Infoblox Threat Intel<p>Scammers scamming other scammers so they can scam you? We’ve reached peak scam inception!</p><p>Sites like ScamAdviser are helpful for checking if a website is shady — but guess what? The scammers lurk there too.</p><p>They’re leaving negative reviews against other scam sites (because, of course, there is no honor among thieves), as well as legit sites, pretending to be victims. Why? All so they can drop Telegram or WhatsApp contacts for so-called “crypto recovery services” that supposedly helped them get their stolen money back.</p><p>Spoiler Alert: These are just more scams! <br> <br>They’ll say they’ve recovered your lost crypto - then demand a “release fee” or cut to release it. You’ll pay... and never hear from them again.<br> <br><a href="https://infosec.exchange/tags/dns" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>dns</span></a> <a href="https://infosec.exchange/tags/threatintel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>threatintel</span></a> <a href="https://infosec.exchange/tags/threatintelligence" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>threatintelligence</span></a> <a href="https://infosec.exchange/tags/cybercrime" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybercrime</span></a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/infoblox" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infoblox</span></a> <a href="https://infosec.exchange/tags/infobloxthreatintel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infobloxthreatintel</span></a> <a href="https://infosec.exchange/tags/scam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>scam</span></a></p>
Recent searches
No recent searches
Search options
Only available when logged in.
eupolicy.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
This Mastodon server is a friendly and respectful discussion space for people working in areas related to EU policy. When you request to create an account, please tell us something about you.
Administered by:
Server stats:
214active users
eupolicy.social: About · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.3.8
#threatintelligence
1 post · 1 participant · 0 posts today
MISP<p>MISP 2.4.211 & 2.5.13 Released - A Double Dose of Security, Search, and Stability.</p><p>These releases are packed with critical security patches, a major overhaul of the search functionality, and a host of improvements and bug fixes to enhance your threat intelligence experience.</p><p><a href="https://misp-community.org/tags/opensource" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>opensource</span></a> <a href="https://misp-community.org/tags/threatintelligence" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>threatintelligence</span></a> <a href="https://misp-community.org/tags/threatintel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>threatintel</span></a> <a href="https://misp-community.org/tags/cti" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cti</span></a></p><p>🔗 <a href="https://www.misp-project.org/2025/06/06/misp.2.5.13.and.2.4.211.html/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">misp-project.org/2025/06/06/mi</span><span class="invisible">sp.2.5.13.and.2.4.211.html/</span></a></p>
Europe Says<p><a href="https://www.europesays.com/2137482/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="">europesays.com/2137482/</span><span class="invisible"></span></a> Microsoft launches free European Security Program: what does it entail? <a href="https://pubeurope.com/tags/AI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AI</span></a> <a href="https://pubeurope.com/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Cybersecurity</span></a> <a href="https://pubeurope.com/tags/Europe" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Europe</span></a> <a href="https://pubeurope.com/tags/EuropeanSecurityProgram" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>EuropeanSecurityProgram</span></a> <a href="https://pubeurope.com/tags/Microsoft" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Microsoft</span></a> <a href="https://pubeurope.com/tags/ransomware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ransomware</span></a> <a href="https://pubeurope.com/tags/ThreatIntelligence" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ThreatIntelligence</span></a></p>
Alexandre Dulaunoy<p>"So, I climbed to the top of the pyramid of pain - now what?"</p><p>An interesting Human Layer Kill Chain framework.</p><p><a href="https://infosec.exchange/tags/threatintel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>threatintel</span></a> <a href="https://infosec.exchange/tags/threatintelligence" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>threatintelligence</span></a> </p><p>🔗 <a href="https://arxiv.org/pdf/2505.24685" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">arxiv.org/pdf/2505.24685</span><span class="invisible"></span></a></p>
