ALL POSTS

Key Findings Hive0163 uses AI-assisted Slopoly malware for persistent access in ransomware attacks PowerShell backdoor likely generated using a large language model (LLM) Malware maintains C2 access, collects system data, and executes remote commands Part of a broader attack framework involving NodeSnake and Interlock RAT Initial access achieved through social engineering and malvertising Background Hive0163 is a financially motivated threat actor specializing in post-comprom

Key Findings Generative AI and agentic AI are increasingly used by threat actors to conduct faster and more targeted attacks. One capability that AI improves for threat actors is the ability to profile employees and craft tailored social engineering lures. However, AI can also be leveraged by defenders to turn the tables on threat actors and use their own tools against them. Background Threat actors are leveraging the advancements in AI, particularly generative AI and agentic

Key Findings Blockchain-based lending firm Figure confirmed a data breach after an employee fell victim to a social engineering attack Hackers were able to access and steal a limited number of files, including personally identifiable information (PII) of Figure's customers The cybercrime group ShinyHunters claimed responsibility for the breach and released about 2.5GB of stolen data, which included names, addresses, birth dates, and phone numbers Figure has started notifying

Key Findings The FBI warns that the North Korea-linked advanced persistent threat (APT) group Kimsuky is targeting governments, think tanks, and academic institutions with "quishing" attacks. Quishing is a social engineering attack that uses malicious QR codes to trick victims into visiting fake websites or downloading malware. Kimsuky has conducted spear-phishing campaigns using QR codes that impersonate trusted figures like foreign advisors, embassy staff, and think tank em

Key Findings: A massive network of compromised YouTube accounts is being weaponized to spread a sophisticated new threat, turning the popular video platform into a launchpad for data theft. The campaign, dubbed the "YouTube Ghost Network," leverages malicious videos promoting "cracked" software, trainers, or cheats to lure users into downloading a new, heavily obfuscated JavaScript malware loader called GachiLoader. GachiLoader is written in Node.js and deploys a second-stage