Elastic Security Labs uncovers BRUSHWORM and BRUSHLOGGER Elastic Security Labs discovered two custom tools deployed against a South Asian financial institution: BRUSHWORM, a modular backdoor that establishes persistence, downloads plugins, spreads via USB, and steals a broad set of file types; and BRUSHLOGGER, a DLL side-loading keylogger that captures system-wide keystrokes with window context and writes XOR-encrypted logs. Analysis found scheduled-task persistence, C2 communication to resources.dawnnewsisl[.]com/updtdll, AES/XOR handling of configuration and logs, and multiple iterative testing builds on VirusTotal, indicating an inexperienced or still-developing author. #BRUSHWORM #BRUSHLOGGER

Elastic Security Labs uncovered BRUSHWORM, a modular backdoor spreading via USB and stealing files, and BRUSHLOGGER, an XOR-encoded DLL side-loading keylogger targeting a South Asian financial institution. #MalwareAnalysis #SouthAsia #Backdoor

Talos Releases DispatchLogger Tool

~Talos~
Cisco Talos released DispatchLogger, an open-source tool providing deep visibility into script-based malware via transparent COM proxy interception.
-
IOCs: (None identified)
-
#DispatchLogger #MalwareAnalysis #ThreatIntel

Building an Adversarial Consensus Engine | Multi-Agent LLMs for Automated Malware Analysis The article describes a serial, multi-agent pipeline that treats each reverse-engineering tool (radare2, Ghidra, Binary Ninja, IDA Pro) as an independent, skeptical analyst to cross-validate findings and reject decompiler artifacts and parsing errors before report synthesis. It also explains why deterministic bridge scripts were chosen over the Model Context Protocol to reduce latency, non-determinism, and token costs, and documents token economics, tiered model allocation, and operational lessons from early runs. #WizardUpdate #SysJoker

A multi-agent LLM pipeline treats radare2, Ghidra, Binary Ninja, and IDA Pro as skeptical analysts to cross-validate malware analysis results, reducing errors and decompiler artifacts using deterministic bridge scripts. #MalwareAnalysis #AutomationTech

🎯 New #BSidesLuxembourg2026 Session Reveal!

A Phishing Trip with Fancy Bear – Analyze APT28 Malware Together! (2h Workshop) with 𝗠𝗔𝗥𝗜𝗨𝗦 𝗚𝗘𝗡𝗛𝗘𝗜𝗠𝗘𝗥

Join this beginner-friendly 2h workshop to walk through a real Fancy Bear (APT28) attack chain: targeted […]

[Original post on infosec.exchange]

Coruna artifact analysis, breaking down the traces, technical clues, and the wider implications behind the campaign.

blackcastle.com.au/blog/coruna-...

#CyberSecurity #ThreatIntelligence #MalwareAnalysis #Infosec #APT #DFIR #CyberResearch #Coruna #exploit #Reverse-engineering

From a memory forensics workshop I attended and completed #RAMAnalysis #Volatility #MalwareAnalysis #ThreatHunting #DFIR #CTF

🌟 Welcome to Another hashtag#BSidesLuxembourg2026 Highlight!

Training announcement:

Full-Day Malware Training on May 6th our workshop/training day: 𝗠𝗔𝗟𝗪𝗔𝗥𝗘 𝗗𝗘𝗩𝗘𝗟𝗢𝗣𝗠𝗘𝗡𝗧 𝗙𝗢𝗥 𝗘𝗧𝗛𝗜𝗖𝗔𝗟 𝗛𝗔𝗖𝗞𝗘𝗥𝗦 (𝗪𝗜𝗡𝗗𝗢𝗪𝗦, 𝗟𝗜𝗡𝗨𝗫, 𝗔𝗡𝗗𝗥𝗢𝗜𝗗) with zhassulan zhussupov aka cocomelonc […]

[Original post on infosec.exchange]

Deconstructing Rust Binaries Deconstructing Rust Binaries is the first comprehensive training course focused solely on reverse engineering Rust binaries. This course is for any reverse engineer who needs a rapid, practical…

Last day before prices go up for Deconstructing Rust Binaries at Ringzer0, March 23-26! If you've been thinking about this fully remote, 16-hour Rust reverse engineering training: now is the time to book!

ringzer0.training/countermeasu...

#infosec #ReverseEngineering #rustlang #MalwareAnalysis

WannaCry — Campaign Intelligence, Reverse Engineering, and Detection During 2017, WannaCry became a national headline for the United Kingdom and many other nations targeting companies, such as FedEx, Honda, Ni...