circl<p>CIRCL - Virtual Summer School (VSS) 2025</p><p>From 7 July to 18 July 2025, CIRCL will host a two-week online training event featuring hands-on sessions on various tools developed and maintained by CIRCL, as well as training in digital forensics and incident response (DFIR) techniques.</p><p><a href="https://social.circl.lu/tags/opensource" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>opensource</span></a> <a href="https://social.circl.lu/tags/dfir" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>dfir</span></a> <a href="https://social.circl.lu/tags/training" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>training</span></a> <a href="https://social.circl.lu/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a> <a href="https://social.circl.lu/tags/threatintelligence" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>threatintelligence</span></a> </p><p><span class="h-card" translate="no"><a href="https://infosec.exchange/@ail_project" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>ail_project</span></a></span> <br><span class="h-card" translate="no"><a href="https://misp-community.org/@misp" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>misp</span></a></span> <br><span class="h-card" translate="no"><a href="https://social.circl.lu/@vulnerability_lookup" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>vulnerability_lookup</span></a></span> <br><span class="h-card" translate="no"><a href="https://social.circl.lu/@gcve" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>gcve</span></a></span> </p><p>🔗 <a href="https://www.circl.lu/pub/vss-2025/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="">circl.lu/pub/vss-2025/</span><span class="invisible"></span></a></p>
DXC://0<p>I set up a few honeypots in Europe this weekend mdr.</p><p>My servers found russian unreported, so I guess it works fine. So I feed a list + self-report to AbuseIP every day.</p><p>It's downloadable for everyone for free 😁</p><p><a href="https://github.com/DXC-0/Malicious-Robots.txt" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">github.com/DXC-0/Malicious-Rob</span><span class="invisible">ots.txt</span></a></p><p><a href="https://infosec.exchange/tags/firewall" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>firewall</span></a> <a href="https://infosec.exchange/tags/honeypot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>honeypot</span></a> <a href="https://infosec.exchange/tags/threatintelligence" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>threatintelligence</span></a> <a href="https://infosec.exchange/tags/cti" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cti</span></a> <a href="https://infosec.exchange/tags/blocklist" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>blocklist</span></a> <a href="https://infosec.exchange/tags/robots" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>robots</span></a> <a href="https://infosec.exchange/tags/bot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>bot</span></a> <a href="https://infosec.exchange/tags/bruteforce" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>bruteforce</span></a> <a href="https://infosec.exchange/tags/hacking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>hacking</span></a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/intelligence" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>intelligence</span></a> <a href="https://infosec.exchange/tags/server" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>server</span></a> <a href="https://infosec.exchange/tags/it" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>it</span></a> <a href="https://infosec.exchange/tags/technology" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>technology</span></a></p>
Europe Says<p><a href="https://www.europesays.com/2132294/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="">europesays.com/2132294/</span><span class="invisible"></span></a> Financial Fraud Detection and Prevention Market Report <a href="https://pubeurope.com/tags/business" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>business</span></a> <a href="https://pubeurope.com/tags/FraudDetection" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FraudDetection</span></a> <a href="https://pubeurope.com/tags/FraudDetectionAndPrevention" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FraudDetectionAndPrevention</span></a> <a href="https://pubeurope.com/tags/FraudPrevention" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FraudPrevention</span></a> <a href="https://pubeurope.com/tags/IdentityVerification" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>IdentityVerification</span></a> <a href="https://pubeurope.com/tags/markets" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>markets</span></a> <a href="https://pubeurope.com/tags/ResearchAndMarkets" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ResearchAndMarkets</span></a> <a href="https://pubeurope.com/tags/ThreatIntelligence" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ThreatIntelligence</span></a></p>
Infoblox Threat Intel<p>Selling your car? Scammers still have it 'VIN' for you!<br> <br>We've recently seen a large cluster of domains hosting fake Vehicle Identification Number (VIN) lookup sites — and private car sellers are the target.<br> <br>While this trick isn’t new, it still catches many off guard — especially first-time sellers. Here’s how it usually plays out:<br> <br>- You list your car on platforms like AutoTrader, Craigslist, or Facebook Marketplace.<br>- You're contacted by a keen 'buyer', perhaps asking a few questions to build trust.<br>- The buyer then asks *you* to get a VIN report — but only from a site *they* provide.<br> <br>Red flag: Legitimate buyers wanting to know a vehicle's history are to be expected - they may ask for the VIN to do this themselves - but insisting on a specific site is a classic scam move.<br> <br>Here’s what happens next:<br> <br>- You enter your VIN on the fake site - it teases you with basic info like make and model.<br>- To get the 'full report' you’re asked to pay $20–$40.<br>- At best, you're sent to a legitimate payment provider — but the money goes straight to the scammer.<br>- At worst, you've just entered your card details into a phishing site.