stui3b33.exe

Malwoverview v8.0 (codename: Revolutions) has been released: https://t.co/EwDKd2UUp1 To install its complete version: pip install malwoverview[all] Partial List of Improvements: NEW SERVICE INTEGRATIONS (6): 01. https://t.co/4ovWMNqOkm — submit URLs, retrieve results, search scans, search by domain/IP (-u/-U) 02. Shodan — IP lookup and search queries (-s/-S, -ip 4) 03. AbuseIPDB — IP reputation checks (-ab/-AB, -ip 5) 04. GreyNoise — IP classification (-gn/-GN, -ip 6) 05. Whois/RDAP — domain and IP lookups (-wh/-WH) 06. LLM threat enrichment — Claude, Gemini, OpenAI, Ollama (--enrich, --llm) NEW CAPABILITIES (16): 07. Cross-service hash correlation across VT, HA, Triage, AlienVault (--correlate-hash) 08. Batch hash check — Bazaar (-b 11), Hybrid Analysis (-a 16), Triage (-x 8) 09. Directory scan — Bazaar (-b 12), Hybrid Analysis (-a 17), Triage (-x 9) 10. Comprehensive IP lookup across all services (-ip 7) 11. IOC extraction from text, PDF, email, URL (--extract-iocs) 12. YARA rule scanning (--yara, --yara-target) 13. Interactive REPL mode with 22 commands (--interactive) 14. JSON and CSV structured output (--output-format) 15. Result caching with configurable TTL (--no-cache, --cache-ttl) 16. HTTP/HTTPS/SOCKS5 proxy support (--proxy) 17. MITRE ATT&CK technique mapping (--attack-map) 18. Quiet and verbose modes (--quiet, --verbose) 19. HTML/PDF report generation (--report) 20. TUI dashboard mode (--tui) 21. Context-aware LLM prompts — separate threat analysis and CVE analysis prompts 22. LLM provider override from CLI (--llm claude|gemini|openai|ollama) #threathunting #malware #vulnerability #ai #informationsecurity #cybersecurity #cve

☁️ Azure Monitor Alerts Weaponized for 🎣 Callback Phishing Threat actors are exploiting Microsoft Azure Monitor alerts to send phishing emails that look like legitimate Microsoft notifications. Because these alerts originate from [email protected] and pass SPF/DKIM/DMARC checks, they easily bypass traditional email defenses. The lure? Fake billing alerts urging recipients to call fraudulent support numbers—leading to credential theft or remote access compromise. https://t.co/Al7PHoFmBe To counter this, I’ve built a high-fidelity KQL detection leveraging the EmailEvents schema and the IsFirstContact field. For most enterprise users, receiving a first-contact email from [email protected] (without being Azure portal users) is a strong indicator of phishing callback attempts. 👉 Defenders: deploy this KQL to monitor inbound emails and flag suspicious Azure Monitor alert abuse. KQL Code: https://t.co/16siODK9Sy #Cybersecurity #AzureMonitor #Phishing #DetectionEngineering

Microsoft introduces Backup and Recovery for Microsoft Entra ID! Entra Backup and Recovery solution enables you to quickly recover from malicious attacks or accidental changes by reverting your core tenant objects to any previous state within the last 5 days. With automated backups and granular recovery capabilities, it ensures minimal downtime and supports your business continuity in the face of unexpected disruptions. Entra automatically generates one backup per day, retaining the last 5 days of backup history. You can recover key properties of the following core tenant objects: - Users - Groups - Applications - Conditional access policies - Service principals - Organization - Authentication methods - Authorization policy - Named locations #EntraID #Microsoft365 #Microsoft

⚠️ FortiOS Authentication Bypass Vulnerability Lets Attackers Bypass LDAP Authentication Source: https://t.co/GLWZL6S5bz Fortinet has disclosed a high-severity authentication bypass vulnerability in FortiOS, tracked as CVE-2026-22153 (FG-IR-25-1052), that could allow unauthenticated attackers to sidestep LDAP authentication for Agentless VPN or Fortinet Single Sign-On (FSSO) policies. The flaw resides in the fnbamd daemon and requires specific LDAP server configurations enabling unauthenticated binds. The issue stems from improper handling of LDAP authentication requests. An attacker could exploit this under certain setups, such as those permitting anonymous binds, to gain unauthorized access without valid credentials. #cybersecuritynews #vulnerability

MDO:⛔Ability to block external Teams user via Defender Portal MC1200058 - Roll out starts in Jan 2026 integration between Microsoft Teams and Microsoft Defender for Office 365 that allows security admins to manage blocked external users in Teams through the Tenant Allow/Block List (TABL) in the Microsoft Defender portal.💪 #Cybersecurity #Teams #TABL

🚨🚨CVE-2025-55182 (CVSS 10.0): RCE in React Server Components A decoding bug in React Server Function payloads enables full unauthenticated RCE on vulnerable RSC backends. 🔥PoC: https://t.co/ZsTgkRqiHH Search by vul.cve Filter👉vul.cve="CVE-2025-55182" ZoomEye Dork👉http.body="react.production.min.js" || http.body="React.createElement(" || app="React Router" || app="React.js" 3.1M+ exposed React targets. ZoomEye Link: https://t.co/evM9m7xxl0 Refer: 1. https://t.co/ypCp3ghocv 2. https://t.co/CbGYXnMWpR #RCE #ZoomEye #cybersecurity #infosec #OSINT