π The Call for Papers is now open for VB2026!
We're looking for engaging, insightful, and original talks for the 36th Virus Bulletin International Conference, taking place 14β16 October 2026 in Seville, Spain.
π
Deadline: 9 April 2026
π Submit your abstract: www.virusbulletin.com/conference/v...
π’ Announcing hacklore.org π’
Itβs time to retire outdated cyber advice! More than 80 cybersecurity veterans have signed an open letter urging a shift from folklore to guidance that actually helps people avoid the most common attacks. π
Blog: medium.com/@boblord/let...
Site: www.hacklore.org
Some recent security conference videos:
Troopers - www.youtube.com/playlist?lis...
Hexacon - www.youtube.com/playlist?lis...
Bsides Canberra - www.youtube.com/playlist?lis...
NYMJCSC - www.youtube.com/playlist?lis...
VirusBulletin - www.youtube.com/playlist?lis...
VB2026 Seville 30 Sept - 2 Oct
We are thrilled to officially announce that VB2026 will take place in the vibrant city of Seville, Spain, from 30 September to 2 October 2026.
More details coming soon on the venue, call for papers, sponsorship opportunities, and how to join us.
Can't wait to see you there!
My intermediate level malware analysis course is there.
60% off for the next two weeks.
malwareanalysis-for-hedgehogs.learnworlds.com/course/inter...
In a new Bulletin article, Dr Sarah Gordon calls for a shift not just in how AI systems are secured, but in how we design them, as well as acknowledgement of emotional simulation as a distinct attack vector. www.virusbulletin.com/virusbulleti...
Mind map of SocGholish (Operated by TA56) infection chains. The details are complex but explained in more detail on our blog post.
Our team @silentpush just dropped a definitive look at SocGholish (operated by TA569) and the initial access broker ecosystem they are facilitating. Big thanks to past researchers who have worked on SocGholish! We've got details about our visibility @ www.silentpush.com/blog/socghol... ππ»
Weaponized PDF leading to rogue ScreenConnect download
Compromised travel agency in Sri Lanka π±π° spreading fake Royal Air Maroc βοΈπ²π¦emails with a weaponized PDF π that leads to a rogue ConnectWise ScreenConnect download π₯
β‘οΈ hunting.abuse.ch/hunt/6890d35...
Payload delivery URL + botnet C2 are hosted at 51.89.204 .89 (StarkRDP π©πͺ)
CISA has released Thorium, a malware analysis platform
www.cisa.gov/resources-to...
Also on GitHub: github.com/cisagov/thor...
Fake gaming website leading to LummaStealer download
We've observed an interesting infection chain βοΈ in the wild, starting with #LummaStealer spread through a fake gaming website and resulting in #Latrodectus and #SectopRat πͺ²ππ
See below for more...
Top 5 Reasons Security Companies Are Sending Their Teams to VB2025
Leading security companies are sending their teams to #VB2025, and not without reason.
Research-first content, real-world relevance, and networking that actually helps.
π Berlin | 24β26 Sept
See the top 5 reasons in our blog post π tinyurl.com/26n6t6ye
2025-07-15 (Tuesday): Some different IOCs from the #SmartApeSG #ClickFix page today.
warpdrive[.]top <-- domain used for SmartAgeSG injected script and to display ClickFix page.
sos-atlanta[.]com <-- domain from script injected into clipboard and to retrieve #NetSupportRAT malware package
After years of dominance in #ESETβs top #infostealer statistics, the era of #AgentTesla has come to an end. It finished H1 2025 in fourth place, its numbers having decreased by 57%. The reason? It is no longer under active development. 1/4
I'm thrilled to be speaking at #VB2025 this September in Berlin! My talk will focus on TAG-124, a widespread traffic distribution system, and its role in the cybercriminal ecosystem, with a particular emphasis on its link to ransomware operations! π tinyurl.com/3hurr52m
-CoinMarketCap hacked via animated logo
-White House rejects NSA & CyberCom nomination
-FCC probes US Cyber Trust Mark program
-Cyberattack disrupts Russian animal processing industry
-Iran hacks Albania's capital Tirana
Podcast: risky.biz/RBNEWS441/
Newsletter: news.risky.biz/risky-bullet...
