Download Permiso’s CISO Guide to Detecting & Preventing Identity Attacks.   The guide breaks down: – The top identity-based attack vectors across SaaS, PaaS, IaaS, and IdPs – Real-world breach examples from Okta, Snowflake, Cloudflare, and others – How adversaries exploit non-human identities and abuse MFA gaps – What CISOs must do to align identity with their broader security strategy And More

Sponsored by Permiso

As always, thanks to those who give a little back for their support!

FORENSIC ANALYSIS

• Akash Patel
  • Understanding the “Remediate Threats” Tab in Sublime Security
  • Let’s Talk About Detection Rules in Sublime Security (EDR for Email!)
  • Mastering Windows Registry Forensics
  • USB Forensics
  • Meet ASA: Your New AI-Powered Security Teammate from Sublime Security
  • The Final Piece: Hunting, Searching, and Analyzing Like a Pro in Sublime EDR for Email
    
    
• Christopher Eng at Ogmini
  • Application Settings Container – RegUwpDateTimeOffset Weirdness?
  • BelkaCTF 7 – AAR API Key
  • BelkaCTF 7 – AAR Puppetmaster
  • Memory Forensics – Windows Notepad Part 1
  • Memory Forensics – Windows Notepad Part 2
  • Memory Forensics – Windows Notepad Part 3
  • Memory Forensics – Windows Notepad Part 3
  • Memory Forensics – Windows Notepad Part 4
    
    
• Cyber Triage
  DFIR Next Steps: Suspicious TeamViewer Use
  
  
• Oleg Afonin at Elcomsoft
  Analyzing the Windows SRUM Database
  
  
• Eric Capuano
  DFIR Artifact: PowerShell Transcripts
  
  
• Forensafe
  iOS TeleGuard
  
  
• Momal Naz at System Weakness
  Wireshark: Traffic Analysis| TryHackMe — Walkthrough — Part 2
  

THREAT INTELLIGENCE/HUNTING

• Abdulrehman Ali
  Stardust Chollima APT Adversary Simulation
  
  
• Adam at Hexacorn
  Beyond good ol’ Run key, Part 150
  
  
• Alparslan Akyıldız academy
  • APT 37 Taktik Ve Teknik Analizi Proaktif Defans Yaklaşımları
  • MuddyWater: İran Destekli Olduğu İddia Edilen Siber Casusluk Tehditinin Evrimi APT 33 APT 34 APT 39
    
    
• Arctic Wolf
  Threat Actor Profile: Interlock Ransomware
  
  
• Victor Vrabie at Bitdefender
  Curly COMrades: A New Threat Actor Targeting Geopolitical Hotbeds
  
  
• Brad Duncan at Malware Traffic Analysis
  • 2025-08-11: XLoader (Formbook) infection
  • 2025-08-13: Lumma Stealer infection
  • 2025-08-12: Ten days of scans and probes and web traffic hitting my web server
  • 2025-08-02: Ten days of scans and probes and web traffic hitting my web server
  • 2025-08-15: Lumma Stealer infection with SectopRAT
    
    
• Brian Krebs at ‘Krebs on Security’
  Mobile Phishers Target Brokerage Accounts in ‘Ramp and Dump’ Cashout Scheme
  
  
• CERT-AGID
  Sintesi riepilogativa delle campagne malevole nella settimana del 9 – 14 agosto
  
  
• Check Point
  • New Data Reveals July’s Worst Ransomware Groups and Attack Surges
  • 11th August – Threat Intelligence Report
  • GitHub Abuse Engine: Stay One Step Ahead
    
    
• Cisco’s Talos
  • Malvertising campaign leads to PS1Bot, a multi-stage malware framework
  • UAT-7237 targets Taiwanese web hosting infrastructure
    
    
• Fabian Bader at Cloudbrothers
  Detect threats using GraphAPIAuditEvents – Part 3
  
  
• Cofense
  • Personalization in Phishing: Advanced Tactics for Malware Delivery
  • This ‘SAP Ariba Quote’ Isn’t What It Seems—It’s Ransomware
    
