Researchers have identified a phishing-driven intrusion chain targeting Indian users, combining Blackmoon malware with the repurposing of a legitimate enterprise RMM tool for persistence and monitoring.

The campaign demonstrates layered tradecraft: DLL sideloading, UAC bypass, AV exclusion manipulation, and long-term endpoint control -without public attribution to a known actor.

From a defensive standpoint, this reinforces the need for behavior-based detection, application allowlisting, and monitoring for abuse of legitimate tools.

What detection gaps do you see in cases like this?
Engage in the discussion and follow TechNadu for grounded, technical cyber reporting.

#InfoSec #ThreatHunting #MalwareAnalysis #EDR #CyberDefense #TechNadu

SolyxImmortal reflects a growing trend of mid-tier malware relying on legitimate APIs, scripting languages, and trusted third-party platforms rather than custom infrastructure.

Hardcoded C2, Discord-based exfiltration, and continuous user monitoring emphasize how “low complexity” tooling can still be operationally effective.

This reinforces the need for behavioral detection and endpoint context, especially when HTTPS traffic and reputable services are involved.

Source: https://www.securityweek.com/solyximmortal-information-stealer-emerges/

Thoughtful discussion welcome. Follow @technadu for neutral, practitioner-focused cybersecurity reporting.

#ThreatHunting #EDR #Infostealer #WindowsDefense #MalwareResearch #SecurityOperations

This multi-stage Windows attack chain highlights how modern campaigns increasingly avoid exploits in favor of social engineering, cloud-hosted payloads, OS trust assumptions, and layered persistence.

The abuse of Defender configuration, Security Center trust models, and legitimate services underscores the importance of behavioral monitoring over signature-based detection.

Early-stage visibility appears critical - once recovery and security controls are disabled, response options narrow quickly.

Source: https://www.fortinet.com/blog/threat-research/inside-a-multi-stage-windows-malware-campaign?lctg=330010614

Thoughts welcome. Follow @technadu for neutral, practitioner-focused cybersecurity reporting.

#ThreatHunting #EDR #WindowsDefense #MalwareResearch #CyberOperations #SecurityEngineering

https://www.walknews.com/1181123/ Arctic Wolf、鳥取県生活協同組合に包括的なサイバーセキュリティ運用を提供 | ニコニコニュース #edr #PRTIMES #tottori #エンドポイント #セキュリティ #ネット・科学 #鳥取 #鳥取県

https://www.wacoca.com/news/2748993/ Arctic Wolf、鳥取県生活協同組合に包括的なサイバーセキュリティ運用を提供 | ニコニコニュース #EDR #PRTIMES #tottori #エンドポイント #セキュリティ #ネット・科学 #鳥取 #鳥取県

📰 Stealthy 'PDFSIDER' Backdoor Uses DLL Side-Loading to Bypass EDR and AV

New 'PDFSIDER' backdoor uses DLL side-loading with a legit PDF app to bypass EDR/AV. It creates an encrypted C2 channel for stealthy access and is already used by the Qilin ransomware group. 🛡️ #Malware #Backdoor #EDR #Qilin #ThreatIntel

🔗 https://cyber.netsecops.io/articles/pdfsider-backdoor-uses-dll-side-loading-to-evade-defenses/?utm_source=mastodon&utm_medium=social&utm_campaign=twitter_auto

🎙️ Nouveau podcast avec Charles F. Hamilton : La guerre Red Team vs EDR

Les EDR restent vulnérables à des techniques simples. Les "named pipes" contournent le ML depuis 8 ans. Une fois au kernel, toutes les protections tombent.

La vraie solution ? Configurations de base + analystes humains. L'IA ne remplace pas le threat hunting.

🎧 Web: https://polysecure.ca/posts/episode-0x692.html#67b773dc
🎧 Spotify: https://open.spotify.com/episode/0hu9zRI741MBi5jLm13hjb?si=NTfMt6JYRxOzte7qUD2Gzw
🎧 YouTube: https://youtu.be/5n0ce2p2CfE

#Cybersécurité #EDR #RedTeam #InfoSec

PDFSIDER Malware - Exploitation of DLL Side-Loading for AV and EDR Evasion

Pulse ID: 696f07cd26ed667eeceb8eee
Pulse Link: https://otx.alienvault.com/pulse/696f07cd26ed667eeceb8eee
Pulse Author: Tr1sa111
Created: 2026-01-20 04:42:53

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #EDR #InfoSec #Malware #OTX #OpenThreatExchange #PDF #bot #Tr1sa111

Feralna sprzedaż dostępu do sieci – jak FBI złapało brokera r1z

Sprzedać FBI klucze do 50 firmowych sieci i jeszcze dorzucić demo malware’u na ich serwerze? To nie scenariusz thrillera, tylko realna wpadka pewnego „brokera dostępu”.

