Sign in Subscribe

Latest

The Fox and the RAT: A Sophisticated Cyber Operation in South Asia

The Fox and the RAT: A Sophisticated Cyber Operation in South Asia

By now, many security analysts have probably seen ValleyRAT, especially since mid-July 2025. The campaign seems to be spreading quickly, and the attackers have spread out many different variant of the malware, trying to reach as many targets as possible. What is ValleyRAT? ValleyRAT is a remote access trojan that

A Security Analyst’s Guide to Security Identifiers (SIDs)

A Security Analyst’s Guide to Security Identifiers (SIDs)

As a security analyst, you’re constantly on the lookout for the tell-tale signs of malicious activity. In the world of Windows security, one of the most fundamental and often overlooked artifacts is the Security Identifier (SID).

The Silent Threat: An Analysis of SVG-Based Phishing Attacks

The Silent Threat: An Analysis of SVG-Based Phishing Attacks

While security professionals have hardened defenses against traditional email threats like macro-enabled documents, a seemingly benign file format is increasingly being exploited to bypass these controls: the Scalable Vector Graphic (SVG).

Vidar’s Game: Infostealer in a Music App Costume with Lumma’s Touch

Vidar’s Game: Infostealer in a Music App Costume with Lumma’s Touch

I recently came across a malware sample that had me second-guessing: was it Lumma, or the notorious Vidar stealer? The lines between these malware families are increasingly blurred, but a deeper dive revealed the sample’s true identity: a potent Vidar Stealer, version 14.9. Despite the name game, its

Unseen Pockets: The NTFS Alternate Data Streams (ADS)

Unseen Pockets: The NTFS Alternate Data Streams (ADS)

In the digital world, evidence often hides in plain sight. One of the most classic and effective hiding places on Windows systems is a native feature of its file system: Alternate Data Streams (ADS).

How Fileless Malware Abuses a Windows Command

How Fileless Malware Abuses a Windows Command

An inside look at how attackers exploit %COMSPEC% to silently execute malicious code using built-in system tools.

Deconstructing the Digital Heartbeat: A Beginner’s Guide to Windows Processes

Deconstructing the Digital Heartbeat: A Beginner’s Guide to Windows Processes

Every action on a Windows system, from opening a web browser to a background service checking for updates, is organized by processes. To the average user, a process is simply a running program. To a security analyst, however, a process is the fundamental unit of execution and the primary battlefield

What You Need to Know About the “ToolShell”(SharePoint) Vulnerability

What You Need to Know About the “ToolShell”(SharePoint) Vulnerability

If you’re managing an on-premises SharePoint server, pay very close attention. There’s a serious cybersecurity threat, currently active and known as “ToolShell,” referred to as CVE-2025–53770 or CVE-2025–53771. This isn’t just a minor issue; it allows attackers to completely take control of your SharePoint server

The Shadow in the Stream: Hunting Adversary-in-the-Middle Phishing Attacks with KQL

The Shadow in the Stream: Hunting Adversary-in-the-Middle Phishing Attacks with KQL

Adversary-in-the-Middle (AiTM) phishing poses a significant threat to business operations, particularly in cloud-based environments such as Microsoft 365. This technique involves attackers positioning themselves between users and legitimate services to intercept credentials and session tokens, often bypassing multifactor authentication (MFA). Enterprises face heightened risks due to the integration of AiTM