<br> <br>Got your report? Good luck contacting that buyer, they're 'Audi 5000' — long gone. As for the report, it's usually worthless — no odometer readings, no previous owners, no insurance history - and of no value to you or a legit buyer.<br> <br>Unsurprisingly, 'VIN' features in their devious domain names, and at the time of writing we identrified a large cluster using it with U.S. states and locations, for example:<br> <br> - goldstatevin[.]com<br> - gulfstatevin[.]com<br> - kansasvin[.]com<br> - misissippivin[.]com<br> - utahvincheck[.]com<br> <br>These have since gone offline, hopefully for good. They're not alone though, the following domains appear to target sellers in Australia and are currently active:<br> <br> - proregocheck[.]com<br> - smartcheckvin[.]com<br> - smartvincheck[.]com<br> - vincheckzone[.]com<br> <br>Tip: If a buyer wants a VIN report, let them sort it out — or use a trusted provider of your own. If they refuse? Tell 'em to hit the road!<br> <br><a href="https://infosec.exchange/tags/dns" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>dns</span></a> <a href="https://infosec.exchange/tags/threatintel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>threatintel</span></a> <a href="https://infosec.exchange/tags/threatintelligence" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>threatintelligence</span></a> <a href="https://infosec.exchange/tags/cybercrime" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybercrime</span></a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/infoblox" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infoblox</span></a> <a href="https://infosec.exchange/tags/infobloxthreatintel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infobloxthreatintel</span></a> <a href="https://infosec.exchange/tags/scam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>scam</span></a></p>
Saltmyhash<p>Martyn Williams (Stimson Center’s Korea Program and 38 North) and Nick Roy (Silent Push) presented an interesting talk at THOTCON 0xD on a misconfigured DPRK server and the data they found. Cool to see everything that goes into getting online in DPRK and the tools used to do so. They posted their THOTCON slide deck at silibank.com/thotcon, which Nick apparently purchased after the domain was allowed to expire by DPRK entities.</p><p>Their NK Tech Lab site is a new center for investigation and analysis into how North Korea uses technology to serve and suppress its citizens.</p><p>Nktechlab.org<br>Silibank.com/thotcon</p><p><a href="https://infosec.exchange/tags/thotcon" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>thotcon</span></a> <a href="https://infosec.exchange/tags/dprk" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>dprk</span></a> <a href="https://infosec.exchange/tags/cti" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cti</span></a> <a href="https://infosec.exchange/tags/ThreatIntelligence" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ThreatIntelligence</span></a></p>
Infoblox Threat Intel<p>Eat, Sleep, Scam, Repeat?<br> <br>Losing your life savings to a crypto scam is devastating — but for many victims, the nightmare doesn’t end there.<br> <br>While recently investigating a network of fake cryptocurrency exchanges, we uncovered something even more twisted: a cluster of scam websites posing as law firms offering 'crypto recovery' services.<br> <br>Yep, the very same scammers who stole the funds are now posing as lawyers, pretending to help victims recover what they lost… for a fee, of course.<br> <br>Preying on victim hope and desperation, these scammers have been known to:</p><p>- Contact victims directly using details obtained during the original scam<br>- Advertise openly on social media<br>- Lurk in public forums, targeting those seeking help from the community<br> <br>Using a mix of lookalike sites impersonating legit legal firms and entirely fake entities, often with stolen names and photos of legitimate legal professionals, here are some recent examples of what we've encountered:<br> <br>- Posing as 'Adam & Shawn Law Group'<br> - adamshawnllp[.]com<br> - adamshawnlaw[.]com<br>- Posing as 'Jefferson Caldwell International Law Firm'<br> - jeffersoncaldwelllawgroup[.]com<br>- Posing as 'Schlueter & Associates'<br> - schlueterlawfirm[.]it[.]com<br>- Posing as 'Zojz & Associates Legal Group'<br> - zojz[.]com<br> - zojz[.]cc</p><p>Not only do these domains share registration characteristics with fake crypto exchanges, but we've also observed site structures, content and design elements across fake law firms, crypto exchanges and task scam sites.<br> <br>Aside from avoiding the initial scams, be cautious of any 'law firm' that:</p><p>- Sends unsolicited emails or DMs offering crypto recovery help<br>- Has a website with no verifiable legal credentials<br>- Pressures you to pay fees upfront, especially to a third-party entity or via crypto<br>- Uses vague or generic testimonials<br> <br><a href="https://infosec.exchange/tags/dns" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>dns</span></a> <a href="https://infosec.exchange/tags/threatintel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>threatintel</span></a> <a href="https://infosec.exchange/tags/threatintelligence" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>threatintelligence</span></a> <a href="https://infosec.exchange/tags/cybercrime" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybercrime</span></a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/infoblox" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infoblox</span></a> <a href="https://infosec.exchange/tags/infobloxthreatintel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infobloxthreatintel</span></a> <a href="https://infosec.exchange/tags/scam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>scam</span></a></p>
