Olivia
Online
New Bound
@N3wbound
CTI Analyst, IDA Challenged
Israel
Joined December 2014
876 Following
147 Followers
2.7K Posts
Our latest Threat Intelligence report dives deep into ADINT (Advertisement-based Intelligence) to expose how private companies weaponise AdTech mechanisms to harvest intelligence data, fueling the surveillance solutions they sell.
https://t.co/uik0siu9iK
STOCKSTAY Another Day: The Latest Addition to Turla’s Intelligence Gathering Apparatus
Google Threat Intelligence Group
GTIG has conducted an in-depth analysis of a .NET backdoor, tracked as STOCKSTAY, that has been continually developed and deployed by the Russia-linked threat actor Turla
https://t.co/ZAnLVXF05T
@googlecloud
SentinelLABS has analyzed a Rust macOS implant that embeds a 3.5 KB prompt-injection payload of 38 fabricated “system” messages, built to steer an LLM-assisted triage pipeline into aborting or refusing its analysis. They assess with high confidence that the implant, which we track as macOS.Gaslight, belongs to a cluster of DPRK-aligned macOS activity.
https://t.co/F9IpVB9s8Y
@LabsSentinel
Is the idea of APT groups as unitary, monolithic entities (a PLA unit, an MSS bureau) still viable? When it comes to China, maybe not so much. Cool @bindinghook paper discussing the new ecosystem of 🇨🇳 cyber ops and its mesh of contractors, fronts, etc. https://t.co/37JDiWdTQt
Who to follow
SKII 
@SethKingHi
Senior Security Researcher @kaspersky GReAT, tweets and opinions are my own.
Johan
@Syndikalist
Mostly RT interesting stuff.
RT != Endorsement and all that jazz.
Winslow
@senzee1984
中文/English/日本語
Founder of 0xRead
Security Research | Red Team | Game Hacking | Exploit Development | Malware | Evasion
Opinions are my own
#ESETresearch has observed DeadLock ransomware expanding its use of Polygon blockchain smart contracts. Previously used only for chat proxy server address rotation, DeadLock has now added a new contract with the gang's DLS entries - a first of its kind we are aware of. 1/6
#ESETresearch discovered two as-yet undocumented Windows variants of #SprySOCKS, a previously Linux-only backdoor reportedly used by #FishMonger. We attribute the new Windows variants to #FishMonger with high confidence. https://t.co/eDdzltxOi9 1/4
Hidden in Teams: DragonForce Attackers Weaponize Microsoft Teams Relays to Stay Hidden. Backdoor.Turn, a Go-based RAT, is the first known malware to abuse Microsoft Teams' TURN relay servers to mask C&C traffic. Read more: https://t.co/i6s0iVj0mK
🇮🇷 𝗔𝗯𝗮𝗯𝗶𝗹 𝗼𝗳 𝗠𝗶𝗻𝗮𝗯 𝗘𝘅𝗽𝗼𝘀𝗲𝗱: 𝗟𝗔 𝗠𝗲𝘁𝗿𝗼 𝗦𝗖𝗔𝗗𝗔 𝗕𝗮𝗰𝗸𝘂𝗽𝘀 𝗮𝗻𝗱 𝗜𝘀𝗿𝗮𝗲𝗹𝗶 𝗩𝗶𝗰𝘁𝗶𝗺 𝗗𝗮𝘁𝗮 𝗟𝗲𝗳𝘁 𝗢𝗽𝗲𝗻 𝗼𝗻 𝗮𝗻 𝗜𝗿𝗮𝗻𝗶𝗮𝗻 𝗦𝘁𝗮𝗴𝗶𝗻𝗴 𝗦𝗲𝗿𝘃𝗲𝗿
A pro-Iranian group called Ababil of Minab claimed destructive intrusions against targets in the US, Israel, Saudi Arabia, and Turkey, including a breach LA Metro confirmed in April.
A later public report described the campaign but held back the rest of the victims. We found the operator's staging server sitting wide open and read the list ourselves.
What AttackCapture captured at 5.255.127[.]55:8020:
→ 2,238 files across 545 subdirectories, around 5 GB of exfiltrated data
→ Over 1 GB of LA Metro SQL Server backups covering transit ops, personnel records, SCADA configs, and yard management
→ Named victims the public report withheld: Ruppin Academic Center, bac(.)org(.)il, adabroker(.)com(.)tr, courier(.)co(.)il, Ifat Media Group
→ The custom Flask receiver, the operator's bash history, plaintext Chrome password dumps, VPN credentials, and switch configs
→ A 404 handler that quietly redirected to fbi(.)gov to look harmless
The server stayed up for at least four weeks, into late May, after the public report dropped and after the group went quiet on Telegram. That mistake handed us the full picture.
Full research here 👇: https://t.co/nUqelBq8M1
🚨New Blog!🚨
🇨🇳-Nexus actors #UNC6508 targeting NA academic, medical and military research institutions with #INFINITERED malware.
https://t.co/YubNfAHVrh
#threatintel #PRC
We analyzed a SideCopy (APT36 / Transparent Tribe) chain targeting Indian defense personnel
A weaponized PowerPoint package posing as an internal military briefing. Same actor. New lure.
The bait is a folder named "PPT for Breifing at HQ Northern Command," built around a convincing .pptx decoy and a double-extension shortcut (...pptx.lnk) carrying a shell32 icon so it reads as a normal PowerPoint to the target.
