As always, thanks to those who give a little back for their support!

FORENSIC ANALYSIS

• Akash Patel
  • Where Do We Begin? A Network Forensic Investigator’s Steps
  • The Silent Journey: A Cautionary Tale in Cyber Risk
    
    
• John Hyla at Blue Crew Forensics
  iOS Stream Names
  
  
• Christopher Eng at Ogmini
  • Zeltser Challenge – Fifth Month Accomplishments
  • 2025 New York State Cybersecurity Conference
  • RDCMan – Cracking DPAPI w/mimikatz
  • Windows Notepad Parser – Documentation Update
  • The DFIR Report – Public CTF
  • The DFIR Report – Public CTF – Part 2
    
    
• Chris Ray at Cyber Triage
  Windows Registry Forensics Cheat Sheet 2025
  
  
• D.ForensicatorJourney
  Timestamp Changes between OS via SMB Share
  
  
• Oleg Afonin at Elcomsoft
  What TRIM, DRAT, and DZAT Really Mean for SSD Forensics
  
  
• Lionel Notari
  iOS Unified Logs – log command major updates to not miss!
  
  
• Sumuri
  Imaging Apple Silicon Macs: A Modern Forensic Guide
  

THREAT INTELLIGENCE/HUNTING

• Abdallah Elnoty
  Threat-Actor-Profiles
  
  
• Ashok Krishna Vemuri
  StealingCredentials
  
  
• Bitdefender
  • How Analyzing 700,000 Security Incidents Helped Our Understanding of Living Off the Land Tactics
  • DragonForce: The Ransomware Cartel Guarding Its Burrow
    
    
• Brian Krebs at ‘Krebs on Security’
  Proxy Services Feast on Ukraine’s IP Address Exodus
  
  
• CERT Polska
  UNC1151 exploiting Roundcube to steal user credentials in a spearphishing campaign
  
  
• CERT-AGID
  • Campagna di phishing in corso per gli account di LiberoMail
  • Nuova campagna MintsLoader conferma una mirata strategia temporale
  • Sintesi riepilogativa delle campagne malevole nella settimana del 31 maggio – 6 giugno
    
    
• Chainalysis
  How Chainalysis Helped the FBI Track Down and Freeze Millions in the Caesars Casino Ransomware Attack
  
  
• Check Point
  2nd June – Threat Intelligence Report
  
  
• CISA
  #StopRansomware: Play Ransomware
  
  
• Jacob Finn, Dmytro Korzhevin, and Asheer Malhotra at Cisco’s Talos
  Newly identified wiper malware “PathWiper” targets critical infrastructure in Ukraine
  
  
• CloudSEK
  • The Transparent Tribe Vibe: APT36 Returns With CapraRAT Impersonating Viber
  • AMOS Variant Distributed Via Clickfix In Spectrum-Themed Dynamic Delivery Campaign By Russian Speaking Hackers
    
    
• Kahng An at Cofense
  ClickFix Campaign Spoofs Booking.com for Malware Delivery
  
  
• CrowdStrike
  • CrowdStrike and Microsoft Unite to Harmonize Cyber Threat Attribution
  • How Falcon Next-Gen SIEM Protects Enterprises from VMware vCenter Attacks
    
    
• Cyble
  • Ransomware Landscape May 2025: SafePay, DevMan Emerge as Major Threats
  • Over 20 Crypto Phishing Applications Found on the Play Store Stealing Mnemonic Phrases
    
    
• Cyfirma
  Weekly Intelligence Report – 06 June 2025
  
  
• Dark Atlas
  Operational Analysis of Ransomware Attack Lifecycle
  
  
• Darktrace
  Unpacking ClickFix: Darktrace’s detection of a prolific social engineering tactic
  
  
• Detect FYI
  • Detecting Malicious C2 Server Traffic via Google Calendar Phishing Attack Using Wazuh & Suricata
  • Identifying potential DDoS cases based on ASN with KQL Queries
  • Do you know your Detection Surface?
    
