@Cyber_O51NT Cyber_OSINT

Cyber_OSINT posts on X about telegram, ai, target, china the most. They currently have [------] followers and [---] posts still getting attention that total [------] engagements in the last [--] hours.

Engagements: [------] #

• [--] Week [------] +156%
• [--] Month [-------] +82%
• [--] Months [---------] +646%
• [--] Year [---------] +287%

Mentions: [--] #

• [--] Week [--] +51%
• [--] Month [---] +51%
• [--] Months [---] +65%
• [--] Year [---] +57%

Followers: [------] #

• [--] Week [------] +0.28%
• [--] Month [------] +1.20%
• [--] Months [------] +11%
• [--] Year [------] +19%

CreatorRank: [-------] #

Social Influence

Social category influence countries 24.04% technology brands 12.5% stocks 11.54% social networks 9.62% finance 2.88% exchanges 1.92% travel destinations 1.92% gaming 0.96% celebrities 0.96% fashion brands 0.96%

Social topic influence telegram #2486, ai 8.65%, target 5.77%, china 5.77%, data 5.77%, russia #2626, countries 3.85%, $googl 3.85%, in the 2.88%, microsoft 2.88%

Top accounts mentioned or mentioned by @dcsocyteccyberconflictbriefingq4202590659f18fe06sourcerss7c32125308fc2 @stacksmasher @gonzadan @rebensk @skocherhan @techtacho

Top assets mentioned Alphabet Inc Class A (GOOGL) Microsoft Corp. (MSFT) BlackBerry Limited (BB) Frontline Ltd. (FRO) Coinbase Global Inc. (COIN)

Top Social Posts

Top posts by engagements in the last [--] hours

"Phorpiex Phishing Campaign Delivers GLOBAL GROUP Ransomware https://www.forcepoint.com/blog/x-labs/phorpiex-global-group-ransomware-lnk-phishing https://www.forcepoint.com/blog/x-labs/phorpiex-global-group-ransomware-lnk-phishing"
X Link 2026-02-10T02:22Z 21.2K followers, [---] engagements

"Netskope Threat Labs reports phishing campaigns lure users with fake Zoom/Meet invites prompting a mandatory update that downloads digitally signed RMM tools granting remote access and potential ransomware deployment. https://www.netskope.com/blog/attackers-weaponize-signed-rmm-tools-via-zoom-meet-teams-lures https://www.netskope.com/blog/attackers-weaponize-signed-rmm-tools-via-zoom-meet-teams-lures"
X Link 2026-02-13T07:05Z 21.2K followers, [---] engagements

"Researchers tie a new Head Mare campaign to a pro-Ukrainian group introducing PhantomHeart backdoor and PhantomProxyLite for PowerShell using living-off-the-land tactics to target Russian organizations and automate post-exploitation. https://securelist.ru/head-mare-phantomheart-and-phantomproxylite/114753/ https://securelist.ru/head-mare-phantomheart-and-phantomproxylite/114753/"
X Link 2026-02-13T15:13Z 21.2K followers, [---] engagements

"CYFIRMA analyzes LTX Stealer a Node.jsbased credential stealer focusing on attacker techniques that rely on legitimate installers. https://www.cyfirma.com/research/ltx-stealer-analysis-of-a-node-js-based-credential-stealer/ https://www.cyfirma.com/research/ltx-stealer-analysis-of-a-node-js-based-credential-stealer/"
X Link 2026-02-09T01:58Z 21.2K followers, [----] engagements

"In Q4 [----] EuRepoC recorded [---] new cyber operations down 9.2% from Q3 but above the long-term average. EU member states logged [--] incidents (vs [--] in the US) with China leading attributions and North Korea linked to critical infrastructure attacks. https://medium.com/@DCSO_CyTec/cyber-conflict-briefing-q4-2025-90659f18fe06source=rss-7c32125308fc------2 https://medium.com/@DCSO_CyTec/cyber-conflict-briefing-q4-2025-90659f18fe06source=rss-7c32125308fc------2"
X Link 2026-02-13T14:53Z 21.2K followers, [---] engagements

"Foresiet flags XSS Dread Breach Forums Nulled/Cracked/Altenen and Telegram channels as key [----] dark web forums with XSS selling admin access and shaping exploits and tooling. https://foresiet.com/blog/dark-web-forums-2026/ http://Exploit.in https://foresiet.com/blog/dark-web-forums-2026/ http://Exploit.in"
X Link 2026-02-13T15:05Z 21.2K followers, [----] engagements

"Interpol says cybercriminals weaponizing AI pose the biggest threat it's seeing according to Neal Jetton Interpols Singapore-based director. https://www.arabnews.com/node/2633066/world https://www.arabnews.com/node/2633066/world"
X Link 2026-02-16T00:53Z 21.2K followers, [----] engagements

"A Turkish hacker group leaked Israeli Defense Minister Israel Katz's personal details including his phone number prompting him to respond to threats while raising concerns over cybersecurity and personal safety in Israel. #CyberSecurity #Israel https://www.thehackerwire.com/turkish-hackers-target-israels-defense-minister/ https://www.thehackerwire.com/turkish-hackers-target-israels-defense-minister/"
X Link 2025-09-14T04:58Z 21.1K followers, [----] engagements

"Microsoft reports that Israel ranks third globally in cyberattacks with Iran responsible for nearly two-thirds of hostile cyber activity as AI transforms the digital battlefield. #Cybersecurity #Israel #Iran https://www.calcalistech.com/ctechnews/article/byfvftctel https://www.calcalistech.com/ctechnews/article/byfvftctel"
X Link 2025-10-17T05:08Z 21.1K followers, [---] engagements

"The Red Asgard Threat Research Team reported finding North Korean malware in an Upwork project and spent five days mapping the Lazarus attackers' infrastructure. #threatintelligence #APT #Lazarus http://redasgard.com/blog/hunting-lazarus-contagious-interview-c2-infrastructure http://redasgard.com/blog/hunting-lazarus-contagious-interview-c2-infrastructure"
X Link 2026-01-13T01:53Z 21.1K followers, [----] engagements

"The Kimwolf botnet has rapidly infected over 2M devices alarming security experts as they note its DDoS attacks including on Minecraft servers reveal a financially motivated operation with potential for greater harm ahead. #Cybersecurity #DDoS https://cyberscoop.com/kimwolf-aisuru-botnet-lumen-technologies/ https://cyberscoop.com/kimwolf-aisuru-botnet-lumen-technologies/"
X Link 2026-01-15T03:08Z 21.1K followers, [---] engagements

