New ransom group blog post!
Group name: rhysida
Post title: Senior Support Services
Info: https://cti.fyi/groups/rhysida.html
cti.fyirhysida
Recent searches
Search options
#infosec
480 posts272 participants8 posts today
This dumb password rule is from Taco Bell.
Password may include special characters, except for #.
dumbpasswordrules.comTaco Bell - Dumb Password RulesPassword may include special characters, except for #.
Coffeeloader Evades EDR And Other Antivirus Programs
Pulse ID: 67e75817beeea73a56683ef0
Pulse Link: https://otx.alienvault.com/pulse/67e75817beeea73a56683ef0
Pulse Author: cryptocti
Created: 2025-03-29 02:16:55
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
LevelBlue Open Threat ExchangeLevelBlue - Open Threat ExchangeLearn about the latest cyber threats. Research, collaborate, and share threat intelligence in real time. Protect yourself and the community against today's emerging threats.
This was my favourite talk from @REverseConf! @mahaloz made an intimidating (to me) topic really accessible, and I feel like I now have a better understanding of the decompilers I use every day. He is a great presenter too :D Would recommend checking it out!
#reverseengineering #decompilation #infosec https://infosec.exchange/@REverseConf/114241453480617211
Infosec ExchangeRE//verse Conference (@REverseConf@infosec.exchange)Another must-watch talk from RE//verse 2025 is live! Zion Basque challenges decompilers to step up their game and introduces a roadmap for a practical solution to solve some of the trickiest compiler behavior's to analyze. Check it out here: https://youtu.be/VP29biKLoSw
New ransom group blog post!
Group name: rhysida
Post title: Forrest City School District
Info: https://cti.fyi/groups/rhysida.html
cti.fyirhysida
We published a blog yesterday about a PhaaS and phishing kit that employs DoH and DNS MX records to dynamically serve personalized phishing content. It also uses adtech infrastructure to bypass email security and sends stolen credentials to various data collection spaces, such as Telegram, Discord, and email. https://blogs.infoblox.com/threat-intelligence/a-phishing-tale-of-doh-and-dns-mx-abuse/
Infoblox Blog · PhaaS actor uses DoH and DNS MX to dynamically distribute phishingLarge-scale phishing attacks use DoH and DNS MX records to dynamically serve fake login pages
Who wants to join my Anarcho Syndicalist Tech Collective? We buy some used Taco trucks except we fit them out with inverters and lots of networking tech, and we drive around Los Angeles doing guerrilla Debian installs and selling phones with Graphene OS pre installed. Bring your own laptop and we wipe it and have our FAI server give you preconfigured desktop environment. Sell mini PCs with Nextcloud and Photo prism set up as .onion dark web sites... #infosec #tech #freedom
So I go to pick my kids up at school and get there early the yearbook teacher wants me to come help her get photos from a Google photos album I made at a track meet a week ago.
I had sent her a link to the shared album but that "didn't work". It turns out because the school filters that site. "Can't you just air drop them to me"... Well, no, that's an iPhone only thing. So I suggest she bulk downloads the album on her phone. But the photos app doesn't have that option
New ransom group blog post!
Group name: ransomhub
Post title: www.bassi.it
Info: https://cti.fyi/groups/ransomhub.html
cti.fyiransomhub
The #MorphingMeerkat phishing kit is exploiting DNS vulnerabilities to spoof 100+ brands, using dynamic fake login pages and anti-analysis techniques.
Read: https://hackread.com/morphing-meerkat-phishing-kit-dns-spoof-brands/
Hackread - Latest Cybersecurity, Tech, AI, Crypto & Hacking News · New Morphing Meerkat Phishing Kit Exploits DNS to Spoof 100+ BrandsFollow us on Blue Sky, Mastodon Twitter, Facebook and LinkedIn @Hackread
New ransom group blog post!
Group name: ransomhub
Post title: phaus.us&phakr.com&phabodysystems.com
Info: https://cti.fyi/groups/ransomhub.html
cti.fyiransomhub
The countdown to the weekend begins with 5-4-Friday! 
Five #InfoSec and #DataPrivacy news items you may have missed from this past week.
Sherpa Intelligence presents: Five for Friday 28 March 2025
Read & subscribe here: https://sherpaintelligence.substack.com/p/five-for-friday-28-march-2025
Man, npm and supply chain security... seriously a never-ending story. 
Just caught an article about "ethers-provider2" and "ethers-providerz". Get this: these things are actually infecting packages you *already* have installed! 
Speaking as a pentester, let me tell ya: you absolutely *have* to run regular checks. Your `package-lock.json`, `yarn.lock`... check 'em all! Trust me, SCA tools are worth their weight in gold in these situations. And listen up, people, MFA for your npm account? That's not some optional extra, it's a straight-up *MUST*!
I literally just had a client who thought, "Ah, npm's pretty safe, right?". Yeah, famous last words! 
So, what're your most insane supply chain attack stories? Lay 'em on me!
New Open-Source Tool Spotlight
APTSimulator is a tool for security teams to simulate advanced persistent threat (APT) behavior in a controlled environment. It uses batch scripts to mimic common attack techniques, like privilege escalation or ransomware actions, without real payloads. Useful for testing detection rules. #CyberSecurity #ThreatSimulation
Project link on #GitHub 
https://github.com/NextronSystems/APTSimulator
#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity
— 
P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking 
Replied in thread
Davisson was also quoted in Fierce Healthcare discussing President Trump's recent Executive Order requiring federal agencies to modify guidelines restricting unclassified data access: www.fiercehealthcare.com/regulatory/f...
#ExecutiveOrder #DOGE #DataAccess #InfoSec
![Davisson was quoted in Fierce Healthcare: “This is the loudest signal yet to federal agencies that they’re expected to ignore privacy and security safeguards and give the Department of Government Efficiency [DOGE] full control over the data they hold. Nominally limiting DOGE access to what is ‘consistent with law’ is meaningless when the administration is already systematically violating federal privacy laws.”](https://cdn.masto.host/mastodonie/cache/media_attachments/files/114/241/569/764/016/802/small/7e1c35c742ed64ce.jpeg "Davisson was quoted in Fierce Healthcare: “This is the loudest signal yet to federal agencies that they’re expected to ignore privacy and security safeguards and give the Department of Government Efficiency [DOGE] full control over the data they hold. Nominally limiting DOGE access to what is ‘consistent with law’ is meaningless when the administration is already systematically violating federal privacy laws.”")
New ransom group blog post!
Group name: incransom
Post title: augustssons.se
Info: https://cti.fyi/groups/incransom.html
cti.fyiincransom
Replied in thread
@otmar Can we please advise people to not turn their Ivanti Connect Secure (ICS) Version 9.x off?
It is better to disconnect such devices from all networks and get your IR/CERT/SOC to take an HD image and memory dump*. Then turn it off.
*) Contact your Ivanti rep to tell you how, because of course they've put all info behind their customer login.
NEW BETA RELEASES
iOS 18.4 RC 2 (22E240) iPadOS 18.4 RC 2 (22E240)
Operation ForumTroll: APT attack with Google Chrome zero-day exploit chain #infosec
https://securelist.com/operation-forumtroll/115989/
Kaspersky · Operation ForumTroll: APT attack with Google Chrome zero-day exploit chain