A supply chain incident affecting the Open VSX Registry demonstrates how compromised developer credentials can be used to distribute malware through trusted tooling.

Researchers observed malicious updates embedding the GlassWorm loader, using encrypted runtime execution and EtherHiding techniques for C2 retrieval. The incident differs from earlier GlassWorm activity by relying on a legitimate developer account rather than typosquatting.

What defensive signals matter most when static indicators lose value?

Source: https://thehackernews.com/2026/02/open-vsx-supply-chain-attack-used.html

Follow TechNadu for measured security analysis.

#InfoSec #SupplyChainSecurity #DeveloperEcosystem #MalwareAnalysis #ThreatIntel #TechNadu

Malware W32/SkyAI uses AI? So do I.
#malwareanalysis #reverseengineering

https://cryptax.medium.com/w32-skyai-uses-ai-so-do-i-d33f04d63534

Updated COOLCLIENT backdoor activity has been observed in government-focused espionage campaigns attributed to Mustang Panda.

The operations combine DLL side-loading, legitimate signed binaries, modular plugins, and credential-stealing tools to support long-term data collection and access.

This reinforces the need for deeper behavioral monitoring beyond signature-based controls.

How are teams detecting abuse of trusted software in their environments?

Follow @technadu for unbiased infosec reporting.

#Infosec #ThreatIntelligence #APT #MalwareAnalysis #EndpointSecurity #CyberEspionage

[Blog] System Devil: From AUR to Systemd persistence https://evilcel3ri.github.io/2026/01/16/system-devil.html diving into some Linux malwares with an interesting anti-kill method #Linux #archlinux #malwareanalysis

Researchers have identified a phishing-driven intrusion chain targeting Indian users, combining Blackmoon malware with the repurposing of a legitimate enterprise RMM tool for persistence and monitoring.

The campaign demonstrates layered tradecraft: DLL sideloading, UAC bypass, AV exclusion manipulation, and long-term endpoint control -without public attribution to a known actor.

From a defensive standpoint, this reinforces the need for behavior-based detection, application allowlisting, and monitoring for abuse of legitimate tools.

What detection gaps do you see in cases like this?
Engage in the discussion and follow TechNadu for grounded, technical cyber reporting.

#InfoSec #ThreatHunting #MalwareAnalysis #EDR #CyberDefense #TechNadu

Released v1.3.3. of #Yaralyzer, my surprisingly popular tool for visualizing YARA rule matches with colors (a lot of colors).

1. --export-png images lets you export images of the analysis

2. almost all command line options (including multi argument ones like --yara-rules-dir) can be permanently set via environment variables or .yaralyzer file

3. couple of small bug fixes and debugging related command line options

You can try it on the web here: https://yaratoolkit.securitybreak.io/
(I didn't build this website, Thomas Roccia from Microsoft just integrated Yaralyzer into his existing site)

- Github: https://github.com/michelcrypt4d4mus/yaralyzer
- Pypi: https://pypi.org/project/yaralyzer/
- on macOS you can also get it with #Homebrew by installing Pdfalyzer: brew install pdfalyzer

#ascii #asciiArt #blueteam #cybersecurity #detectionEngineering #DFIR #forensics #FOSS #GPL #hacking #infosec #KaliLinux #maldoc #malware #malwareAnalysis #malwareDetection #openSource #pypi #python #redteam #reverseEngineering #reversing #Threatassessment #threathunting #YARA #YARArule #YARArules

📆 Are you looking to spend your training budget for 2026?
🦀 Are you struggling with reversing Rust binaries, and not even sure where to get started?
🇨🇦 Are you looking for high-quality technical training located in Canada?

Consider our 3-day training, "Deconstructing Rust Binaries", at @NorthSec from May 11-13 in Montréal: https://nsec.io/training/2026-deconstructing-rust-binaries/

This is the first comprehensive training course focused solely on reverse engineering Rust binaries. You will learn how to effectively triage Rust binaries, how to trace data flow through Rust binaries, and how to tackle common techniques found in the Rust malware ecosystem. Real Rust malware samples are used in the course, ensuring that you have the practical skills to tackle your next Rust sample.

