Week 12 β 2026 LATEST
FORENSIC ANALYSIS
6 items
THREAT INTELLIGENCE / HUNTING
97 items
- CVE-2025-32975: Arctic Wolf Observes Exploitation of Quest KACE SMA
- Nation-State Attacks Hit Machine Speed: 2026 Armis Cyberwarfare Report
- February 2026 APT Attack Trends Report β South Korea (ASEC)
- Winos4.0 malware disguised as KakaoTalk installation file (ASEC)
- Attack case against MS-SQL server installing ICE Cloud scanner Larva-26002 (ASEC)
- From flat networks to locked up domains with tiering models (SensePost)
- CTA Campaign Assessment: The Iran Conflict β Global Cyber Operations Risk (Avertium)
- Amazon threat intelligence teams identify Interlock ransomware campaign (AWS)
- Sandworm: Russia's global infrastructure wrecking crew (Barracuda)
- LotAI: How Attackers Weaponize AI Assistants for Data Exfiltration (BlackFog)
- 2026-03-17: SmartApeSG ClickFix pushes Remcos RAT (Brad Duncan / SANS ISC)
- Feds Disrupt IoT Botnets Behind Huge DDoS Attacks (Krebs on Security)
- ResidentBat: Belarusian KGB Android Spyware at Internet Scale (Censys)
- Vshell: A Chinese-Language Alternative to Cobalt Strike (Censys)
- Odyssey Stealer: Inside a macOS Crypto-Stealing Operation (Censys)
- Transparent COM instrumentation for malware analysis (Cisco Talos)
- Everyday tools, extraordinary crimes: the ransomware exfiltration playbook (Cisco Talos)
- MacSync Stealer: SEO Poisoning and ClickFix-Based macOS Malware (CloudSEK)
- LiveChat Abuse: How Phishers Are Exploiting SaaS Support Tools (Cofense)
- From Scanner to Stealer: Inside the trivy-action Supply Chain Compromise (CrowdStrike)
- Tycoon2FA Phishing-as-a-Service Platform Persists Following Takedown (CrowdStrike)
- FancyBear Exposed: Major OPSEC Blunder Inside Russian Espionage Ops (Ctrl-Alt-Intel)
- AI-Assisted Phishing Campaign Exploits Browser Permissions (Cyble)
- Middle East Cyber Warfare Intensifies: Rising Attacks, Hacktivist Surge (Cyble)
- North Korea's Crypto Theft Operations: Lazarus Group (Cyble)
- Weekly Intelligence Report β 20 March 2026 (Cyfirma)
- Darktrace Identifies Encryption in a World Leaks Ransomware Attack
- Threat Hunting: Catching emojis on Files and Email Subjects + KQL (Detect FYI)
- Detection via Deception β Using your SIEM as a Free Deception Platform (Detect FYI)
- Detection Logic Bugs: Abusable Gaps in Detection Coverage (Detect FYI)
- Weekly Threat Infrastructure Investigation Week 9-10 (Disconinja)
- Microsoft Graph API Attack Surface: OAuth Flows, Abused Endpoints (InfoSec Write-ups)
- New Malware Highlights Increased Systematic Targeting of Network Infrastructure (Eclypsium)
- Linux & Cloud Detection Engineering β Getting Started with Defend for Containers (Elastic)
- Linux & Cloud Detection Engineering β TeamPCP Container Attack Scenario (Elastic)
- WIPED IN 79 COUNTRIES: The Handala Hack Attack on Stryker Corporation (FalconFeeds)
- Iran's FindFace Acquisition: The Architecture of a Digital Surveillance State (FalconFeeds)
- Following the Money: The 82-Wallet Bitcoin Cluster Linked to Iran's IRGC-CEC (FalconFeeds)
- Bench.sh: How Threat Actors Repurpose a Legitimate Benchmarking Tool (Flare)
- VoidStealer: Debugging Chrome to Steal Its Secrets (Gen)
- GhostClaw expands beyond npm: GitHub repositories and AI workflows deliver macOS infostealer (Jamf)
- Poisoned Typeface: How Simple Font Rendering Poisons Every AI Assistant (LayerX)
- DarkSword Threatens iOS Users (Lookout)
