[GUEST ACCESS MODE: Data is scrambled or limited to provide examples. Make requests using your API key to unlock full data. Check https://lunarcrush.ai/auth for authentication information.] [@virusbtn](/creator/twitter/virusbtn) "Fortinet's Vincent Li analyses RondoDox a new botnet campaign targeting Linux-based operating systems running on diverse architectures. RondoDox incorporates custom libraries and mimics traffic from gaming platforms or VPN servers to evade detection"  [@virusbtn](/creator/x/virusbtn) on [X](/post/tweet/1941056496336617816) 2025-07-04 08:48:26 UTC 60K followers, 2242 engagements "Fortinet's Kuan-Yen Liu & Yen-Ting Lee examine NailaoLockers complete technical profile including its execution flow encryption and decryption routines and its use of SM2 cryptography"  [@virusbtn](/creator/x/virusbtn) on [X](/post/tweet/1947211922505388156) 2025-07-21 08:27:54 UTC 60K followers, 3155 engagements "Palo Alto Networks' Rem Dudas & Noa Dekel share hunting tips & mitigation strategies for ClickFix campaigns and provide an inside view of some of the most prominent ClickFix campaigns they've seen so far in 2025"  [@virusbtn](/creator/x/virusbtn) on [X](/post/tweet/1945057780211093925) 2025-07-15 09:48:06 UTC 60K followers, 2428 engagements "JPCERT/CC's (Yuma Masubuchi) looks into malware identified in attacks exploiting Ivanti Connect Secure vulnerabilities CVE-2025-0282 and CVE-2025-22457 from December 2024 to the present"  [@virusbtn](/creator/x/virusbtn) on [X](/post/tweet/1946151885791961585) 2025-07-18 10:15:41 UTC 60K followers, 2140 engagements "The Seqrite Labs APT-Team has identified and tracked a cluster of espionage-oriented operations conducting campaigns across multiple Asian jurisdictions including China Hong Kong & Pakistan. This threat entity usually deploys CV-themed decoy documents"  [@virusbtn](/creator/x/virusbtn) on [X](/post/tweet/1945823563853828170) 2025-07-17 12:31:03 UTC 60K followers, 5450 engagements "Palo Alto Networks researchers explore the obfuscation techniques employed by the malware authors in the SLOW#TEMPEST campaign and highlight methods and code that can be used to detect and defeat these techniques"  [@virusbtn](/creator/x/virusbtn) on [X](/post/tweet/1944697682758386058) 2025-07-14 09:57:12 UTC 60K followers, 6441 engagements "SentinelOne's Phil Stokes (@philofishal) & Dinesh Devadoss (@dineshdina04) provide a technical analysis of the latest version of the macOS.ZuRu malware along with new technical indicators to aid detection engineers and threat hunters"  [@virusbtn](/creator/x/virusbtn) on [X](/post/tweet/1943593984812573097) 2025-07-11 08:51:30 UTC 60K followers, 2419 engagements "Trend Micro's Junestherry Dela Cruz shares the latest methods used in Lumma Stealer distribution. Lumma Stealer re-emerged shortly after its takedown; the group behind it appears to be intent on employing covert tactics while steadily expanding its reach"  [@virusbtn](/creator/x/virusbtn) on [X](/post/tweet/1947947905488204159) 2025-07-23 