Early bird pricing is available now until Feb. 28th! https://registrations.nsec.io/northsec/2026/

#rust #rustlang #ReverseEngineering #reversing #infosec #MalwareAnalysis #malware #InfosecTraining

Recent research into the StealC info-stealing malware revealed a web-based flaw that exposed active attacker sessions and infrastructure details.

The findings highlight:
• Risks inherent in malware-as-a-service platforms
• How XSS flaws can impact both sides of the threat landscape
• The role of OPSEC failures in threat actor exposure

How useful are these insights for defender threat modeling?

Source: https://www.bleepingcomputer.com/news/security/stealc-hackers-hacked-as-researchers-hijack-malware-control-panels/

Engage in the discussion and follow @technadu for objective InfoSec coverage.

#InfoSec #MalwareAnalysis #ThreatResearch #MaaS #CyberDefense #SecurityOperations #TechNadu

System Devil: From AUR to Systemd persistence:

https://evilcel3ri.github.io/2026/01/16/system-devil.html

Write up on a supply chain attack on AUR packages from October 2025.

#ArchLinux #Aur #MalwareAnalysis
#Infosec #blog #systemd

Analyst burnout can’t be solved by automation alone.

“No matter how much you automate the process, with the current rate of malicious activity and increasingly sophisticated attacks, some manual work is inevitable.”

— Aleksey Lapshin, CEO of ANY.RUN

Full interview:
https://www.technadu.com/solving-analyst-burnout-from-manual-malware-analysis-to-interactive-sandboxing/617022/

#InfoSec #SOC #MalwareAnalysis #ThreatDetection

Recent threat research outlines a spear-phishing campaign delivering a Rust-based RAT, targeting organizations across multiple Middle East sectors.

Notable observations:
• Continued effectiveness of macro-enabled documents
• Shift toward custom, modular implants
• Emphasis on low-noise persistence and C2

This activity reinforces the need for strong email controls, user awareness, and behavioral detection.

Share insights and follow @technadu for factual threat intelligence reporting.

#InfoSec #ThreatIntel #MalwareAnalysis #RustSecurity #PhishingDefense #CyberOperations

RustyWater (aka RUSTRIC, Archer RAT) has been added to the Rust Malware Sample Gallery: https://github.com/decoderloop/rust-malware-gallery#rustywater

#rust #rustlang #malware #infosec #ReverseEngineering #MalwareAnalysis #reversing #MuddyWater

FunkSec Ransomware (aka FunkLocker) has been added to the Rust Malware Sample Gallery: https://github.com/decoderloop/rust-malware-gallery#funksec-ransomware

#rust #rustlang #malware #infosec #ReverseEngineering #MalwareAnalysis #reversing #ransomware #FunkSec #FunkLocker

A new Rust DDoS Botnet family has been added to the Rust Malware Sample Gallery: https://github.com/decoderloop/rust-malware-gallery#unnamed-rust-ddos-botnet

This malware family is currently unnamed, but was analyzed in this 2025-11-30 article by Beelzebub: https://beelzebub.ai/blog/rust-ddos-botnet-honeypot-c2-decoding/

(h/t to @cydave ; I learned about the Beelzebub article from his link to it, in his article about setting up a honeypot: https://0dave.ch/posts/flying-whales-in-a-pot-of-honey/)

#rust #rustlang #malware #infosec #ReverseEngineering #MalwareAnalysis #reversing #botnet

VVS Stealer: How This Python-Based Malware Targets Discord Users Through Advanced Obfuscation

https://techlife.blog/posts/vvs-stealer-discord-malware/

#VVSStealer #DiscordMalware #Pyarmor #Infostealer #PythonMalware #Cybersecurity #BrowserSecurity #CredentialTheft #MalwareAnalysis