- When a Microsoft Teams support call led to compromise (Microsoft Security)
- When tax season becomes cyberattack season: Phishing using tax-related lures (Microsoft)
- CTI-REALM: A new benchmark for end-to-end detection rule generation with AI (Microsoft)
- Attacking Kerberos 2: Roasting Attacks (MII Cyber Security)
- Finding the 'Quiet' Compromise with Long Tail Analysis (MII)
- DPRK IT Worker Fraud: Hiring an Insider Threat (Nisos)
- GlassWorm Invades GitHub, NPM, VS Code and PyPI (OpenSourceMalware)
- Iranian Cyber Threat Evolution: From MBR Wipers to Identity Weaponization (Palo Alto)
- Boggy Serpens Threat Assessment (Palo Alto)
- Analyzing the Current State of AI Use in Malware (Palo Alto)
- T1071.001 Web Protocols in MITRE ATT&CK Explained (Picus)
- T1059.013 Container CLI/API in MITRE ATT&CK Explained (Picus)
- What Is Fileless Malware? (Picus)
- T1219.001 IDE Tunneling in MITRE ATT&CK Explained (Picus)
- T1547.001 Registry Run Keys/Start Up Folder in MITRE ATT&CK Explained (Picus)
- CursorJack: Weaponizing Deeplinks to Exploit Cursor IDE (Proofpoint)
- The Stryker breach didn't match the playbook. That shouldn't be a surprise. (Push Security)
- The Attack Cycle is Accelerating: Rapid7 2026 Global Threat Landscape Report
- Microsoft Orphaned Agents Identities: Hidden identity debt in Entra tenant
- 2025 Identity Threat Landscape Report: Infostealer Economy (Recorded Future)
- AI and browser threats stand out in the 2026 Threat Detection Report (Red Canary)
- Casting a Wider Net: ClickFix, Deno, and LeakNet's Scaling Threat (ReliaQuest)
- Observed Telegram Bot Naming Patterns in Recent MuddyWater Malware (Synaptic)
- IPv4 Mapped IPv6 Addresses (SANS ISC)
- GSocket Backdoor Delivered Through Bash Script (SANS ISC)
- UEBA in the Real World: Catching Intrusions That Don't Look Like Intrusions (Sekoia)
- Building an Adversarial Consensus Engine | Multi-Agent LLMs for Malware Analysis (SentinelOne)
- How Kinetic Strikes Opened the Door to Cyber and Influence War (Simone Kraus)
- GlassWorm Sleeper Extensions Activate on Open VSX (Socket)
- Trivy Under Attack: Widespread GitHub Actions Tag Compromise Exposes CI/CD Secrets (Socket)
- CanisterWorm: npm Publisher Compromise Deploys Backdoor Across 29+ Packages (Socket)
- Ransomware 3.0: The Autonomous Threat That Changed Everything (SOCRadar)
- Android devices ship with firmware-level malware (Sophos)
- How to Prove Incident Containment: Evidence of Absence (Stairwell)
- Stop Renting Your Own Malware Data Back (Stairwell)
- Continuous Malware Intelligence: Replacing Retro Hunts With Hindsight (Stairwell)
- Malicious Polymarket Bot Hides in Hijacked dev-protocol GitHub Org (Step Security)
- Malicious npm in Popular React Native Packages β 130K+ Monthly Downloads (Step Security)
- Trivy Compromised a Second Time β Malicious v0.69.4 Release (Step Security)
- Advanced fake Zoom installer delivering malware (Sublime Security)
- One Commit Away from Theft: Supply Chain Attacks Hit the Crypto Ecosystem (Sygnia)
- New Malware Targets Users of Cobra DocGuard Software (Symantec)
- Detecting CVE-2026-3288 & CVE-2026-24512: Ingress-nginx vulnerabilities for Kubernetes (Sysdig)
- CVE-2026-33017: How attackers compromised Langflow AI pipelines (Sysdig)
- ZeroTrace Multi-Family MaaS Operation β Open Directory Exposure (The Hunter's Ledger)
- From Missiles to Malware β Part 2 Defending Against the Handala Campaign (Third Eye)