    
• CrowdStrike
  Defending Against SCATTERED SPIDER with Falcon Next-Gen SIEM
  
  
• CTF导航
  • APT-C-36（盲眼鹰）组织在新攻击活动中升级对抗手段
  • 勒索软件组织BlackCat可能已更名为 Embargo
  • Kimsuky泄露文件简单分析
  • APT | Kimsuky组织攻击套件大曝光
    
    
• Cyble
  Ransomware Landscape July 2025: Qilin Stays on Top as New Threats Emerge 
  
  
• Cyfirma
  Weekly Intelligence Report – 15 August 2025
  
  
• Dark Atlas
  • Scattered Spider – UNC3944: A Comprehensive and Detailed Threat Profile
  • Marketing’s Shadow Twin: Cybercrime’s Use of Legitimate Online Platforms
    
    
• Darktrace
  Tracking and Containing a Real-World Fortinet SSL-VPN Attack
  
  
• Delivr.to
  FileJacking: Exfiltrating Mapped Drives from the Browser
  
  
• Disconinja
  Weekly Threat Infrastructure Investigation(Week32)
  
  
• Abdulrahman H. Alamri and Lexie Mooney at Dragos
  Dragos Industrial Ransomware Analysis: Q2 2025
  
  
• FalconFeeds
  The Emergence of “Scattered LAPSUS$ Hunters”: An Investigative Timeline of Leaks and Chaos
  
  
• Flashpoint
  Scattered Spider: A Threat Profile
  
  
• G Data Software
  JustAskJacky: AI causes a Trojan Horse Comeback
  
  
• Azizbek Khakimov and Anton Fomin at Group-IB
  Exposing Investment Scams: AI Trading, Deepfake & Online Fraud
  
  
• Hunt IO
  ERMAC V3.0 Banking Trojan: Full Source Code Leak and Infrastructure Analysis
  
  
• Harlan Carvey and Lindsey O’Donnell-Welch at Huntress
  Kawabunga, Dude, You’ve Been Ransomed!
  
  
• Infoblox
  Inside the Robot: Deconstructing VexTrio’s Affiliate Advertising Platform
  
  
• Jeffrey Bellny at CatchingPhish
  • Phishing Simulation, but without the Simulation
  • Huggable Hoax: The Curious Case of an AI Panda
    
    
• Adam Goss at Kraven Security
  Structured Analytic Techniques: How to Analyze Threat Intelligence
  
  
• kyjonin
  Deception Technology – Proactive Session Token Theft Detection
  
  
• Ray Fernandez at Moonlock
  Fake ads for Tesla Optimus robots are phishing for user data
  
  
• Nasreddine Bencherchali
  • Echo Chambers — Feedback Loops in Detection Engineering
  • The Fragile Balance: Assumptions, Tuning, and Telemetry Limits In Detection Engineering
    
    
• Eugenio Benincasa at Natto Thoughts
  Few and Far Between: During China’s Red Hacker Era, Patriotic Hacktivism Was Widespread—Talent Was Not
  
  
• NetSPI
  • We Know What You Did (in Azure) Last Summer
  • Assessing the True Business Impact of a Malicious Connected App
    
    
• Nimantha Deshappriya
  From Colombo to Pyongyang
  
  
• Efstratios Lontzetidis at NVISO Labs
  Shedding Light on PoisonSeed’s Phishing Kit
  
  
• Oleg Skulkin at ‘Know Your Adversary’
  • 223. Akira Abuses Wbadmin to Obtain a Copy of NTDS.dit
  • 224. Another Tool for Data Exfiltration: Restic
  • 225. MucorAgent Uses Component Object Model Hijacking for Persistence
  • 226. That’s How Adversaries Extract Credentials From Registry
  • 227. Ransomware Gangs Patch System DLL to Enable Multiple Simultaneous RDP Connections
  • 228. That’s How Adversaries Abuse WMI for Discovery
    
    
• OSINT Team
  • How to Actually Leverage the MITRE ATT&CK Framework in Security Operations
  • Threat Hunting As a Culture: Turning Proactive into Routine
  • The Ransomware Evolution: From Floppies to Decentralized Extortion Empires
  • Episode 2: Brute Force Attacks — When Hackers Keep Knocking Until the Door Opens
  • Episode 3 — Riding the Session Wave: Understanding Session Hijacking
    
