#ConsentFix (#AuthCodeFix) ) is the latest variant of the fix-type phishing attacks. Dive deep into the mechanics of the attack in @_st0pp3r_ latest blog post with #KQL detection queries and mitigations. 👇
https://t.co/7drRf6V6bA
What makes #Telegram so attractive to adversaries, and how do they abuse it? 🤔
That’s what you will learn in the recent blog post by @lontze7, @nef0sf and @_st0pp3r_ 👇https://t.co/itKwBAJPCJ
🚨 North Korean hackers have a new trick.
They’re hiding malware inside fake API keys on GitHub — using JSON Keeper and other legit tools to stay invisible.
The attack installs “BeaverTail” to steal data and drop a Python backdoor.
See how it works ↓ https://t.co/Ra4oGX9ULn
Together with @bartblaze and @lontze7, we discovered that DPRK #ContagiousInterview threat actors are abusing legitimate JSON storage services to host their first-stage malware
🚨North Korean threat actors are hiding malware in JSON storage services during fake developer interviews.
With 400+ suspected victims, this campaign is actively targeting developers.
Full analysis on our blog: https://t.co/xJHXSNFmv9
Our NVISO #IncidentResponse Team has been tracking #VShell campaigns worldwide! More than 1,500 active VShell servers were uncovered, each capable of giving attackers remote control over compromised networks. Read the report here 👇
https://t.co/XjAIIe99UH
On September 29th, 2025, Broadcom disclosed a local privilege escalation vulnerability, CVE-2025-41244, impacting VMware’s guest service discovery features. NVISO has identified zero-day exploitation in the wild beginning mid-October 2024.
All details - https://t.co/QOjY60sLzr
@struppigel While browsing today, I got a Google ad that blurs the entire webpage you're on and shows the ad in the center of the screen. As I was curious through these cases, I copied the link and ran it through urlscan. Got a hit on pdftraining[.]com
https://t.co/KsqZBVBu1a
(2/2)
@struppigel While browsing today, I got a Google ad that blurs the entire webpage you're on and shows the ad in the center of the screen. As I was curious through these cases, I copied the link and ran it through urlscan. Got a hit on pdftraining[.]com
https://t.co/KsqZBVBu1a
(2/2)
@struppigel Our SOC got multiple of these cases this week as well. All PDF-related. Most (if not all) cases have a delay of at least 10 days between initial execution of the downloaded software and execution of malicious .js files. (1/2)
Ready to uncover the secrets of #PoisonSeed's #PhishingKit? 🤯 Read @lontze7 latest blog post to learn how they bypass MFA and discover essential protection tips against their tactics. 👇
https://t.co/ToJXUQomps