"FortiGuard Labs reports on 'Inside a Multi-Stage Windows Malware Campaign' a multi-stage Windows malware campaign that abuses trusted platforms to disable defenses deploy RATs and deliver ransomware. https://www.fortinet.com/blog/threat-research/inside-a-multi-stage-windows-malware-campaign https://www.fortinet.com/blog/threat-research/inside-a-multi-stage-windows-malware-campaign"
X Link 2026-01-21T02:04Z 21.1K followers, [----] engagements

"Socket's Threat Research Team says a typosquat PyPI package sympy-dev impersonates SymPy with releases 1.2.3-1.2.6 on Jan [--] [----] delivering a downloader loading a Linux ELF via memfd_create to run XMRig miners at 63.250.56.54 and 185.167.99.46 https://socket.dev/blog/pypi-package-impersonates-sympy-to-deliver-cryptomining-malwareutm_medium=feed https://socket.dev/blog/pypi-package-impersonates-sympy-to-deliver-cryptomining-malwareutm_medium=feed"
X Link 2026-01-22T01:24Z 21.1K followers, [----] engagements

"A sophisticated SyncFuture Espionage campaign targeted Indian residents via phishing emails impersonating the Income Tax Department deploying Blackmoon malware that bypasses Avast protections and installs a repurposed Chinese SyncFuture tool https://www.esentire.com/blog/weaponized-in-china-deployed-in-india-the-syncfuture-espionage-targeted-campaign https://www.esentire.com/blog/weaponized-in-china-deployed-in-india-the-syncfuture-espionage-targeted-campaign"
X Link 2026-01-23T02:19Z 21.1K followers, [----] engagements

"GTIG reports CVE-2025-8088 in WinRAR is being exploited by Russia- and China-linked and financially motivated actors to gain initial access and drop payloads via ADS path traversal to the Startup folder; WinRAR [----] was released July [--] [----] to patch it. https://cloud.google.com/blog/topics/threat-intelligence/exploiting-critical-winrar-vulnerability/ https://cloud.google.com/blog/topics/threat-intelligence/exploiting-critical-winrar-vulnerability/"
X Link 2026-01-28T02:19Z 21.1K followers, [---] engagements

"An in-depth analysis of an Interlock ransomware intrusion details new malware tooling defense evasion techniques and high-ROI detection strategiesper the report #Ransomware #InfoSec https://www.fortinet.com/blog/threat-research/interlock-ransomware-new-techniques-same-old-tricks https://www.fortinet.com/blog/threat-research/interlock-ransomware-new-techniques-same-old-tricks"
X Link 2026-01-30T04:10Z 21.1K followers, [---] engagements

"Unit [--] detailed CVE-2025-0921 a privileged file system flaw in the Iconics Suite SCADA system which could cause a DoS attack. https://unit42.paloaltonetworks.com/iconics-suite-cve-2025-0921/ https://unit42.paloaltonetworks.com/iconics-suite-cve-2025-0921/"
X Link 2026-01-31T05:30Z 21.1K followers, [---] engagements

"DoJ documents in the Epstein Files say an FBI informant in [----] described Epsteins 'personal hacker'an Italian-born expert who built zero-days for iOS BlackBerry and Firefox and allegedly sold tools to governments and Hezbollah; the reliability of th https://securityaffairs.com/187515/laws-and-regulations/doj-releases-details-alleged-talented-hacker-working-for-jeffrey-epstein.html https://securityaffairs.com/187515/laws-and-regulations/doj-releases-details-alleged-talented-hacker-working-for-jeffrey-epstein.html"
X Link 2026-02-01T08:23Z 21.1K followers, [----] engagements

"ThreatLabz ties APT28 to Operation Neusploit weaponizing CVE-2026-21509 with crafted RTFs to drop MiniDoor (Outlook macro-based email stealer) or PixyNetLoader (Covenant Grunt) using COM hijacking and Filen C2 targeting Central and Eastern Europe. https://www.zscaler.com/blogs/security-research/apt28-leverages-cve-2026-21509-operation-neusploit https://www.zscaler.com/blogs/security-research/apt28-leverages-cve-2026-21509-operation-neusploit"
X Link 2026-02-03T01:18Z 21.1K followers, [----] engagements

"APT28 used CVE-2026-21509 in weaponized Word docs to bypass Office's security during OLE object parsing with no payload in the document. Geofencing showed target regions: Czech Republic Poland and Romania with access allowed via Romanian proxies. https://blog.synapticsystems.de/apt28-geofencing-as-a-targeting-signal-cve-2026-21509/ https://blog.synapticsystems.de/apt28-geofencing-as-a-targeting-signal-cve-2026-21509/"
X Link 2026-02-04T00:49Z 21.1K followers, [----] engagements

"Cybereason's threat intel described DragonForce as a 2023-era ransomware cartel using dual-extortion and affiliate-branded RaaS across multiple platforms targeting manufacturing and construction in the US UK Germany Australia and Italy. https://www.levelblue.com/blogs/spiderlabs-blog/the-godfather-of-ransomware-inside-dragonforces-cartel-ambitions https://www.levelblue.com/blogs/spiderlabs-blog/the-godfather-of-ransomware-inside-dragonforces-cartel-ambitions"
X Link 2026-02-04T00:49Z 21.1K followers, [---] engagements

"Check Point Research linked Amaranth-Dragon to APT-41 revealing targeted [----] campaigns against Southeast Asian governments using CVE-2025-8088 DLL sideloading geo-restricted C2 and TGAmaranth RAT via Telegram. https://research.checkpoint.com/2026/amaranth-dragon-weaponizes-cve-2025-8088-for-targeted-espionage/ https://research.checkpoint.com/2026/amaranth-dragon-weaponizes-cve-2025-8088-for-targeted-espionage/"
X Link 2026-02-05T00:54Z 21.1K followers, [----] engagements

"APT28 launched a campaign targeting European military government and transportation entities weaponizing CVE-2026-21509 within [--] hours of disclosure via spear-phishing multi-stage infection novel payloads and Cloud C2. https://strikeready.com/blog/apt28s-campaign-leveraging-cve%E2%80%912026%E2%80%9121509-and-cloud-c2-infrastructure/ https://strikeready.com/blog/apt28s-campaign-leveraging-cve%E2%80%912026%E2%80%9121509-and-cloud-c2-infrastructure/"
X Link 2026-02-05T01:03Z 21.1K followers, [----] engagements

