![kucher1n's tweet photo. Together with @bzvr_, @2igosha and Anton Kargin, we identified that the DAEMON Tools software has been compromised in a complex supply chain attack since April 8. We see thousands of infections across 100+ countries. If you use DAEMON Tools, run a malware scan immediately! [1/7] https://t.co/Gh3vEPDkgZ](https://pbs.twimg.com/media/HHib6-8XUAApWbV.jpg)
Olivia
Online
Omar
@beacon_exe
Senior Security Researcher @Kaspersky GReAT - tweets and opinions are my own
Joined December 2020
510 Following
648 Followers
473 Posts
just a little over a week left until the SAS CTF 2026 quals kick off. looking forward to seeing you at the onsite finals in Bali 🌴
New blog post! Writeup for my SASCTF'25 Finals A/D challenge: BPF-style symbolic verification of bare-metal RISC-V using Triton, a custom QEMU machine, and 5 bugs hidden across the stack. From verifier bypasses to a full QEMU escape 🔑
(link in comments)
We analyzed the Coruna exploit kit and found intriguing code overlaps with Operation Triangulation. Full analysis on our blog: link below.
Who to follow
Mohnad Alshobaily
@Mohnad
Error 404 The bug you’re looking for cannot be found, please try again later .
æ
@gn2ra
شيخ روحاني مجدي ابورامي
@magdee2341
نعالج جميع انواع السحر والحسد والمس ..
حل جميع مشاكل الزواج ..حل الخلافات الزوجية التي تحصل بدون سبب ..نفور بين الاخوان..فك المربوط عن الزواج .. 00962777406631
Alice left the Wonderland - https://t.co/tKiuQLKjui
Heartbroken to hear about the passing of @Skvern0. He was one of the best threat hunters in the industry - even APTs were afraid of him. I’m grateful for the time we worked together and for everything I learned from him. Rest in peace.
Kaspersky GReAT researcher @malware_owl discovered CVE-2026-3102 — a command injection vulnerability in ExifTool (≤13.49) on macOS. A crafted image file with malicious metadata can trigger arbitrary code execution. Update to v13.50 now!
#Kaspersky #GReAT #Cybersecurity #VulnerabilityResearch #OpenSource #InfoSec #macOS
Arkanix Stealer didn’t just steal data. It ran like a startup.
• MaaS model
• Discord marketing
• Referral program
• C++ & Python variants
• Crypto & browser data theft
Short-lived campaign. Long-term implications.
Full analysis: https://t.co/fcnkRrlXH6
#Malware #Infostealer #ThreatIntel #CyberSecurity
It turned out there are many more payloads used in the Notepad++ attack! To stay undetected, its masterminds were COMPLETELY changing execution chains about every month.
Here are more IPs used in the attack:
45.76.155[.]202
45.32.144[.]255
Read below for many other IoCs! [1/8]
![kucher1n's tweet photo. It turned out there are many more payloads used in the Notepad++ attack! To stay undetected, its masterminds were COMPLETELY changing execution chains about every month.
Here are more IPs used in the attack:
45.76.155[.]202
45.32.144[.]255
Read below for many other IoCs! [1/8] https://t.co/BGrMchxGjs](https://pbs.twimg.com/media/HANLJTgXQAEx-rW.png)
A full iOS zero-day exploit chain used in the wild against targets in Egypt. #Intellexa #Predator
Stage 1: Initial RCE via JSKit Framework (Safari WebKit Exploitation)Entry Point: The chain starts with a zero-day RCE vulnerability in Safari's WebKit rendering engine, patched by Apple as CVE-2023-41993 (a memory corruption issue in the JIT compiler).
Stage 2: Sandbox Escape and Kernel Privilege EscalationVulnerabilities Exploited: CVE-2023-41992: Kernel IPC use-after-free (sandbox escape + local privilege escalation, LPE).
CVE-2023-41991: Code-signing bypass (LPE).
