Download Permiso’s CISO Guide to Detecting & Preventing Identity Attacks.   The guide breaks down: – The top identity-based attack vectors across SaaS, PaaS, IaaS, and IdPs – Real-world breach examples from Okta, Snowflake, Cloudflare, and others – How adversaries exploit non-human identities and abuse MFA gaps – What CISOs must do to align identity with their broader security strategy And More

Sponsored by Permiso

As always, thanks to those who give a little back for their support!

FORENSIC ANALYSIS

• Akash Patel
  • Carbon Black (P4:Enforce): A Practical Guide/An Practical Training
  • Carbon Black (P6:Settings): A Practical Guide/An Practical Training
  • Sublime Security — The EDR of Email We Needed!
  • Windows Forensic Artifacts: Unveiling Key Evidence
  • Sublime Security — Dashboard Walkthrough (Overview + User Reports)
    
    
• Christopher Eng at Ogmini
  • Velociraptor – Artifact Windows Notepad – Part 2
  • BelkaCTF 7 – AAR Command and Control
  • Zeltser Challenge – Seventh Month Accomplishments
  • Registry Plugin (RECmd and Registry Explorer) – Application Settings Container
  • Poking Windows Snipping Tool aka Screen Sketch
  • Application Settings Container – Subkeys!
  • Windows Snipping Tool – Part 1
    
    
• Dr. Brian Carrier at Cyber Triage
  3 Ways to Make Digital Investigations Faster with Automation
  
  
• Etienne Maynie
  Timestamps and LinkedIn
  
  
• Forensafe
  iOS Keepsafe
  
  
• Joshua Hickman at ‘The Binary Hick’
  (Not) Strange Bedfellows – Samsung’s Rubin & Digital Wellbeing
  
  
• N00b_H@ck3r
  LetsDefend: WannaCry Ransomware
  
  
• Shaherzakaria
  13Cubed Windows Memory Forensics Challenge 2025 — Walkthrough
  
  
• Andrew Pomerleau at Sumuri
  Navigating APFS: Container vs. Volume Imaging and Troubleshooting Best Practices
  
  
• The DFIR Report
  From Bing Search to Ransomware: Bumblebee and AdaptixC2 Deliver Akira
  

THREAT INTELLIGENCE/HUNTING

• Faan Rossouw at Active Countermeasures
  Malware of the Day – ZetaSwitch – DNS/HTTP Multi-Modal C2
  
  
• Andrew Skatoff at ‘DFIR TNT’
  Huntable GPT – Tactical Threat Intelligence Assistant
  
  
• Arctic Wolf
  Ransomware Evolution: The Changing Landscape of Cyber Extortion
  
  
• Martin Zugec at Bitdefender
  Technical Advisory: SonicWall Targeted by Ransomware Group
  
  
• Black Hills Information Security, Inc.
  Offensive Tooling Cheatsheets: An Infosec Survival Guide Resource
  
  
• Brian Krebs at ‘Krebs on Security’
  • Who Got Arrested in the Raid on the XSS Crime Forum?
  • KrebsOnSecurity in New ‘Most Wanted’ HBO Max Series
    
    
• CERT Ukraine
  Оновлений інструментарій UAC-0099: MATCHBOIL, MATCHWOK, DRAGSTARE
  
  
• CERT-AGID
  • In vendita documenti di identità trafugati da hotel italiani
  • Sintesi riepilogativa delle campagne malevole nella settimana del 2 – 8 agosto
    
    
• Check Point
  • 4th August – Threat Intelligence Report
  • CVE-2025-54136 –  MCPoison Cursor IDE: Persistent Code Execution via MCP Trust Bypass
  • The Alarming Surge in Compromised Credentials in 2025
    
    
• CrowdStrike
  CrowdStrike 2025 Threat Hunting Report: AI Becomes a Weapon and a Target
  
  
• Cyble
  • Scattered Spider Intensifies Cyber Onslaught with New Tactics and Ransomware Deployment
  • A Region-Wise Breakdown of Cyber Threats: What H1 2025 Data Reveals
  • Who are the Top Ransomware Threat Actors of H1 2025 
    