09:12:26 UTC 60K followers, 1177 engagements "Palo Alto Networks' Lior Rochberger looks into a cluster of suspicious activity targeting governmental entities in Southeast Asia. The threat actors behind this campaign use the HazyBeacon backdoor which leverages AWS Lambda URLs as C2 infrastructure"  [@virusbtn](/creator/x/virusbtn) on [X](/post/tweet/1945053450317803647) 2025-07-15 09:30:54 UTC 60K followers, 2103 engagements "Trustwave reseachers share key insights from the analysis of a KAWA4096 sample to uncover how the ransomware operates. This new threat features a leak site that follows the style of the Akira ransomware group & a ransom note format similar to that of Qilin"  [@virusbtn](/creator/x/virusbtn) on [X](/post/tweet/1946153055029784844) 2025-07-18 10:20:20 UTC 60K followers, 1704 engagements "Proofpoint Threat Research identified multiple China-aligned threat actors specifically targeting Taiwanese organizations within the semiconductor industry. In all cases the motive was most likely espionage"  [@virusbtn](/creator/x/virusbtn) on [X](/post/tweet/1945812957968925171) 2025-07-17 11:48:55 UTC 60K followers, 3730 engagements "Cedric Brisson (@cyb3rjerry) in collaboration with Invoke RE's Josh Reynolds (@JershMagersh) analysed the "Scavenger" malware distributed via a supply chain compromise involving popular NPM package es-lint-config-prettier"  [@virusbtn](/creator/x/virusbtn) on [X](/post/tweet/1947592616863760812) 2025-07-22 09:40:39 UTC 60K followers, 1749 engagements "Welcome our newest #VB2025 partners: 🌟 @amazon (Gold Partner) 🥈 @GenDigitalInc (Silver Partner) 🥉 @SoftwareClean (CSA) @Fortinet & Varist (Bronze Partners) 🤝 @totalavcom (Getting Connected tier) Join them & showcase your brand in Berlin: 👉"  [@virusbtn](/creator/x/virusbtn) on [X](/post/tweet/1948012383185543504) 2025-07-23 13:28:39 UTC 60K followers, XXX engagements "Cybereason Security Services investigates a BlackSuit ransomware attack leveraging tools like Cobalt Strike for command and control (C2) rclone for data exfiltration & BlackSuit ransomware for file encryption"  [@virusbtn](/creator/x/virusbtn) on [X](/post/tweet/1944698418309247363) 2025-07-14 10:00:08 UTC 60K followers, 2746 engagements "FortiGuard Labs recently uncovered an active delivery site that hosts a weaponized HTA script and silently drops the infostealer NordDragonScan into victims environments"  [@virusbtn](/creator/x/virusbtn) on [X](/post/tweet/1942515271614304402) 2025-07-08 09:25:05 UTC 60K followers, 2985 engagements "Trend Micro's Jovit Samaniego Aira Marcelo Mohamed Fahmy & Gabriel Nicoleta uncovered a Water Curse campaign with weaponized GitHub repositories delivering multistage malware"  [@virusbtn](/creator/x/virusbtn) on [X](/post/tweet/1934923225433018645) 2025-06-17 10:37:00 UTC 60K followers, 4867 engagements
[GUEST ACCESS MODE: Data is scrambled or limited to provide examples. Make requests using your API key to unlock full data. Check https://lunarcrush.ai/auth for authentication information.]