Finished writing my first post for my new blog, it focuses on WannaCry but across multiple different areas of the campaign. This was to brush the rust off my writing and malware analysis skills.

#WannaCry #MalwareAnalysis #ReverseEngineering

blog.overresearched.net/2026/02/wann...

Invite Only: A Threat Intelligence Investigation and Malware Analysis writeup A practical SOC analyst investigation of malicious hashes, phishing techniques, and malware delivery chains from the Invite Only TryHackMe…

New Cyber Threat Intelligence Write-Up 🔎

I investigated a suspicious artifact in a threat intel scenario — pivoting from IOCs to uncover malware behavior, infrastructure, and attacker activity.

#cybersecurity #threatintel #malwareanalysis #threathunting #socanalyst #infosec #dfir #blueteam

Leveraging Generative AI to Reverse Engineer XLoader Check Point Research succeeded in understanding the infamous malware family, Xloader, by leveraging Generative AI

A comprehensive article from #CheckPoint Research

"Beating XLoader at Speed: Generative AI as a Force Multiplier for Reverse Engineering"

research.checkpoint.com/2025/generat...

#ai #aislop #hype #reverse #reverseengineering #reversing #malware #malwareanalysis #mcp

Deconstructing Rust Binaries Deconstructing Rust Binaries is the first comprehensive training course focused solely on reverse engineering Rust binaries. This course is for any reverse engineer who needs a rapid, practical…

Deconstructing Rust Binaries @ Ringzer0 is 16 hours of fully remote training, 4 hours each day x 4 days, March 23-26. Prices go up March 8, so reserve your spot now!

ringzer0.training/countermeasu...

#MalwareAnalysis #Rust #RustLang #ReverseEngineering #Reversing #Infosec

Deconstructing Rust Binaries Deconstructing Rust Binaries is the first comprehensive training course focused solely on reverse engineering Rust binaries. This course is for any reverse engineer who needs a rapid, practical…

Just a few weeks left until our training, Deconstructing Rust Binaries, starting March 23 at Ringzer0! This course is for any reverse engineer who needs real techniques for reversing Rust binaries.

ringzer0.training/countermeasu...

#MalwareAnalysis #RustLang #ReverseEngineering #Reversing

How to Use YARA Retrohunting for Detection Engineering | ReversingLabs Learn how to leverage ReversingLabs’s dynamic analysis of <em>pkr_mtsi</em> for defense using YARA Rules in Spectra Analyze.

ReversingLabs' Ashlee Benge shares how to use YARA retrohunting for detection engineering by leverageing RL's dynamic analysis of "pkr_mtsi" for defense in Spectra Analyze.
👉 hubs.ly/Q043qJY-0

#yararules #detectionengineering #malwareanalysis

REMnux v8 brings AI integration to the Linux malware analysis toolkit - Help Net Security REMnux, a specialized Linux distribution for malware analysis, has released version 8 with a rebuilt platform based on Ubuntu 24.04.

REMnux v8 brings AI integration to the Linux malware analysis toolkit

📖 Read more: www.helpnetsecurity.com/2026/02/17/r...

#cybersecurity #cybersecuritynews #Linux #malwareanalysis #opensource @lennyzeltser.com

REMnux 8: la nuova versione della distro per l’analisi di malware e la sicurezza digitale REMnux 8 è la nuova versione della distribuzione Linux dedicata all’analisi di malware, con strumenti aggiornati e container ottimizzati

REMnux 8 è la nuova versione della distribuzione Linux dedicata all’analisi di malware, con strumenti aggiornati, container ottimizzati e un ambiente più stabile per ricercatori e analisti. #REMnux #MalwareAnalysis #Forensics #CyberSecurity #Linux

REMnux v8 is live.
AI-assisted workflows.
Ubuntu 24.04 base.
200+ curated tools.
New additions like YARA-X & GoReSym.
Malware analysis is getting smarter.
Would you integrate AI into your reverse engineering stack?

#CyberSecurity #MalwareAnalysis #ReverseEngineering #Infosec #AI

🔍 La API de CodeHunter integra modelos de IA deterministas en flujos DevSecOps

Integra análisis de malware conductual en tu workflow con la n

devops.com/codehunter-api-integrate...

#DevSecOps #ThreatIntelligence #MalwareAnalysis #RoxsRoss

AI-Generated Malware Exploits React2Shell Vulnerability as LLM-Assisted Cyberattacks Target Cloud Infrastructure AI-generated malware is exploiting the React2Shell vulnerability in Docker environments, highlighting the rise of LLM-assisted cyberattacks.

Full Article: www.technadu.com/ai-generated...