    
• Cyfirma
  Weekly Intelligence Report – 08 August 2025
  
  
• Dark Atlas
  Qilin Ransomware: A Deep Dive into Operations & OPSEC Breakdowns
  
  
• Darktrace
  2025 Cyber Threat Landscape | Mid-Year Review
  
  
• Disconinja
  Weekly Threat Infrastructure Investigation(Week31)
  
  
• Elliptic
  Levelling up crypto fraud and money laundering investigations with automatic behavioral detection
  
  
• Vaisha Bernard at Eye Research
  Consent & Compromise: Abusing Entra OAuth for Fun and Access to Internal Microsoft Applications
  
  
• FalconFeeds
  • Ransomware Inc.: How Affiliate Models Are Powering a New Era of Cybercrime
  • From Hacktivist to Mercenary: The Shifting Motivations of Modern Threat Actors
  • Echoes of the Exploit: How Old Vulnerabilities Fuel New Threat Actor Campaigns
    
    
• Forescout
  Midyear Threat Report: Numbers Grow in Nearly All the Wrong Places
  
  
• g0njxa
  The XSS[.]is files: Discussion on the July 2025 events with ex-moderators
  
  
• Group-IB
  The Anatomy of a Deepfake Voice Phishing Attack: How AI-Generated Voices Are Powering the Next Wave of Scams
  
  
• GuidePoint Security
  • The Secret Life of APIs: Uncovering Hidden Endpoints and More
  • GRITREP: Observed Malicious Driver Use Associated with Akira SonicWall Campaign
    
    
• Hunt IO
  APT Sidewinder Spoofs Government and Military Institutions to Target South Asian Countries with Credential Harvesting Techniques
  
  
• Huntress
  Active Exploitation of SonicWall VPNs
  
  
• It’s Biebs the malware guy!!
  Rethinking Threat Hunting: From Hypotheses to Heuristics
  
  
• Tuval Admoni at Koi Security
  Greedy Bear —Massive Crypto Wallet Attack Spans Across Multiple Vectors
  
  
• Adam Goss at Kraven Security
  Structured vs. Unstructured Threat Intelligence: The Ultimate Guide
  
  
• Anish Bogati at Logpoint
  Akira in the Network: From SonicWall Access to Ransomware Deployment
  
  
• Mahmoud Elfawair
  The Azure Lab Diaries – Detecting EDR Silencers
  
  
• Mat Fuchs
  From Local to Global: The Evolution of Identity in Incident Response
  
  
• Matthias Vallentin at Tenzir
  Time-Travel for Investigators: Live & Retro GeoIP/ASN Enrichment
  
  
• Ray Fernandez at Moonlock
  Is a North Korean spy scheme behind the rise of macOS stealers?
  
  
• Nasreddine Bencherchali
  • Trust Me, I’m a Legitimate Process: Verisimilitude and the Art of Hiding
  • The Ghost in the Logs: DFIR Through a Palimpsest Lens
  • From Telemetry to Signals: Designing Detections with an Audience in Mind
    
    
• Oleg Skulkin at ‘Know Your Adversary’
  • 215. Another RMM in Scattered Spider’s Arsenal
  • 216. An Interesting Case of Rundll32 Abuse
  • 217. Detecting PXA Stealer’s Behavior Markers
  • 218. Adversaries Abuse .Desktop Files to Attack Linux Systems
  • 219. That’s How Ransomware Gangs Obtain Credentials for Backup Servers
  • 220. Adversaries Use TokenUtils to Escalate Privileges
  • 221. Adversaries Abuse Lua to Load Stealers
  • 222. That’s How Adversaries Abuse PowerShell to Take Screenshots Quietly
    
    
• OSINT Team
  • Day 20- Detecting Security Events using Windows Event Viewer in a practical way
  • KoiLoader Malware: Turning Financial Statements into Security Nightmares
    
    
• Palo Alto Networks
  • Project AK47: Uncovering a Link to the SharePoint Vulnerability Attacks
  • Muddled Libra: Why Are We So Obsessed With You?
  • New Infection Chain and ConfuserEx-Based Obfuscation for DarkCloud Stealer
    
    
• Justin Copeland at Praetorian
  OAuthSeeker: Leveraging OAuth Phishing for Initial Access and Lateral Movement on Red Team Engagements
  
  
• Jacques Louw at Push Security
  Introducing our guide to phishing detection evasion techniques
  
  
• Brian Donohue at Red Canary
  Ranking the top threats and techniques for the first half of 2025
  