The Rust ransomware KCVY OSLOCK has been added to the Rust Malware Sample Gallery: https://github.com/decoderloop/rust-malware-gallery#kcvy-oslock

#rust #rustlang #malware #infosec #ReverseEngineering #MalwareAnalysis #reversing #ransomware

Collection of scripts to automate the Malware Analysis process: https://github.com/ShadowOpCode/Malware-Analysis-Toolkit

#malwareanalysis #automation

Recent research highlights a phishing campaign leveraging tax-related lures to deploy ValleyRAT, a modular RAT with strong persistence and evasion features.

The infection chain demonstrates continued abuse of trusted binaries, DLL sideloading, and plugin-based architectures to enable targeted post-compromise activity. The campaign underscores the importance of monitoring user-facing entry points and low-noise persistence mechanisms.

Open to insights on effective detection and response strategies for similar campaigns.
Follow TechNadu for objective threat intelligence reporting.

#InfoSec #ThreatHunting #MalwareAnalysis #PhishingDefense #EndpointSecurity #CyberThreats

EmEditor disclosed a supply chain compromise where a modified download link briefly delivered a malicious installer.

Third-party analysis indicates the payload functioned as an infostealer with credential harvesting, persistence via a browser extension, and clipboard hijacking capabilities. The incident reinforces ongoing challenges around software distribution integrity and monitoring.

Would welcome practitioner insights on mitigations for download-chain tampering and installer validation.

Follow TechNadu for practical, unbiased security coverage.

#InfoSec #SupplyChainSecurity #MalwareAnalysis #ThreatResearch #CredentialTheft #CyberDefense

📣🦀 We're very excited to announce TWO sessions for our flagship Rust reverse engineering course, Deconstructing Rust Binaries, coming to you in early 2026!

1) Deconstructing Rust Binaries at @ringzer0 COUNTERMEASURE, March 23-26 2026, 16 hours, Remote: https://ringzer0.training/countermeasure-spring-2026-deconstructing-rust-binaries/

2) Deconstructing Rust Binaries at @NorthSec, May 11-13 2026, 24 hours, Onsite in Montréal, Canada and Remote: https://nsec.io/training/2026-deconstructing-rust-binaries/

Deconstructing Rust Binaries is the first comprehensive training course focused _solely_ on reverse engineering Rust binaries. This course is for any reverse engineer who needs a rapid, practical upskill in your ability to analyze Rust binaries. You will learn how to effectively triage Rust binaries, how to trace data flow through Rust binaries, and how to tackle common techniques found in the Rust malware ecosystem.

This course is taught and written by an experienced malware reverse engineer, @cxiao, with extensive experience specifically in reversing Rust binaries. Want a preview of the technical expertise we offer? Check out the 120+ FREE slides on Rust reversing from our recent workshop, "Reversing a (Not-so-Simple) Rust Loader"! https://github.com/decoderloop/2025-11-07-ringzer0-countermeasure-not-so-simple-rust-loader-workshop/

A few key things about the course:

1) No previous experience with reversing Rust binaries, or writing Rust code, is required!
2) The course will use Binary Ninja as the primary reverse engineering tool. You will be provided a Binary Ninja student license as part of the course.
3) We're excited to offer flexibility in the training format and course depth. You have the choice of either taking:

a) A fully remote, 4 hour per day, shorter class at Ringzer0 (https://ringzer0.training/countermeasure-spring-2026-deconstructing-rust-binaries/)
b) A remote or onsite, 8 hour per day, comprehensive class at NorthSec (https://nsec.io/training/2026-deconstructing-rust-binaries/)

We look forward to seeing you in 2026!

#infosec #InfosecTraining #malware #MalwareAnalysis #ReverseEngineering #reversing #rust #rustlang #binaryninja #NorthSec #ringzer0 #Ringzer0Training