32 ransomware groups abuse AnyDesk for persistence, per the Ransomware Tool Matrix. Longest row in the RMM table.
The setup is one piped command:
echo Admin#123 | AnyDesk.exe --set-password
2 gifts for defenders:
1. Password lands in plaintext in the echo command line
2. --set-password survives any rename
Sigma rule: AnyDesk Piped Password Via CLI
Hunt the flag + echo pipe 🔎
Update: PERKESO can’t refund contributions already paid into Lindung 24 Jam
the scheme has collected RM58,000,000 in June alone.
the CEO: "the coverage that has already been provided cannot be retrospectively withdrawn. I hope that is understood”
$5 A MONTH. NO CLOUD. AND IT RUNS OFF A POWER BANK.
Last month someone paid seven different companies $340 just for the privilege of using AI.
Claude Pro. ChatGPT Plus. Cursor. Perplexity. And a few charges they couldn't even identify anymore.
Then they did the boring thing nobody does. They added it all up.
Turns out a single Mac mini M4 can run local models that kill most of that stack. No subscriptions. No usage limits. No data leaving the desk.
And here is the part that breaks people. This one isn't even plugged into a wall.
A Mac mini M4 running full local AI, powered by a battery pack, sitting on a wooden desk like it's nothing.
The whole cloud AI empire is built on the assumption you'll keep paying monthly forever.
Some people already stopped.
Over the past few months, we’ve been dealing with growing abuse of our publicly accessible Valhalla API.
Despite clear rate-limit warnings and a fair-use policy written into the service footer, some users decided to push things too far.
They used automated systems to harvest rule matches and low-detection-rate sample hashes at scale – not for pivoting or threat research, but likely to clone detection coverage or populate IOC feeds.
They cycled through IPs to evade rate limits, effectively scraping the service into the ground.
We tried to fight back with thresholding, IP rotation handling, and other tweaks. But in the end, the abuse outweighed the benefit of keeping this API open to everyone.
We’re now limiting API access strictly to verified customers with API keys.
No more public query access.
It’s a decision we really didn’t want to make. We wanted the API to remain a tool for legit researchers, IR teams, and curious minds to enrich investigations and pivot on VT hits.
But thanks to the usual suspects who treat every open interface like a free buffet, that time is over.
We’re sorry to the people who used this service properly and will now lose access.
But stability, fairness, and sustainability win out.
Malware Analysis and Reverse Engineering Practical Malware Analysis for Modern Threat Investigations 🇲🇾
Date: 04 Jul 2026 20:00
Fees: Paid Entry (Fees Applies)
Category: Open to All (No limit)
Organizer: Valere Labs
Link: https://t.co/3QXhXbxxrg
Location:Online
🇲🇾 A threat actor is advertising the alleged sale of data belonging to Malaysia's Inland Revenue Board (IRBM/LHDN) through the MyTax portal.
According to the post, the dataset allegedly contains:
* Over 10 million records
* Tax Identification Numbers (TINs)
* Personal profile information
* Tax filing and payment history
* Bank account details
* Email addresses
* Phone numbers
* JSON-formatted data
The seller claims the data was exfiltrated in June 2026 and is offering the dataset for $20,000.
At the time of writing, the authenticity of the dataset and the claimed compromise have not been independently verified.
Analyst Note: Tax records are among the most valuable forms of personal data for cybercriminals. If authentic, the combination of financial information, contact details, and taxpayer identifiers could enable identity theft, tax refund fraud, financial scams, and highly targeted phishing campaigns.
#DDW #DarkWeb #Intelligence #Malaysia
💥OpenOSINT turns OSINT into a terminal-based AI agent.
Give it an email, username, domain, IP, or target, and it can chain real tools, pivot on findings, and save a structured report.
GitHub: https://t.co/N2j3qGI9SM
Live Demo: https://t.co/pDrlfGs6nd
🇲🇾 Malaysia | Alleged Malaysian Citizens Database Advertised for Sale
A threat actor is advertising what they claim is a large aggregated database containing Malaysian citizens' personal information.
* According to the listing, the sample allegedly includes:
* Phone numbers
* First and last names
* Gender
* Marital status
* Employer/company names
* Facebook-style user IDs
* Additional location and profile metadata
* The seller states the records originate from multiple sources rather than a single organization and uses Malaysian companies as examples of employers appearing in the dataset.
Analyst Note: These claims have not been independently verified. Large aggregated identity datasets are commonly repackaged and resold on underground forums, making attribution difficult. Regardless of origin, such datasets can facilitate phishing, identity theft, social engineering, and account takeover attacks.