  
• Alex Martin at Reliance Cyber
  SharePoint’s China syndrome: A self-inflicted national security crisis
  
  
• Resecurity
  SSRF to AWS Metadata Exposure: How Attackers Steal Cloud Credentials
  
  
• S2W Lab
  ScarCruft’s New Language: Whispering in PubNub, Crafting Backdoor in Rust, Striking with Ransomware
  
  
• SANS Internet Storm Center
  • Legacy May Kill, (Sun, Aug 3rd)
  • New Feature: Daily Trends Report, (Mon, Aug 4th)
  • Stealing Machine Keys for fun and profit (or riding the SharePoint wave), (Tue, Aug 5th)
  • Do sextortion scams still work in 2025?, (Wed, Aug 6th)
  • Mass Internet Scanning from ASN 43350 [Guest Diary], (Thu, Aug 7th)
    
    
• David Schiff & Gal Abadi at SentinelOne
  FORGE: Cybersecurity’s “AlphaEvolve Moment” for Threat Detection
  
  
• Silent Push
  Unmasking SocGholish: Silent Push Untangles the Malware Web behind the “Pioneer of Fake Updates” and Its Operator, TA569
  
  
• Simone Kraus
  Analyzing UAC‑0099 Tactics, Techniques, and Procedures (2023–2025)
  
  
• Socket
  • Malicious npm Packages Target WhatsApp Developers with Remote Kill Switch
  • 11 Malicious Go Packages Distribute Obfuscated Remote Payloads
  • 60 Malicious Ruby Gems Used in Targeted Credential Theft Campaign
    
    
• SOCRadar
  Dark Web Profile: Interlock Ransomware
  
  
• Marco A. De Felice aka amvinfe at SuspectFile
  Qilin Responds to the Accusations: “We Don’t Scam Our Affiliates”
  
  
• System Weakness
  • The Day I Started Thinking Like a Real Threat Hunter
  • Detecting Web Shells | Tryhackme
    
    
• Team Cymru
  Fingerprinting Malware C2s with Tags
  
  
• Tehtris
  Threat Intelligence report – 05/08
  
  
• Lauren Proehl, Sydney Marrone, and John Grageda at THOR Collective Dispatch
  Ask-a-Thrunter: July 2025 Recap 🐏
  
  
• Threatmon
  • Retro-C2: A New Breed of Open-Source Remote Access Trojan
  • Mapped and Monetized ThreatMon’s Data-Driven Look at Initial Access Brokers
    
    
• Trellix
  • Gang Wars: Breaking Trust Among Cyber Criminals
  • Fewer Attacks, Greater Threats: The New Playbook Targeting Governments in 2025
    
    
• Trend Micro
  • LLM as a Judge: Evaluating Accuracy in LLM Security Scans
  • Lessons in Resilience from the Race to Patch SharePoint Vulnerabilities
  • Echoes in the Shell: Legacy Tooling Behind Ongoing SharePoint ‘ToolShell’ Exploitation
    
    
• Ugur Koc and Bert-Jan Pals at Kusto Insights
  Kusto Insights – July Update
  
  
• WeLiveSecurity
  ESET Threat Report H1 2025: ClickFix, infostealer disruptions, and ransomware deathmatch
  
  
• ZScaler
  • Tracking Updates to Raspberry Robin
  • GenAI Used For Phishing Websites Impersonating Brazil’s Government
    
    
• Блог Solar 4RAYS
  Solar 4RAYS: хроники DFIR в первом полугодии 2025 года
  

UPCOMING EVENTS

• Black Hills Information Security
  BHIS – Talkin’ Bout [infosec] News 2025-08-11 #livestream #infosec #infosecnews
  
  
• Cellebrite
  Protecting Investigators: AI Solutions for CSAM Investigations
  
  
• Magnet Forensics
  AI Unpacked #4: AI in media forensics – Looking toward the future of investigations
  
  
• MSAB
  What’s New in XRY Pro: Cutting-Edge Forensics with MSAB & Data Expert
  

PRESENTATIONS/PODCASTS

• Hexordia
  Truth in Data: EP14: The Unseen Toll: Mental Health in DFIR
  
  
• Adversary Universe Podcast
  Cloud Intrusions Rise, eCrime Thrives, Governments Under Attack: CrowdStrike 2025 Threat Hunting Report
  
