Diori Hamani International Airport - Niamey, Niger
https://en.wikipedia.org/wiki/Diori_Hamani_International_Airport
https://www.openstreetmap.org/#map=13/13.481500/2.183610
#nim
A Peek Into Muddled Libra's Operational Playbook
Unit 42 discovered a rogue virtual machine used by the cybercrime group Muddled Libra during an incident response investigation. The VM provided insights into the group's operational methods, including reconnaissance, tool downloads, persistence establishment, certificate theft, and interactions with the target's infrastructure. Muddled Libra created the VM after gaining unauthorized access to the target's VMware vSphere environment. The group's tactics involve minimal malware use, preferring to leverage the target's assets. Their attack chain included creating a VM, downloading tools, establishing C2, using stolen certificates, and attempting data exfiltration. The article details the group's activities, tools used, and troubleshooting efforts during the attack.
Pulse ID: 698bf5e82779d93b1135d3f3
Pulse Link: https://otx.alienvault.com/pulse/698bf5e82779d93b1135d3f3
Pulse Author: AlienVault
Created: 2026-02-11 03:22:16
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#CyberCrime #CyberSecurity #ICS #InfoSec #Mac #Malware #Nim #OTX #OpenThreatExchange #RAT #Unit42 #VMware #bot #AlienVault
New Saturday, the new weekly development report from my #opensource projects is ready to read. A roguelike game and a #Nim binding to Nuklear GUI library were on the table as usual. More information: www.laeran.pl.eu.org/blog/devblog... As always, happy weekend, everyone. ๐
Knife Cutting the Edge: Disclosing a China-nexus gateway-monitoring AitM framework
Cisco Talos uncovered 'DKnife', a sophisticated gateway-monitoring and adversary-in-the-middle (AitM) framework comprising seven Linux-based implants. Used since 2019, DKnife performs deep-packet inspection, traffic manipulation, and malware delivery via routers and edge devices. It targets various devices, including PCs, mobile devices, and IoT, delivering ShadowPad and DarkNimbus backdoors. The framework primarily targets Chinese-speaking users, with evidence suggesting China-nexus threat actors as operators. DKnife's capabilities include DNS hijacking, Android application update hijacking, Windows binary hijacking, anti-virus traffic disruption, and user activity monitoring. A link to the WizardNet campaign was also discovered, indicating a shared development or operational lineage.
Pulse ID: 6984fa9b481e11f8426b9eb0
Pulse Link: https://otx.alienvault.com/pulse/6984fa9b481e11f8426b9eb0
Pulse Author: AlienVault
Created: 2026-02-05 20:16:27
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#AdversaryInTheMiddle #AitM #Android #BackDoor #China #Chinese #Cisco #CyberSecurity #DNS #Edge #InfoSec #IoT #Linux #Malware #Nim #OTX #OpenThreatExchange #RAT #ShadowPad #Talos #Windows #bot #AlienVault
Zimo (@Zimo41650079726)
์ฌ์ฉ์๋ OpenrouterAI์ NIM์ ๋น๊ตํ๋ฉฐ ์ผ๋ณธ์ด ์ฑ๋ฅ ํ๊ฐ๋ฅผ ๊ณต์ ํฉ๋๋ค. NIM์ด ์๋ต์ ์ผ๊ด์ฑ ๋ฐ ์์ดยท์ค๊ตญ์ด ํผ์ ์ด ์ ์ด ์ผ๋ณธ์ด์ ๋ ๊ฐํ๊ณ , OpenrouterAI๋ ์ง๋ฌธ์ ๋ ๊น๊ฒ ๋ค์ด๊ฐ๋ค๊ณ ํ๊ฐํฉ๋๋ค. ์์ฑ์๋ ์์ํ(quantization)๊ฐ ๋ชจ๋ธ์ ์ ๋ ฌ(alignment)์ ์์์์ผฐ์ ๊ฐ๋ฅ์ฑ๋ ์ ๊ธฐํฉ๋๋ค.
#nim toolings and libraries docs really need to be updated fr
i spent the whole day to learn #nim tooling ๐
And weekly wakie: the new, shiny and short, weekly development report from my #opensource projects is ready to read. A roguelike game and #Nim binding to Nuklear GUI library got some attention this week. More info: www.laeran.pl.eu.org/blog/devblog... Happy weekend everyone. ๐
Finally tried No Input Mixing!
