Top Tweets for #HowlerCell
Another research from @Cyderes #HowlerCell. This is one of the complex RE work we did, layers and layers of encryption, thats why we name it as OnionDrop.
645+ unique samples in 80 days.
Dropping LegionLoader, CGrabber, and Vidar across different waves.
The prior work on CGrabber Stealer and Direct-sys Loader is here:
https://t.co/6r0N1U4Cbt
Full OnionDrop breakdown, YARA, and IOCs:
https://t.co/3RRdnv8iHS
#MalwareAnalysis #ThreatIntel #ThreatHunt #ThreatResearch #ReverseEngineering
New #HowlerCell Threat Research
Hours after @Microsoft shipped June Patch Tuesday fixes, the researcher known as Nightmare-Eclipse resurfaced on GitHub as #MSNightmare, publishing #RougePlanet, the 7th exploit targeting Defender in the cluster.
https://t.co/zeRDmlOlsg
Return of the Eclipse: #MSNightmare and #RoguePlanet
Analysis from @Cyderes #HowlerCell Threat Research team.
Hours after Microsoft shipped June Patch Tuesday fixes, the researcher resurfaced on GitHub as MSNightmare and published RoguePlanet, the seventh exploit in the cluster.
• New handle: MSNightmare (profile lists affiliation as "Microsoft")
• New exploit: RoguePlanet, a Defender zero-day
• Blog quote: "Microsoft cannot unwrite my code"
• Mirrors live on self-hosted Git: git.projectnightcrawler[.]dev/NightmareEclipse
• Blog: deadeclipse666.blogspot[.]com
The researcher is testing a ban-resistant publication model backed by self-hosted mirrors. Account takedowns no longer end the campaign.
#ThreatIntel #ZeroDay #PatchTuesday #VulnerabilityResearch #ThreatResearch
Read: https://t.co/1b3LiHH5En
Howler Cell's recent malware analysis highlighting the fake X-VPN installer deploying STX RAT was featured in @techradar by @monicajwrites.
Read more on TechRadar: https://t.co/QRwkAjMiED
@reegun21 #HowlerCell #Cyderes
Thanks @reegun21 / @Cyderes #HowlerCell for the research and responsible disclosure, and @blackorbird for the share.
The issue has been fixed in X-VPN for Windows version 77.5.3. Official distribution channels remain safe.
Download the latest version only from our official website: https://t.co/sdDCaSa6p4
Full statement: https://t.co/pgI2hbnklL
From Crypto Wallets to a 100M-User VPN: Inside an Active STX RAT Supply Chain Campaign
https://t.co/1t0ryjBt4a
Credit to @xvpnteam for the fast fix and public acknowledgment of the report. Ten days from disclosure to patch is what responsible vendor response looks like.
@Cyderes #HowlerCell will keep publishing research like these so defenders can move faster than active campaigns.
Read the full analysis: https://t.co/2pfhQeoFRF
X-VPN's official statement: https://t.co/tzokGDoVJe
This part of the research I like most, tracking the STX RAT family from #CPUID supply chain campaign, all the way to a coordinated vendor fix. Our @Cyderes #HowlerCell research mapped 11 trojanized packages, attributed them to one actor (Leda Elacoate, pufferfish11@firemail[.]cc), and tied everything back to the supp0v3[.]com C2 family before landing on X-VPN as the 100M-user lure.
@xvpnteam acknowledged in two business days and shipped version 77.5.3 after disclosure. That is the full arc, from sample to patch.
Read: https://t.co/2pfhQeoFRF
New @Cyderes #HowlerCell research from our Threat Hunting and Threat Research team collaboration - a SEO poisoning campaign impersonating the Claude Code install page.
What the operators built in:
→ An MP3/HTA polyglot that plays as real audio in a media player but executes as an HTA under mshta.exe, defeating file-type inspection
→ An in-memory AMSI bypass before anything else runs
→ A 17 MB obfuscated stage sized to break deobfuscators and exhaust sandbox memory
→ Per-victim C2 subdomains derived from MD5(COMPUTERNAME+USERNAME), which makes URL-level IOC sharing close to useless
→ A reflective .NET infostealer that lives entirely inside the PowerShell process. No file on disk. No new process. No image-load event to anchor on.
Final beacon goes to Russian infrastructure.
Full chain breakdown in the writeup:
https://t.co/qOw9g3rHmM
#ThreatResearch #MalwareAnalysis #ClickFix #InfoStealer #DFIR
Another day in @Cyderes #HowlerCell, solid work on validating the new Microsoft 0day. The exploit wasn't cooperating at first, but we tracked down the issue, got it working, and now we're sharing the findings with the community https://t.co/ELpeGRT4tg #Microsoft #0day
Thinking about the piracy games 🎮?
https://t.co/upeGD0qOAW
We are working on this over the past two months by correlating findings across multiple sources.
Today, we finalized the report based on that effort. Good teamwork and solid execution from @Cyderes #HowlerCell.
The second part of my Bring Your Own Updates (BYOU) series is now live: Abusing Fiery Driver Updaters for Stealthy Code Execution by @Cyderes #HowlerCell.
Why it matters? Organizations frequently place implicit trust in update components. This research highlights how that trust can be manipulated.
Key findings include
- A significant printer-server component, Fiery Driver Updater v1.0.0.16, contains embedded credentials and lacks source integrity checks.
- An attacker with post-compromise access could exploit the update mechanism to execute arbitrary code.
- The associated risks encompass supply-chain compromise, privilege escalation, and stealthy persistence, particularly if the updater is whitelisted or trusted by security controls.
https://t.co/eFh20HasyC
#CyberSecurity #ThreatHunting #ReverseEngineering #SupplyChainSecurity #BYOU #Cyderes #ThreatIntel
🚨 New #HowlerCell research from @Cyderes
Bring Your Own Updates (BYOU): Abusing Advanced Installer Updaters for Stealthy Code Execution.
In this deep dive, I uncover a supply chain risk in Installer frameworks, as part of series, we are uncovering Advanced Installer’s update mechanism (v22.7, May 2025) that allows attackers to abuse the -url parameter in updater.exe.
Because the updater accepts unauthenticated and unsigned configuration files, attackers can push arbitrary payloads that appear legitimate, creating a stealthy path for code execution under the guise of a normal update.
From a defender’s perspective, this is a reminder to:
* Monitor outbound updater requests.
* Enforce code signing and certificate validation on update channels.
* Implement integrity checks for update configurations.
Full technical breakdown: https://t.co/HLENicDLgp
Grateful for the coverage by @DarkReading :
https://t.co/1wI9JhiKWA
#SupplyChainSecurity #BYOU #ThreatResearch #CyberDefense #Cyderes #HowlerCell
Last Seen Hashtags on Sotwe
teenage()********** filter:native_video
Seen from India
cuckoldsessions
Seen from Turkey
beurettes
Seen from France
mom
Seen from France
putiesposa
Seen from United States
打屁股
Seen from France
alanyapasif
Seen from Turkey
NairobiPorn
Seen from Kenya
cockmilking
Seen from United Kingdom
teenage #teenagegirls #nolimit #leak caldo de pollo
Seen from United States
Trends for you
Most Popular Users
Elon Musk 
@elonmusk
240.2M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109.3M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.4M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.6M followers
KATY PERRY
@katyperry
87M followers
Taylor Swift
@taylorswift13
80.8M followers
Lady Gaga
@ladygaga
72.4M followers
Kim Kardashian
@kimkardashian
69.5M followers
Virat Kohli
@imvkohli
68.8M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.5M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.4M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60.1M followers