Nothing is dropped to disk by the shortcut itself. The LNK kicks off a staged loader hidden inside a nested excel\ folder.
Execution chain:
batch/PowerShell stager opens the decoy .pptx + drops the payload → jrnswry acrhyis.exe, a .NET CrimsonRAT loader → beacons to a hardcoded C2 → remote access, recon, exfil
Our @thor_scanner run produced the following YARA hits:
https://t.co/B6reE7Vp5D
https://t.co/XLeFw6TvH9
https://t.co/hGrzQH1l0L
https://t.co/1AODiCrgc2
Shortcut (LNK) https://t.co/Kg3CQ5CuOR
Loader (excel.bat) https://t.co/x3jJylIgeL
Payload (CrimsonRAT) https://t.co/1vsTqMWisQ
Decoy PPTX https://t.co/YePNSqcnTW
Analysis of APT37 NarwhalRAT Leveraging MS-Themed Phishing and Dead-drop C2
Genians Security Center
https://t.co/SOd4B3Lm0m
‼️ Nowa aktywność grupy UNC1151/Ghostwriter
Zespół CERT Polska zaobserwował w ostatnich miesiącach zmianę w sposobie działania grupy UNC1151 - znana z operacji dezinformacyjnych oraz phishingów na polskich dostawców poczty elektronicznej (Onet, Wirtualna Polska, Interia), od paru miesięcy przygotowuje swoje kampanie celując również w użytkowników Gmaila.
🔗 Szczegółowy opis zagrożenia wraz z przykładami znajduje się w artykule na naszej stronie:https://t.co/8UawqXj0Gy
Grupa atakuje osoby zaangażowane w życie polityczne, aktywne społecznie, zajmujące eksponowane stanowiska, naukowców, dziennikarzy, pracowników administracji publicznej i służb mundurowych, a także inne osoby powiązane z nimi poprzez relacje rodzinne lub towarzyskie.
Przejęte skrzynki poczty elektronicznej są przeszukiwane pod kątem listy kontaktów, wrażliwych dokumentów czy powiązanych kont.
🚩 Grupy APT (Advanced Persistent Threat), takie jak UNC1151, to podmioty, których działalność cyberprzestępcza może być powiązana z działaniem obcych państw. W CERT Polska stale monitorujemy ich aktywność w polskiej cyberprzestrzeni, a wnioskami dzielimy się w naszych raportach.
Black Lotus Labs recently identified a significant resurgence of the JDY botnet, a covert reconnaissance network tied to China-nexus threat activity.
Black Lotus Labs | Lumen
https://t.co/6E2PHYbrX0
@lumentechco
#ESETresearch has discovered a supply-chain attack targeting stock investors in 🇻🇳Vietnam, distributing SPECTRALVIPER through the update mechanism of the FireAnt Metakit stock investment platform. https://t.co/kquAp6fM8b 1/4
When “Hi, This Is IT” Comes Through Microsoft Teams
Unit 42 | Palo Alto
Cloaked Ursa (aka APT29, Cozy Bear and Midnight Blizzard) has successfully operationalized this approach.
https://t.co/vNfNQdN5AB
@Unit42_Intel
This is big 🔥🔥 https://t.co/OOsaKt4PkG
Two separate Russia-aligned campaigns are still exploiting the WinRAR flaw CVE-2025-8088 against Ukrainian organizations nearly a year after it was patched
Trend Micro
https://t.co/BCXGZSnEXN
@trendaisecurity
Don't Fear the Repo: UNK_DeadDrop Phishing Campaign Targets Developers to Steal Cryptocurrency
Proofpoint Threat Research
"North Korea-aligned threat actors have made a concerted effort not only to target cryptocurrency and decentralized finance organizations, but specifically to target developers using fake recruiter personas..."
https://t.co/QPADspoUmK
@proofpoint
Last Seen Users on Sotwe
🔞 LewdsSonk 🔞
Seen from Brazil
Rami🇱🇧🇱🇧
Seen from Belgium
Paijo Ndugal
Seen from Japan
Minh Quân
Seen from Vietnam
Anal World 🍌🍑 🔞
Seen from Netherlands
Parejas Libres
Seen from United States
FREE SEXMX
Seen from Mexico
MILF Lover
Seen from Indonesia
YERLI VIDEOLAR
Seen from United Kingdom
Sevda evli cift
Seen from Turkey
Most Popular Users
Elon Musk
@elonmusk
240.6M followers
Barack Obama
@barackobama
119.2M followers
Donald J. Trump
@realdonaldtrump
111.7M followers
Cristiano Ronaldo
@cristiano
110.5M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.6M followers
NASA
@nasa
92.2M followers
Justin Bieber
@justinbieber
90.9M followers
KATY PERRY
@katyperry
87.6M followers
Taylor Swift
@taylorswift13
81.4M followers
Lady Gaga
@ladygaga
73M followers
Virat Kohli
@imvkohli
69.8M followers
Kim Kardashian
@kimkardashian
69.8M followers
YouTube
@youtube
68.7M followers
Bill Gates
@billgates
63.9M followers
Neymar Jr
@neymarjr
62.5M followers
The Ellen Show
@theellenshow
62.4M followers
CNN
@cnn
61.9M followers
X
@x
60.8M followers
Selena Gomez
@selenagomez
60.7M followers