    
• Kristopher Russo at Palo Alto Networks
  Muddled Libra’s Strike Teams: Amalgamated Evil
  
  
• Aditya Vats at Permiso
  ITDR and Authentication Security: Why Traditional Identity Defense Falls Short in 2025
  
  
• Picus Security
  • LameHug: The First Publicly Documented Case of a Malware Integrating a LLM
  • UNC3886 Tactics, Techniques, and Procedures (TTPs): Full Technical Breakdown
  • Raspberry Robin Malware in 2025: From USB Worm to Elite Initial Access Broker
  • RingReaper Linux Malware: EDR Evasion Tactics and Technical Analysis
    
    
• Proofpoint
  Don’t Phish-let Me Down: FIDO Authentication Downgrade
  
  
• Luke Jennings at Push Security
  How attackers are using Active Directory Federation Services to phish with legit office.com links
  
  
• Watson Brown at Recon Infosec
  Mastering Threat Hunting Operations: A Deep Dive into Recon InfoSec’s Approach
  
  
• Resecurity
  Blue Locker’ Analysis: Ransomware Targeting Oil & Gas Sector in Pakistan
  
  
• Reverse Engineering
  It’s the certificates, stupid!
  
  
• S2W Lab
  Ransomware Landscape in H1 2025: Statistics and Key Issues
  
  
• Sandfly Security
  Leaked North Korean Linux Stealth Rootkit Analysis
  
  
• SANS Internet Storm Center
  • Google Paid Ads for Fake Tesla Websites, (Sun, Aug 10th)
  • CVE-2017-11882 Will Never Die, (Wed, Aug 13th)
  • AI and Faster Attack Analysis [Guest Diary], (Wed, Aug 13th)
  • SNI5GECT: Sniffing and Injecting 5G Traffic Without Rogue Base Stations, (Thu, Aug 14th)
    
    
• Olga Altukhova at Securelist
  New trends in phishing and scams: how AI and social media are changing the game
  
  
• Shantaciak
  Flagged and Loaded: Spotting PowerShell Abuse
  
  
• Simone Kraus
  • STASI Methodologies, Psychological Effects, and Ethical Review of Torvald Ask and Modern…
  • Updated UAC-0099 Toolkit: MATCHBOIL, MATCHWOK, DRAGSTARE
  • Punishment System for Gangstalking under U.S. and German Law
  • Technical Analysis of SAP Exploit Script (Visual Composer “Metadata Uploader” Exploit)…
    
    
• SOCRadar
  Dark Web Profile: Void Blizzard
  
  
• Splunk
  • Detecting Suspicious ESXi Activity Before Ransomware Happens | Splunk
  • Picture Paints a Thousand Codes: Dissecting Image-Based Steganography in a .NET (Quasar) RAT Loader | Splunk
    
    
• Evelyne Diaz Araque at Stairwell
  RedDirection: A YARA Rule to Detect its Artifacts
  
  
• Trellix
  • Exposing PathWiper: DCOM Abuse and Network Erasure
  • A Comprehensive Analysis of HijackLoader and its Infection Chain
    
    
• Trend Micro
  • New Ransomware Charon Uses Earth Baxia APT Techniques to Target Enterprises
  • Crypto24 Ransomware Group Blends Legitimate Tools with Custom Malware for Stealth Attacks
    
    
• Trustwave SpiderLabs
  • When Hackers Call: Social Engineering, Abusing Brave Support, and EncryptHub’s Expanding Arsenal
  • How Researchers Collect Indicators of Compromise
    
    
• Jacob Baines at VulnCheck
  ScriptCase – Hunt It, Exploit It, Defend It
  
  
• WeLiveSecurity
  Update WinRAR tools now: RomCom and others exploiting zero-day vulnerability
  
  
• Zero Salarium
  Windows Process Command Line Spoofing Through Symbolic Link
  

UPCOMING EVENTS

• Black Hills Information Security
  BHIS – Talkin’ Bout [infosec] News 2025-08-18 #livestream #infosec #infosecnews
  