- Perseus: DTO malware that takes notes (ThreatFabric)
- Web Shells, Tunnels, and Ransomware: Dissecting a Warlock Attack (Trend Micro)
- From Misconfigured Spring Boot Actuator to SharePoint Exfiltration (Trend Micro)
- Full Disclosure: A Third and Fourth Azure Sign-In Log Bypass Found (TrustedSec)
- How Attackers Establish Persistence in Hybrid Environments (Vectra AI)
- What the Stryker Incident Reveals About Handala's Attack Playbook (Vectra AI)
- EDR killers explained: Beyond the drivers (WeLiveSecurity / ESET)
- Trivy Compromised: Everything You Need to Know (Wiz)
UPCOMING EVENTS
5 items
- BHIS β Talkin' Bout [infosec] News 2026-03-23
- Cellebrite β Advanced Digital Investigations in Africa
- Cyber Triage β Investigating Evasion: How to Find What the Alert Missed
- Magnet Forensics β Mobile Unpacked S4:E3 // Deducing the duplications
- SANS β 2026 Threat Landscape: Turning Threat Intelligence into Analytic Advantage
PRESENTATIONS / PODCASTS
15 items
- Digital Forensics Now Podcast S3 β Episode 3 (Alexis Brignoni)
- Detect SSH -R Pivoting Before Ransomware Hits (Ayush Anand)
- Cloud Security Podcast EP267 β AI SOC or AI in a SOC? (Google)
- Cyber Threat Hunting at Scale: 4 Principles from the Trenches (Cyberwox)
- 02 β Exploring the Reverse Shell Source Code (Dr Josh Stroschein)
- Cybersecurity SOC Analyst Lab β Malicious Browser Extension FakeGPT (MyDFIR)
- Mac Imaging Made Easy with Fuji (Richard Davis / 13Cubed)
- LABScon25 Replay: Your Apps May Be Gone, But the Hackers Made $9B (SentinelOne)
- Team Cymru: Duaine Labno on Digital Investigations and Corporate Threat Intelligence
- Intune Wipers, Veeam RCEs, and DPRK's $800M IT Empire (Team Cymru Video)
- Bloodhound OpenGraph (John Hammond)
- Magnet Forensics β Signals in the noise: Five years of enterprise DFIR trends
- Magnet Forensics β Bridging the air gap: Accelerating mobile forensics in secure labs
- Root Cause Analysis Series Part 1-4 (MossΓ© Cyber Security Institute)
- Parsing The Truth: One Byte at a Time Podcast S1 E43: Karen Read β Jessica Hyde Testimony
MALWARE
22 items
- Glassworm Strikes Popular React Native Phone Number Packages (Aikido)
- Open VSX Extension Compromised by BlokTrooper GlassWorm (Aikido)
- GlassWorm Hides a RAT Inside a Malicious Chrome Extension (Aikido)
- TeamPCP deploys CanisterWorm on NPM following Trivy compromise (Aikido)
- Forbidden Hyena adopts BlackReaperRAT in AI-powered campaigns (BI.ZONE)
- Windsurf IDE Extension Drops Malware via Solana Blockchain (Bitdefender)
- CQURE Hacks #75: NTFS Forensics β Recovering Deleted Files and Analyzing MFT Records
- Sweet Minecraft Mods β The Dark Tale of SugarSMP Scam, Malware & Extortion (G Data)
- Reverse Engineering .NET AOT Malware: Multi-Stage Attack Chain with Binary Ninja
- Fake Telegram Malware Campaign via Typosquatted Websites (K7 Labs)
- GlassWorm Hits MCP: 5th Wave with New Delivery Techniques (Koi Security)
- AI Wrote This Malware: Dissecting a Vibe-Coded Malware Campaign (McAfee Labs)
- RegPhantom Backdoor Threat Analysis (Nextron Systems)
- OpenClaw Developers Targeted in Crypto-Wallet Phishing Attack (OX Security)
- Beyond the Wiper β What Unit42's Iran Analysis Misses (Plausible Deniability)
- Free real estate: GoPix, the banking Trojan living off your memory (Securelist)
- The SOC Files: Unpacking a new Horabot campaign in Mexico (Securelist)
- Operation GhostMail: Russian APT exploits Zimbra Webmail to Target Ukraine (Seqrite)
