Lmst

New macOS Infostealer DigitStealer Uncovered by Jamf Threat Labs

https://cyberdigests.com/article/new-macos-infostealer-digitstealer-uncovered-by-jamf-threat-labs

The Dragon Breath threat actor has been observed using a multi-stage loader called RONINGLOADER to deliver a modified Gh0st RAT. The campaign targets Chinese-speaking users with trojanized installers disguised as legitimate software.

https://cybersum.net/article/112-dragon-breath-apt-deploys-roningloader-for-gh0st-r

Threat actors have updated their tactics by using JSON storage services to host and deliver malware. The campaign involves targeting software developers through professional networking sites, instructing them to download trojanized code projects.

https://cyberdigests.com/article/threat-actors-use-json-services-for-malware-delivery

APT Group Exploits Zero-Days in Cisco and Citrix Systems

Amazon’s MadPot honeypot service detected the exploitation attempts, leading to the identification of CVE-2025-5777 and CVE-2025-20337. The threat actor deployed a custom web shell disguised as a legitimate component, operating in-memory and using Java reflection for stealth.

https://cyberdigests.com/article/apt-group-exploits-zero-days-in-cisco-and-citrix-systems

Security researchers at ENKI have uncovered a sophisticated espionage campaign by the Lazarus Group targeting aerospace and defense organizations. The campaign, active since March 2025, uses phishing operations with malicious Word documents disguised as legitimate communications. The new Comebacker backdoor variant demonstrates significant technical evolution, including encrypted command-and-control communications and sophisticated persistence mechanisms.

https://cyberdigests.com/article/lazarus-group-espionage-campaign-targets-aerospace-and-defense

Researchers at Socket identified nine malicious NuGet packages designed to sabotage database implementations and Siemens S7 industrial control devices. These packages, published under the developer name shanhai666, contain legitimate functionality alongside harmful code scheduled to activate between 2027 and 2028.

https://cyberdigests.com/article/malicious-nuget-packages-target-databases-and-plcs

#threatintelligence #cybersecurity #infosec

State-backed hackers are deploying malware that uses large language models to dynamically generate malicious scripts and evade detection. Google researchers observed malware employing AI capabilities mid-execution to alter its behavior, marking a significant step towards more autonomous malware.

https://cyberdigests.com/article/state-backed-hackers-use-ai-powered-malware-for-dynamic-attacks

https://www.swp-berlin.org/publikation/europes-cybersecurity-depends-on-the-united-states

#cybersec #cybersecurity #infosec #threatintel

3 American cybersecurity professionals were ransomware operators procecuter says.

https://www.reuters.com/legal/government/us-prosecutors-say-cybersecurity-pros-ran-cybercrime-operation-2025-11-03/

#cybersecurity #infosec #threatintelligence

Kimsuky Group Deploys HttpTroy Backdoor in Spear-Phishing Attack

#cybersecurity #infosec

https://cybersum.net/article/85-kimsuky-group-deploys-httptroy-backdoor-in-spearph

Microsoft researchers discovered SesameOp, a new backdoor malware using the OpenAI Assistants API for command-and-control.

https://cyberdigests.com/article/sesameop-backdoor-uses-openai-api-for-c2-communications

#threatintel #threatintelligence #cybersecurity #cybersec #infosec

Lampion Banking Trojan Evolves with New Social Engineering Tactics

https://cyberdigests.com/article/lampion-banking-trojan-evolves-with-new-social-engineering-tactics

#malware #cybersec #infosec #threatintel

MITRE ATT&CK v18 out

https://medium.com/mitre-attack/attack-v18-8f82d839ee9e

#threatintel

Threat landscape monitoring is the core of #threatintelligence How does your process and tooling look like?

Deep dive into two of the most popular choices:

https://medium.com/@cybcyb789/feedly-vs-threatlandscapemonitoring-com-a-cti-analysts-take-f9961934a239

Italian spyware vendor linked to Chrome zero-day attacks - https://www.bleepingcomputer.com/news/security/italian-spyware-vendor-linked-to-chrome-zero-day-attacks/

SideWinder APT Group Uses PDF and ClickOnce for Espionage

#threatintel #cybersec

https://cyberdigests.com/article/sidewinder-apt-group-uses-pdf-and-clickonce-for-espionage

Attackers are exploiting the open-source red-team tool RedTiger to create an infostealer that collects Discord account data, payment information, and browser credentials.

https://cybersum.net/article/68-redtiger-infostealer-targets-discord-users-and-gam

The Qilin ransomware group has been using Linux binaries on Windows systems to evade detection and disable defenses. This cross-platform attack method involves deploying ransomware through legitimate remote management tools like WinSCP and Splashtop Remote.

#threatintel #cybersec #infosec

https://cyberdigests.com/article/qilin-ransomware-targets-windows-via-linux-binaries

OpenCTI vs. MISP: A CTI Analyst’s Perspective on Two Core Threat Intelligence Platforms

#threatintel #threatintelligence #ThreatLandscape #cybersecurity #infosec

https://medium.com/@cybcyb789/opencti-vs-misp-a-cti-analysts-perspective-on-two-core-threat-intelligence-platforms-f21ca56b3c77

Sophisticated Android backdoor disguised as Telegram X.

#android #telegram #cybersec #threatintel #infosec #malwareanalysis

https://cybersum.net/article/64-android-backdoor-baohuo-58000-devices-infected