No sponsor this week. If your organisation is interested, head over here to find out more.

As always, thanks to those who give a little back for their support!

FORENSIC ANALYSIS

• Atola Technology
  Master Your Drives with MultiDrive
  
  
• Berla
  Establishing Occupant Actions & Involvement
  
  
• Elcomsoft
  • Choosing the Right Strategy: Cold Boot Forensics vs Live System Analysis
  • Perfect Acquisition With Passcode Unlock for A8/A8X Devices
  • Investigating Windows Registry
    
    
• Forensafe
  iOS Geolocation
  
  
• Jordan Mussman
  Mac Forensics in 2026
  
  
• Mat Fuchs
  From prison drops to battlefields — extracting what drones leave behind
  
  
• Amber Schroader at Paraben Corporation
  Oculus Data Artifacts
  
  
• Timothy Kang at ‘The Digital Detective’
  Apps Leave Traces: Forensic Insights from the Microsoft Store
  

THREAT INTELLIGENCE/HUNTING

• Adam at Hexacorn
  • 1 little known secret of net.exe
  • 1 little known secret of icacls.exe
  • 1 little known secret of CompatTelRunner.exe
  • WinHttpOpen user agents
    
    
• Any.Run
  Emerging Ransomware BQTLock & GREENBLOOD Disrupt Businesses in Minutes 
  
  
• Arctic Wolf
  • 2026 Arctic Wolf Threat Report
  • Update: Arctic Wolf Observes Threat Campaign Targeting BeyondTrust Remote Support Following CVE-2026-1731 PoC Availability
    
    
• Ayelen Torello at AttackIQ
  Emulating the Elusive Cephalus Ransomware
  
  
• Jade Brown at Bitdefender
  No Encryptors, No Problem: The Coinbase Cartel Ransomware Group
  
  
• BlackFog
  BlackFog’s 2025 State of Ransomware Report Reveals 49% Increase in Attacks Year on Year
  
  
• Brian Krebs at ‘Krebs on Security’
  Please Don’t Feed the Scattered Lapsus ShinyHunters
  
  
• CERT EU
  Introducing the CERT-EU Cyber Threat Intelligence Framework
  
  
• CERT-AGID
  • Report riepilogativo sulle tendenze delle campagne malevole analizzate dal CERT-AGID nel 2025
  • Sintesi riepilogativa delle campagne malevole nella settimana del 7 – 13 febbraio
  • Analisi di phishing adattivo. Spoofing e esfiltrazione tramite Telegram
    
    
• Check Point
  • 9th February – Threat Intelligence Report
  • Global Cyber Attacks Rise in January 2026 Amid Increasing Ransomware Activity and Expanding GenAI Risks
    
    
• Nick Biasini, Aaron Boyd, Asheer Malhotra, and Vitor Ventura at Cisco’s Talos
  New threat actor, UAT-9921, leverages VoidLink framework in campaigns
  
  
• CloudSEK
  Inside Gunra RaaS: From Affiliate Recruitment on the Dark Web to Full Technical Dissection of their Locker
  
  
• Cofense
  • Mispadu Phishing Malware Baseline: Delivery Chains, Capabilities, and Common Campaigns
  • Cybercrime Ethos: The Shifting Sands of Medical Neutrality
    
    
• Cyble
  • SMS & OTP Bombing Campaigns: Evolving API Abuse Targeting Multiple Regions
  • When AI Secrets Go Public: The Rising Risk of Exposed ChatGPT API Keys
    
    
• Cyfirma
  Weekly Intelligence Report – 13 February 2026
  
  
• D3Lab
  Olimpiadi Invernali 2026: mappatura degli attacchi cyber della settimana inaugurale
  
  
• Dark Atlas
  The Ransomware Ecosystem: Roles, Tools, and How Modern RaaS Attacks Work
  
  
• Darktrace
  • AI/LLM-Generated Malware Used to Exploit React2Shell
  • CVE-2026-1731: How Darktrace Sees the BeyondTrust Exploitation Wave Unfolding
    
    
• Andy Giron, Tyler Reinecke, and Matt Muir at Datadog Security Labs
  Tech impersonators: ClickFix and MacOS infostealers
  
  
• DCSO CyTec
  Cyber Conflict Briefing Q4 2025
  
  
• Detect FYI
  • Applying Shanon Entropy to SenderDomains via Kusto
  • Detection Satelital DLL SideLoading via MFC — TURLA´S KAZUAR V3
    