- Analysis of Batch File leads to DonutLoader (Shubho57)
- MacOS malware persistence 5: cron jobs (Zhassulan Zhussupov)
- MacOS malware persistence 6: PAM module injection (Zhassulan Zhussupov)
- Technical Analysis of SnappyClient (ZScaler)
MISCELLANEOUS
22 items
- Introducing DFIR Toolkit: Privacy-First DFIR utilities that run entirely in your browser (Andrea Fortuna)
- If you suck at your DFIR job, AI is going to take it (Brett Shavers)
- A Practical Map of the DFIR Internet: Marketplaces, FAQs, and Fire Exits (DFIR Training)
- 56% are likely to leave DFIR within 12 months or unsure if they'll stay (DFIR Training)
- Cellebrite Genesis Launch: Groundbreaking Agentic AI Solution for Investigators
- Guardian Cloud Platform IRAP Assessment: What Australian Investigators Need to Know (Cellebrite)
- Cellebrite Launches Guardian Investigate, the AI-Powered Nerve Center
- From Weeks to Minutes: How Agentic AI Is Transforming Digital Investigations (Cellebrite)
- Why iOS Jailbreaking Is Over β And What That Means for Security Teams (Cellebrite)
- DFIR Jobs Update β 03/16/26 (DFIR Dominican / Josibel Mendoza)
- A Study in DFIR: Open-Source, Enterprise, and the Art of Analysis (Baker Street Forensics)
- Digital Forensics Jobs Round-Up, March 16 2026 (Forensic Focus)
- Introducing Aid4Mail: Closing Email Evidence Gaps for Investigators (Forensic Focus)
- Digital Forensics Round-Up, March 18 2026 (Forensic Focus)
- Forensic Focus Digest, March 20 2026
- Explainer: Disk images (Howard Oakley / The Eclectic Light Company)
- μ¨κ²¨μ§ λ°μ΄ν°μ μ€μ²΄: Full File System μΆμΆμ ν΅ν΄ λλ¬λ μ λ³΄λ€ (Magnet Forensics)
- Magnet One Case Stream: A new transformative workflow (Magnet Forensics)
- Setting up UniqueSignal in MISP
- Phones Everywhere: How to Catch Them (Matthew Plascencia)
- My book, 'A Dance of Red and Blue' is out! (Daniel Koifman)
- Sentinel-As-Code: The 2026 Update (sentinel.blog / TobyG)
SOFTWARE UPDATES
15 items
- Malwoverview 8.0.0 (Alexandre Borges)
- Arkime v6.1.0
- oledump.py Version 0.0.85 (Didier Stevens)
- winfor-salt v2026.5.4 (Digital Sleuth)
- VolWeb v3.16.0 (k1nd0ne)
- Arc2Lite v2.0.0 β Combined Script (Kevin Pagano / Stark 4N6)
- MacOS-Analyzer-Suite v1.2.0 (Lethal-Forensics)
- AD_Miner v1.9.0 (Mazars Tech)
- MISP v2.5.35: Decomposed Event Views, Overmind UI, Security Hardening
- MISP-STIX 2026.3.13 Released
- OpenCTI 6.9.28
- ExifTool 13.53 (Phil Harvey)
- radare2 6.1.2
- X-Ways Forensics 21.6 SR-7 / 21.7 SR-2 / 21.8 Preview 4
- EntraFalcon β Security Findings Report (Compass Security)
Week 11 β 2026
FORENSIC ANALYSIS
5 items
THREAT INTELLIGENCE / HUNTING
30 items
- Glassworm Is Back: A New Wave of Invisible Unicode Attacks Hits Hundreds of Repositories (Aikido)
- Google Cloud Security Threat Horizons Report #13 (H1 2026)
- Kernel in the Crosshairs: The BlackSanta Threat Campaign Targeting Recruitment Workflows (Aryaka)
- Defending Against Iranian Cyber Threats in the Wake of Operation Epic Fury (AttackIQ)
- Bitdefender Threat Debrief β March 2026
- Windows and macOS Malware Spreads via Fake 'Claude Code' Google Ads (Bitdefender)
- How AI Assistants are Moving the Security Goalposts (Bitdefender)
- Iranian APT UNC3890 Deploys New Toolkit Against Israeli Targets (Google Cloud TI)
- Midnight Blizzard Spear-Phishing Campaign Using RDP Files (CERT-UA)
- Operation Diplomatic Specter: PRC-Affiliated Threat Actors Target Embassies (CrowdStrike)
