We built crackmes-RE: 4,598 crackmes labeled with a flag and/or a runnable verifier script (2,172 have one), plus normalized obfuscation/anti-debugging/protections tags. For benchmarking LLMs' and decompilers' reverse-engineering ability. https://t.co/R9CGvziTUK
🚨 Suspicious domains detected in the home[.]kg zone 🇰🇬
Domains:
🔹 auth.home[.]kg 🇰🇬
🔹 vscode.auth.home[.]kg 🇰🇬
Both domains are flagged in Maltrail (apt_kimsuky.txt) and are linked to infrastructure attributed by OSINT sources to #Kimsuky / #APT43 / Emerald Sleet.
I tested local models (Mac mini m4 24gb) on one practical task: analyze a hypothetical Windows Electron app without internet access and produce a safe bug-hunting plan.
https://t.co/R3ufKpqJwb
We’ve designed and built our first AI chip: Jalapeño.
Designed from the ground up by OpenAI and brought to production with @Broadcom, Jalapeño is purpose-built for the LLM workloads powering ChatGPT, Codex, the API, and future agentic products.
Chips are foundational to the AI economy. Building our own expands our full-stack platform from products to models to infrastructure, and will help us scale intelligence, serve more people, and expand access to AI.
🚨 #ThreatIntel: A sophisticated phishing campaign targeting the Greek Military Representation to #NATO has been spotted in the @anyrun_app sandbox. The observed attack chain and infrastructure setup strongly suggest suspected #MustangPanda (#TA416) activity, though definitive attribution remains open.
The threat actors utilized a spoofed Montenegro diplomatic email, delivering a highly relevant lure regarding the Ankara Summit. The phishing link redirects through a fake Cloudflare check to a pixel-perfect Google Drive clone, dropping a malicious ZIP archive.
Execution relies on a hidden PowerShell script triggered by an LNK file. It uses data carving to extract a TAR archive from the ZIP, unpacks it using the native Windows tar.exe, and establishes persistence via DLL Side-Loading using a legitimate Canon binary (CNMNSST.exe) to decrypt a hidden payload.
Indicators of Compromise (IOCs)
Network Infrastructure:
▪️ resources.babyafrosapparel[.]com (Phishing Gate)
▪️ drive.babyafrosapparel[.]com (Fake Google Drive Delivery)
▪️ concreteinportland[.]com (C2 Server via HTTPS GET beacons)
Associated Cloudflare IPs:
▪️ 104.21.90.16
▪️ 172.67.151.3
MD5 Hashes:
▪️ B791C416988D068A3E548A0F21CD3518 (MNE_Readout_Alice_Rufo_Briefing_Ankara_Summit_22Jun2026.lnk)
▪️ c836a6bbe16354a21ee688e3eeb32d86 (CNCLID.dll - Malicious Proxy Loader)
▪️ e70a5908e5eaee1bcd15eef82b1bcfdd (Canon.dat - Encrypted Payload)
▪️ adb67ffe941a706b6343f94413f6e5f2 (CNMNSST.exe - Legitimate Canon Executable)
Email Artifacts:
▪️ Sender: stasa.stojkovic.mne@gmail[.]com
#ThreatIntel #Cybersecurity #MustangPanda #TA416 #MalwareAnalysis
@ccdcoe
@OSdev_ I’ve set up a dedicated msFuzz lab for Windows driver fuzzing. Snapshot-based execution, kernel debugging, crash collection, and triage are all wired up.
#ThreatIntel: A highly targeted spear-phishing campaign against Turkish defense giant Baykar Tech (#Bayraktar#UAV manufacturer) was discovered on @anyrun_app
The analyzed EML file reveals a critical case of #VendorEmailCompromise (VEC) and #SupplyChain hijacking. The attack originates from aviaventures[.]net, the legitimate domain of Avia Ventures (Baykar's official factory partner in Ukraine). Because SPF, DKIM, and DMARC checks passed perfectly, it confirms the attackers successfully compromised the partner's mail infrastructure to hijack ongoing business threads.
🔍 TECHNICAL DETAILS:
* The delivery vector is a password-protected ZIP archive hosted on LimeWire.
* Contains a heavily padded VBS downloader bloated to 6.14 MB to bypass automated sandbox size limits (often capped at 5 MB).
* Deploys a fileless PowerShell RAT establishing persistence via HKCU Run key disguised as "WindowsUpdateSync" in %APPDATA%\Microsoft\Vault.
🚨 IOCs:
* Compromised Domain: aviaventures[.]net
* Mail Server IP: 37[.]77[.]29[.]120
* C2 Stager URL: hxxp[:]//181[.]215[.]18[.]89/hurry[.]ps1
* Decoy PDF: hxxps[:]//filesdownloadsecurely[.]netlify[.]app/letter[.]pdf
* Downloader MD5: E030A7A1AE5685E62879D522F2DB2104
* RAT MD5: C0376786BD41F9851554000A15E5AB15
#MalwareAnalysis #Infosec #Cybersecurity