AIL Project<p>AIL 6.2 released - Smarter Analysis, Search and Enhanced User Experience</p><p>We’re excited to release AIL Framework v6.2, a major update with new features and improved performance. This version makes analysis easier and the overall experience faster and more user-friendly.</p><p>Among the highlights are a fully revamped search engine powered by MeiliSearch, improved language detection for short text, local AI-driven image descriptions, and a yara-hunting editor tool.</p><p>🔗 <a href="https://www.ail-project.org/blog/2025/05/28/AIL-v6.2.released/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">ail-project.org/blog/2025/05/2</span><span class="invisible">8/AIL-v6.2.released/</span></a></p><p><a href="https://infosec.exchange/tags/darkweb" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>darkweb</span></a> <a href="https://infosec.exchange/tags/threatintelligence" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>threatintelligence</span></a> <a href="https://infosec.exchange/tags/threatintel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>threatintel</span></a> <a href="https://infosec.exchange/tags/cti" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cti</span></a> <a href="https://infosec.exchange/tags/opensource" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>opensource</span></a> <a href="https://infosec.exchange/tags/osint" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>osint</span></a></p>
Infoblox Threat Intel<p>Last week, Microsoft reported that their Digital Crimes Unit (DCU) and international partners disrupted Lumma Stealer by taking down 2,300 domains critical to the malware's operation. Shortly after, Palo Alto's Unit 42 reported about cyber campaigns that previously dropped Lumma Stealer are now distributing StealC infostealer payloads. We analyzed the DNS infrastructure related to the attacks and discovered a large number of malicious registered domain generation algorithm (RDGA) domains. Based on passive DNS, the threat actor that controls the infrastructure configured the domains to a staging environment via a dedicated Panama IP address (self-signed SSL) before deploying them. We identified 144 unique domains in this IP space, and all of them were detected as "suspicious" by our algorithms 1-2 months before they were activated for malicious activity.<br> <br>Disrupting criminal operations is difficult and they will find ways to resurface. However, this example proves that blocking connections at the DNS level can often protect users against the new versions before they emerge. The infostealer actors made a quick turn, but we were already blocking their path. Our specialty is in DNS analytics, so we use DNS signatures, as opposed to malware signatures, for preemptive security. We love this stuff.<br> <br>Here are some examples of the RDGA domains:<br>2323dot2[.]cfd, 2323dot2[.]cyou, 2323dot2[.]my, 232pip1[.]my, 232pip1[.]sbs, 832pip[.]cfd, 832pip[.]cyou, 832pip[.]my, 832pip[.]sbs, b3cloud[.]cfd, b3cloud[.]cyou, b3cloud[.]my, b3cloud[.]sbs, bin48[.]cfd, bin48[.]cyou, bin48[.]my, bin898293[.]cfd, bin898293[.]cyou, bin898293[.]my, bin898293[.]sbs, bit7dl[.]cfd, bit7dl[.]cyou, bit7dl[.]my, bit7dl[.]sbs, bot113cloud[.]cfd, bot113cloud[.]cyou, bot113cloud[.]my<br> <br>These campaigns share similar TTPs with those that we reported several months ago. The threat actor that we discussed in this post (<a href="https://infosec.exchange/@InfobloxThreatIntel/114027715851469775" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">infosec.exchange/@InfobloxThre</span><span class="invisible">atIntel/114027715851469775</span></a>) also distributed Lumma Stealer and used RDGA domains, but incorporated additional components, such as traffic distribution systems (TDS), web trackers, and cloakers.<br> <br> <br><a href="https://infosec.exchange/tags/dns" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>dns</span></a> <a href="https://infosec.exchange/tags/threatintel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>threatintel</span></a> <a href="https://infosec.exchange/tags/threatintelligence" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>threatintelligence</span></a> <a href="https://infosec.exchange/tags/cybercrime" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybercrime</span></a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/infoblox" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infoblox</span></a> <a href="https://infosec.exchange/tags/infobloxthreatintel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infobloxthreatintel</span></a> <a href="https://infosec.exchange/tags/infostealer" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infostealer</span></a> <a href="https://infosec.exchange/tags/lummastealer" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>lummastealer</span></a> <a href="https://infosec.exchange/tags/stealc" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>stealc</span></a> <a href="https://infosec.exchange/tags/tds" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>tds</span></a> <a href="https://infosec.exchange/tags/tracker" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>tracker</span></a> <a href="https://infosec.exchange/tags/cloaker" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cloaker</span></a> <a href="https://infosec.exchange/tags/rdga" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>rdga</span></a></p>