@virusbtn
"Fortinet's Vincent Li analyses RondoDox a new botnet campaign targeting Linux-based operating systems running on diverse architectures. RondoDox incorporates custom libraries and mimics traffic from gaming platforms or VPN servers to evade detection"
@virusbtn on X 2025-07-04 08:48:26 UTC 60K followers, 2242 engagements
"Fortinet's Kuan-Yen Liu & Yen-Ting Lee examine NailaoLockers complete technical profile including its execution flow encryption and decryption routines and its use of SM2 cryptography" @virusbtn on X 2025-07-21 08:27:54 UTC 60K followers, 3155 engagements
"Palo Alto Networks' Rem Dudas & Noa Dekel share hunting tips & mitigation strategies for ClickFix campaigns and provide an inside view of some of the most prominent ClickFix campaigns they've seen so far in 2025" @virusbtn on X 2025-07-15 09:48:06 UTC 60K followers, 2428 engagements
"JPCERT/CC's (Yuma Masubuchi) looks into malware identified in attacks exploiting Ivanti Connect Secure vulnerabilities CVE-2025-0282 and CVE-2025-22457 from December 2024 to the present" @virusbtn on X 2025-07-18 10:15:41 UTC 60K followers, 2140 engagements
"The Seqrite Labs APT-Team has identified and tracked a cluster of espionage-oriented operations conducting campaigns across multiple Asian jurisdictions including China Hong Kong & Pakistan. This threat entity usually deploys CV-themed decoy documents" @virusbtn on X 2025-07-17 12:31:03 UTC 60K followers, 5450 engagements
"Palo Alto Networks researchers explore the obfuscation techniques employed by the malware authors in the SLOW#TEMPEST campaign and highlight methods and code that can be used to detect and defeat these techniques" @virusbtn on X 2025-07-14 09:57:12 UTC 60K followers, 6441 engagements
"SentinelOne's Phil Stokes (@philofishal) & Dinesh Devadoss (@dineshdina04) provide a technical analysis of the latest version of the macOS.ZuRu malware along with new technical indicators to aid detection engineers and threat hunters" @virusbtn on X 2025-07-11 08:51:30 UTC 60K followers, 2419 engagements
"Trend Micro's Junestherry Dela Cruz shares the latest methods used in Lumma Stealer distribution. Lumma Stealer re-emerged shortly after its takedown; the group behind it appears to be intent on employing covert tactics while steadily expanding its reach" @virusbtn on X 2025-07-23 09:12:26 UTC 60K followers, 1177 engagements
"Palo Alto Networks' Lior Rochberger looks into a cluster of suspicious activity targeting governmental entities in Southeast Asia. The threat actors behind this campaign use the HazyBeacon backdoor which leverages AWS Lambda URLs as C2 infrastructure" @virusbtn on X 2025-07-15 09:30:54 UTC 60K followers, 2103 engagements
"Trustwave reseachers share key insights from the analysis of a KAWA4096 sample to uncover how the ransomware operates. This new threat features a leak site that follows the style of the Akira ransomware group & a ransom note format similar to that of Qilin" @virusbtn on X 2025-07-18 10:20:20 UTC 60K followers, 1704 engagements
"Proofpoint Threat Research identified multiple China-aligned threat actors specifically targeting Taiwanese organizations within the semiconductor industry. In all cases the motive was most likely espionage" @virusbtn on X 2025-07-17 11:48:55 UTC 60K followers, 3730 engagements
"Cedric Brisson (@cyb3rjerry) in collaboration with Invoke RE's Josh Reynolds (@JershMagersh) analysed the "Scavenger" malware distributed via a supply chain compromise involving popular NPM package es-lint-config-prettier" @virusbtn on X 2025-07-22 09:40:39 UTC 60K followers, 1749 engagements
"Welcome our newest #VB2025 partners: 🌟 @amazon (Gold Partner) 🥈 @GenDigitalInc (Silver Partner) 🥉 @SoftwareClean (CSA) @Fortinet & Varist (Bronze Partners) 🤝 @totalavcom (Getting Connected tier) Join them & showcase your brand in Berlin: 👉" @virusbtn on X 2025-07-23 13:28:39 UTC 60K followers, XXX engagements
"Cybereason Security Services investigates a BlackSuit ransomware attack leveraging tools like Cobalt Strike for command and control (C2) rclone for data exfiltration & BlackSuit ransomware for file encryption" @virusbtn on X 2025-07-14 10:00:08 UTC 60K followers, 2746 engagements
"FortiGuard Labs recently uncovered an active delivery site that hosts a weaponized HTA script and silently drops the infostealer NordDragonScan into victims environments" @virusbtn on X 2025-07-08 09:25:05 UTC 60K followers, 2985 engagements
"Trend Micro's Jovit Samaniego Aira Marcelo Mohamed Fahmy & Gabriel Nicoleta uncovered a Water Curse campaign with weaponized GitHub repositories delivering multistage malware" @virusbtn on X 2025-06-17 10:37:00 UTC 60K followers, 4867 engagements