"On Feb [--] [----] Acronis Threat Research Unit reports that Transparent Tribe aka APT36 is targeting India's startup ecosystem with a campaign using startup-themed lure material delivered via an ISO container-based file. https://www.acronis.com/en/tru/posts/new-year-new-sector-transparent-tribe-targets-indias-startup-ecosystem/ https://www.acronis.com/en/tru/posts/new-year-new-sector-transparent-tribe-targets-indias-startup-ecosystem/"
X Link 2026-02-05T01:09Z 21.1K followers, [---] engagements

"Securonix Threat Research uncovers DEAD VAX a stealthy malware campaign that abuses VHD files fileless PowerShell and in-memory RAT delivery. https://www.securonix.com/blog/deadvax-threat-research-security-advisory/ https://www.securonix.com/blog/deadvax-threat-research-security-advisory/"
X Link 2026-02-05T02:19Z 21.1K followers, [---] engagements

""Prince of Persia" an Iranian state-backed cyber actor has reinvigorated its operations utilizing advanced malware and C2 servers https://www.safebreach.com/blog/prince-of-persia-part-ii/ https://www.safebreach.com/blog/prince-of-persia-part-ii/"
X Link 2026-02-06T13:12Z 21.1K followers, [---] engagements

"ScarCruft (APT-C-28) has broadened its scope to target cryptocurrency entities with well-crafted phishing attacks using disguised LNK files https://www.ctfiot.com/297233.html https://www.ctfiot.com/297233.html"
X Link 2026-02-06T13:14Z 21.1K followers, [----] engagements

"Germanys BfV and BSI warned of a likely state-sponsored phishing campaign using Signal that targets politicians military officials diplomats and investigative journalists. https://cyberinsider.com/germany-warns-of-signal-account-attacks-targeting-high-profile-figures/ https://cyberinsider.com/germany-warns-of-signal-account-attacks-targeting-high-profile-figures/"
X Link 2026-02-07T00:38Z 21.1K followers, [----] engagements

"TeamT5 notes APAC [----] saw 510+ APT operations in [--] countries and [---] attacks on Taiwan which remains a frontline proving ground for China-nexus intrusions featuring edge-device exploits supply-chain attacks and disposable malware. https://teamt5.org/en/posts/apt-threat-landscape-in-apac-2025-industrialization-of-intrusionsutm_source=rss&utm_medium=rss https://teamt5.org/en/posts/apt-threat-landscape-in-apac-2025-industrialization-of-intrusionsutm_source=rss&utm_medium=rss"
X Link 2026-02-09T01:33Z 21.1K followers, [----] engagements

"Singapore's four major telcos (Singtel StarHub M1 Simba) were targeted by cyber espionage group UNC3886 https://www.straitstimes.com/tech/spores-four-major-telcos-came-under-attack-by-cyber-espionage-group-unc3886 https://www.straitstimes.com/tech/spores-four-major-telcos-came-under-attack-by-cyber-espionage-group-unc3886"
X Link 2026-02-09T06:38Z 21.1K followers, [----] engagements

"UNC3886 is a China-linked cyberespionage group that attacked Singapore's telcos and was first detected in [----] by Mandiant. https://www.straitstimes.com/tech/what-is-unc3886-the-group-that-attacked-singapores-telco-infrastructure https://www.straitstimes.com/tech/what-is-unc3886-the-group-that-attacked-singapores-telco-infrastructure"
X Link 2026-02-10T01:08Z 21.1K followers, [----] engagements

"Mandiant reported UNC1069 targeted the cryptocurrency/DeFi sector with seven new malware families and AI-enabled social engineering to harvest credentials and browser data via a compromised Telegram account and a fake Zoom meeting. https://cloud.google.com/blog/topics/threat-intelligence/unc1069-targets-cryptocurrency-ai-social-engineering/ https://cloud.google.com/blog/topics/threat-intelligence/unc1069-targets-cryptocurrency-ai-social-engineering/"
X Link 2026-02-10T01:23Z 21.1K followers, [----] engagements

"Coinbase Cartel reportedly emerged in September [----] and claimed [--] victims that month focusing on data exfiltration aligning with Bitdefender's view of ransomware evolution. https://www.bitdefender.com/en-us/blog/businessinsights/coinbase-cartel-ransomware-group-extortion-tactics https://www.bitdefender.com/en-us/blog/businessinsights/coinbase-cartel-ransomware-group-extortion-tactics"
X Link 2026-02-10T02:03Z 21.1K followers, [---] engagements

"ReliaQuest identified Storm-2603 exploiting CVE-2026-23760 to bypass SmarterMail authentication staging Warlock ransomware by abusing Volume Mount and deploying Velociraptor; defenders should upgrade to Build [----] and isolate mail servers. https://reliaquest.com/blog/threat-spotlight-storm-2603-exploits-CVE-2026-23760-to-stage-warlock-ransomware https://reliaquest.com/blog/threat-spotlight-storm-2603-exploits-CVE-2026-23760-to-stage-warlock-ransomware"
X Link 2026-02-10T02:08Z 21.1K followers, [---] engagements

"Irans regime after more than [--] years of draconian measures and an ongoing internet shutdown seems to be staggering toward its digital surveillance endgame. https://www.wired.com/story/irans-digital-surveillance-machine-is-almost-complete/ https://www.wired.com/story/irans-digital-surveillance-machine-is-almost-complete/"
X Link 2026-02-10T02:34Z 21.1K followers, [---] engagements

"Threat actors are racing to exploit Apples ecosystem with macOS infostealers targeting [---] Chrome crypto extensions and seed phrases while using signed notarized malware to bypass Gatekeeper and distributing via AI chats and ads for crypto C2. https://flare.io/learn/resources/blog/the-macos-stealer-gold-rush-how-cybercriminals-are-racing-to-exploit-apples-ecosystem https://flare.io/learn/resources/blog/the-macos-stealer-gold-rush-how-cybercriminals-are-racing-to-exploit-apples-ecosystem"
X Link 2026-02-10T05:24Z 21.1K followers, [---] engagements