Stage 3: Persistence and Surveillance Setup (PREYHUNTER Modules)Components: Divided into two modules—"watcher" and "helper"—deployed via the escalated privileges from Stage 2.
https://t.co/VQACc9Bg5l
https://t.co/0aYeiQj8lj
GhostCall by BlueNoroff is still going crazy.
⚠️ URGENT WARNING ⚠️
I’m sharing this as something urgent and important please be careful, everyone.
Linda is my friend. She used to work in capital markets, and we met years ago. Yesterday, she asked me to join a meeting. I thought it was for a project and accepted. She sent me a calendar invite, and I joined the meeting this morning at 9 AM.
It was supposed to be on Google Meet, but no one was there. Then they sent me a Zoom link. I clicked it and opened it in my browser.
When I joined, everything looked broken and the page asked me to run a “system update.”
Instead, I chose to download Zoom manually and asked for the meeting ID.
They refused to give it and said the update would be “easier.”
That’s when I deleted everything and shut it down.
I told them my computer couldn’t handle the update and that we should continue on Meet.
Strangely, my camera wouldn’t turn off no matter what I did.
I calmly closed all tabs, deleted everything, restarted my browser, and ran a full virus scan.
Then I realized Linda had been hacked, and the hackers were after me.
To those hackers: waving at you 👋 you almost got me, but not this time.
Linda was someone I really trusted.
Let this be a reminder to everyone:
If someone asks you to download or install something don’t do it!
@3ffaaat مش عارف اقولك ايه ياعم 🤣🤣❤️❤️❤️
couldn't ask for a better partner in crime at #TheSAS2025 stage.
Check out our full research, uncovering #GhostCall and #GhostHire of #Bluenoroff here:
https://t.co/xI1KwtTqI4
It was truly an honor to be part of #TheSAS2025 as a speaker! I and Omar (@beacon_exe) shared some juicy insights from our extensive research on #BlueNoroff's #GhostCall and #GhostHire campaign, part of #SnatchCrypto.
You can find our research below. ✅
https://t.co/UVH5GGQHBc
Yesterday’s hackyard party was wild - still recovering 😅 #TheSAS2025
My teammates @hypen1117 and @beacon_exe are absolute gods of PowerPoint. Their slides design is on another level! #TheSAS2025
New "Dante" malware from former "Hacking team"
https://t.co/hAMh0R0sI9
We(@kucher1n and myself ) discovered a new advanced threat campaign, PassiveNeuron, is actively targeting Windows Server environments in government, financial and industrial organisations across Asia, Africa and Latin America.
For more details - https://t.co/g33kgGsMal
The SAS conference (@TheSAScon) looks AMAZING this year!🔥 Love the talks lineup, the venue, the GTA theme (!!!), and the special guest! I’m also presenting something secret👀
I’ve got one extra ticket - DM me if I might know you and you’d like to come!
#TheSAS2025 agenda is almost ready! Keep an eye on the website updates as we iron out the final details with our stellar speaker lineup this week.
What to expect?
🕵️♂️ One in three talks covers recent APT TTPs and investigations. We expect four mind-blowing talks on 🚘 and telematics infrastructure and at least a couple on important topics like browser security and the realities of using EOL devices.
Expect a swirl of topics and slides in our favorite PechaKucha format too!
⚡️ So, bookmark this link and secure your spot before it's too late 👉 https://t.co/41ZlbIcJa1
Trends for you
Most Popular Users
Elon Musk 
@elonmusk
240.1M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.8M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.3M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.5M followers
KATY PERRY
@katyperry
86.8M followers
Taylor Swift
@taylorswift13
80.6M followers
Lady Gaga
@ladygaga
72.1M followers
Kim Kardashian
@kimkardashian
69.4M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.5M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61M followers
X
@x
60.9M followers
CNN Breaking News
@cnnbrk
59.9M followers