    
• Disconinja
  Weekly Threat Infrastructure Investigation(Week22)
  
  
• Dzianis Skliar
  Service URLs: The Hidden Gateways in Your Attack Surface
  
  
• ElementalX
  Looking into Wondershare Repairit DLL Hijacking issue
  
  
• Esentire
  Operation Endgame Disrupts AvCheck, Forces Threat Actors to Seek Alternatives
  
  
• Merlyn Albery-Speyer and Malcolm Heath at F5 Labs
  Delving Into the SparkRAT Remote Access Tool
  
  
• FalconFeeds
  • Inside the Syndicate: How “GangExposed” Brought Ransomware Titans to Their Knees
  • The Shadow Click: Unmasking the Booming Black Market for RDP Access on Telegram
    
    
• Vojtěch Krejsa and Milan Špinka at Gen
  Say Hi to HelloTDS: The Infrastructure Behind FakeCaptcha
  
  
• Google Cloud Security Community
  • Leveraging Data Tables for Detection Engineering in Google SecOps
  • New to Google SecOps: Building a Rule Using Custom and Curated Detections
    
    
• Google Cloud Threat Intelligence
  • Hello, Operator? A Technical Analysis of Vishing Threats
  • The Cost of a Call: From Voice Phishing to Data Extortion
    
    
• Ron Bowes at GreyNoise Labs
  Suricata evasion, starring URL decoding
  
  
• Hudson Rock
  Mandiant Exposes Salesforce Phishing Campaign as Infostealer Malware Emerges as a Parallel Threat
  
  
• Huntress
  • Infostealers Crash Course: A Tradecraft Tuesday Recap
  • Boring Isn’t Harmless: The Risks Behind Common Cyberattack Tradecraft
    
    
• InfoSec Write-ups
  • Learning YARA: A Beginner SOC Analyst’s Notes
  • {CyberDefenders Write-up}OskiCategory: Threat Intel
  • SOC L1 Alert Triage: TryHackMe
  • SC-200 – MS Security Operations Analyst illustrative notes
  • {CyberDefenders Write-up} Yellow RAT
  • Atomic Red Team Setup on Windows for ATT&CK-Based Adversary Simulation
  • Shodan Dorks to Find PII Data & Leaks
  • SOC AUTOMATION — Part 4
    
    
• Intel 471
  Android malware trends: Stealthier, easier-to-use
  
  
• Invictus Incident Response
  Profiling Laundry Bear: Tactics, History & Defenses
  
  
• Jeffrey Bellny at CatchingPhish
  History and Evolution of Ransomware Leak Sites
  
  
• Kijo Ninja
  BEC Persistence and Data Exfiltration Techniques
  
  
• Mark O’halloran
  Incident Response in AWS: Scoping strategies
  
  
• Mat Fuchs
  Understanding and Mitigating Insider Threats
  
  
• Mehmet Ergene at Blu Raven Academy
  • Detecting BadSuccessor: Shorcut to Domain Admin
  • Threat Hunting and Detection Using Web Proxy Logs
    
    
• Vasu Jakkal at Microsoft Security
  Announcing a new strategic collaboration to bring clarity to threat actor naming
  
  
• Oleg Skulkin at ‘Know Your Adversary’
  • 153. Here’s How Threat Actors Hinder Forensic Recovery
  • 154. Threat Actors Abuse Google Apps Script for Phishing
  • 155. Is Abusing Browser Extensions Noisy Enough?
  • 157. Aspia: An RMM in a Partisan Hands
  • 156. Threat Actors Abuse OpenSSH to Run a Simple Backdoor
  • 158. Here’s How TA397 Abuses Task Scheduler
  • 159. Hunting for Backdoored Game Cheats
    
    
• Ryan G. Cox at OSINT Team
  My Log Source-Agnostic Methodology to Understanding Big Data
  
  
• Adithya Vellal at Petra Security
  Corporate Espionage in the Cloud
  
  
• Heloise Montini at Porthas
  What is an Incident Response Plan
  
  
• Proofpoint
  The Bitter End: Unraveling Eight Years of Espionage Antics—Part One
  
  
• Rapid7
  • Rapid7 Q1 2025 Incident Response Findings
  • From Ideology to Financial Gain: Exploring the Convergence from Hacktivism to Cybercrime
    
    
• Tre Wilkins and Chris Brook at Red Canary
  All about that baseline: Detecting anomalies with Surveyor
  
  
• Red Hot Cyber
  RHC Interviews NOVA Ransomware – “Expect Dangerous Attacks. No One Is Safe.” | BLACKVIEW Series
  
  
• SANS Internet Storm Center
  • Simple SSH Backdoor, (Mon, Jun 2nd)
  • Phishing e-mail that hides malicious link from Outlook users, (Wed, Jun 4th)
  • Be Careful With Fake Zoom Client Downloads, (Thu, Jun 5th)
  • Upcoming DShield Honeypot Changes and Customizations, (Fri, Jun 6th)
  • Wireshark 4.4.7 Released, (Sun, Jun 8th)
  • Extracting With pngdump.py, (Sun, Jun 8th)
    