"Talos notes a new threat actor UAT-9921 using VoidLink in campaigns since [----]. VoidLink enables on-demand plugin compilation Linux implants Windows implants and an auditable RBAC framework for C2-enabled lateral movement. https://blog.talosintelligence.com/voidlink/ https://blog.talosintelligence.com/voidlink/"
X Link 2026-02-11T01:39Z 21.1K followers, [---] engagements

"CNCERT warns RCtea a new IoT botnet active since late [----] that targets ARM/MIPS devices via Telnet brute-force uses obfuscated RC4/ChaCha20/TEA random C2 addresses and can perform DDoS floods; by Jan [----] it infected about [----] devices in China. https://mp.weixin.qq.com/s__biz=MzI4NDY2MDMwMw==&mid=2247515574&idx=2&sn=6edd4f77b4e00ae107c6a655ea315f6b https://mp.weixin.qq.com/s__biz=MzI4NDY2MDMwMw==&mid=2247515574&idx=2&sn=6edd4f77b4e00ae107c6a655ea315f6b"
X Link 2026-02-11T01:44Z 21.1K followers, [---] engagements

"Flare reports that victims refuse to pay and legacy RaaS collapses spark a new ransomware cartel era led by DragonForce with an 80/20 split and integrated access marketplace while EDRevasion tools and shared infrastructure reshape threats. https://flare.io/learn/resources/blog/33197 https://flare.io/learn/resources/blog/33197"
X Link 2026-02-11T01:49Z 21.1K followers, [---] engagements

"GTIG notes the defense industrial base is under a multi-vector siege by China- and Russia-nexus espionage hacktivism and ransomware targeting DIB personnel edge devices drones and manufacturing supply chains. https://cloud.google.com/blog/topics/threat-intelligence/threats-to-defense-industrial-base/ https://cloud.google.com/blog/topics/threat-intelligence/threats-to-defense-industrial-base/"
X Link 2026-02-11T01:53Z 21.1K followers, [----] engagements

"Mispadu is the top Latin American banking Trojan with weekly campaigns via PDF/HTA chains (HTAJSDropperVBSMispadu) and self-propagation through Outlook contacts targeting Spanish-speaking Mexico Argentina and Brazil with obfuscated geolocatio https://cofense.com/blog/mispadu-phishing-malware-baseline https://cofense.com/blog/mispadu-phishing-malware-baseline"
X Link 2026-02-11T14:19Z 21.1K followers, [---] engagements

"Marlinspike said Telegram isnt private a cloud messenger storing messages in plain text in its database; Durov defended privacy while Russia slowed the app and an investigation linked Telegrams infrastructure to the Kremlin. https://cybernews.com/security/signal-founder-telegram-privacy-pavel-durov/ https://cybernews.com/security/signal-founder-telegram-privacy-pavel-durov/"
X Link 2026-02-11T14:29Z 21.2K followers, [---] engagements

"GTIG reports threat actors use AI to accelerate reconnaissance social engineering and malware development with rising distillation attacks on Gemini; government-backed groups used AI for targeted phishing and Google disrupted campaigns. https://cloud.google.com/blog/topics/threat-intelligence/distillation-experimentation-integration-ai-adversarial-use/ https://cloud.google.com/blog/topics/threat-intelligence/distillation-experimentation-integration-ai-adversarial-use/"
X Link 2026-02-12T09:18Z 21.1K followers, [----] engagements

"According to S2W DragonForce operates as a ransomware cartel under a RaaS model since Dec [----] had [---] victims by Jan [----] peaking Dec [----] recruits affiliates on BreachForums RAMP and Exploit and runs RansomBay for Windows/Linux builders. https://medium.com/s2wblog/inside-the-ecosystem-operations-dragonforce-11048db4cbb0source=rss----30a8766b5c42---4 https://medium.com/s2wblog/inside-the-ecosystem-operations-dragonforce-11048db4cbb0source=rss----30a8766b5c42---4"
X Link 2026-02-12T09:29Z 21.1K followers, [----] engagements

"GTIG AI Threat Tracker: Distillation Experimentation and (Continued) Integration of AI for Adversarial Use https://cloud.google.com/blog/topics/threat-intelligence/distillation-experimentation-integration-ai-adversarial-use https://cloud.google.com/blog/topics/threat-intelligence/distillation-experimentation-integration-ai-adversarial-use"
X Link 2026-02-13T06:51Z 21.2K followers, [---] engagements

"CYFIRMA has identified a re-emerging Telegram phishing campaign that is active evolving and targets user authorization prompts. https://www.cyfirma.com/research/re-emerging-telegram-phishing-campaign-targeting-user-authorization-prompts/ https://www.cyfirma.com/research/re-emerging-telegram-phishing-campaign-targeting-user-authorization-prompts/"
X Link 2026-02-08T02:23Z 21.2K followers, [----] engagements

"After Telegram restrictions Russia reportedly tried to block WhatsApp to push users to a state-owned surveillance app; WhatsApp said isolation would harm safety while Peskov said an agreement could come if Meta complies with Russian law. https://www.thetechoutlook.com/news/apps/after-telegram-restrictions-the-russian-government-attempts-to-block-whatsapp-fully/ https://www.thetechoutlook.com/news/apps/after-telegram-restrictions-the-russian-government-attempts-to-block-whatsapp-fully/"
X Link 2026-02-12T09:34Z 21.2K followers, [---] engagements

"The Gentlemen Ransomware seen since [----] uses a Go-based cross-platform double-extortion model and a 90% affiliate-based RaaS targeting [--] countries in manufacturing tech healthcare and finance encrypting Windows/Linux/ESXi and leaking data. https://socradar.io/blog/dark-web-profile-the-gentlemen-ransomware/ https://socradar.io/blog/dark-web-profile-the-gentlemen-ransomware/"
X Link 2026-02-13T07:05Z 21.2K followers, [----] engagements

"A PoC for CVE-2026-1731 appeared on GitHub on Feb [--] and within [--] hours GreyNoise observed reconnaissance probing for vulnerable BeyondTrust instances. https://www.greynoise.io/blog/reconnaissance-beyondtrust-rce-cve-2026-1731 https://www.greynoise.io/blog/reconnaissance-beyondtrust-rce-cve-2026-1731"
X Link 2026-02-13T07:05Z 21.2K followers, [----] engagements

