##debug Add DRCOV trace import by seifreed · Pull Request #25275 · radareorg/radare2 Summary add DRCOV coverage import as analysis plugin (a:drcov) parse drcov v2 files and mark traced basic blocks load sample from testbins (drcov/drcov.sample) Testing r2r test/db/archos/linux-x...

#DRCOV coverage import support added. You can now load drcov traces via the analysis plugin (a:drcov) to mark executed blocks and improve static analysis based on coverage data.
Special thanks to @trufae.bsky.social for its support during the review @radareorg.bsky.social github.com/radareorg/ra...

Guarding Against Physical Attacks: The Xbox One Story (2019) | Hacker News news.ycombinator.com/item?id=4647...

A Game's Memory: Reverse Engineering Mount and Blade: Warband | Hacker News

Ya lo he cambiado

GOFFEE’s recent attacks: new tools and techniques Kaspersky researchers analyze GOFFEE’s campaign in H2 2024: the updated infection scheme, new PowerModul implant, switch to a binary Mythic agent.

GOFFEE continues to attack organizations in Russia securelist.com/goffee-apt-n...

A miner and the ClipBanker Trojan being distributed via SourceForge Malicious actors are using SourceForge to distribute a miner and the ClipBanker Trojan while utilizing unconventional persistence techniques.

Attackers distributing a miner and the ClipBanker Trojan via SourceForge securelist.com/miner-clipba...

APT group ToddyCat exploits a vulnerability in ESET for DLL proxying While analyzing a malicious DLL library used in attacks by APT group ToddyCat, Kaspersky experts discovered the CVE 2024-11859 vulnerability in a component of ESET’s EPP solution.

How ToddyCat tried to hide behind AV software securelist.com/toddycat-apt...

US Border Patrol Called Raid 300 Miles From Border 'Targeted'. Open Source Evidence Suggests Otherwise - bellingcat US Border Patrol travelled 300 Miles for a 'targeted' operation. Rights groups say it was anything but targeted.

US Border Patrol Called Raid 300 Miles From Border ‘Targeted’. Open Source Evidence Suggests Otherwise www.bellingcat.com/news/2025/04...

What Audio Analysis Reveals About Aid Workers Killed in Gaza - bellingcat Hundreds of shots fired at aid convoy that resulted in deaths of multiple aid workers, audio analysis shows.

What Audio Analysis Reveals About Aid Workers Killed in Gaza www.bellingcat.com/news/2025/04...

Analysis of Lazarus Group’s Attack on Windows Web Servers - ASEC AhnLab SEcurity intelligence Center (ASEC) has identified attack cases of the Lazarus group breaching a normal server and using it as a C2. Attacks that install a web shell and C2 script on South…

Analysis of Lazarus Group’s Attack on Windows Web Servers asec.ahnlab.com/en/86687/

ViperSoftX Malware Distributed by Arabic-Speaking Threat Actor - ASEC AhnLab SEcurity intelligence Center (ASEC) uncovered that attackers, suspected to be Arabic speakers, have been distributing ViperSoftX malware targeting Korean victims since April 1, 2025.…

ViperSoftX Malware Distributed by Arabic-Speaking Threat Actor asec.ahnlab.com/en/87398/

March 2025 APT Group Trends (South Korea) - ASEC Overview   AhnLab is monitoring Advanced Persistent Threat (APT) attacks in South Korea using its own infrastructure. This report covers the classification, statistics, and features of the APT…

March 2025 APT Group Trends (South Korea) asec.ahnlab.com/en/87400/

March 2025 Threat Trend Report on Ransomware - ASEC This report provides statistics on the number of new ransomware samples, number of targeted systems, and targeted companies collected in March 2025, as well as major Korean and international…

March 2025 Threat Trend Report on Ransomware asec.ahnlab.com/en/87445/

Ransom & Dark Web Issues Week 2, April 2025 - ASEC ASEC Blog publishes Ransom & Dark Web Issues Week 2, April 2025                     DragonForce’s Acquisition of RansomHub: A New Paradigm in the Ransomware Ecosystem Analysis of a Major Security…

Ransom & Dark Web Issues Week 2, April 2025 asec.ahnlab.com/en/87409/

March 2025 Infostealer Trend Report - ASEC This report provides statistics, trends, and case information on the distribution quantity, distribution methods, and disguise techniques of Infostealer collected and analyzed during March 2025.…

March 2025 Infostealer Trend Report asec.ahnlab.com/en/87444/

Mobile Security & Malware Issue 2st Week of April, 2025 - ASEC ASEC Blog publishes “Mobile Security & Malware Issue 2st Week of April, 2025”

Mobile Security & Malware Issue 2st Week of April, 2025 asec.ahnlab.com/en/87436/

Silent Ransom Group "Call-back" Phishing Campaign - Arctic Wolf Arctic Wolf has observed an uptick in activity from the Silent Ransom Group. The group has been targeting the legal industry using "call-back" phishing tactics. Find recommendations.