Alexandre Dulaunoy<p>CVE-2024-4367 (PDF.js) is gaining traction in some exploitation-focused Telegram channels...</p><p><a href="https://vulnerability.circl.lu/cve/CVE-2024-4367" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">vulnerability.circl.lu/cve/CVE</span><span class="invisible">-2024-4367</span></a></p><p>seen via <span class="h-card" translate="no"><a href="https://infosec.exchange/@ail_project" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>ail_project</span></a></span> </p><p><a href="https://infosec.exchange/tags/vulnerability" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>vulnerability</span></a> <a href="https://infosec.exchange/tags/opensource" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>opensource</span></a> <a href="https://infosec.exchange/tags/threatintelligence" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>threatintelligence</span></a> <a href="https://infosec.exchange/tags/cve" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cve</span></a> <a href="https://infosec.exchange/tags/exploit" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>exploit</span></a></p>
Bytes Europe<p>Growing intersection of geopolitical conflicts and financial cybersecurity <a href="https://www.byteseu.com/1041346/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="">byteseu.com/1041346/</span><span class="invisible"></span></a> <a href="https://pubeurope.com/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a> <a href="https://pubeurope.com/tags/FinancialCrime" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FinancialCrime</span></a> <a href="https://pubeurope.com/tags/fintech" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>fintech</span></a> <a href="https://pubeurope.com/tags/GeopoliticalCyberRisksToFinance" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GeopoliticalCyberRisksToFinance</span></a> <a href="https://pubeurope.com/tags/Geopolitics" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Geopolitics</span></a> <a href="https://pubeurope.com/tags/ThreatIntelligence" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ThreatIntelligence</span></a></p>
Infoblox Threat Intel<p>Our latest blog is out! It covers a rising issue that many major organization experiences: Subdomain hijacking through abandoned cloud resources.<br> <br>This research follows our reporting from earlier in the year about the CDC subdomain hijack. We initially assumed that this was an isolated incident. Well… We were wrong.<br> <br>We tied some of this activity to a threat actor, dubbed Hazy Hawk, who hijacks high-profile subdomains which they use to conduct large-scale scams and malware distribution.</p><p><a href="https://blogs.infoblox.com/threat-intelligence/cloudy-with-a-chance-of-hijacking-forgotten-dns-records-enable-scam-actor/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">blogs.infoblox.com/threat-inte</span><span class="invisible">lligence/cloudy-with-a-chance-of-hijacking-forgotten-dns-records-enable-scam-actor/</span></a><br> <br><a href="https://infosec.exchange/tags/dns" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>dns</span></a> <a href="https://infosec.exchange/tags/threatintel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>threatintel</span></a> <a href="https://infosec.exchange/tags/threatintelligence" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>threatintelligence</span></a> <a href="https://infosec.exchange/tags/cybercrime" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybercrime</span></a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/infoblox" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infoblox</span></a> <a href="https://infosec.exchange/tags/infobloxthreatintel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infobloxthreatintel</span></a> <a href="https://infosec.exchange/tags/scam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>scam</span></a> <a href="https://infosec.exchange/tags/HazyHawk" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>HazyHawk</span></a></p>
Europe Says<p><a href="https://www.europesays.com/2098788/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="">europesays.com/2098788/</span><span class="invisible"></span></a> UK and allies expose Russian cyber campaign targeting Ukraine support operations <a href="https://pubeurope.com/tags/cybercrime" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybercrime</span></a> <a href="https://pubeurope.com/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Cybersecurity</span></a> <a href="https://pubeurope.com/tags/GreatBritain" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GreatBritain</span></a> <a href="https://pubeurope.com/tags/Hacking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Hacking</span></a> <a href="https://pubeurope.com/tags/Russia" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Russia</span></a> <a href="https://pubeurope.com/tags/ThreatIntelligence" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ThreatIntelligence</span></a> <a href="https://pubeurope.com/tags/UkGovernment" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>UkGovernment</span></a> <a href="https://pubeurope.com/tags/UKNCSC" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>UKNCSC</span></a> <a href="https://pubeurope.com/tags/Ukraine" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Ukraine</span></a> <a href="https://pubeurope.com/tags/UnitedKingdom" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>UnitedKingdom</span></a></p>