    
• Securelist
  • Host-based logs, container-based threats: How to tell where an attack began
  • IT threat evolution in Q1 2025. Mobile statistics
  • IT threat evolution in Q1 2025. Non-mobile statistics
    
    
• Subhajeet Singha and Sathwik Ram Prakki at Seqrite
  Operation DRAGONCLONE: Chinese Telecommunication industry targeted via VELETRIX & VShell malware
  
  
• Simone Kraus
  Unmasking the Shadow Gangs: How Criminal Networks Fabricate Terrorism to Silence Security Experts
  
  
• Mary Yang at SquareX Labs
  Interlock and the Kettering Ransomware Attack: ClickFix’s Persistence
  
  
• SuspectFile
  • Victim Pays $800,000 in Bitcoin—But the Chat Was Not Private as Claimed by Akira
  • Leroy Merlin Italy: 20,000 Files Publicly Exposed, Security Flaw Discovered by Cybersecurity Researcher
  • Silent Ransomware Group: The Interview
    
    
• Yuanjing Guo at Symantec Enterprise
  • Unmasking Insecure HTTP Data Leaks in Popular Chrome Extensions
  • Security Flaws in Chrome Extensions: The Hidden Dangers of Hardcoded Credentials
    
    
• System Weakness
  • Implement Audit Logs for your Database tables in SQL Server
  • Detection Engineering Practice: Detecting SSH Port Forwarding in Logs
    
    
• Tarek Mostafa
  NightSpire APT Profiling
  
  
• THOR Collective Dispatch
  • Ask-a-Thrunter: May 2025 Recap 🐏
  • Red with Benefits: Purple Teaming with Sliver Beacons
  • Ask-a-Thrunter: May 2025 Recap 🐏
    
    
• ThreatFabric
  Crocodilus Mobile Malware: Evolving Fast, Going Global
  
  
• Nyxgeek at TrustedSec
  Full Disclosure, GraphGhost: Are You Afraid of Failed Logins?
  
  
• Ugur Koc and Bert-Jan Pals at Kusto Insights
  Kusto Insights – May Update
  
  
• Kenneth Kinion at Valdin
  Illuminating Transparent Tribe with Validin
  
  
• Vasilis Orlof at Cyber Intelligence Insights
  Cobalt on the weekends
  
  
• WeLiveSecurity
  BladedFeline: Whispering in the dark
  
  
• Gili Tikochinski, Danielle Aminov, and Merav Bar at Wiz
  DevOps Tools Targeted for Cryptojacking
  
  
• Блог Solar 4RAYS
  Охота на Kubernetes: угрозы в джунглях оркестрации
  

UPCOMING EVENTS

• Peter Sosic at Amped
  Amped User Days 2025: Join Us Live on Zoom This September!
  
  
• Black Hills Information Security
  • BHIS – Talkin’ Bout [infosec] News 2025-06-09 #livestream #infosec #infosecnews
  • BHIS – Talkin’ Bout [infosec] News 2025-06-16 #livestream #infosec #infosecnews
    
    
• Oxygen Forensics
  Maximizing Speed in Data Loading: Cutting Through the Clutter
  
  
• Recorded Future
  Beyond Ransomware: The Invisible Data Economy Targeting Retail
  
  
• Silent Push
  Workshop – Pivoting Across Infrastructure to Detect Unknown Threats
  

PRESENTATIONS/PODCASTS

• Hexordia
  Truth in Data: EP8: Carving Your Path: Insights into Various Digital Forensics Roles
  
  
• Adversary Universe Podcast
  Where AI Fits in the Adversary’s Toolbox
  
  
• Behind the Binary by Google Cloud Security
  EP 10 Tim Blazytko – Protecting Intellectual Property: Obfuscation & Anti-Reverse Engineering in Software
  
  
• Belkasoft
  Waypoint Analysis: Narrowing Timelines with Partial Data | Matthew Sorell
  
  
• Breaking Badness
  Beyond the Perimeter: How Attackers Use Domains, Phishing & AI and How to Fight Back
  
  
• Clint Marsden at the TLP – Digital Forensics Podcast
  Episode 20:What Makes an Elite Incident Response Team: Mindset, Mastery, and Real-World DFIR Lessons
  