"SecurityWeek reports that China revived the Tianfu Cup hacking contest with increased secrecy while rewards for exploits are reportedly much smaller than in its glory days. https://www.securityweek.com/china-revives-tianfu-cup-hacking-contest-under-increased-secrecy/ https://www.securityweek.com/china-revives-tianfu-cup-hacking-contest-under-increased-secrecy/"
X Link 2026-02-13T07:05Z 21.2K followers, [----] engagements

"Researchers describe AiFrame a coordinated Chrome extension campaign posing as AI assistants. Thirty extensions share a backend and rely on remote iframes to exfiltrate page and Gmail content from over [------] users. https://layerxsecurity.com/blog/aiframe-fake-ai-assistant-extensions-targeting-260000-chrome-users-via-injected-iframes/ https://layerxsecurity.com/blog/aiframe-fake-ai-assistant-extensions-targeting-260000-chrome-users-via-injected-iframes/"
X Link 2026-02-13T14:43Z 21.2K followers, [---] engagements

"NSFOCUS Fuying Lab flagged ChainedShark (Actor240820) a state-backed APT targeting Chinese universities and research institutes in international relations and marine tech to steal sensitive data active since May [----]. https://nsfocusglobal.com/top-security-incidents-of-2025-the-emergence-of-the-chainedshark-apt-group/ https://nsfocusglobal.com/top-security-incidents-of-2025-the-emergence-of-the-chainedshark-apt-group/"
X Link 2026-02-13T14:59Z 21.2K followers, [----] engagements

"LAB52 reports Operation MacroMaze attributed to APT28 using basic tooling and webhook.site infrastructure to drop six files and establish scheduled-task persistence in Western/Central Europe from Sep [----] through Jan [----]. https://lab52.io/blog/operation-macromaze-new-apt28-campaign-using-basic-tooling-and-legit-infrastructure/ https://lab52.io/blog/operation-macromaze-new-apt28-campaign-using-basic-tooling-and-legit-infrastructure/"
X Link 2026-02-13T15:05Z 21.2K followers, [---] engagements

"Flashpoint notes that N-days surpass 80% of KEVs collapsing the patch window to [--] days in [----] and enabling turn-key exploits when PoCs go live prompting calls for asset inventories and intelligence-led exposure management. https://flashpoint.io/blog/n-day-vulnerability-trends-turn-key-exploitation/ https://flashpoint.io/blog/n-day-vulnerability-trends-turn-key-exploitation/"
X Link 2026-02-13T15:05Z 21.2K followers, [---] engagements

"Microsoft researchers warned that Summarize with AI buttons can inject memory prompts to bias AI recommendations a technique they call AI Recommendation Poisoning seen across [--] companies in [--] industries. https://www.microsoft.com/en-us/security/blog/2026/02/10/ai-recommendation-poisoning/ https://www.microsoft.com/en-us/security/blog/2026/02/10/ai-recommendation-poisoning/"
X Link 2026-02-14T02:28Z 21.2K followers, [----] engagements

"Bashe formerly identified as APT73 is an emerging RaaS actor known for an aggressive communications strategy a strong affiliate-model emphasis and a rebranding of its operations. https://www.suspectfile.com/inside-bashe-the-interview-with-the-ransomware-group-known-as-apt73/ https://www.suspectfile.com/inside-bashe-the-interview-with-the-ransomware-group-known-as-apt73/"
X Link 2026-02-16T01:28Z 21.2K followers, [----] engagements

"A DoJ filing says the former L3Harris Trenchant GM sold eight zero-day exploit kits to Russia. It also notes a fake ransomware group was exposed Google's Wiz deal was blessed by the EC and a sewage-hacker was cuffed. https://go.theregister.com/feed/www.theregister.com/2026/02/15/exl3harris_exec_sold_8_zeroday/ https://go.theregister.com/feed/www.theregister.com/2026/02/15/exl3harris_exec_sold_8_zeroday/"
X Link 2026-02-16T01:28Z 21.2K followers, [----] engagements

"Irans SIAM platform can track [--] million citizens in real time halt banking and disconnect internet during crises with no warrants leveraging China/Russiabuilt NIN and widespread facial recognition. Its a replicable export model threatening global https://www.myprivacy.blog/the-digital-iron-curtain-how-iran-built-the-worlds-most-invasive-surveillance-state/ https://www.myprivacy.blog/the-digital-iron-curtain-how-iran-built-the-worlds-most-invasive-surveillance-state/"
X Link 2026-02-16T06:04Z 21.2K followers, 21.3K engagements

"DigitStealers macOS infostealer relies on a centralized C2 cluster (same .com domains Njalla nameservers ab stract ltd hosting) and a recurring backdoor that polls every [--] seconds revealing a likely single-actor operation. https://cyberandramen.net/2026/02/16/tracking-digitstealer-how-operator-patterns-exposed-c2-infrastructure/ https://cyberandramen.net/2026/02/16/tracking-digitstealer-how-operator-patterns-exposed-c2-infrastructure/"
X Link 2026-02-16T06:08Z 21.2K followers, [----] engagements

"ShinyHunters leaked over [------] Canada Goose customer records including partial card data while Canada Goose states there was no breach of its systems and is reviewing the dataset. https://securityaffairs.com/188046/data-breach/shinyhunters-leaked-600k-canada-goose-customer-records-but-the-firm-denies-it-was-breached.html https://securityaffairs.com/188046/data-breach/shinyhunters-leaked-600k-canada-goose-customer-records-but-the-firm-denies-it-was-breached.html"
X Link 2026-02-17T01:23Z 21.2K followers, [---] engagements

"North Korean criminals are increasingly targeting MetaMask users deploying BeaverTail and InvisibleFerret malware to modify the wallet extension and steal master passwords and seed phrases for crypto theft. Researchers say the campaign uses fake job int https://cybernews.com/crypto/north-korean-hackers-target-metamask/ https://cybernews.com/crypto/north-korean-hackers-target-metamask/"
X Link 2026-02-17T01:43Z 21.2K followers, [---] engagements

"Gigamon says BRICKSTORM's telemetry isn't limited to logs/EDR; network-derived telemetry reveals EastWest traffic and TTPs like rogue DoH lateral movement and data exfiltration aiding threat hunters. https://blog.gigamon.com/2026/01/20/brickstorm-malware-report-highlights-the-criticality-of-network-derived-telemetry/ https://blog.gigamon.com/2026/01/20/brickstorm-malware-report-highlights-the-criticality-of-network-derived-telemetry/"
X Link 2026-01-21T01:23Z 21K followers, [----] engagements