Pyrzout :vm:<p>How Private Investigators Handle Digital Forensics? <a href="https://hackread.com/how-private-investigators-handle-digital-forensics/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">hackread.com/how-private-inves</span><span class="invisible">tigators-handle-digital-forensics/</span></a> <a href="https://social.skynetcloud.site/tags/ThreatIntelligence" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ThreatIntelligence</span></a> <a href="https://social.skynetcloud.site/tags/DigitalForensics" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DigitalForensics</span></a> <a href="https://social.skynetcloud.site/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Cybersecurity</span></a> <a href="https://social.skynetcloud.site/tags/Technology" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Technology</span></a></p>
Bytes Europe<p>UK and allies expose Russian cyber campaign targeting Ukraine support operations <a href="https://www.byteseu.com/1033896/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="">byteseu.com/1033896/</span><span class="invisible"></span></a> <a href="https://pubeurope.com/tags/Cybercrime" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Cybercrime</span></a> <a href="https://pubeurope.com/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a> <a href="https://pubeurope.com/tags/GreatBritain" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GreatBritain</span></a> <a href="https://pubeurope.com/tags/hacking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>hacking</span></a> <a href="https://pubeurope.com/tags/Russia" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Russia</span></a> <a href="https://pubeurope.com/tags/ThreatIntelligence" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ThreatIntelligence</span></a> <a href="https://pubeurope.com/tags/UKGovernment" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>UKGovernment</span></a> <a href="https://pubeurope.com/tags/UKNCSC" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>UKNCSC</span></a> <a href="https://pubeurope.com/tags/Ukraine" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Ukraine</span></a> <a href="https://pubeurope.com/tags/UnitedKingdom" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>UnitedKingdom</span></a></p>
Alexandre Dulaunoy<p>We implemented a major new feature in the AIL Project that addresses a long-standing issue related to the collection of images or screenshots that may be harmful to analysts (e.g., violent content, CSAM, etc.). The feature allows users to trigger the description of an image before actually viewing it.</p><p>The feature will be included in the upcoming release of AIL (version 6.2).</p><p>This work is co-funded in the AIPITCH project. We would like to thank Qwen for the open source Qwen2-VL vision-language models which provide an excellent basis for image detection and description while allowing local inferences.</p><p><span class="h-card" translate="no"><a href="https://infosec.exchange/@aipitch" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>aipitch</span></a></span> <span class="h-card" translate="no"><a href="https://social.circl.lu/@circl" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>circl</span></a></span> <span class="h-card" translate="no"><a href="https://infosec.exchange/@ail_project" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>ail_project</span></a></span> </p><p><a href="https://infosec.exchange/tags/ai" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ai</span></a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/visual" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>visual</span></a> <a href="https://infosec.exchange/tags/darkweb" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>darkweb</span></a> <a href="https://infosec.exchange/tags/monitoring" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>monitoring</span></a> <a href="https://infosec.exchange/tags/threatintelligence" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>threatintelligence</span></a> <a href="https://infosec.exchange/tags/opensource" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>opensource</span></a></p>
The DFIR Report<p>🌟New report out today!🌟</p><p>Another Confluence Bites the Dust: Falling to ELPACO-team Ransomware</p><p>Analysis and reporting completed by @pcsc0ut.bsky.social, @irishdeath.bsky.social & @0xtornado</p><p>🔊Audio: Available on Spotify, Apple, YouTube and more!</p><p><a href="https://thedfirreport.com/2025/05/19/another-confluence-bites-the-dust-falling-to-elpaco-team-ransomware/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">thedfirreport.com/2025/05/19/a</span><span class="invisible">nother-confluence-bites-the-dust-falling-to-elpaco-team-ransomware/</span></a></p><p><a href="https://infosec.exchange/tags/dfir" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>dfir</span></a> <a href="https://infosec.exchange/tags/cti" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cti</span></a> <a href="https://infosec.exchange/tags/blue" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>blue</span></a> <a href="https://infosec.exchange/tags/ThreatIntel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ThreatIntel</span></a> <a href="https://infosec.exchange/tags/ThreatIntelligence" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ThreatIntelligence</span></a> <a href="https://infosec.exchange/tags/ransomware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ransomware</span></a></p>
ExploreLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
Create accountLoginDrag & drop to upload