    
• Disconinja
  Weekly Threat Infrastructure Investigation(Week5)
  
  
• David Hope at Elastic
  How to OTel: A blueprint for OpenTelemetry adoption
  
  
• Elastic Security Labs
  BADIIS to the Bone: New Insights to a Global SEO Poisoning Campaign
  
  
• Esentire
  Tenant from Hell: Prometei’s Unauthorized Stay in Your Windows Server
  
  
• FalconFeeds
  • The Narrative Illusion: Unmasking 0APT and the Rise of the “Narrative Scammer”
  • The New Insider Threat: Compromised Accounts Masquerading as Employees
  • Global South, Global Threat: Rising Cybercriminal Syndicates in Under-Tracked Regions
  • Threat Actor Genealogy: Mapping the Lineage Between Ransomware Groups, Access Brokers, and Initial Loader Crews
  • The Cyber Cold War 2.0: Mapping Nation-State Influence Through Coordinated Threat Campaigns
    
    
• Flare
  • Inside the Infostealer Arms Race: How Stealer Malware Developers Are Competing to Own the Cybercrime Supply Chain
  • Old-School IRC, New Victims: Inside the Newly Discovered SSHStalker Linux Botnet
  • The macOS Stealer Gold Rush: How Cybercriminals Are Racing to Exploit Apple’s ‘ Ecosystem
  • The Ransomware Franchise Wars: How Falling Payments Are Spawning a New Generation of Cybercrime Cartels
    
    
• Flashpoint
  N-Day Vulnerability Trends: The Shrinking Window of Exposure and the Rise of “Turn-Key” Exploitation
  
  
• Google Cloud Threat Intelligence
  • UNC1069 Targets Cryptocurrency Sector with New Tooling and AI-Enabled Social Engineering
  • Beyond the Battlefield: Threats to the Defense Industrial Base
  • GTIG AI Threat Tracker: Distillation, Experimentation, and (Continued) Integration of AI for Adversarial Use
    
    
• GreyNoise
  • Active Ivanti Exploitation Traced to Single Bulletproof IP—Published IOC Lists Point Elsewhere
  • Reconnaissance Has Begun for the New BeyondTrust RCE (CVE-2026-1731): Here’s What We See So Far
    
    
• GreyNoise Labs
  2026-01-14: The Day the telnet Died
  
  
• Jason Baker at GuidePoint Security
  GRITREP: 0APT and the Victims Who Weren’t
  
  
• Hideaki Ihara at port139
  JPCERT ログ分析トレーニング バージョン2 と Gemini
  
  
• Hornet Security
  Monthly Threat Report Januar 2026
  
  
• Hudson Rock
  • Romania’s Oil Pipeline Operator Hacked: How an Infostealer Infection Paved the Way for Qilin’s Ransomware Attack
  • Killings, Torturing, and Smuggling: How an Infostealer Exposed an ISIS Cell’s XMPP Network
    
    
• Intel 471
  • How Threat Hunting and “Good” Metrics Help The Business
  • Winter Olympics 2026: Hacktivism Surges Ahead of Protests and Suspected Sabotage
    
    
• Jamf
  OpenClaw: The Helpful AI That Could Quietly Become Your Biggest Insider Threat
  
  
• Kota Kino and Yuki Yano at JPCERT/CC
  Multiple Threat Actors Rapidly Exploit React2Shell: A Case Study of Active Compromise
  
  
• Microsoft Security
  Manipulating AI memory for profit: The rise of AI Recommendation Poisoning
  
  
• Michael Gorelik at Morphisec
  Noodlophile Stealer: When Cybercriminals Get a Bit Salty 
  
  
• Eugenio Benincasa at Natto Thoughts
  The Tianfu Cup Returns Under MPS Leadership as AI Takes Center Stage
  
  
• Jan Michael Alcantara at Netskope
  Attackers Weaponize Signed RMM Tools via Zoom, Meet, & Teams Lures
  
  
• Thomas Papaloukas at NVISO Labs
  Capture the Kerberos Flag: Detecting Kerberos Anomalies
  
  
• Oleg Skulkin at ‘Know Your Adversary’
  373. Adversaries Keep Abusing Legitimate Cloud Infrastructure, But You Can Hunt For It!
  
