TrendAI™ Research has uncovered "Quasar Linux" (QLNX), a sophisticated Linux RAT that evades detection with rootkit and PAM backdoor techniques. QLNX targets developer credentials used to publish code and access cloud infrastructure. Full research: https://t.co/L6Od5GAPoy
🚨 New research out:
👾 Meet GhostPenguin: A multi-threaded Linux backdoor RC5-encrypted UDP channels for C2 communication . Read the full technical breakdown of this new threat here: https://t.co/g48jD8bA3V
#Malware#GhostPenguin#InfoSec#Linux#backdoor#ThreatHunting
Trend Research uncovers Water Gamayun’s arsenal and infrastructure. This suspected Russian threat actor exploits the CVE-2025-26633 #zeroday#vulnerability to execute malicious code and exfiltrate data from compromised systems.
Read more: ⬇️https://t.co/25Srz2IHDN
1/6 Water Gamayun, a suspected Russian threat actor, is exploiting the CVE-2025-26633 vulnerability to execute malicious code and steal data. This #zeroday#vulnerability poses significant risks to businesses.
Here's what you need to know: https://t.co/Dmyt56AOM6
🚨🕵️ 1/3 We've released our research on #CVE-2025-26633 — detailing how Water Gamayun (aka. #EncryptHub) weaponizes MUIPath via the MSC #EvilTwin technique.
This bug in Microsoft Management Console (mmc.exe) is abused to proxy execute #malicious code on an infected system.👇🧵
We have uncovered a Windows .lnk shortcut bug (#ZDI-CAN-25373) being exploited by #APT groups and cybercriminals worldwide. This bug in Windows .lnk files allows attackers to execute hidden malicious commands that aren't visible when viewing shortcut properties. More details 🧵
Red team tools offer many benefits, but their dual-use nature also poses substantial risks, underscoring the need for strong ethical guidelines and effective detection capabilities.
Here’s what you need to know: ⬇️ https://t.co/ctOJypYBHP
🚨 🔎 In January, the @thezdi reported CVE-2024-21412 (ZDI-CAN-23100) to @MsftSecIntel . In the course of our investigation, we discovered that the Water Hydra group was exploiting a Windows Defender SmartScreen Security bypass, as well as the operators of DarkGate malware, who were exploiting both CVE-2024-21412 (as a zero-day) and CVE-2023-36025 (as an n-day). This incident highlights how distinct threat actor groups may independently exploit zero-day vulnerabilities before the vendors become aware of any security vulnerabilities in their products.
🤝 Fantastic analysis and collaboration with my colleague Aliakbar Zahravi (@AliakbarZahravi), who is always a pleasure to work with.
See you all at Pwn2Own and CanSecWest 2024 in Vancouver! 🍻
https://t.co/AlJZBbVCjZ
.@TrendMicro has found a malicious Chrome extension targeting Latin America that we’ve named “ParaSiteSnatcher." It allows threat actors to monitor, manipulate, and exfiltrate highly sensitive information from multiple sources.
Read: ⬇️ https://t.co/13XYnoHAgT