- Tycoon2FA Phishing-as-a-Service: Infrastructure and Delivery Analysis (Darktrace)
- FalconFeeds Weekly β Supply Chain Attacks Surge in Q1 2026
- Scattered Spider Uncaged β The AB Projekt Blue Investigation (Chamindu Pushpika)
- Ivanti EPMM 'Sleeper Shells' not so sleepy? (NVISO)
- 379. Hunting for Suspicious Compiled HTML Files (Know Your Adversary)
- 380. Hunting for Suspicious System Language Discovery Events (Know Your Adversary)
- 381. In Some Cases, Attackers Can Simply Export Your Passwords (Know Your Adversary)
- 382. Handala Hack Abuses NetBird (Know Your Adversary)
- Insights: Increased Risk of Wiper Attacks (Unit 42 / Palo Alto)
- Suspected China-Based Espionage Operation Against Military Targets (Unit 42)
- CTI Research: MuddyWater/Seedworm (Mango Sandstorm) ATT&CK Mapping (InfoSec Write-ups)
- Infrastructure Pivoting: CTI Analysts Expand From a Single IOC (InfoSec Write-ups)
- Ploutus Malware: Uptick in ATM jackpotting incidents prompts FBI warning (InfoSec Write-ups)
- Nanya Chipmaker DRAM Supply Disruption: Geopolitical Risk Analysis (ReliaQuest)
- Weekly Intelligence Report β 13 March 2026 (Cyfirma)
- Faux Amis: How France Stands Apart in Europe's University Cyber Partnerships with China
- 2025 Year in Review: Malicious Infrastructure (Recorded Future)
- SANS ISC β /proxy/ URL scans with IP addresses (Mar 16)
- SANS ISC β Interesting Message Stored in Cowrie Logs (Mar 18)
- TrustConnect RAT: Inside a Vibe-Coded Malware Ecosystem (Podcast)
UPCOMING EVENTS
9 items
- BHIS β Do it, do it NOW! β A Pre-Incident Checklist with Patters
- Cellebrite β C2C User Summit Speaker Announcement
- Cyber Triage β Configuring Your System for IR: Windows Logging (Mike Wilkinson)
- Magnet Forensics β Mobile Unpacked S4:E2
- SANS β Threat Intelligence Summit 2026
- Forensic Focus β UFED 101: An Introduction to Cellebrite
- Hexordia β 2026 MSAB CTF Walkthrough
- Magnet Forensics β Forensics in Agentic AI Workflows
- SANS β FOR610: Reverse Engineering Malware β Live Online
PRESENTATIONS / PODCASTS
10 items
- Truth in Data S2EP5: Forensics Role Call β Sworn vs. Non-Sworn Examiners
- Breaking Down the New National Cybersecurity Strategy (CrowdStrike Podcast)
- Magnet Virtual Summit β CTF Feb 2026 β MacOS walk through (BlueMonkey 4n6)
- EP266 β Resetting the SOC for Code War: Allie Mellen on Detecting State Actors (Google Cloud)
- The Game Is Afoot: Introducing the MalChela Video Series (Baker Street Forensics)
- 01 β Building a Reverse Shell Game Plan with a Simple Server (Dr Josh Stroschein)
- Tip Tuesday: Cellebrite C2C User Summit Speakers
- Cyber Wox β Threat Hunting at Scale
- Magnet Forensics β Mobile Minute Episode 16: Magnet One Case Stream
- Three Buddy Problem β APT hunters, Apple exploit kits, Microsoft FedRAMP mess
MALWARE
12 items
- Analyzing the BlackSuit Ransomware Gang's TTPs (AttackIQ)
- StilachiRAT: New Infostealer Targeting Chrome and Crypto Wallets (Microsoft)
- North Korean Fake IT Workers β 2026 Update (Mandiant)
- DEEP#GOSU Campaign Delivers Malware via PowerShell (Securonix)
- LightSpy iOS Surveillance Framework: New Capabilities (Trend Micro)
- AsyncRAT Delivered via HTML Smuggling and Fake Browser Update (Any.run)
- ViperSoftX Variant Uses CLR to Execute PowerShell in AutoIT Scripts (Trellix)
- New Agent Tesla Variant Exploiting .NET Reactor Obfuscation (Zscaler)
- Bypassin' Like It's 2025: Evasion via COM Object Abuse (Elastic)