Czytaj dalej:
https://pressmind.org/feralna-sprzedaz-dostepu-do-sieci-jak-fbi-zlapalo-brokera-r1z/

#PressMindLabs #brokerdostepu #edr #fbi #firewalle #r1z

PDFSIDER Malware - Exploitation of DLL Side-Loading for AV and EDR Evasion

PDFSIDER is a newly identified malware variant that utilizes DLL side-loading to deploy a covert backdoor with encrypted command-and-control capabilities. It exploits vulnerabilities in legitimate software like PDF24 Creator to bypass endpoint detection mechanisms. The malware operates primarily in memory, minimizing disk artifacts, and employs advanced anti-VM technology to evade sandboxes and analysis labs. PDFSIDER features a robust cryptographic implementation using the Botan library for secure communications. It gathers system information and provides attackers with an interactive, hidden command shell for remote execution. The malware's characteristics align with APT tradecraft, suggesting its use in cyber-espionage operations. Distribution occurs through spear-phishing emails containing ZIP archives with legitimate-looking executables.

Pulse ID: 696d289a872523c04861cbfa
Pulse Link: https://otx.alienvault.com/pulse/696d289a872523c04861cbfa
Pulse Author: AlienVault
Created: 2026-01-18 18:38:18

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#BackDoor #CyberSecurity #EDR #Email #Endpoint #Espionage #ICS #InfoSec #Malware #Nim #OTX #OpenThreatExchange #PDF #Phishing #RAT #SMS #SpearPhishing #ZIP #bot #cyberespionage #AlienVault

" #VoidLink : Un framework malveillant #Linux cloud-native "

Arrêtons de se croire invulnérables sous linux
Si demain ca part en live a cause d'un conséquences sur la sécurité ca srera impardonnable
🤷‍♀️
Donc ouais, perso je commencerais a réfléchir SÉRIEUSEMENT AUX #antivirus ou plutôt des #edr

https://threats.wiz.io/all-incidents/voidlink-a-cloud-native-linux-malware-framework

A recent guilty plea provides a detailed look at the role of initial access brokers in modern cybercrime operations.

Court documents describe how network access was sold via exploited perimeter systems and paired with malware capable of disabling endpoint defenses. Investigators tied the activity to broader criminal impact over time.

Key defensive implications:
• Initial access often precedes major incidents by months
• Brokered access accelerates follow-on attacks
• Patch management and exposure monitoring remain critical

How are teams adjusting controls to disrupt early-stage access brokers?

Source: https://therecord.media/guilty-plea-initial-access-broker-r1z

Engage with the discussion and follow TechNadu for objective InfoSec coverage.

#InfoSec #ThreatIntel #InitialAccessBroker #EDR #NetworkSecurity #CyberDefense #TechNadu

🧨 Un “tueur d’EDR” vendu sur un forum russophone

// Driver signé 2025, prix : 3 000 $. Une arme contre les solutions de sécurité.

👉 https://www.zataz.com/un-tueur-dedr-propose-sur-un-forum-russophone/

#edr #cyberwarfare #undergroundmarket #zataz

🧨 Un “tueur d’EDR” vendu sur un forum russophone

// Driver signé 2025, prix : 3 000 $. Une arme contre les solutions de sécurité.

👉 https://www.zataz.com/un-tueur-dedr-propose-sur-un-forum-russophone/

#edr #cyberwarfare #undergroundmarket #zataz

EDRStartupHinder: A red team tool to prevent Antivirus and EDR from running🕵️‍♂️

https://github.com/TwoSevenOneT/EDRStartupHinder

#infosec #cybersecurity #redteam #pentest #edr #opensource

Today at 15:00 CET #YellowHat will start. It's a free live streamed conference around Microsoft Security and we have amazing speakers and topics lined up for you.

Register now to reserve your free spot.

https://yellowhat.live

#XDR #EDR #Defender #Microsoft #Security

DeedRAT: Unpacking a Modern Backdoor's Playbook

Pulse ID: 695f7bc52fe049df9fc8401b
Pulse Link: https://otx.alienvault.com/pulse/695f7bc52fe049df9fc8401b
Pulse Author: Tr1sa111
Created: 2026-01-08 09:41:25

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#BackDoor #CyberSecurity #DRat #EDR #InfoSec #OTX #OpenThreatExchange #RAT #bot #Tr1sa111

DeedRAT: Unpacking a Modern Backdoor's Playbook

Pulse ID: 695f7bd8cf25f0327748397e
Pulse Link: https://otx.alienvault.com/pulse/695f7bd8cf25f0327748397e
Pulse Author: Tr1sa111
Created: 2026-01-08 09:41:44

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#BackDoor #CyberSecurity #DRat #EDR #InfoSec #OTX #OpenThreatExchange #RAT #bot #Tr1sa111

New post: Parked domains are turning into a malware funnel.

What used to be “just ads” is now redirect chains into scams, scareware, and worse. I also cover how this is showing up in EDR alerts on real endpoints.

https://www.kylereddoch.me/blog/parked-domains-have-turned-into-a-malware-vending-machine/

Are you seeing parked/typo domains showing up in your EDR as web content blocks or redirect ladders?

#Infosec #Cybersecurity #EDR #DNS

Oh holy hell. This just shows that Microsoft need to clean up its act and get rid of such functionality to FIRMLY stand on the side of defenders. What the fuck were they thinking when they added support for custom registry hives? #registry #evasion #sysmon #edr
https://deceptiq.com/blog/ntuser-man-registry-persistence