Investigation on the EmEditor Supply Chain Cyberattack

A recent supply chain attack targeting EmEditor users has been uncovered, involving watering hole tactics. The investigation reveals multiple domains masquerading as EmEditor-related sites, all registered through NameSilo LLC in December 2025. The domains resolve to various IP addresses, with some changes observed in February 2026. Additional domains with similar patterns were discovered, along with peculiar HTTP header behavior. A potential early stage of the campaign was identified, sharing similar characteristics with the initial report. The attackers continued their activities even after exposure, utilizing PowerShell scripts and various domains for command and control purposes. The analysis provides a comprehensive list of indicators, including domain names, IP addresses, and file hashes associated with the attack.

Pulse ID: 6989f4a0761d0f153bbb94e4
Pulse Link: https://otx.alienvault.com/pulse/6989f4a0761d0f153bbb94e4
Pulse Author: AlienVault
Created: 2026-02-09 14:52:16

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberAttack #CyberSecurity #HTTP #ICS #InfoSec #OTX #OpenThreatExchange #PowerShell #RAT #SupplyChain #bot #AlienVault

Technical Analysis of GuLoader Obfuscation Techniques

GuLoader, a malware downloader active since 2019, primarily delivers RATs and information stealers. It employs sophisticated anti-analysis techniques, including polymorphic code for dynamic constant construction and complex exception-based control flow obfuscation. The malware has evolved to handle multiple exception types, making tracing its execution flow challenging. GuLoader uses dynamic hashing, encrypted strings, and stack-based string encryption to conceal critical information. It often hosts payloads on trusted cloud services to bypass reputation-based detection. The malware's consistent development and updating of anti-analysis techniques suggest it will remain a significant threat in the future.

Pulse ID: 698a305eefc650b47e53932a
Pulse Link: https://otx.alienvault.com/pulse/698a305eefc650b47e53932a
Pulse Author: AlienVault
Created: 2026-02-09 19:07:10

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Cloud #CyberSecurity #Encryption #GULOADER #InfoSec #Malware #OTX #OpenThreatExchange #RAT #Rust #bot #AlienVault

Cryptocurrency Sector Targeted with New Tooling and AI-Enabled Social Engineering

North Korean threat actor UNC1069 has evolved its tactics to target the cryptocurrency and decentralized finance sectors. In a recent intrusion, they deployed seven unique malware families, including new tools SILENCELIFT, DEEPBREATH, and CHROMEPUSH, designed to capture host and victim data. The attack utilized social engineering involving a compromised Telegram account, fake Zoom meeting, and reported AI-generated video. UNC1069 has shifted from spear-phishing to targeting Web3 industry entities like centralized exchanges, software developers, and venture capital firms. The intrusion demonstrated sophisticated techniques to bypass macOS security features and harvest credentials, browser data, and cryptocurrency information. This marks a significant expansion in UNC1069's capabilities and highlights their focus on financial theft and fueling future social engineering campaigns.

Pulse ID: 698a3590b78fb5ef2d81d5f1
Pulse Link: https://otx.alienvault.com/pulse/698a3590b78fb5ef2d81d5f1
Pulse Author: AlienVault
Created: 2026-02-09 19:29:20

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Browser #Chrome #CyberSecurity #ICS #InfoSec #Korea #Mac #MacOS #Malware #NorthKorea #OTX #OpenThreatExchange #Phishing #RAT #SocialEngineering #SpearPhishing #Telegram #Web3 #Zoom #bot #cryptocurrency #developers #AlienVault

すや… #ラット #ファンシーラット #rat #rats #rodents #ratsOfFediverse

Look y’all, it can’t be a political shitstorm ALL the time. We have to leave time for #infosec shitstorms too! Major new #malware on the loose.