Silent Ransom Group “Call-back” Phishing Campaign arcticwolf.com/resources/bl...

Claro!

Amazon EC2 instance metadata targeted in SSRF attacks EC2 instance metadata can include sensitive information such as IAM role credentials.

Amazon EC2 instance metadata targeted in SSRF attacks | SC Media www.scworld.com/news/amazon-...

Proteger dispositivos Android, Windows y Linux contra el rastreo a través de la red Find My El ataque nRootTag aprovecha la red de Apple para rastrear los dispositivos Android, Windows y Linux de otros proveedores. Descubre cómo es posible y cómo protegerte del ataque.

bit.ly/3XPSY4F es-prod-documents.imgix.net/undefined?w=...

GoResolver: Using Control-flow Graph Similarity to Deobfuscate Golang Binaries, Automatically In the course of its investigations, Volexity frequently encounters malware samples written in Golang. Binaries written in Golang are often challenging to analyze because of the embedded libraries…

GoResolver: Using Control-flow Graph Similarity to Deobfuscate Golang Binaries, Automatically www.volexity.com/blog/2025/04...

Max severity RCE flaw discovered in widely used Apache Parquet A maximum severity remote code execution (RCE) vulnerability has been discovered impacting all versions of Apache Parquet up to and including 1.15.0.

Max severity RCE flaw discovered in widely used Apache Parquet www.bleepingcomputer.com/news/securit...

Europcar GitLab breach exposes data of up to 200,000 customers A hacker breached the GitLab repositories of multinational car-rental company Europcar Mobility Group and stole source code for Android and iOS applications, as well as some personal information…

Europcar GitLab breach exposes data of up to 200,000 customers www.bleepingcomputer.com/news/securit...

Australian pension funds hit by wave of credential stuffing attacks Over the weekend, a massive wave of credential stuffing attacks hit multiple large Australian super funds, compromising thousands of members' accounts.

Australian pension funds hit by wave of credential stuffing attacks www.bleepingcomputer.com/news/securit...

PoisonSeed phishing campaign behind emails with wallet seed phrases A large-scale phishing campaign dubbed 'PoisonSeed' compromises corporate email marketing accounts to distribute emails containing crypto seed phrases used to drain cryptocurrency wallets.

PoisonSeed phishing campaign behind emails with wallet seed phrases www.bleepingcomputer.com/news/securit...

Port of Seattle says ransomware breach impacts 90,000 people ​Port of Seattle, the U.S. government agency overseeing Seattle's seaport and airport, is notifying roughly 90,000 individuals of a data breach after their personal information was stolen in an…

Port of Seattle says ransomware breach impacts 90,000 people www.bleepingcomputer.com/news/securit...

WinRAR flaw bypasses Windows Mark of the Web security alerts A vulnerability in the WinRAR file archiver solution could be exploited to bypass the Mark of the Web (MotW) security warning and execute arbitrary code on a Windows machine.

WinRAR flaw bypasses Windows Mark of the Web security alerts www.bleepingcomputer.com/news/securit...

Coinbase to fix 2FA account activity entry freaking out users Coinbase is fixing an incorrect account activity message that freaks out customers and makes them think their credentials were compromised.

Coinbase to fix 2FA account activity entry freaking out users www.bleepingcomputer.com/news/securit...

Carding tool abusing WooCommerce API downloaded 34K times on PyPI A newly discovered malicious PyPi package named 'disgrasya' that abuses legitimate WooCommerce stores for validating stolen credit cards has been downloaded over 34,000 times from the open-source…

Carding tool abusing WooCommerce API downloaded 34K times on PyPI www.bleepingcomputer.com/news/securit...

OpenAI tests watermarking for ChatGPT-4o Image Generation model OpenAI is reportedly testing a new "watermark" for the Image Generation model, which is a part of the ChatGPT 4o model.

OpenAI tests watermarking for ChatGPT-4o Image Generation model www.bleepingcomputer.com/news/artific...