  
• Belkasoft
  Pitfalls in Acquiring Video Evidence | Marco Fontani
  
  
• Cellebrite
  Tip Tuesday: Call for C2C User Summit Speakers is Open
  
  
• Cloud Security Podcast by Google
  EP237 Making Security Personal at the Speed and Scale of TikTok
  
  
• Gerald Auger at Simply Cyber
  Navigating the SOC Analyst Landscape Insights with Casually Joseph | Simply Secured S1 E5
  
  
• Huntress
  SOC Walkthrough: The Anatomy of a VPN Compromise
  
  
• InfoSec_Bret
  SA – SOC287-263 – Arbitrary File Read on Checkpoint Security Gateway [CVE-2024-24919]
  
  
• Karsten Hahn at Malware Analysis For Hedgehogs
  Analysis Verdicts: There is more than Clean and Malicious
  
  
• Magnet Forensics
  Mobile Unpacked S3:E7 // Analyzing Android 16 – Baking up Baklava
  
  
• Matthew Plascencia
  FTK Imager Overview | Windows Forensics 5
  
  
• Microsoft Threat Intelligence Podcast
  How Microsoft Stays Ahead of the World’s Most Dangerous Hackers
  
  
• MSAB
  #MSAB Monday – Hash Tree Builder Part 2
  
  
• MyDFIR
  What a Good Cybersecurity Project Looks Like (And Why It Matters)
  
  
• Oxygen Forensics
  USB vs OTG: Acquisition Versatility at the Forensicator’s Fingertips
  
  
• Parsing the Truth: One Byte at a Time
  Bizarre Tactics and Browser Trails and Bradley’s Testimony
  
  
• Richard Davis at 13Cubed
  Behind the Book: Threat Hunting macOS with Jaron Bradley
  
  
• Sumuri
  How to Setup Persistent Storage for PALADIN | Step-by-Step Guide
  
  
• THE Security Insights Show
  The Security Insights Show!
  
  
• Threatscape
  Hackers Love Your Default Defender Setup [Fix: Copy These Settings]
  
  
• Three Buddy Problem
  Live from Black Hat: Brandon Dixon parses the AI security hype
  

MALWARE

• Mauro Eldritch at Any.Run
  PyLangGhost RAT: Rising Data Stealer from Lazarus Group Targeting Finance and Technology 
  
  
• ASEC
  • Makop Ransomware Identified in Attacks in South Korea
  • Malware Disguised as A Cryptocurrency Exchange Being Distributed Through Facebook Ads
    
    
• Beazley Security
  Ghost in the Zip | New PXA Stealer and Its Telegram-Powered Ecosystem
  
  
• CISA
  MAR-251132.c1.v1 Exploitation of SharePoint Vulnerabilities
  
  
• CyberDefNerd
  Xworm – Static Analysis (part 3)
  
  
• Dr Josh Stroschein
  • A Revamped Type System: Exploring x64dbg’s Latest Features with Duncan Ogilvie
  • Unpacking Binlex with Cerberus: Malware Hunting & Binary Analysis Live!
  • How Do You Get PDB Files in an Offline VM? Go Go PDBReSym!
    
    
• Merlyn Albery-Speyer and Malcolm Heath at F5 Labs
  SparkRAT: Exploiting Architectural Weaknesses in Open-Source Offensive Tools
  
  
• Jin Lee at Fortinet
  Malicious Packages Across Open-Source Registries: Detection Statistics and Trends (Q2 2025)
  
  
• Genians
  RoKRAT Shellcode and Steganographic Threats: Analysis and EDR Response Strategies
  
  
• K7 Labs
  • Android SpyBanker: Rerouting Calls to Attackers
  • Silent Watcher: Dissecting Cmimai Stealer’s VBS Payload
    
    
• Dexter Shin at McAfee Labs
  Android Malware Targets Indian Banking Users to Steal Financial Info and Mine Crypto
  
  
• Cristian Souza, Ashley Muñoz, Eduardo Ovalle, Francesco Figurelli, Anderson Leite at Securelist
  Driver of destruction: How a legitimate driver is being used to take down AV processes
  
  
• SentinelOne
  • Ghost in the Zip | New PXA Stealer and Its Telegram-Powered Ecosystem
  • Smart Contract Scams | Ethereum Drainers Pose as Trading Bots to Steal Crypto
    