New saturday, new weekly development report from my #opensource projects is ready to read. As usual, a roguelike game and #Nim binding to Nuklear GUI library got some changes this week. More info: www.laeran.pl.eu.org/blog/devblog... Happy weekend, everyone. โ
PDFSIDER Malware - Exploitation of DLL Side-Loading for AV and EDR Evasion
PDFSIDER is a newly identified malware variant that utilizes DLL side-loading to deploy a covert backdoor with encrypted command-and-control capabilities. It exploits vulnerabilities in legitimate software like PDF24 Creator to bypass endpoint detection mechanisms. The malware operates primarily in memory, minimizing disk artifacts, and employs advanced anti-VM technology to evade sandboxes and analysis labs. PDFSIDER features a robust cryptographic implementation using the Botan library for secure communications. It gathers system information and provides attackers with an interactive, hidden command shell for remote execution. The malware's characteristics align with APT tradecraft, suggesting its use in cyber-espionage operations. Distribution occurs through spear-phishing emails containing ZIP archives with legitimate-looking executables.
Pulse ID: 696d289a872523c04861cbfa
Pulse Link: https://otx.alienvault.com/pulse/696d289a872523c04861cbfa
Pulse Author: AlienVault
Created: 2026-01-18 18:38:18
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#BackDoor #CyberSecurity #EDR #Email #Endpoint #Espionage #ICS #InfoSec #Malware #Nim #OTX #OpenThreatExchange #PDF #Phishing #RAT #SMS #SpearPhishing #ZIP #bot #cyberespionage #AlienVault
Targeted espionage leveraging geopolitical themes
A targeted malware campaign against U.S. government entities has been observed, utilizing a politically themed ZIP archive containing a loader executable and a malicious DLL. The DLL functions as a backdoor named LOTUSLITE, communicating with a hard-coded command-and-control server. The campaign demonstrates minimal technical sophistication but shows deliberate victim selection and use of geopolitical lures. Attribution analysis suggests moderate-confidence overlap with Mustang Panda tradecraft, including delivery style, loader-DLL separation, and infrastructure usage. The backdoor supports basic remote tasking and data exfiltration, indicating an espionage-focused capability. This activity reflects a trend of targeted spear phishing using geopolitical themes and reliable execution techniques like DLL sideloading.
Pulse ID: 6968d7976784ef21a6276d75
Pulse Link: https://otx.alienvault.com/pulse/6968d7976784ef21a6276d75
Pulse Author: AlienVault
Created: 2026-01-15 12:03:35
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#BackDoor #CyberSecurity #Espionage #Government #InfoSec #Malware #Nim #OTX #OpenThreatExchange #Phishing #RAT #SideLoading #SpearPhishing #ZIP #bot #AlienVault
Here we are again, with the new, usual, weekly development report from my #opensource projects. As always, a roguelike game and #Nim binding to Nuklear GUI library got some attention. More information about changes: www.laeran.pl.eu.org/blog/devblog... Happy weekend everyone, as always too. ๐
And weekly wakie with the new development report from my #opensource projects. As always, a roguelike game and #Nim binding for Nuklear GUI library got some changes. More information: www.laeran.pl.eu.org/blog/devblog... And standard, happy weekend, everyone. ๐
New weekend, new month and happy new year. ๐ Time for new development report from my #opensource projects. As usual, a roguelike game and #Nim binding to Nuklear GUI library were on the table. More details: www.laeran.pl.eu.org/blog/devblog... Happy new weekend, everyone. ๐
Happy new year everyone! ๐ Iโve just released MiniECS, a minimalist ECS module for Nim. Enjoy! ๐
Diori Hamani International Airport - Niamey, Niger
https://en.wikipedia.org/wiki/Diori_Hamani_International_Airport
https://www.openstreetmap.org/#map=13/13.481500/2.183610
It is time, for the last (this year) weekly development report from my #opensource projects. As usual, a roguelike game and #Nim binding to Nuklear GUI library got some attention this week. More information: www.laeran.pl.eu.org/blog/devblog... And happy last weekend of the year, everyone. ๐
Client Info
Server: https://mastodon.social
Version: 2025.07
Repository: https://github.com/cyevgeniy/lmst