-b55c-2b95b107f281
Microsoft
Windows 10 support has ended on October 14, 2025 - Microsoft Support
Windows 10 support ends on October 14, 2025. Upgrade to Windows 11 now to ensure continued security and feature updates. Learn more about the transition.
F5 Hacked. Mass companies can be under attack potentially..
https://www.bloomberg.com/news/articles/2025-10-16/potentially-catastrophic-breach-of-cyber-firm-blamed-on-china
F5-Big IP source code leaks:
https://my.f5.com/manage/s/article/K000154696
https://www.bloomberg.com/news/articles/2025-10-16/potentially-catastrophic-breach-of-cyber-firm-blamed-on-china
F5-Big IP source code leaks:
https://my.f5.com/manage/s/article/K000154696
Bloomberg.com
Potentially ‘Catastrophic’ Breach of Cyber Firm Blamed on China
A potentially “catastrophic” breach of a major US-based cybersecurity provider has been blamed on state-backed hackers from China, according to people familiar with the matter.
Malware being hosted on
https://lists.ubuntu.com/archives/xubuntu-devel/2025-October/012209.html
xubuntu.orghttps://lists.ubuntu.com/archives/xubuntu-devel/2025-October/012209.html
ToolShell Used to Compromise Telecoms Company in Middle East
ToolShell was patched by Microsoft in July 2025, but by the time it was patched it had already been exploited in the wild as a zero-day vulnerability. ToolShell affects on-premise SharePoint servers and gives an attacker unauthenticated access to vulnerable servers, allowing them to remotely execute code and access all content and file systems..
https://www.security.com/blog-post/toolshell-china-zingdoor
ToolShell was patched by Microsoft in July 2025, but by the time it was patched it had already been exploited in the wild as a zero-day vulnerability. ToolShell affects on-premise SharePoint servers and gives an attacker unauthenticated access to vulnerable servers, allowing them to remotely execute code and access all content and file systems..
https://www.security.com/blog-post/toolshell-china-zingdoor
Security
ToolShell Used to Compromise Telecoms Company in Middle East
China-based threat actors also compromised networks of government agencies in countries in Africa and South America.