HTML source of page from legitimate but compromised site showing SmartApeSG injected script.
Example of a ClickFix-style page caused by the injected SmartApeSG script. A victim must click to get the popup and follow the instructions to paste and run the malicious script.
Traffic from an infection filtered in Wireshark. This shows the NetSupport RAT C2 traffic and StealC v2 traffic.
2025-06-18 (Wed): #SmartApeSG --> #ClickFix lure --> #NetSupportRAT --> #StealCv2
A #pcap of the traffic, the malware/artifacts, and some IOCs are available at www.malware-traffic-analysis.net/2025/06/18/i....
Today's the 12th anniversary of my blog, so I made this post a bit more old school.
Thank you Martijn!
We published the VBSpam Q2 2025 report: All tested solutions demonstrated robust performance, achieving spam catch rates exceeding 90%, underscoring the general maturity of spam detection capabilities.
For those of you looking for privacy and security focused European DNA provider then you should look at the @enisa_eu@respublicae.eu supported DNS4EU service that has been recently launched.
#cybersecurity #EU #Privacy #DataSovereignty
www.joindns4.eu
View of the Botconf 2025 conference with a large blue screen at the top. Mostly empty seats for now, 5 people can be seen.
These were the last technical tests before the beginning of #Botconf2025...
and we have started with a live broadcast at https://www.youtube.com/BotconfTV
And hashtag#Botconf2025 is back online with the second day of our main conference. You can follow many talks live by reaching this link
https://youtube.com/playlist?list=PL8fFmUArVzKjMgBjO4EQ-O_7U8ok3C-06
Diagram showing a high-level overview of how hijacked cloud resource domains are used for malicious activities by Hazy Hawk.
Inflobox researchers Jacques Portal & RenΓ©e Burton look into Hazy Hawk, an actor that hijacks abandoned cloud resources of high-profile organizations. The hijacked domains are used to host large numbers of URLs that send users to scams & malware via different TDSs. blogs.infoblox.com/threat-intel...
Have you ever wanted to read a 215-page report on Doppelganger, the Russian disinformation group? Now's your chance!
mpf.se/psychologica...
π¨ The wait is over β the full program of briefings for the Honeynet Project Workshop 2025 in Prague is now live! π
π NTK, Prague
π June 2β4, 2025
π Register today: prague2025.honeynet.org/program/
#honeynet2025 #cybersecurity #infosec #deception #cyberdeception #TI #TTPs #Malware
Did you know? The VB2025 venue is only a 5-min walk from the Brandenburg Gate. See you there! VB2025 Berlin 24-26 Sept 2025
Join us in the heart of Berlin for #VB2025!
The JW Marriott offers premium space, top networking, and is
steps from Tiergarten & the Brandenburg Gate.
More info coming soon!
ποΈ 24β26 Sept 2025
πJW Marriott Berlin
β‘οΈ tinyurl.com/y95v38wz
#Cybersecurity #Berlin
Logo VIGINUM + Analyse du mode opΓ©ratoire informationnel russe Storm-1516
VIGINUM publie un rapport sur les activitΓ©s de Storm-1516, un mode opΓ©ratoire informationnel russe susceptible dβaffecter le dΓ©bat public francophone et europΓ©en.
Ce rapport s'appuie sur l'analyse de 77 opΓ©rations informationnelles conduites par Storm-1516 β‘οΈ www.sgdsn.gouv.fr/publications...
Thank you!
VB2025 programme is live Three days. Many voices. One Berlin. VB2025 Berlin 24-26 September 2025
The wait is over: The VB2025 programme is here.
Three days of bold ideas, sharp minds, and real-world security insight.
π Tickets? Coming very soon.
ποΈ 24β26 September 2025
πJW Marriott Hotel, Berlin
π www.virusbulletin.com/conference/v...
#VB2025 #Cybersecurity #Infosec #Berlin