- MacOS stealer campaign uses fake VPN and AI apps (Jamf)
- Stealthy Winos 4.0 Malware Targets Education Sector (Fortinet)
- Backdoored open-source AI models on HuggingFace (ReversingLabs)
MISCELLANEOUS
10 items
- DFIR Jobs Update β 03/09/26 (DFIR Dominican)
- Forensic Focus β Digital Forensics Jobs Round-Up, March 9 2026
- Forensic Focus β Digital Forensics Round-Up, March 11 2026
- Forensic Focus Digest, March 13 2026
- MalChela Meets AI: Three Paths to Smarter Malware Analysis (Baker Street Forensics)
- Belkasoft X v2.10: Smarter AI Assistant β BelkaGPT with context
- Explainer: How APFS handles deleted files (Howard Oakley / Eclectic Light)
- How human validation matters β and why fear doesn't help (Magnet Forensics)
- MISP β Who Uses MISP
- Detections Wiki Event catalog update: 10 March 2026
SOFTWARE UPDATES
19 items
- IPED v4.2.1 β Open source digital evidence processing (LF/SEPINF)
- Volatility 3 v2.10.1
- Hayabusa v3.4.0 (Yamato Security)
- RITA v5.1.1 (Real Intelligence Threat Analytics)
- Hindsight v2026.3 β Web browser forensics for Chrome/Chromium
- Velociraptor v0.73.2
- Autopsy 4.22.1
- Chainsaw v2.11.0
- MISP v2.5.34
- Timesketch v20260310
- Sigma CLI v0.27.0
- CyberChef v10.20.0
- Zircolite v2.22.0
- YARA v4.6.0
- ExifTool 13.52 (Phil Harvey)
- Arkime v6.0.2
- Malwoverview 7.9.9 (Alexandre Borges)
- REMnux v7.8.2
- OpenCTI 6.9.25
Week 10 β 2026
FORENSIC ANALYSIS
17 items
- Magnet Virtual Summit 2026 CTF β AAR 'That's not a Mario character' (ogmini)
- Magnet Virtual Summit 2026 CTF β AAR 'Welcome Home' (ogmini)
- WinGet Desired State: Initial Access Established (Compass Security)
- Investigating Windows File System Artifacts Under C:\Windows (Elcomsoft)
- Windows File System Artefacts Under C:\ProgramData (Elcomsoft)
- AI Agents and Deep Research: A Friday Primer (Elcomsoft)
- Android AllTrails (Forensafe)
- iOS Logs (Forensafe)
- Android Signal Attachments (Forensafe)
- iOS Timezone Information (Forensafe)
- Win 11 25H2 SRUM Verification (Hideaki Ihara / port139)
- Linux Kidnapping Case (Matthew Plascencia)
- Windows event logs were cleared, but resurrected in another file! (Maxim Suhanov)
- Freezing the Crime Scene: A Guide to Memory Forensics (Monty Shyama)
- Perfect Acquisition: Passcode Unlock for A8/A8X Devices (Elcomsoft)
- Live System Analysis: Mitigating Interference from Antivirus Tools (Elcomsoft)
- Establishing Occupant Actions & Involvement (Berla)
THREAT INTELLIGENCE / HUNTING
46 items
- A Backdoor You Can Talk To: Persistence via Bedrock AgentCore (Adan Alvarez)
- Major Cyber Attacks in February 2026: BQTLock, Thread-Hijack Phishing, and MFA Bypass (Any.run)
- Threat Coverage Digest: New Malware Reports and 2,400+ Detection Rules (Any.run)
- SloppyLemming Deploys BurrowShell and Rust-Based RAT β Pakistan and Bangladesh (Arctic Wolf)
- Emulating the Systematic LokiLocker Ransomware (AttackIQ)
- INC Ransom Affiliate Model Enabling Targeting of Critical Networks (ASD/ACSC)
- Ransomware Spotlight: Fog Ransomware (Bitdefender)
- Fake Microsoft Teams installers drop DarkGate malware (Cofense)
- Supply Chain Attack: MCP Package Compromise via Dependency Confusion (CrowdStrike)
- Weekly Cyber Digest β 3 March 2026 (Cyfirma)
- Ransomware Group Profiles β Q1 2026 Update (Darktrace)
- CISA Alert: Medusa Ransomware Targeting CI Sectors (CISA)
- Detect & Respond to Living-off-the-Land (LotL) Techniques (Detect FYI)