  
• OSINT Team
  • VirusTotal Livehunt Cheat Sheet
  • Lua-JIT SmartLoader: Analyzing the GitHub Campaign Delivering Stealer
  • Dark Web Leak Signals: How SOC Teams Can Detect the Next Ransomware Wave Before It Hits
  • Scattered Spider: Why This Cybercriminal Group Still Matters
  • Axios-Based Account Compromise: When Identity, Trust, and Legitimate Tools Are Weaponized
    
    
• Palo Alto Networks
  • A Peek Into Muddled Libra’s Operational Playbook
  • Nation-State Actors Exploit Notepad++ Supply Chain
  • Phishing on the Edge of the Web and Mobile Using QR Codes
    
    
• Picus Security
  • Picus Red Report 2026 Finds 38% Drop in Ransomware Attacks as Hackers Choose “Silent Residency” Over Destruction
  • MITRE ATT&CK® Framework Beginners Guide
    
    
• Wang Hao, Acey9, Alex.Turing, rootkiter, and WangZhiCheng at Qi’anxin X Lab
  针对飞牛 NAS 的僵尸网络Netdragon 快速分析
  
  
• Alexandra Blia, Maor Weinberger, and Gal Givon at Rapid7
  Carding-as-a-Service: The Underground Market of Stolen Cards
  
  
• Recorded Future
  • From 27 Steps to 5: How Recorded Future Reimagined Threat Hunting with Autonomous Threat Operations
  • State of Security Report | Recorded Future
    
    
• Karlo Zanki at ReversingLabs
  Fake recruiter campaign targets crypto devs
  
  
• SANS Internet Storm Center
  • YARA-X 1.13.0 Release, (Mon, Feb 9th)
  • Quick Howto: Extract URLs from RTF files, (Mon, Feb 9th)
  • Four Seconds to Botnet – Analyzing a Self Propagating SSH Worm with Cryptographically Signed C2 [Guest Diary], (Wed, Feb 11th)
  • WSL in the Malware Ecosystem, (Wed, Feb 11th)
  • AI-Powered Knowledge Graph Generator & APTs, (Thu, Feb 12th)
    
    
• Securelist
  Spam and phishing in 2025
  
  
• Thomas Roccia at SecurityBreak
  SHIELD.md: A Security Standard for OpenClaw and AI Agents
  
  
• Dheeraj Kumar and Sina Chehreghani at Securonix
  Securonix Threat Labs 2025 Annual Autonomous Threat Sweeper Intelligence Insights
  
  
• Silent Push
  Silent Push Traffic Origin Data Combined with Residential Proxy Data Uncovers Suspicious Chinese VPN
  
  
• Liran Tal at Snyk
  How a Malicious Google Skill on ClawHub Tricks Users Into Installing Malware
  
  
• SOCRadar
  Dark Web Profile: The Gentlemen Ransomware
  
  
• Sophos
  Threat Intelligence Executive Report – Volume 2025, Number 6
  
  
• SuspectFile
  • Ransomware attack against Langley Twigg Law: investigation ongoing amid claims by Anubis
  • Assault on Independent Journalism: Unfounded Legal Attacks over the Black Basta Investigation
    
    
• Team Cymru
  • How AI-driven Threat Detection is Reshaping Threat Intelligence
  • Tracking ORBs on Singapore’s Telecommunications Networks
    
    
• The Raven File
  0APT RANSOMWARE: The Real FAKE!
  
  
• Trellix
  • When SPNs Go Rogue: Detection and Remediation with Trellix NDR
  • Dark Web Roast – January 2026 Edition
  • The Bug Report – January 2026 Edition
    
    
• Stephen Hilt at Trend Micro
  Threat Attribution Framework: How TrendAI™ Applies Structure Over Speculation
  
  
• Triskele Labs
  How Threat Actors Regain Access After a Ransomware Attack
  
  
• Mattias Wåhlén, Nicklas Keijser, and Andreas Törnqvist at Truesec
  Detecting Russian Threats to Critical Energy Infrastructure
  
  
• WeLiveSecurity
  Naming and shaming: How ransomware groups tighten the screws on victims
  
  
• Zero Salarium
  Defense Evasion: The Service Run Failed Successfully
  

UPCOMING EVENTS

• Huntress
  • Tradecraft Tuesday | Hiding in Plain Sight – AppDomainManager Injection
  • From Trafficking Victim to Cybercrime Whistleblower
    