  
• Magnet Forensics
  • Bridging the gap between DF and IR with new capabilities in Magnet Axiom Cyber
  • Introduction to Magnet Verify
    
    
• Paraben Corporation
  Using Zandra AI in Incident Response
  

PRESENTATIONS/PODCASTS

• Behind the Binary by Google Cloud Security
  EP13 Beyond the Bug: Scaling Bug Bounty Programs & Launching a Cyber Startup with Dr. Jared DeMott
  
  
• Belkasoft
  Infrared Imagery: Common Misinterpretations | Marco Fontani
  
  
• Chris Sienko at the Cyber Work podcast
  Why Hackers Are Stealing Encrypted Data Now To Decrypt Later | David Close
  
  
• Cloud Security Podcast by Google
  EP238 Google Lessons for Using AI Agents for Securing Our Enterprise
  
  
• Cyber Social Hub
  Criminal AI: What Investigators Need to Know Before It’s Too Late
  
  
• Dr Josh Stroschein
  🎙️NEW episode of Behind the Binary: Jared DeMott on Bug Bounties & Launching a Cybersecurity Startup
  
  
• Endace
  Packet Forensic Files – Ep 62 Jessica Oppenheimer – Cisco
  
  
• FIRST
  FIRSTCON25
  
  
• Huntress
  • $500K for ‘Yukari’ — Then Breach Forums Vanished | Tradecraft Tuesday
  • SOC Walkthrough: The Anatomy of a VPN Compromise | Huntress
    
    
• InfoSec_Bret
  SA – SOC127-235 – SQL Injection Detected
  
  
• John Hammond
  Bloodhound now maps EVERYTHING
  
  
• Magnet Forensics
  AI Unpacked #4: AI in media forensics – Looking toward the future of investigations
  
  
• MSAB
  #MSABMonday – Hash Tree Builder Part 3
  
  
• MyDFIR
  What I’d Focus On If I Had 90 Days to Become a SOC Analyst
  
  
• Paraben Corporation
  Using the InvestiGator AI Tool
  
  
• Parsing the Truth: One Byte at a Time
  Casey Anthony: Different tool – Different story
  
  
• Proofpoint
  Phish, Chips & Voldemort: Inside China’s Cyber Targeting of Taiwan
  
  
• SANS
  SANS DFIR Summit 2025
  
  
• Sumuri
  New and Improved RECON ITR Latest Imaging
  
  
• The Cyber Mentor
  Intro to PowerShell in Under 30 Minutes!
  
  
• The Weekly Purple Team
  🔐 Certify 2.0 & ADCS Certificate Escalations (ESC1–ESC3)
  
  
• Three Buddy Problem
  On AI’s future, security’s failures, and what comes next…
  

MALWARE

• ASEC
  • Distribution of SmartLoader Malware via Github Repository Disguised as a Legitimate Project
  • Detecting Malware Exploiting Linux PAM through AhnLab EDR
  • Proxyware Malware Being Distributed on YouTube Video Download Site
  • July 2025 Trends Report on Phishing Emails
    
    
• Gilad Sharabi and Yazan Khalaf at AWS Security
  Malware analysis on AWS: Setting up a secure environment
  
  
• Erik Hjelmvik at Erik Hjelmvik at Netresec
  PureRAT = ResolverRAT = PureHVNC
  
  
• Elad Damari  at Fortinet
  From ClickFix to Command: A Full PowerShell Attack Chain
  
  
• Nicole Fishbein at Intezer
  Threat Bulletin: Fire in the Woods – A New Variant of FireWood
  
  
• Yuma Masubuchi at JPCERT/CC
  CrossC2 Expanding Cobalt Strike Beacon to Cross-Platform Attacks
  
  
• Lauren Che and Zong-Yu Wu at Palo Alto Networks
  A Mega Malware Analysis Tutorial Featuring Donut-Generated Shellcode
  
  
• Guy Barnhart-Magen and Brenton Morris at Profero
  From Drone Strike to File Recovery: Outsmarting a Nation State
  
  
• Pulsedive
  Unpacking KiwiStealer: Diving into BITTER APT’s Malware for File Exfiltration
  
  
• Karlo Zanki at ReversingLabs
  Compromised npm package threatens developer projects
  
