[GUEST ACCESS MODE: Data is scrambled or limited to provide examples. Make requests using your API key to unlock full data. Check https://lunarcrush.ai/auth for authentication information.]
@virusbtn
"Seqrite Threat Research reports Spanish language judicial notification lures targeting Colombian users using SVG HTA VBS and PowerShell stages to download and decode a loader ending with AsyncRAT injected into a legitimate Windows process"
X Link @virusbtn 2025-10-14T08:19Z 60.6K followers, 3750 engagements
"Zscaler ThreatLabz details the latest tactics and tools used by APT37 (ScarCruft/Ruby Sleet/Velvet Chollima) a DPRK-aligned threat actor active since 2012 that targets South Korean individuals connected to the regime or involved in human rights activism"
X Link @virusbtn 2025-09-09T09:04Z 60.6K followers, 2606 engagements
"Trend Micro's Nick Dai & Pierre Lee look into the TAOTH campaign targeting users across Eastern Asia which leveraged an abandoned Sogou Zhuyin IME update server & spear-phishing operations to deliver malware families such as TOSHIS C6DOOR DESFY & GTELAM"
X Link @virusbtn 2025-08-29T10:00Z 60.6K followers, 5390 engagements
"Trend Micro researchers identified an active campaign spreading via WhatsApp through a ZIP file attachment. When executed the malware establishes persistence and hijacks the compromised WhatsApp account to send copies of itself to the victims contacts"
X Link @virusbtn 2025-10-03T09:27Z 60.6K followers, 3130 engagements
"Trend Micro's Dove Chiu & Lucien Chuang uncovered an attack campaign exploiting the Cisco SNMP vulnerability CVE-2025-20352 allowing remote code execution and rootkit deployment on unprotected devices"
X Link @virusbtn 2025-10-16T08:43Z 60.6K followers, XXX engagements
"FortiGuard Labs details a Stealit campaign that shifts from Electron installers to the Node.js Single Executable Application feature while still posing as game and VPN installers"
X Link @virusbtn 2025-10-13T09:13Z 60.6K followers, 9289 engagements
"In early 2025 Threat Detection & Research reported PolarEdge exploiting CVE-2023-20118 to gain RCE and drop a web shell on routers. A follow-up blog post provides an in-depth technical analysis of the undocumented TLS-based implant"
X Link @virusbtn 2025-10-15T09:35Z 60.6K followers, 2614 engagements
"FortiGuard Labs details the Confucius group shifting from document stealers like WooperStealer to Python-based backdoors such as AnonDoor with spear phishing & weaponised documents hitting South Asian government agencies & defence contractors"
X Link @virusbtn 2025-10-06T09:26Z 60.6K followers, 1734 engagements
"FortiGuard Labs analyses Chaos ransomware which resurfaced in 2025 with a new C++ variant. The analysis provides a walkthrough of its execution flow encryption and clipboard hijacking for cryptocurrency with comparisons to earlier .NET builds"
X Link @virusbtn 2025-10-09T08:40Z 60.6K followers, 3185 engagements
"Trend Micro details the Gentlemen ransomware group showing advanced tooling to bypass enterprise endpoint protections. TTPs include driver abuse GPO manipulation custom anti-AV utilities privileged account compromise and exfiltration"
X Link @virusbtn 2025-09-10T10:46Z 60.6K followers, 2156 engagements
"Cyble Research and Intelligence Labs observes Android campaigns posing as Indian Regional Transport Office apps spreading via WhatsApp & SMS to GitHub-hosted APKs & compromised sites then using phishing pages to collect banking credentials & UPI PINs"
X Link @virusbtn 2025-10-15T08:48Z 60.6K followers, 1672 engagements
"Microsoft Threat Intelligence confirms that Storm 1175 known for deploying Medusa ransomware and exploiting public-facing applications is actively exploiting the CVE-2025-10035 GoAnywhere Managed File Transfer vulnerability"
X Link @virusbtn 2025-10-07T09:44Z 60.6K followers, 1996 engagements
"Zscaler ThreatLabz identifies a campaign active since early May 2025 targeting Chinese-speaking users that delivers ValleyRAT FatalRAT & the newly named kkRAT. The blog details the attack chain and kkRATs features network protocol commands & plugins"
X Link @virusbtn 2025-09-11T10:38Z 60.6K followers, 2767 engagements
"ThreatLabz discovered a multi-stage ClickFix campaign likely affiliated with the Russia-linked APT group COLDRIVER targeting members of Russian civil society. The campaign led to a new downloader BAITSWITCH & a new PowerShell-based backdoor SIMPLEFIX"
X Link @virusbtn 2025-10-01T08:00Z 60.6K followers, 6415 engagements
"Trend Micro researchers examine the past TTPs used by UNC3886 to get a good understanding of the threat group and enhance the overall defensive posture against similar tactics"
X Link @virusbtn 2025-08-11T09:39Z 60.6K followers, 3577 engagements
"The Resecurity HUNTER Team warns of a mass exploitation of CVE-2025-61882 in Oracle E-Business Suite enabling remote code execution. Several victims received extortion emails from Cl0p in late September 2025"
X Link @virusbtn 2025-10-07T09:42Z 60.6K followers, 3265 engagements
"Trend Micro details EvilAI which disguises itself as productivity/AI apps and is signed to appear legitimate. Infections span Europe the Americas and AMEA hitting manufacturing government and healthcare sectors"
X Link @virusbtn 2025-09-12T10:42Z 60.6K followers, 2145 engagements
"Zscaler's ThreatLabz tracks SmokeLoaders return with new 2025-alpha and 2025 builds after the May 2024 Operation Endgame takedown. The builds fix performance-impacting bugs and update artifacts to evade static and behaviour-based detection"
X Link @virusbtn 2025-09-16T15:29Z 60.6K followers, 3326 engagements
"Threat Research details AdaptixC2 a lightweight open-source C2 with multi-protocol communication advanced evasion and BOF-based extensibility confirming XXX active servers in the wild"
X Link @virusbtn 2025-10-10T08:48Z 60.6K followers, 14.4K engagements