  
• Cloud Security Podcast by Google
  EP228 SIEM in 2025: Still Hard? Reimagining Detection at Cloud Scale and with More Pipelines
  
  
• Cyber Social Hub
  • Live from Techno Security with Magnet Forensics
  • Live from Techno Security with MSAB
    
    
• Cyberwox
  Detection-as-Code & CI/CD for Detection Engineering with Dennis Chow | Detection Opportunities EP 9
  
  
• Deepanshu Khanna
  CTI Masterclass Part-II | Automating CTI & hunting APT groups | Automating CTI Lab with Docker
  
  
• Eric Capuano and Whitney Champion
  Modernizing Incident Response Using Techniques that Scale
  
  
• FIRST
  Episode 49: John Stoner, FIRSTCON25 Speaker
  
  
• 2 Cyber Chicks
  Cyber Warfare & Geopolitics: How Threat Actors Are Targeting America with David Cook | S6 E8
  
  
• Huntress
  • What Are Infostealers Really After? | Tradecraft Tuesday
  • Mastering Delegation & Focus with the Mulligan Rule | Community Fireside Chat
    
    
• InfoSec_Bret
  Challenge – Velociraptor
  
  
• Matthew Plascencia
  THANKS FOR 500 SUBSCRIBERS!!!
  
  
• MSAB
  MM XAMN Timeline
  
  
• MyDFIR
  Avoid These Common Mistakes If You Want To Get Into Cybersecurity
  
  
• Paraben Corporation
  Using E3 with Mobile Data to Export to Relativity as load file or RSMF
  
  
• Parsing the Truth: One Byte at a Time
  The Hidden Partition
  
  
• SANS
  Smart Phone Forensics Circa 2028
  
  
• The Cyber Mentor
  🔴 LIVE: Conti Ransomware | Cybersecurity | TryHackme | AMA
  
  
• The Defender’s Advantage Podcast
  Vishing in the Wild
  
  
• Three Buddy Problem
  Mikko Hypponen talks drone warfare, APT naming schemes
  

MALWARE

• Mauro Eldritch at Any.Run
  OtterCookie: Analysis of Lazarus Group Malware Targeting Finance and Tech Professionals
  
  
• ASEC
  ViperSoftX Stealing Cryptocurrencies
  
  
• Dr Josh Stroschein
  • Building OrangeCon: Stef van Dop on Creating a Cybersecurity Community
  • 🎙️NEW episode of Behind the Binary: Tim Blazytko on Securing Software and Code Obfuscation
    
    
• Shiyin Lin at Fortinet
  How a Malicious Excel File (CVE-2017-0199) Delivers the FormBook Payload
  
  
• Gi7w0rm
  HuluCaptcha — An example of a FakeCaptcha framework
  
  
• haxrob
  • BPFDoor – Part 1 – The Past
  • BPFDoor Part 2 – The Present
    
    
• Hunt IO
  Paste.ee Abuse Uncovered: XWorm & AsyncRAT Infrastructure
  
  
• Iram Jack
  • Spearphishing Attachments
  • Documents & Their Malicious Use
  • Analyzing Malicious JavaScript
  • Malware and Office Docs
  • OneNote Malware Analysis
    
    
• K7 Labs
  • In-depth Analysis of a 2025 ViperSoftX Variant
  • Android Spyware Alert! Fake government app targeting Android users in India!
  • A SoraAI clickbait
    
    
• Jan Michael Alcantara at Netskope
  Glitch-hosted Phishing Uses Telegram & Fake CAPTCHAs to Target Navy Federal Credit Union Customers
  
  
• Dominik Reichel at Palo Alto Networks
  Blitz Malware: A Tale of Game Cheats and Code Repositories
  
  
• RevEngAI
  Automating String Decoding in Malware: Analysing StealC V1 with IDAPython
  
  
• Anderson Leite at Securelist
  Analysis of the latest Mirai wave exploiting TBK DVR devices with CVE-2024-3721
  
  
• Shubho57
  Analysis of an AsyncRAT variant from an ClickFix Powershell Script (Keylogger)
  
  
• Socket
  • Malicious Ruby Gems Exfiltrate Telegram Tokens and Messages Following Vietnam Ban
  • Malicious npm Packages Target BSC and Ethereum to Drain Crypto Wallets
  • Destructive npm Packages Disguised as Utilities Enable Remote System Wipe
  • PyPI Package Disguised as Instagram Growth Tool Harvests User Credentials
    