"Check Point Research said KONNI-linked phishing targeted software developers across the APAC region including Japan Australia and India with an AI-generated PowerShell backdoor targeting blockchain resources. https://research.checkpoint.com/2026/konni-targets-developers-with-ai-malware/ https://research.checkpoint.com/2026/konni-targets-developers-with-ai-malware/"
X Link 2026-01-23T00:13Z 21K followers, [----] engagements

"Okta Threat Intelligence has detected and dissected multiple custom phishing kits that have evolved to meet the specific needs of voice-based social engineers (callers) in vishing campaigns https://www.okta.com/blog/threat-intelligence/phishing-kits-adapt-to-the-script-of-callers/ https://www.okta.com/blog/threat-intelligence/phishing-kits-adapt-to-the-script-of-callers/"
X Link 2026-01-23T01:47Z 21K followers, [---] engagements

"Stanley a MaaS toolkit advertised for $2000$6000 on a Russian forum provides a Chrome extension claimed to pass Google Store moderation and enables website spoofing via iframe overlays; the C2 went offline the next day. https://www.varonis.com/blog/stanley-malware-kit https://www.varonis.com/blog/stanley-malware-kit"
X Link 2026-01-23T14:19Z 21K followers, [----] engagements

"The ShinyHunters extortion gang claims it is behind ongoing voice phishing attacks targeting SSO accounts at Okta Microsoft and Google enabling attackers to breach corporate SaaS platforms and steal company data for extortion. https://www.bleepingcomputer.com/news/security/shinyhunters-claim-to-be-behind-sso-account-data-theft-attacks/ https://www.bleepingcomputer.com/news/security/shinyhunters-claim-to-be-behind-sso-account-data-theft-attacks/"
X Link 2026-01-24T02:44Z 21K followers, [----] engagements

"Stanley is a $2000$6000 MaaS toolkit promoted on a Russian forum that sells a turnkey Chrome extension for website spoofing with a Chrome Web Store publication guarantee; it uses a C2 panel to target by IP and hijack sites via iframe overlays. https://www.varonis.com/blog/stanley-malware-kit https://www.varonis.com/blog/stanley-malware-kit"
X Link 2026-01-27T02:33Z 21K followers, [---] engagements

"The main points note that Chrome extensions can be really useful but hidden dangers may lurk beyond their marketing. https://www.security.com/threat-intelligence/chrome-extensions-are-you-getting-more-you-bargained https://www.security.com/threat-intelligence/chrome-extensions-are-you-getting-more-you-bargained"
X Link 2026-01-27T02:49Z 21.1K followers, [---] engagements

"Fortinet FortiGuard Labs reported a new multi-stage phishing campaign targeting Russia with ransomware and Amnesia RAT stating the attack begins with social engineering lures delivered via business-themed documents crafted to appear routine and benign. https://thehackernews.com/2026/01/multi-stage-phishing-campaign-targets.html https://thehackernews.com/2026/01/multi-stage-phishing-campaign-targets.html"
X Link 2026-01-27T02:53Z 21.1K followers, [----] engagements

"ThreatLabz identified two campaigns Gopher Strike and Sheet Attack in September [----] by a Pakistan-linked actor targeting Indian government entities. Gopher Strike introduced Golang tools to deploy a Cobalt Strike beacon. https://www.zscaler.com/blogs/security-research/apt-attacks-target-indian-government-using-gogitter-gitshellpad-and-goshell https://www.zscaler.com/blogs/security-research/apt-attacks-target-indian-government-using-gogitter-gitshellpad-and-goshell"
X Link 2026-01-27T03:25Z 21.1K followers, [---] engagements

"SOCRadar reports a coordinated DDoS campaign by NoName057(16) using DDoSia against Czechia with [----] attacks across [---] domains and [---] IPs; Czechia saw 74.6% of attacks Ukraine 11.5% and government services were 53% of top targets on port [---]. https://socradar.io/blog/ddos-threat-intelligence-czechia-26-jan26/ https://socradar.io/blog/ddos-threat-intelligence-czechia-26-jan26/"
X Link 2026-01-28T02:04Z 21K followers, [---] engagements

"Robin Dost notes NK's mail infrastructure uses a .cc identity domain with a private StarJV CA and an X.509v1 certificate four Postfix SMTP hosts and a [--] GB mail size suggesting large-file transfers. https://blog.synapticsystems.de/why-is-a-north-korean-mail-server-using-a-cc-domain-threat-intelligence-beyond-malware/ http://mail.nisp.cc https://blog.synapticsystems.de/why-is-a-north-korean-mail-server-using-a-cc-domain-threat-intelligence-beyond-malware/ http://mail.nisp.cc"
X Link 2026-01-28T02:04Z 21K followers, [---] engagements

"HoneyMyte updated the CoolClient backdoor with new features and deployed several browser login data stealers and related data-theft scripts in recent campaigns targeting government entities across Southeast Asia (Myanmar Malaysia Thailand). https://securelist.com/honeymyte-updates-coolclient-uses-browser-stealers-and-scripts/118664/ https://securelist.com/honeymyte-updates-coolclient-uses-browser-stealers-and-scripts/118664/"
X Link 2026-01-28T02:08Z 21K followers, [---] engagements

"SecurityWeek reports that ShinyHunters targeted over [---] organizations in a phishing campaign with domains indicating attacks on Atlassian Canva Epic Games HubSpot Moderna ZoomInfo and WeWork. https://www.securityweek.com/over-100-organizations-targeted-in-shinyhunters-phishing-campaign/ https://www.securityweek.com/over-100-organizations-targeted-in-shinyhunters-phishing-campaign/"
X Link 2026-01-28T02:33Z 21K followers, [---] engagements

"The Telegraph reports that Chinese hackers could have read messages and listened to phone calls of senior UK officials. They also reportedly accessed metadata and geolocation and Salt Typhoon is described as still active. https://theins.ru/news/288840 https://theins.ru/news/288840"
X Link 2026-01-28T02:53Z 21K followers, [---] engagements

"Nike is investigating a potential cybersecurity incident after the World Leaks ransomware gang leaked [---] TB of files allegedly stolen from Nike. https://www.bleepingcomputer.com/news/security/nike-investigates-data-breach-after-extortion-gang-leaks-files/ https://www.bleepingcomputer.com/news/security/nike-investigates-data-breach-after-extortion-gang-leaks-files/"
X Link 2026-01-28T03:04Z 21K followers, [---] engagements