💬 What does this mean for cloud and container security moving forward? Join the discussion.
#CyberNews #AIInCyber #CloudSecurity #MalwareAnalysis #Infosec

🏋️ 𝗡𝗼𝗿𝘁𝗵𝗦𝗲𝗰 𝟮𝟬𝟮𝟲 𝗙𝗼𝗿𝗺𝗮𝘁𝗶𝗼𝗻𝘀/𝗧𝗿𝗮𝗶𝗻𝗶𝗻𝗴𝘀 (5/12): "Deconstructing Rust Binaries" 𝗽𝗮𝗿/𝗯𝘆 Cindy Xiao

📅 Dates: May 11, 12 and 13, 2026 (3 days)
📊 Difficulty: Medium
🖥️ Mode: Hybrid (on-site & remote)

🔗 Training details: nsec.io/training/202...

#NorthSec #cybersecurity #malwareanalysis #reverseengineering

New PDFly malware variant employs custom PyInstaller modifications to evade detection, challenging traditional analysis methods. #CyberSecurity #MalwareAnalysis #ThreatDetection Link: thedailytechfeed.com/new-pdfly-ma...

Inside Black Basta: The Rise and Fall of a Ransomware Empire & Cybercrime's Next Threat Podcast Episode · TechDaily.ai · 01/23/2026 · 15m

Dive into the Black Basta ransomware group—its rise, attack tactics, and eventual downfall. Learn about emerging ransomware trends and how organizations can stay ahead of evolving cyber threats.

podcasts.apple.com/us/podcast/i...

#BlackBasta #Ransomware #MalwareAnalysis #DataProtection

Hunting Lazarus Part IV: Real Blood on the Wire It has been only days since we published Part III—where we asked whether we were hunting Lazarus or walking into a honeypot. We did not expect to be back this soon. But what we found makes everything ...

oh, we didn't expect that...

redasgard.com/blog/hunting...

what are your thoughts?

#lazarus #dprk #threatintelligence #malwareanalysis #ottercookie

TryHackMe ShadowTrace Walkthrough: Malware Analysis and IOC Extraction Complete writeup with binary analysis, alert decoding, and DFIR techniques

Just published a ShadowTrace walkthrough from TryHackMe, covering malware analysis, IOC extraction, and alert decoding.

#Cybersecurity #MalwareAnalysis #DFIR #TryHackMe #IncidentResponse

Open VSX Registry Deploys GlassWorm Malware via Four Malicious Extension Versions A compromised developer account on Open VSX distributed GlassWorm malware that targeted macOS systems to steal sensitive data.

Full Article: www.technadu.com/open-vsx-reg...

Are your teams auditing IDE extensions and registries regularly?
Comment with your mitigation strategies 👇
#CyberSecurity #SupplyChainSecurity #OpenVSX #GlassWorm #MalwareAnalysis #DeveloperSecurity

Researchers Tracks Three Groups Emerging From LABYRINTH CHOLLIMA Researchers report three adversaries emerging from LABYRINTH CHOLLIMA, separating espionage operations from cryptocurrency activity.

Full Article: www.technadu.com/researchers-...

What stands out most in these tactics? Comment below.
#CyberThreats #ThreatResearch #Cryptocurrency #Infosec #MalwareAnalysis

New Osiris Ransomware Uses BYOVD
Read More: buff.ly/gpDP5Ho

#Ransomware #BYOVD #EndpointSecurity #OsirisRansomware #INCGroup #MalwareAnalysis #ThreatActors

ClearFake and the Evolution of Browser-Native C2 How ClearFake turns JavaScript into a browser-resident implant with blockchain-backed indirection.

Browser-native C2 is no longer theoretical.

ClearFake shows how JavaScript, content delivery, and smart contract lookups can replace beaconing malware entirely. No binaries. No callbacks.

blackcastle.com.au/blog/clearfa...

#ClearFake #C2 #LOTL #BrowserSecurity #ThreatResearch #MalwareAnalysis

Researchers have documented SolyxImmortal, a Windows infostealer that uses Python, legitimate APIs, and Discord webhooks for persistent data collection.

No exploits - just quiet monitoring and trusted services doing the heavy lifting.

#Infosec #MalwareAnalysis #WindowsSecurity #CyberAwareness

Screenshot of capa running in a web browser, showing the output results from analyzing mimikatz

I’ve been working on getting Mandiant’s capa (a tool for identifying capabilities in executables) to run entirely client-side in the browser using Pyodide. As of yesterday, I have a working version.

Live demo: surfactant.readthedocs.io/en/latest/ca...

#MalwareAnalysis #ReverseEngineering