Top News

• Linux variant of Qilin Ransomware targets Windows via remote management tools and BYOVD

"Qilin ransomware group used Linux binaries on Windows to evade EDRs, steal backups, and disable defenses via BYOVD attacks."

Link

TLP¹ : Green

• Mem3nt0 mori – The Hacking Team is back!

"In March 2025, Kaspersky detected a wave of infections that occurred when users clicked on personalized phishing links sent via email. No further action was required to initiate the infection; simply visiting the malicious website using Google Chrome or another Chromium-based web browser was enough."

Link

TLP¹ : Green

Cybersecurity State: Surveillance, Cyberwarfare, Cybercriminality and Hacktivism

• Russian Rosselkhoznadzor hit by DDoS attack, food shipments across Russia delayed

"A DDoS attack on Russia’s food safety agency Rosselkhoznadzor disrupted food shipments by crippling its VetIS and Saturn tracking systems."

Link

TLP¹ : Green

• Europol has put an end to network behind 49 million fake accounts

"Seven people were arrested in connection with the raid."

Link

TLP¹ : Green

• China-Aligned APTs Launch “Premier Pass-as-a-Service,” Sharing Access in Coordinated Global Espionage

"A new Trend Research report has revealed an alarming shift in cyberespionage tactics among China-aligned APT groups, highlighting unprecedented levels of collaboration and resource sharing between threat actors such as Earth Estries and Earth Naga. The report introduces a new term — “Premier Pass-as-a-Service” — to describe this advanced model of access brokerage and inter-group cooperation."

Link

TLP¹ : Green

Breaches: Data Breaches and Hacks

• 183 million email accounts breached. How to check yours.

"A new email breach was recently revealed, and the number of affected accounts is pretty staggering. Some 183 million email accounts were reportedly compromised."

Link

TLP¹ : Green

Vulnerabilities: Vulnerability Advisories, Zero-Days,Patches and Exploits

• New BIND 9 Security Flaw (CVE-2025-40778) Threatens Global DNS Infrastructure

"A newly disclosed security flaw has put more than 706,000 BIND 9 DNS resolvers worldwide at risk of cache poisoning attacks, according to an advisory published by the Internet Systems Consortium (ISC) on October 22, 2025."

Link

TLP¹ : Green

• Chrome 0-Day Vulnerability Actively Exploited in Attacks by Notorious Hacker Group

"The notorious Mem3nt0 mori hacker group has been actively exploiting a zero-day vulnerability in Google Chrome, compromising high-profile targets across Russia and Belarus."

Link

TLP¹ : Green

Incident Response: Infrastructure, Training, SIEM and Incident Handling

• eBook: A quarter century of Active Directory

"Active Directory (AD) remains the backbone of enterprise identity and a prime target for attackers. Explore its 25-year history, evolving risks, and how organizations can modernize password security."

Link

TLP¹ : Green

Technical Articles: Forensics, Reverse Engineering, Malware, Phishing, Pentesting, Software Security and Cryptography

• Hackers steal Discord accounts with RedTiger-based infostealer

"Attackers are using the open-source red-team tool RedTiger to build an infostealer that collects Discord account data and payment information."

Link

TLP¹ : Green

¹Traffic Light Protocol (TLP) [1] for information sharing:

• Red:Not for disclosure, restricted to participants only.
• Amber: Limited disclosure, restricted to participants organizations.
• Green: Limited disclosure, restricted to the community.

[1]https://www.first.org/tlp