"K7 Labs described The PyRAT Code as a Python-based RAT with cross-platform capabilities and persistence noting its unencrypted C2 over HTTP POSTs and Linux/XDG autostart plus Windows Run persistence. https://labs.k7computing.com/index.php/the-pyrat-code-python-based-rat-and-its-internals/ https://labs.k7computing.com/index.php/the-pyrat-code-python-based-rat-and-its-internals/"
X Link 2026-01-29T01:08Z 21K followers, [---] engagements

"Google Threat Intelligence Group and partners degraded IPIDEA's residential proxy network by taking down control domains and sharing SDK intelligence with platforms and law enforcement while Play Protect warns and removes IPIDEA apps. https://cloud.google.com/blog/topics/threat-intelligence/disrupting-largest-residential-proxy-network/ https://cloud.google.com/blog/topics/threat-intelligence/disrupting-largest-residential-proxy-network/"
X Link 2026-01-29T01:54Z 21K followers, [---] engagements

"Poland's power grid was targeted by a coordinated cyberattack in late December impacting around [--] facilities nationwide including DER sites CHP facilities and wind and solar dispatch systems. https://www.bleepingcomputer.com/news/security/cyberattack-on-polish-energy-grid-impacted-around-30-facilities/ https://www.bleepingcomputer.com/news/security/cyberattack-on-polish-energy-grid-impacted-around-30-facilities/"
X Link 2026-01-29T02:43Z 21K followers, [---] engagements

"China didnt break into U.S. telecom networks with weapons; it walked through unlocked doors. Salt Typhoon shows U.S. isnt losing to Beijing but failing safety inspection and calling for baselines with executive verification of network hygiene. https://warontherocks.com/2026/01/is-americas-cyber-weakness-self-inflicted/ https://warontherocks.com/2026/01/is-americas-cyber-weakness-self-inflicted/"
X Link 2026-01-30T03:06Z 21K followers, [---] engagements

"TAMECAT is a PowerShell-based malware used by Iranian APT42 in espionage campaigns targeting high-value defense and government officials leveraging social engineering Telegram C2 and multi-stage exfiltration of data. https://blog.pulsedive.com/tamecat-analysis-of-an-iranian-powershell-based-backdoor/ https://blog.pulsedive.com/tamecat-analysis-of-an-iranian-powershell-based-backdoor/"
X Link 2026-01-30T03:06Z 21K followers, [---] engagements

"SentinelLabs and Censys found an unmanaged global Ollama AI layer across 175k hosts in [---] countries with a persistent backbone of 23k driving most activity. The study warns of governance gaps and residential exposure where tool-calling and vision ra https://www.sentinelone.com/labs/silent-brothers-ollama-hosts-form-anonymous-ai-network-beyond-platform-guardrails/ https://www.sentinelone.com/labs/silent-brothers-ollama-hosts-form-anonymous-ai-network-beyond-platform-guardrails/"
X Link 2026-01-30T04:10Z 21K followers, [---] engagements

"Lotus C2 is a new C2 framework sold as a cybercrime kit and enables credential theft data exfiltration and mass attacks blurring red team and cybercrime lines. https://www.blackfog.com/lotus-c2-new-framework-sold-as-a-cybercrime-kit/ https://www.blackfog.com/lotus-c2-new-framework-sold-as-a-cybercrime-kit/"
X Link 2026-01-30T06:19Z 21.1K followers, [----] engagements

"Unit [--] notes Russia's isolation from the Olympics could heighten cyber threats against the [----] Winter Games and outlines the potential threat picture. https://unit42.paloaltonetworks.com/russian-cyberthreat-2026-winter-olympics/ https://unit42.paloaltonetworks.com/russian-cyberthreat-2026-winter-olympics/"
X Link 2026-01-30T06:19Z 21K followers, [---] engagements

"The government obtained legal title to more than $400 million in seized cryptocurrencies real estate and monetary assets tied to the Helix darknet mixer. https://www.justice.gov/opa/pr/government-forfeits-over-400m-assets-tied-helix-darknet-cryptocurrency-mixer https://www.justice.gov/opa/pr/government-forfeits-over-400m-assets-tied-helix-darknet-cryptocurrency-mixer"
X Link 2026-01-30T06:19Z 21.1K followers, [---] engagements

"Foresiet identifies The Green Blood Group as a Golang-based ransomware using concurrent ChaCha8 encryption and a Tor leak site with staged disclosure to pressure negotiations in a double-extortion model. https://foresiet.com/blog/reverse-engineering-green-blood-ransomware/ https://foresiet.com/blog/reverse-engineering-green-blood-ransomware/"
X Link 2026-01-30T06:19Z 21K followers, [---] engagements

"Labyrinth Chollima evolves into three adversaries. https://www.crowdstrike.com/en-us/blog/labyrinth-chollima-evolves-into-three-adversaries/ https://www.crowdstrike.com/en-us/blog/labyrinth-chollima-evolves-into-three-adversaries/"
X Link 2026-01-30T09:13Z 21.1K followers, [---] engagements

"Mandiant said ShinyHunters-branded extortion campaigns use vishing and credential harvesting to seize SSO credentials and enroll devices in MFA not vendor flaws with guidance on hardening logging rapid containment and phishing-resistant MFA. https://cloud.google.com/blog/topics/threat-intelligence/defense-against-shinyhunters-cybercrime-saas/ https://cloud.google.com/blog/topics/threat-intelligence/defense-against-shinyhunters-cybercrime-saas/"
X Link 2026-01-31T03:50Z 21K followers, [--] engagements

"Arsink spyware posing as WhatsApp YouTube Instagram and TikTok has hit [---] countries as Android malware campaigns continue to masquerade as popular apps. https://hackread.com/arsink-spyware-whatsapp-youtube-instagram-tiktok/ https://hackread.com/arsink-spyware-whatsapp-youtube-instagram-tiktok/"
X Link 2026-01-31T05:30Z 21K followers, [---] engagements