    
• Gabor Szappanos and Steeve Gaudreault at Sophos
  Shared secret: EDR killer in the kill chain
  
  
• Stairwell
  • Reverse Engineering Malware 101: Getting Started with macOS Reversing
  • ToolShell: Revealing Webshell Malware Variants and a New YARA Rule
    
    
• Zhassulan Zhussupov
  MacOS hacking part 8: `dlopen()` code loading + finding target PIDs. Simple C (Intel, ARM) examples
  
  
• Шифровальщики-вымогатели The Digest “Crypto-Ransomware”
  • 4L4MD4R
  • Lumiypt
  • BlackField
    

MISCELLANEOUS

• Amped
  • Deepfake Forensics Is Much More Than Deepfake Detection!
  • New Research on HEVC Video Double Encoding Detection Published in Journal of Imaging
    
    
• Atola Technology
  Voices of DFIR: 10 Professionals You Should Follow
  
  
• Brett Shavers
  • DF/IR Paralysis: What to Do When You Don’t Know What to Do
  • One Bad Decision Can Send You Everywhere But the Truth
    
    
• Brian P. Mohr at CyberMohr
  Reducing Alert Fatigue in the SOC: How to Handle Benign Positives, False Positives, and True Positives
  
  
• Decrypting a Defense
  The Anti-Immigrant Machine, FDNY Uses Clearview AI, NY Immigrant Legislation, Digital Safety While Traveling & More
  
  
• Josibel Mendoza at DFIR Dominican
  DFIR Jobs Update – 08/04/25
  
  
• Dr. Tristan Jenkinson at ‘The eDiscovery Channel’
  Bellingcat Challenge – July 2025 (The Forgotten Files)
  
  
• Forensic Focus
  • Semantics 21 Wants Your Help To Rename LASERi-X
  • Digital Forensics Jobs Round-Up, August 04 2025
  • Halfway Through The S21 Transcriber Spotlight Session
  • Safeguarding ICAC Investigators: Detego Global’s Commitment To Mental Well-Being
  • Digital Forensics Round-Up, August 06 2025
  • More Than Software: Amped Training Teaches You The Science Of Forensic Video And Image Analysis
  • The Balance Between Digital Forensic Examiners And Digital Evidence Technicians: Expertise Vs. Efficiency
  • Forensic Focus Digest, August 08 2025
    
    
• Jeffrey Appel
  How to store Defender XDR data for years in Sentinel Data Lake without expensive ingestion cost
  
  
• Magnet Forensics
  Authenticity on Trial: How Magnet Verify Helps Prosecutors Admit Digital Media and Defeat Deepfake Defenses
  
  
• Matthew Plascencia
  Tool Review: FTK Imager
  
  
• MikeCyberSec
  Supercharged SecOps Series — AI In The SOC — Deploying Azure OpenAI
  
  
• Tobias Michalski at Nextron Systems
  Webhooks in THOR Cloud: Event-Driven Notifications and System Integration
  
  
• Stamatis Chatzimangou at NVISO Labs
  Detection Engineering: Practicing Detection-as-Code – Validation – Part 3
  
  
• TobyG at sentinel.blog
  Automating Microsoft Sentinel Deployment with GitHub Actions
  
  
• Raymond Chen at The Old New Thing
  Why are Windows semiannual updates named H1 and H2?
  
  
• Philip DuBois at TrustedSec
  PivotTables For InfoSec Dummies
  

SOFTWARE UPDATES

• Acelab
  The New Software Update: PC-3000 Ver. 7.7.19, Data Extractor Ver. 6.7.9, PC-3000 SSD Ver. 3.7.4 has been released
  
  
• Apache
  Release 3.2.2 – 8/6/2025
  
  
• Digital Sleuth
  winfor-salt v2025.10.2
  
  
• Google
  Timesketch 20250807
  
  
• Metaspike
  Forensic Email Collector (FEC) Changelog – 4.1.525.75
  
  
• Passmark Software
  OSForensics – V11.1 build 1009 5th August 2025
  
  
• SigmaHQ
  pySigma v1.0.0rc1
  

And that’s all for the week! If you think I’ve missed something, or want me to cover something specifically hit me up through the contact page or on the social pipes!