In late June 2025, a significant operational dump from North Korea's Kimsuky APT group surfaced on a dark-web forum, exposing virtual machine images, VPS infrastructure, customized malware and thousands of stolen credentials. This leak offers an unprecedented window into the group's espionage toolkit, revealing how Kimsuky conducts phishing campaigns, maintains persistence and evades detection within
Has anyone here used Securonix Unified Defense SIEM? If so, what was your experience like? I'm curious to hear both positives and negatives - whether related to deployment, usability, detection quality, or overall value compared to other SIEM solutions. submitted by /u/MicroExample [link] [comments]
A sophisticated obfuscation technique that threat actors are using to bypass detection systems and exploit Python's eval() and exec() functions for malicious code execution. With over 100 supply chain attacks reported on PyPI in the past five years, these techniques pose a significant risk to organizations relying on Python packages. Key Takeaways1. Hackers hide malicious
As cybersecurity threats continue to evolve in complexity and sophistication, organizations face critical decisions about their security infrastructure. Two prominent approaches have emerged as frontrunners in enterprise security: Endpoint Detection and Response (EDR) and Managed Detection and Response (MDR). While both solutions aim to protect organizations from advanced threats, they differ significantly in their implementation, management requirements, and
Hi all. If you need to run Yara on your hosts, I got your solution. Full Guide and files can be downloaded from here - https://limewire.com/d/nebib#42OphHW98T Explanation of the workflow works - · Run on-demand workflow, you will only need to insert the "TargetScanPath" - where you want the Yara to run the scan. · Using device query, we declare on what host groups we want to run the scan. · Scripts that start to run on each host - o 1 st we create the yara_rule.yar file, your Yara rule...
The challenges and insights from dealing with this PS one-liner I usually start with a bit of motivational words but in this case I'm simply quoting the nice Threat Detection report Red Canary team (now, ZScaler ) published this year: "PowerShell's versatility and ubiquitousness minimize the need for adversaries to customize payloads or download overtly malicious tools on a target system." Note: Consider jumping to "How to detect encoded commands in logs?" for the technical discussion, regex...
The challenges and insights from dealing with this PS one-liner I usually start with a bit of motivational words but in this case I'm simply quoting the nice Threat Detection report Red Canary team (now, ZScaler ) published this year: "PowerShell's versatility and ubiquitousness minimize the need for adversaries to customize payloads or download overtly malicious tools on a target system." Note: Consider jumping to "How to detect encoded commands in logs?" for the technical discussion, regex...
A sophisticated malware strain known as KorPlug has emerged as a significant threat in the cybersecurity landscape, employing advanced obfuscation techniques to evade detection and complicate analysis efforts. This malware represents a particularly concerning development due to its implementation of O-LLVM obfuscation mechanisms, which transform conventional program structures into highly complex control flow patterns that
arXiv:2508.06827v2 Announce Type: replace-cross Abstract: Detecting hidden behaviors in neural networks poses a significant challenge due to minimal prior knowledge and potential adversarial obfuscation. We explore this problem by framing detection as an adversarial game between two teams: the red team trains two similar models, one trained solely on benign data and the other trained on data containing hidden harmful behavior, with the performance of both being nearly indistinguishable on the...
arXiv:2507.10808v3 Announce Type: replace Abstract: In the era of the Fourth Industrial Revolution, cybersecurity and intrusion detection systems are vital for the secure and reliable operation of IoT and IIoT environments. A key challenge in this domain is the scarcity of labeled cyberattack data, as most industrial systems operate under normal conditions. This data imbalance, combined with the high cost of annotation, hinders the effective training of machine learning models. Moreover, the...
arXiv:2508.15865v1 Announce Type: new Abstract: Cyber-physical systems (CPS) are being increasingly utilized for critical applications. CPS combines sensing and computing elements, often having multi-layer designs with networking, computational, and physical interfaces, which provide them with enhanced capabilities for a variety of application scenarios. However, the combination of physical and computational elements also makes CPS more vulnerable to attacks compared to network-only systems,...
arXiv:2508.15848v1 Announce Type: new Abstract: AI-generated text (AIGT) detection evasion aims to reduce the detection probability of AIGT, helping to identify weaknesses in detectors and enhance their effectiveness and reliability in practical applications. Although existing evasion methods perform well, they suffer from high computational costs and text quality degradation. To address these challenges, we propose Self-Disguise Attack (SDA), a novel approach that enables Large Language Models...
arXiv:2508.15778v1 Announce Type: new Abstract: Deep learning-based lane detection (LD) plays a critical role in autonomous driving and advanced driver assistance systems. However, its vulnerability to backdoor attacks presents a significant security concern. Existing backdoor attack methods on LD often exhibit limited practical utility due to the artificial and conspicuous nature of their triggers. To address this limitation and investigate the impact of more ecologically valid backdoor...
Phishing has always been about deceiving people. But in this campaign, the attackers weren't only targeting users; they also attempted to manipulate AI-based defenses. This is an evolution of the Gmail phishing chain I documented last week. That campaign relied on urgency and redirects, but this one introduces hidden AI prompts designed to confuse automated
submitted by /u/anuraggawande [link] [comments]
To begin, let's clarify what threat hunting is: Threat hunting is the human-driven, proactive and iterative search through networks, endpoints, or datasets in order to detect malicious, suspicious, or risky activities that have evaded detection by existing automated tools. submitted by /u/Prestigious-Post-788 [link] [comments]
Hi everyone! Career changer here (Political Science → Cybersecurity) working on my first custom Sigma detection rules. Built a home SOC lab and created 4 rules for common persistence techniques, but realized I need to test them properly before claiming they work. My Rules Target: - WMI Event Consumer Persistence (T1546.003) - PowerShell Encoded Commands (T1059.001) - DLL Sideloading (T1574.002) - Named Pipe Backdoors (T1055) Current Setup: Splunk + Wazuh + ELK Stack (all free versions)...
.webp)
A method to silently exfiltrate Windows secrets and credentials, evading detection from most Endpoint Detection and Response (EDR) solutions. This technique allows attackers who have gained an initial foothold on a Windows machine to harvest credentials for lateral movement across a network without triggering common security alerts. How Windows Manages Secrets The Local Security Authority
submitted by /u/digicat [link] [comments]
Cybersecurity researchers have shed light on a novel attack chain that employs phishing emails to deliver an open-source backdoor called VShell. The "Linux-specific malware infection chain that starts with a spam email with a malicious RAR archive file," Trellix researcher Sagar Bade said in a technical write-up. "The payload isn't hidden inside the file content or a macro, it's encoded directly