#DDW #Intelligence #DarkWeb #Malaysia
OSINT of Malaysia is out!
Many Thanks to @thisisfinx for building this toolkit.
The toolkit contains open data portals, company registries, land and property records, geospatial data, people search, and more.
Link: https://t.co/uzHNp2czPz
Untuk 2 bulan akan datang, kisah MOH ni akan jadi modal pasal cyber hygiene sampai pishang (firasat aku ada benda yg lagi kritikal pasal diaorg tp takdak sapa yg nak amik port). Tapi takda sapa yg akan dtg tolong diaorg. Ulang la cycle ni sampai bila2. Sekian terima kasih
🚨 BrEaKiNg: Splunk, a security product, has zero authentication in its built-in database service and accepts any credentials, according to the security researchers who just dropped a full pre-auth RCE chain for Splunk Enterprise (CVE-2026-20253, CVSS 9.8).
Splunk Enterprise on AWS is vulnerable out of the box.
The Google Threat Intelligence Group has detected the first known instance of a threat actor using an AI-developed zero-day exploit in the wild. While the attackers planned a wide-scale strike, our proactive counter-discovery may have prevented that from happening. This finding is part of our new report on AI-powered threats.
🚨 NEW Windows Low Latency Mode?
You can enable it using ViVeTool GUI:
1. Update Windows
2. Install ViVeTool GUI
3. Go to Enable/Disable
4. Enter Feature ID: 61391826
5. Click Enable
6. Reboot your PC
This makes Windows temporarily push the CPU harder for short bursts when you launch apps, open menus or trigger high priority actions. It boosts CPU frequency for around 1–3 seconds, helping Windows feel faster and more responsive rather than waiting for the CPU to slowly ramp up.
The difference is CRAZY
Chinese dev open-sourced an entire car OS that turns any Android phone into a wireless CarPlay adapter.
It's called OkcarOS. a custom android 13 rom that speaks the carplay protocol directly to your car's screen.
→ Connects in 4 seconds
→ 60fps video, 25mb bitrate
→ Lossless PCM audio
→ 1:1 resolution with your in-car screen
100% Open Source.
EKONOMI MALAYSIA DIJANGKA MULA TERUK BERMULA JUN KERANA PERANG US IRAN
Penasihat Ekonomi Pejabat Perdana Menteri, Nurhisham Hussein memberitahu Podcast The Breakfast Grill BFM Radio bahawa Ekonomi Malaysia dijangka mula teruk bermula Jun kerana Perang US Iran dan Penutupan Selat Hormuz
Situasi teruk ini akan berlangsung dalam 3 Gelombang.
Gelombang Pertama- Bekalan Minyak Malaysia akan mulai habis. Di mana 3/4 Pengeluaran minyak di Timur Tengah ditutup. Pengeluaran minyak sepenuhnya memakan masa 6 Bulan daripada tarikh perang tamat. Ia bukan seperti tutup paip. Antaranya ialah Telaga Minyak itu disimen dan proses membuka semula telaga itu memakan masa 3 bulan. Proses untuk membersihkan trafik di Selat Hormuz juga dijangka 2-3 bulan. Malaysia import 70 peratus minyak dari Selat Hormuz
Gelombang Kedua - Bekalan Petrokimia mulai terjejas. Rakyat Malaysia memerlukan bahan ini untuk produk kebersihan diri, tuala wanita, lampin bayi, komestik, berus gigi dan sebagainya. 70 peratus kereta dibuat dari plastik.
Gelombang Ketiga- Masalah bekalan mentah. Banyak syarikat hanya ada simpanan bahan mentah untuk hasilkan produk mereka selama 2 bulan sahaja. Hanya 10 ke 15 peratus SME Malaysia mempunyai simpanan bahan mentah selama seminggu atau dua minggu.
Kesan gelombang ini akan menyebabkan produk pengeluaran berkurangan, pekerja tak dapat kerja OT, pengurangan syif pekerja dan ini jejaskan rakyat Malaysia secara perlahan-lahan
@vxunderground I’ve officially left cybersecurity and gone back to become a plumber. @vxunderground you’re cool, @lauriewired you’re cool, Fuck this shit, I’m out.
TanStack was hit by a supply chain attack.
MistralAI was hit by a supply chain attack.
The Mayor of Arcadia, California, was a Chinese spy.
Forza Horizon 6 leaked.
Canvas bamboozled.
Shai-Hulud open-sourced.
Nightmare-Eclipse teases two new Windows 0days.
It is Tuesday. What will happen on Wednesday? Find out on the next action packed episode of Dragon Ball Z