    
• Magnet Forensics
  Unlocking workflow efficiencies in video forensics: What’s new in 2026
  
  
• Picus Security
  2026 Malware Trends: Hunting the Digital Parasite
  

PRESENTATIONS/PODCASTS

• Hexordia
  Truth in Data: S2E3: The DF Training Half-Life: Discussing the Importance of Ongoing Training
  
  
• Adversary Universe Podcast
  Interview with a Threat Hunter: Brody Nisbet, Sr. Director of CrowdStrike OverWatch
  
  
• Black Hills Information Security
  BHIS – Talkin’ Bout [infosec] News 2026-02-11
  
  
• Cellebrite
  Tip Tuesday: File System Offsets
  
  
• Cloud Security Podcast by Google
  EP262 Freedom, Responsibility, and the Federated Guardrails: A New Model for Modern Security
  
  
• Cyber from the Frontlines
  Threat Hunting 101
  
  
• FBI
  Ahead of the Threat Podcast: Season 2, Episode 1 — John Hultquist
  
  
• Simply Cyber
  Your Microsoft 365 Tenant Has a Hidden Backdoor (And You Put It There)
  
  
• InfoSec_Bret
  IR – SOC194 – Possible Reverse Shell Detected
  
  
• Magnet Forensics
  • Get smarter searches and faster results with Magnet Review Intelligent Search
  • Smarter mobile investigations: Tools for today’s forensic service providers
    
    
• Microsoft Threat Intelligence Podcast
  Unpacking the Latest Threats Targeting the Financial Services Industry
  
  
• Monolith Forensics
  • Bulk Export COC Reports from a Monolith Case
  • Mastering Forensic Documentation & Reporting
    
    
• MSAB
  #MSABMonday – Capture the Flag Tips Part 1
  
  
• MyDFIR
  Can You Become a SOC Analyst Without a Degree?
  
  
• Parsing the Truth: One Byte at a Time
  Part 2: Printed Emails Aren’t Digital Evidence
  
  
• Permiso Security
  Episode 6 – Can an AI Agent Run a Purple Team Exercise in AWS?
  
  
• Proofpoint
  Snowball Learning: Getting Real About Cybersecurity Training
  
  
• John Hubbard at ‘The Blueprint podcast’
  The 2 AM Call: A Ransomware Negotiator’s Playbook with Wade Gettle
  
  
• The Cyber Mentor
  An Intro to Digital Forensics
  
  
• Three Buddy Problem
  • From Epstein to Notepad++: Redactions, Zero-Days and Supply Chain Attacks
  • Palo Alto and the uncomfortable politics of APT attribution
    

MALWARE

• Tibor Luter at Black Cell
  From Google Redirect to Credential Theft: A Multi-Stage Attack Analysis
  
  
• Cyber Centaurs
  • Unmasking the ClickFix Malvertising Infection Chain part1
  • Deconstructing the ClickFix Infection Chain Part 2 – Loader Obfuscation and Stealth Persistence
    
    
• Doug Metz at Baker Street Forensics
  • Enhancing Malware Analysis with REMnux and AI
  • Streamline Malware Hash Search with FOSSOR
    
    
• Dr Josh Stroschein
  • Wide Character Strings & Intro to Imports | Strings & Imports | Lesson 3
  • Visual Studio Code: Add Developer Command Prompts
    
    
• Xiaopeng Zhang at Fortinet
  Deep Dive into New XWorm Campaign Utilizing Multiple-Themed Phishing Emails
  
  
• Hack & Cheese
  Binary PewPew Map
  
  
• Oren Yomtov and Idan Dardikman at Koi Security
  AgreeToSteal: The First Malicious Outlook Add-In Leads to 4,000 Stolen Credentials
  
  
• Dio at Lab52
  Operation MacroMaze: new APT28 campaign using basic tooling and legit infrastructure
  
  
• Natalie Zargarov at LayerX
  “AiFrame”- Fake AI Assistant Extensions Targeting 260,000 Chrome Users via injected iframes
  
  
• OpenSourceMalware
  XPACK ATTACK: Cryptocurrency Extortion Disguised as NPM Package Monetization
  