Here’s the TLDR from the researchers:
#Securonix Threat Research has been tracking a stealthy malware campaign that uses an uncommon chain of #VHD abuse, script-based execution, self-parsing batch logic, fileless PowerShell injections and ultimately dropping #RAT. The attack leverages IPFS-hosted VHD files, extreme script obfuscation, runtime decryption, and in-memory shellcode injection into trusted Windows processes, never dropping a decrypted binary to disk.

In English: Malware is delivered via what looks like a PDF. This pdf will open and run a virtual hard drive (vhd), able to execute code without leaving a trace. It’s beautiful, but evil as fuck.

What to do? Don’t open files from unknown senders.
#deadvax

https://www.securonix.com/blog/deadvax-threat-research-security-advisory/

A security alert regarding APT-C-28 (ScarCruft) using MiradorShell to launch a cyberattack.

A recent investigation reveals that the APT-C-28 (ScarCruft) group has expanded its targets to include the cryptocurrency industry. The group employs sophisticated phishing tactics, using LNK files disguised as PDFs to lure victims with investment proposals ranging from $1-3 million. Upon execution, a multi-stage payload deployment occurs, ultimately installing MiradorShell v2.0 to gain system control. The attack chain involves file downloads, decryption, and the creation of scheduled tasks for persistence. MiradorShell, an AutoIt-based backdoor, connects to a command and control server, offering reverse shell capabilities, file management, remote program execution, and victim fingerprinting. The malware employs various evasion techniques, including inline library files and direct API calls.

Pulse ID: 6989b4731b7121e79a9ff3ef
Pulse Link: https://otx.alienvault.com/pulse/6989b4731b7121e79a9ff3ef
Pulse Author: AlienVault
Created: 2026-02-09 10:18:26

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Autoit #BackDoor #CyberAttack #CyberSecurity #ICS #InfoSec #LNK #Malware #OTX #OpenThreatExchange #PDF #Phishing #RAT #ScarCruft #bot #cryptocurrency #AlienVault

Active Exploitation of SolarWinds Web Help Desk (CVE-2025-26399)

Threat actors are actively exploiting a vulnerability in SolarWinds Web Help Desk, targeting organizations using versions prior to 12.8.7 HF1. The attack chain involves deploying Zoho ManageEngine RMM agents, Velociraptor for command and control, and Cloudflare tunnels for persistence. Attackers use encoded PowerShell commands, disable Windows Defender and Firewall, and implement a C2 failover mechanism. They also utilize Elastic Cloud for data exfiltration and QEMU for SSH backdoor persistence. The earliest known instance of this persistence mechanism was observed on January 16, 2026. Organizations are advised to update their SolarWinds Web Help Desk, restrict administrative interface access, reset credentials, and review hosts for unauthorized tools and suspicious activities.

Pulse ID: 6989781e005f12730fe1fc8b
Pulse Link: https://otx.alienvault.com/pulse/6989781e005f12730fe1fc8b
Pulse Author: AlienVault
Created: 2026-02-09 06:01:02

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#BackDoor #Cloud #CyberSecurity #ESET #InfoSec #OTX #OpenThreatExchange #PowerShell #RAT #SSH #SolarWinds #Vulnerability #Windows #bot #AlienVault

🧵 Spooky / horror themed works, 31/x

Cuddly pet (2022, inspired by a Tooth Wu concept).

Sculpted using 3D-Coat, rendered in Blender.

#horror #monster #monsters #rat #rats #CharacterDesign #design #artwork #sculpture #NomadSculpt #3DArt #3DModeling #3DArtist #illustration #illustrator #picture #digital #style #art #artist #arts #arte #designer #GraphicDesign #3D #3DRendering #CGI #B3D #blender #DigitalArt #OriginalArt #ArtLovers #MastoArt #FediArt #MastodonArt #CreativeToots #ArtistsOnMastodon

Sandworm behind cyberattack on Polands power grid in late 2025

Pulse ID: 69899c09ba84d1552b0f6615
Pulse Link: https://otx.alienvault.com/pulse/69899c09ba84d1552b0f6615
Pulse Author: Tr1sa111
Created: 2026-02-09 08:34:17

