DarkWatchMan and Hive0117: Fileless Malware Evolution Targeting Russian Critical Infrastructure

DarkWatchMan is a fileless, modular malware family first observed in late 2021 and attributed to the financially motivated Hive0117 group. The malware is primarily delivered via spear-phishing emails containing password-protected archives, targeting Russian critical infrastructure (energy, etc).

PSLoramyra Fileless Loader: Advanced YARA Detection, Memory Forensics, and Cross-Platform Threat Evolution

PSLoramyra just sent your hard drive a breakup text. 🥀 Why bother writing files when you can Airbnb in RAM and ghost EDR?

Dark Partners: Multi-Platform Crypto Theft via Fake AI, VPN, and Software Sites

Think your AI download is legit? Dark Partners turned 250+ spoofed sites into a crypto vacuum—dropping Poseidon (macOS) & PayDay (Windows) right past your AV with stolen certs

Vishing Meets Cloud: UNC6040’s Abuse of Salesforce Connected Apps for Stealthy Data Exfiltration

🎧☁️ When the “help desk” helps itself. UNC6040’s phone-phishing swarm hijacks Salesforce via a doctored Data Loader — Google fingers 20+ victims (and counting).

GIFTEDCROOK’s Strategic Pivot: UAC-0226’s Espionage Surge Amid Ukraine’s Geopolitical Flashpoints

UAC-0226, a threat cluster tracked by CERT-UA has intensified cyber-espionage operations against Ukrainian military, law enforcement, and government institutions since early 2025.

Whack-A-RAT: We're talking AlphaHunt on the Breaking Badness Cybersecurity Podcast

Test Driving CIFv5

Solve problems by writing doc first.

Newer Older