SpiderLabs

Physical access attacks just got boring...and that’s the problem. YellowKey abuses WinRE and deprecated-but-still-live TxF to unlock BitLocker‑protected volumes before the OS loads. Add GreenPlasma and MiniPlasma, and you’ve got a clean chain from reboot → SYSTEM. Recovery environments aren’t neutral. They’re trusted. https://t.co/OmglKnyivf

Meet....The Gentlemen: a high-volume extortion operation that went from "new name" to top-two global activity in less than a year. It's not even really the malware that stands out, but the model: ▪️Affiliate-driven scale with batch disclosures ▪️Data theft as the main pressure point (not a side quest) ▪️Short time-to-encryption fueled by exposed perimeter access + valid creds They've already claimed 352 victims and IR telemetry suggests that just the tip of the iceberg (many intrusions never hit the leak site at all). Let's break down the defensive takeaways: https://t.co/GR13XtCyrf

Nothing screams “malware” like… MicrosoftToolkit.exe? 🤔 This multi‑stage loader blended in, unpacked itself piece by piece, and used an AutoIt script to phone home (courtesy of Telegram and Steam). Let's break down exactly how this loader delivers Vidar and why defenders can't afford to ignore "legit" tools anymore: https://t.co/rTnPpBLjzj

Your biggest hotel breach might start...at the gym? 🏋️ A smart stationary bike. 🚲 An open Ethernet port. 🔌 A straight line to PCI systems and RCE. ⛓️ It's what our experts found in a recent assessment: unsecured IoT gym equipment that became a launchpad for lateral movement into internal admin networks. No malware, no phishing, no alarms. Just overlooked infrastructure doing exactly what it was allowed to do. Review our findings: https://t.co/SZtXVpK3HD

Remote access trojans have been quietly evolving for decades. KarstoRAT didn’t get the memo to stay subtle. 🤫 From webcam hijacking and token theft to flipping desktops upside down (literally), this novel RAT blends serious espionage with psychological disruption, using a fake Roblox marketplace as the front door. Our experts pulled it apart piece by piece: C2 infrastructure, persistence tricks, exfil paths, and the “why” behind its design, below. ⤵️ https://t.co/yzfCoobCJ8 #KarstoRAT #cybersecurity #cyberthreat #SpiderLabs #malware #trojans

The attacker didn’t send a link. It made a phone call. 📲 Okta vishing is redefining initial access: no malware, no phishing kits, just social engineering aimed straight at your identity provider and designed to (almost) entirely bypass standard endpoint defenses. If your threat model still starts with email, you’re behind. https://t.co/rMsGEAzEz3

A compromised CPUID HWMonitor installer was observed delivering a fileless malware chain using MSBuild and regsvr32 to execute Clippy.sct. The script encodes the payload as IPv6 data, reconstructs it into a .NET assembly, and executes it via deserialization. https://t.co/mKPqn53Gof

No zero-days. No custom malware. Still effective. ERRTraffic v3 shows how far attackers can go by: 🔺Hosting payload logic inside Ethereum smart contracts 🔺Using ClickFix to turn “helpful” user action into execution 🔺Rotating infrastructure without touching traditional hosting The campaign succeeds not because defenses are broken, but because nothing “looks” malicious enough to stop. https://t.co/qYNSJJEJvX

MAC randomization was supposed to protect privacy...turns out, signal strength has other plans. RF power levels can be used to passively track devices, even when MAC addresses are randomized. It's a smart reminder that security controls don't exist in isolation and attackers love the gaps between them. https://t.co/PWwibk3jTl