- Phishing 2.0: How AI is Rewriting the Playbook (Elastic Security)
- FalconFeeds β Weekly β GitLab CI/CD Pipeline Abuse
- Ransomware Under Pressure: Tactics, Techniques in a Shifting Landscape (Google Cloud TI)
- Sandworm's New Kapeka Backdoor (Google Cloud TI)
- Spear-Phishing and KakaoTalk-Linked Threat Campaign by Konni Group (Genians)
- Iranian Botnet via Open Directory: 15-Node Relay Network (Hunt IO)
- Government of Iran Cyber Actors Deploy Telegram C2 (IC3 / FBI)
- Inside Keitaro Abuse: AI-Driven Investment Scams (Infoblox)
- DLL Search Order Hijacking: Finding and Exploiting the Flaw (InfoSec Write-ups)
- ATT&CK as a Working Tool: Theory and Hands-On Practical Usage (InfoSec Write-ups)
- CVE-2026-1731: Critical RCE in an Age of AI-Driven Vulnerability Research (Intel 471)
- OAuth Redirection Abuse Enables Phishing and Malware Delivery (Microsoft Security)
- Signed Malware Impersonating Workplace Apps Deploys RMM Backdoors (Microsoft)
- Inside Tycoon2FA: How a Leading AiTM Phishing Kit Operated at Scale (Microsoft)
- Malicious AI Assistant Extensions Harvest LLM Chat Histories (Microsoft)
- AI as tradecraft: How threat actors operationalize AI (Microsoft)
- Picus Security β T1578.005 Modify Cloud Compute Configurations in MITRE ATT&CK
- Weekly Threat Intelligence Report β 28 Feb 2026 (Recorded Future)
- 2026 Threat Detection Report Preview (Red Canary)
- ClickFix: How Fake Browser Errors Are Delivering Dangerous Malware (ReliaQuest)
- SANS ISC β GSocket Backdoor via Bash Script (Feb 28)
- SANS ISC β Scans for adminer.php (Mar 1)
- Defending Hybrid Identities: Entra ID and On-Prem AD (Secureworks)
- Lumma Stealer: Techniques and Infrastructure (SOCRadar)
- FakeUpdates Campaign Delivers NetSupport RAT via Compromised WordPress (Sophos)
- Detecting Living-off-the-Land Attacks with Behavioral Analytics (Stairwell)
- GlassWorm Analysis: Multi-Stage VS Code Extension Attack (Step Security)
- Web Shell Detection Using Machine Learning (Sysdig)
- Ransomware and BEC: The Double Extortion Playbook (Trellix)
- Ransomware Spotlight: Agenda Ransomware β Latest TTPs (Trend Micro)
- StealC v3: New Features and Infrastructure Changes (Trend Micro)
- Tracking GootLoader Activity via Infrastructure Analysis (eSentire)
- Vectra AI Threat Report β March 2026
UPCOMING EVENTS
6 items
- Magnet Virtual Summit 2026 β Recordings Available
- SANS FOR508: Advanced Incident Response, Threat Hunting, and Digital Forensics
- Cellebrite β Unlocking the Evidence Hidden in Every Device (Webinar)
- Cyber Triage β IR Investigation Deep Dive (Webinar)
- Black Hat Asia 2026 β Singapore
- RSA Conference 2026 β San Francisco
PRESENTATIONS / PODCASTS
11 items
- Ep23 β Immutable C2: How EtherHiding and Frontend Attacks Weaponize the Blockchain (DFIR Podcast)
- Magnet Virtual Summit 2026 β Keynote and CTF Recordings
- Richard Davis / 13Cubed β Windows Forensics: Understanding Pagefile.sys Artifacts
- MyDFIR β Building a Home SOC Lab on a Budget (2026 Edition)
- Christa Miller β Podcast: Forensics in the Agentic AI Era
- Scattered Spider Uncaged: AB Projekt Blue Investigation (Presentation)
- Elcomsoft β Perfect Acquisition: Passcode Unlock for A8/A8X (Technical Talk)
- SANS β Blue Team Summit 2026 Replays Available
- Team Cymru β Threat Intel Q&A with Duaine Labno
- Three Buddy Problem β APT Hunters, Nation-State Operations Roundtable
- The Weekly Purple Team β MotW Bypass in 2026?