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberAttack #CyberSecurity #InfoSec #OTX #OpenThreatExchange #Poland #RAT #Sandworm #Worm #bot #Tr1sa111

RedKitten: AI-accelerated campaign targeting Iranian protests

Pulse ID: 69899892382cbc23cbc25d34
Pulse Link: https://otx.alienvault.com/pulse/69899892382cbc23cbc25d34
Pulse Author: Tr1sa111
Created: 2026-02-09 08:19:30

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #InfoSec #Iran #OTX #OpenThreatExchange #RAT #bot #Tr1sa111

蒼穹の槍　Спис Соукю
ドブネズミを振り払う。
захищаючи золоту землю.

https://www.pixiv.net/novel/show.php?id=27026528

<>

#spear #near #soukyuu #endure #endless #dark #winter #golden #land #advance #thorny #shake #sewer #rat #world #people #warrior #hearts #earth #sky #split #make #filthy #burn #parasites #spread #iron #miasma #soon

I know I have posted this before, but here's a superb owl for you, and a rat, and a squirrel, both in original resolution and double size.

All of this is part of the background art I made for a KiSS doll set back in 2003. KiSS stands for Kisekae Set System, and kisekae means "playing with dress-up dolls" in Japanese, it's an old standard format for virtual paper dolls. Most KiSS dolls are limited to 16 or 256 colours, although a true colour extension of the standard, Cherry KiSS, exists (but few CKiSS sets were ever made).

I only ever made FKiSS2 dolls; French KiSS aka FKiSS is an extension of the KiSS standard that includes a scripting language for animation, FKiSS2 adds more capabilities, and FKiSS3 is actually a full Turing complete language in which entire pixelart games have been coded. Unfortunately, there are few fully FKiSS1/2/3 and CKiSS capable viewers left nowadays. I don't know if PlayFKiSS or DirectKiSS still run on any Windows newer than Windows XP. They will probably run on Linux, but you should try GnomeKiSS instead, or fkiss if you like old school X11 minimalism.

My old KiSS dolls are still available on my long abandoned Deviantart page. I've been thinking about making all my original pixel art pieces for those dolls available somewhere.

#owl #SuperbOwl #squirrel #rat #pixelart

ふたりでのんびり #ラット #ファンシーラット #rat #rats #rodents #ratsOfFediverse

Release DuplexSpy v2.0.0 · iss4cf0ng/DuplexSpyCS

https://github.com/iss4cf0ng/DuplexSpyCS/releases/tag/v2.0.0

#malware #community #rat

🐁💢

#art #furry #furryart #sfw #burmecian #rat #pen #coloredpencil #traditionalart #artistsonmastodon #artistsonfediverse #commsopen

🐁🐁🐁

#art #furry #furryart #sfw #traditionalart #burmecian #rat #pen #ink #artistsonmastodon #artistsonfediverse #commsopen

#news ⚡ Gysi will Steinmeier einen „Rat der Weisen“ vorschlagen: Der dienstälteste Bundestagsabgeordnete Gregor Gysi (Linke) fordert die Bildung eines Rats der Weisen, der Vorschläge für eine möglich... https://hubu.de/?p=313537 | #gysi #rat #steinmeier #weisen #hubu

Alles voor het pluche van Jetten.

"Het coalitieakkoord lijkt een klakkeloze restauratie van het Rutte-bewind"
-> "je zet een partij buitenspel, maar verlangt tegelijk dat deze zich open en constructief zal opstellen."
-> "het levert een scherper zicht op de benarde politieke toestand op, als je de uitkomst van deze formatie afzet tegen de periode-Rutte."
-> "de harde machtspolitiek van de VVD, die D66 en CDA als ‘politieke realiteit’ hebben aanvaard."

(Via @Trouw ) #rat
https://www.trouw.nl/opinie/het-coalitieakkoord-lijkt-een-klakkeloze-restauratie-van-het-rutte-bewind~bb33cbc1/