    
• Matt Wixey and Andrew O’Donnell at Sophos
  The strange tale of ischhfd83: When cybercriminals eat their own
  
  
• Matt Morrow at Sucuri
  Fake WordPress Caching Plugin Used to Steal Admin Credentials
  
  
• Niranjan Hegde, Vasantha Lakshmanan Ambasankar and Adarsh S at Trellix
  Demystifying Myth Stealer: A Rust Based InfoStealer
  
  
• Bernardo Quintero at VirusTotal
  What 17,845 GitHub Repos Taught Us About Malicious MCP Servers
  
  
• VMRay
  New malware: Akemi sample uses trailing slash in class filenames to thwart static analysis and unzipping
  
  
• Marco Wotschka at Wordfence
  Malware Masquerades as Legitimate, Hidden WordPress Plugin with Remote Code Execution Capabilities
  
  
• István Márton at Wordfence
  9,000 WordPress Sites Affected by Arbitrary File Upload and Deletion Vulnerabilities in WP User Frontend Pro WordPress Plugin
  
  
• Шифровальщики-вымогатели The Digest “Crypto-Ransomware”
  • Gunra
  • DireWolf
  • Veluth
  • GopherWare
    

MISCELLANEOUS

• Belkasoft
  • Belkasoft X Forensic Ultimate: The Complete Digital Forensics Solution for Government Agencies
  • Belkasoft X 2.8: A Sneak-Peak
  • New On-Demand Course: Advanced SQLite Queries with Belkasoft X
  • [ON-DEMAND COURSE] Advanced SQLite Queries with Belkasoft
    
    
• Brian Maloney
  Weekly Update 6/6/2025
  
  
• Cellebrite
  Cellebrite to Acquire Corellium
  
  
• Decrypting a Defense
  The Growing ALPR Threat, Crypto Meets Traditional Crime, Border Search Decision, Celebrating Our 5th Anniversary & More
  
  
• Josibel Mendoza at DFIR Dominican
  DFIR Jobs Update – 06/02/25
  
  
• Didier Stevens
  • DSS_DEFAULT_HASH_ALGORITHMS
  • Python Requirements for Didier Stevens Suite
    
    
• Forensic Focus
  • Magnet Forensics Unveils Pioneering Cloud-Powered Processing For Magnet One
  • Digital Forensics Round-Up, June 04 2025
  • Amped Authenticate Updates: New Media Forensic Weapons For Detecting Fake Media
    
    
• Kevin Pagano at Stark 4N6
  Forensics StartMe Updates (6/1/2025)
  
  
• Magnet Forensics
  Introducing Magnet One Mobile Case Stream
  
  
• Oxygen Forensics
  Supercharge investigations by analyzing data from ALL sources in Oxygen
  
  
• Amber Schroader at Paraben Corporation
  From Solitary Sleuth to Connected Pro: Networking for Introverted Digital Investigators
  
  
• Mari DeGrazia at SANS
  Stay Ahead of Ransomware: Communication During a Cyber Incident
  
  
• Sleuth Kit Labs
  Endpoint Triage: How MSSPs Help Their Clients After An Alert
  

SOFTWARE UPDATES

• Airbus Cybersecurity
  IRIS-Web v2.4.22
  
  
• Didier Stevens
  • Update: myjson-transform.py Version 0.0.2
  • Update: search-for-compression.py Version 0.0.4
  • Quickpost: emldump Bulk Extraction
    
    
• Digital Sleuth
  winfor-salt v2025.9.1
  
  
• Erik Hjelmvik at Netresec
  CapLoader 2.0 Released
  
  
• Francesco Varotto
  SlothLog
  
  
• hasherezade
  tiny_tracer 3
  
  
• Lethal Forensics
  Microsoft-Analyzer-Suite v1.5.1
  
  
• Mandiant
  Capa v9.2.1
  
  
• Mark Baggett
  SRUM-DUMP 3.2
  
  
• MISP
  MISP 2.4.211 & 2.5.13 Released – A Double Dose of Security, Search, and Stability
  
  
• X1 Discovery
  X1 Unveils Major Search Upgrade with New Slack Integration, Enhanced M365 Support, and Unmatched Speed
  
  
• Xways
  • Miscellaneous
  • X-Ways Forensics 21.4
  • X-Ways Forensics 21.5
    
    
• Victor M. Alvarez
  YARA-X is stable!
  

And that’s all for the week! If you think I’ve missed something, or want me to cover something specifically hit me up through the contact page or on the social pipes!