MALWARE
12 items
- MalChela Meets AI: Three Paths to Smarter Malware Analysis (Baker Street Forensics)
- Use of LLMs for Malware Analysis: Doing it the right way (G Data Software)
- Analysis of AuraStealer, an emerging infostealer (Intrinsec)
- MAAS VIP_Keylogger Campaign (K7 Labs)
- A fake FileZilla site hosts a malicious download (Malwarebytes)
- GachiLoader pt. 3 β Smart Contract C2 (VentDrop)
- Analysis of PromptSpy Spyware (Medium / Shubhandra)
- Unauthorized AI Agent Execution Code Published to OpenVSX in Aqua Trivy VS Code Extension (Aikido)
- Building a Pipeline for Agentic Malware Analysis (Tim Blazytko)
- MacOS malware persistence 1-4: Launch Agents, Daemons, Login Items (Zhassulan Zhussupov)
- CanisterWorm: The Full Technical Breakdown (Socket)
- ClayRat: What Was It? (Blog Solar 4RAYS)
MISCELLANEOUS
11 items
- Streamline Malware Hash Search with FOSSOR (Baker Street Forensics)
- Forensic Focus β Digital Forensics Jobs Round-Up, March 2 2026
- Forensic Focus β Digital Forensics Round-Up, March 4 2026
- DFIR Jobs Update β 03/02/26 (DFIR Dominican)
- A checklist for building a private-sector digital forensics lab (Magnet Forensics)
- We're holding AI to a standard to which we've never held humans (Magnet Forensics)
- Shrinking the digital evidence haystack (Magnet Forensics)
- Finding Previous Locations Without Geolocation Data (Berla)
- Detections Wiki Event catalog update: 3 March 2026
- Master Your Drives with MultiDrive (Atola Technology)
- Elcomsoft β Choosing the Right Strategy: Cold Boot Forensics vs Live System Analysis
SOFTWARE UPDATES
13 items
- KAPE v1.4.0.2 (Eric Zimmermann / Kroll)
- cLeapp v1.19.0 (ChromeOS Logs Events and Protobuf Parser)
- mac_apt v2.3.1 (Yogesh Khatri)
- ExifTool 13.51 (Phil Harvey)
- Velociraptor v0.73.1
- Sigma v1.0.3 rule release (SigmaHQ)
- MISP v2.5.33
- OpenCTI 6.9.22
- Zircolite v2.21.1
- Oletools 0.61.1 (Philippe Lagadec)
- DissectIR v0.5.0
- BloodHound CE v6.3.0
- Arkime v6.0.1
Recent Feed
Community Channels
r/computerforensics
π₯ 60k+ members
Case discussions, tool Q&A, and career advice for digital forensics practitioners.
r/blueteamsec
π₯ 45k+ members
High-signal defensive security: threat intel, detection engineering, and incident response links.
r/netsec
π₯ 500k+ members
Technical information security content β research papers, exploits, tooling, and write-ups.
r/Malware
π₯ 85k+ members
Malware analysis, reverse engineering samples, and threat actor discussions.
r/cybersecurity
π₯ 1M+ members
Broad security community: news, certifications, career paths, and industry happenings.
r/ReverseEngineering
π₯ 200k+ members
Reversing tools, CTF write-ups, binary analysis, and low-level debugging techniques.