"Mandiant identifies expansion of ShinyHunters-branded extortion via vishing and credential harvesting to seize SSO/MFA codes access SaaS apps and exfiltrate data; GTIG ties UNC6661/6671/6240 to broader cloud-targeting and extortion with Limewire sample https://cloud.google.com/blog/topics/threat-intelligence/expansion-shinyhunters-saas-data-theft/ https://cloud.google.com/blog/topics/threat-intelligence/expansion-shinyhunters-saas-data-theft/"
X Link 2026-02-01T08:58Z 21K followers, [----] engagements

"Huorong Security said a file masquerading as a Telegram localization installer is a Silver Fox phishing trojan. It uses AutoHotKey and APC injection to WmiPrvSE.exe downloads Winos RAT logs keystrokes and persists via scheduled tasks to exfiltrate cre https://mp.weixin.qq.com/s__biz=MzI3NjYzMDM1Mg==&mid=2247530260&idx=1&sn=0be50372e8f2ec206812965d5e3837a2 https://mp.weixin.qq.com/s__biz=MzI3NjYzMDM1Mg==&mid=2247530260&idx=1&sn=0be50372e8f2ec206812965d5e3837a2"
X Link 2026-02-03T02:29Z 21.1K followers, [---] engagements

"Silent Push identified more than [-----] infected IPs in the SystemBC botnet with the US leading and infections on government sites in Burkina Faso and Vietnam plus a previously undocumented Perl variant. https://www.silentpush.com/blog/systembc/utm_source=rss&utm_medium=rss&utm_campaign=systembc https://www.silentpush.com/blog/systembc/utm_source=rss&utm_medium=rss&utm_campaign=systembc"
X Link 2026-02-05T00:54Z 21.1K followers, [---] engagements

"GreyNoise reports a dual-mode Citrix Gateway reconnaissance: login-panel discovery via residential proxies and a focused AWS version-disclosure sprint [------] sessions from 63k+ IPs with 79% targeting Citrix honeypots #ThreatIntel #Citrix. https://www.labs.greynoise.io/grimoire/2026-02-02-citrix-recon-residential-proxies/index.html https://www.labs.greynoise.io/grimoire/2026-02-02-citrix-recon-residential-proxies/index.html"
X Link 2026-02-05T00:54Z 21.1K followers, [---] engagements

"Unit 221B says Scattered Lapsus ShinyHunters extort by harassing executives threatening families swatting and notifying journalists and regulators about intrusions with experts warning that paying only fuels more abuse. https://krebsonsecurity.com/2026/02/please-dont-feed-the-scattered-lapsus-shiny-hunters/ https://krebsonsecurity.com/2026/02/please-dont-feed-the-scattered-lapsus-shiny-hunters/"
X Link 2026-02-05T01:09Z 21.1K followers, [----] engagements

"Substack disclosed that an unauthorized third party accessed limited user data affecting [------] accounts exposing emails phone numbers internal metadata and publisher info with Stripe IDs; passwords and financial data were not accessed and the data https://hackread.com/substack-breach-user-records-leak-cybercrime-forum/ https://hackread.com/substack-breach-user-records-leak-cybercrime-forum/"
X Link 2026-02-06T09:39Z 21.1K followers, [---] engagements

"Italy said it foiled Russian-led cyberattacks against Foreign Ministry offices and Winter Olympic sites including Washington and Cortina hotels while Noname057(16) claimed the DDoS attacks as retaliation for Italys pro-Ukraine stance. https://securityaffairs.com/187654/hacktivism/pro-russian-group-noname05716-launched-ddos-attacks-on-milano-cortina-2026-winter-olympics.html https://securityaffairs.com/187654/hacktivism/pro-russian-group-noname05716-launched-ddos-attacks-on-milano-cortina-2026-winter-olympics.html"
X Link 2026-02-06T09:55Z 21.1K followers, [---] engagements

"Mustang Panda has emerged with new TTPs utilizing advanced tools like ToneShell and StarProxy to target government military and NGOs in Myanmar and East Asia employing evasion techniques for espionage. #CyberSecurity #MustangPanda https://ift.tt/G8qak1B https://ift.tt/G8qak1B"
X Link 2025-04-27T00:43Z 21.1K followers, [----] engagements

"Follow me on Telegram for cyber news. https://t.me/cyberosintosint https://t.me/cyberosintosint"
X Link 2025-05-25T00:52Z 21.2K followers, 31.7K engagements

"A cyberespionage campaign by Fancy Bear dubbed Operation RoundPress is using SpyPress malware to target government and defense sectors in Ukraine and Eastern Europe exploiting vulnerabilities in webmail servers since [----]. #Cybersecurity #Malware https://ift.tt/FDUuWvh https://ift.tt/FDUuWvh"
X Link 2025-05-27T00:18Z 21.1K followers, [----] engagements

"A new Linux botnet called PumaBot is reportedly targeting IoT surveillance devices linked to the ddaemon malware family. https://ift.tt/miqedpR https://ift.tt/miqedpR"
X Link 2025-06-03T02:13Z 21.1K followers, [---] engagements

"New variants of Chaos RAT an open-source remote administration tool have been discovered targeting Windows and Linux via phishing deploying cryptominers stealing sensitive data and maintaining control over infected devices. #Cybersecurity #Malware https://ift.tt/1eKpiao https://ift.tt/1eKpiao"
X Link 2025-06-17T01:48Z 21.1K followers, [----] engagements

"BitoPro exchange reports that the North Korean hacking group Lazarus is linked to a cyberattack that resulted in the theft of $11 million in cryptocurrency on May [--] [----]. #CryptoHeist #LazarusGroup https://ift.tt/cTv6Vhk https://ift.tt/cTv6Vhk"
X Link 2025-06-20T23:48Z 21.2K followers, [---] engagements

"Threat actors are reportedly exploiting CVE-2025-3248 to deliver the Flodrix Botnet targeting AI verticals and linked to the LeetHozer family. #CyberSecurity #FlodrixBotnet https://ift.tt/5pLtDHV https://ift.tt/5pLtDHV"
X Link 2025-06-28T07:48Z 21.1K followers, [---] engagements

"A Trojan named SparkKitty is reportedly targeting mobile users in Southeast Asia and China stealing images and cryptocurrency wallet seed phrases via infiltrated app stores since early [----]. #cybersecurity #malware https://ift.tt/CU3irVh https://ift.tt/CU3irVh"
X Link 2025-07-09T01:18Z 21.1K followers, [---] engagements

Limited data mode. Full metrics available with subscription: lunarcrush.com/pricing