  
• Shubho57
  Analysis of a shell script leads to Mirai Botnet
  
  
• Puja Srivastava at Sucuri
  Malicious JavaScript Injects Fullscreen Iframe On a WordPress Website
  
  
• ThreatFabric
  PhantomCard: New NFC-driven Android malware emerging in Brazil 🇧🇷
  
  
• Bernardo.Quintero at VirusTotal
  Code Insight Expands to Uncover Risks Across the Software Supply Chain
  
  
• István Márton at Wordfence
  40,000 WordPress Sites Affected by Arbitrary File Read Vulnerability in UiCore Elements WordPress Plugin
  
  
• Zhassulan Zhussupov
  • Malware development trick 49: abusing Azure DevOps REST API for covert data channels. Simple C examples.
  • Malware development trick 50: phishing attack using a fake login page with Telegram exfiltration. Simple Javascript example.
    
    
• Шифровальщики-вымогатели The Digest “Crypto-Ransomware”
  BaqiyatLock
  

MISCELLANEOUS

• Brett Shavers
  From Bailiff to Juror #12: How Every Courtroom Role Scores Your DFIR
  
  
• Brett Shavers at DFIR.Training
  • Integrating, Operating, or Marketing?  The Language Divide in DF and IR
  • PSBK Vol. 3 Update: The Casework Book I Wish Existed
    
    
• Craig Ball at ‘Ball in your Court’
  • Still on Dial-Up: Why It’s Time to Retire the Enron Email Corpus
  • Native or Not? Rethinking Public E-Mail Corpora for E-Discovery (Redux, 2013→2025)
    
    
• Damien Lewke
  Your Very Own Cyber-Threat Tutor
  
  
• Josibel Mendoza at DFIR Dominican
  DFIR Jobs Update – 08/11/25
  
  
• Forensic Focus
  • Oxygen Tech Bytes In July 2025
  • Neal Ysart, Co-Founder, The Coalition Of Cyber Investigators
  • Well-Being In Digital Forensics And Policing: Insights From Hannah Bailey
  • Breaking Digital Barriers: Galaxy S25 & Z Flip Fully Supported
  • Digital Forensics Round-Up, August 13 2025
  • Enterprise Turns To AI For Speed And Accuracy In DFIR
    
    
• Magnet Forensics
  Blueprint of an eDiscovery Investigation: Digital forensics and eDiscovery
  
  
• Matthew Plascencia
  Jailbreaking: “Thinking Outside of the Box”
  
  
• Oxygen Forensics
  8 Benefits of Oxygen Remote Explorer for Early Case Assessment and Corporate Matters
  
  
• Patrick Siewert at ‘The Philosophy of DFIR’
  Part 2 of 3: Running A Digital Forensic Business
  
  
• Ryan G. Cox at The Cybersec Café
  Your SOC is not an IT Helpdesk. So Stop Running it like One.
  

SOFTWARE UPDATES

• Digital Sleuth
  winfor-salt v2025.10.4
  
  
• Elcomsoft
  Elcomsoft System Recovery 8.35 adds SRUM support, enhances disk imaging speed
  
  
• Nextron Systems
  • New Capabilities in THOR Lite: Archive Scanning and YARA Forge Integration
  • Announcing the Launch of ASGARD Analysis Cockpit v4.3
    
    
• Obsidian Forensics
  unfurl v2025.08
  
  
• OpenCTI
  6.7.11
  
  
• Passmark Software
  OSForensics V11.1 build 1010 12th August 2025
  
  
• radare2
  6.0.2
  
  
• Security Onion
  Security Onion 2.4.170 now available including JA4, more SOC dashboards, and updated components!
  
  
• Thiago Canozzo Lahr
  uac-3.2.0
  
  
• Xways
  X-Ways Forensics 21.6 Preview 5
  
  
• Yamato Security
  • Hayabusa v3.5.0 – Obon Release
  • suzaku v1.1.0 – Obon Release
    
    
• Yogesh Khatri
  mac_apt 20250814
  

And that’s all for the week! If you think I’ve missed something, or want me to cover something specifically hit me up through the contact page or on the social pipes!