  
• Cyd Tseng at OSINT Team
  Malware Analysis: Documento.js
  
  
• Richard Christopher
  Gachiloader pt2
  
  
• Byeongyeol An and Gahyun Choi at S2W Lab
  Inside the Ecosystem, Operations: DragonForce
  
  
• John Tuckner at Secure Annex
  • Worms lurking in code extensions
  • Prompt poaching runs rampant in extensions
    
    
• Pierre Le Bourhis at Sekoia
  OysterLoader Unmasked: The Multi-Stage Evasion Loader
  
  
• Shubho57
  Analysis of GreenBlood Ransomware
  
  
• Kirill Boychenko at Socket
  Malicious Chrome Extension Steals Meta Business Manager Exports and TOTP 2FA Seeds
  
  
• Wietze Beukema
  Trust Me, I’m a Shortcut
  
  
• Шифровальщики-вымогатели The Digest “Crypto-Ransomware”
  Reynolds
  

MISCELLANEOUS

• 0xMatheuZ
  Breaking eBPF Security: How Kernel Rootkits Blind Observability Tools
  
  
• Christopher Eng at Ogmini
  2025 Zeltser Challenge Recap
  
  
• Fabian Bader at Cloudbrothers
  Run XDRInternals as GitHub Action
  
  
• Mike Wilkinson at Cyber Triage
  Computer Forensic Tools Comparison Chart 2026
  
  
• Fabian Mendoza at DFIR Dominican
  DFIR Jobs Update – 02/09/26
  
  
• Forensic Focus
  • James Eichbaum, Founder, Elusive Data
  • SYTECH Delivers Global Digital Forensics Workshop To Inspire The Next Generation
  • UPCOMING WEBINAR – Satisfying The Landeck Ruling With Advanced Search Profiles In ADF Pro
  • Digital Forensics Round-Up, February 11 2026
  • When A School Badge/Logo Is The Only Lead, Manual Identification Is No Longer Good Enough
  • Unmasking SIM Farm Scam Centers With Location Intelligence
  • Endpoint Inspector: Precision Data Collection For The Real World
    
    
• Jeffrey Appel
  How to Secure Microsoft Copilot Studio Agents with Real-Time Protection in Defender
  
  
• Magnet Forensics
  Magnet Forensics and NCMEC: Expanding intelligence sharing to safeguard victims
  
  
• Matthew Plascencia
  Pyenv: Using Multiple Versions of Python on One System
  
  
• Mike at ØSecurity
  • Plaso for Windows Part 2
  • Plaso for Windows Part 3
    
    
• OSINT Team
  Blue Team Level 1 (BTL1) Review
  
  
• Permiso
  Can an AI Agent Run a Purple Team Exercise?
  
  
• Red Canary
  • Take back control: A modern guide to mastering application control
  • A masterclass in AI security operations
    
    
• Siddhant Mishra
  What Nobody Teaches You About Detection Engineering
  
  
• Steve Whalen at Sumuri
  Buying Your First Forensic Workstation: What Actually Matters
  
  
• Sean Metcalf at TrustedSec
  Securing Entra ID Administration: Tier 0
  

SOFTWARE UPDATES

• Arkime
  v6.0.0-rc2
  
  
• Arsenal
  Swap Recon v1.0.0.16
  
  
• CyberChef
  v10.22.1
  
  
• Digital Detective
  NetAnalysis® v4.2 and HstEx® v6.2 – Expanded Chrome, Firefox, Edge and Safari Support
  
  
• Digital Sleuth
  winfor-salt v2026.1.12
  
  
• Elcomsoft
  iOS Forensic Toolkit 9.0: full unlocking and perfect acquisition support for iPhone 6/6 Plus and other Apple A8/A8X devices
  
  
• Google
  Timesketch 20260209
  
  
• Lenny Zeltser
  REMnux v8: 15 Years of Building a Malware Analysis Toolkit
  
  
• OpenCTI
  6.9.17
  
  
• Stephen Fisher
  BSOD_bitlocker_recover
  
  
• WithSecure Labs
  Chainsaw v2.14.1
  
  
• Xways
  • X-Ways Forensics 21.6 SR-6
  • X-Ways Forensics 21.7 Beta 5
    
    
• Yamato Security
  WELA 2.1.0 – Winter Release
  
  
• Yogesh Khatri
  mac_apt 20260211
  

And that’s all for the week! If you think I’ve missed something, or want me to cover something specifically hit me up through the contact page or on the social pipes!