Belkasoft X v2.10 Is Here—With Smarter AI Assistant – BelkaGPT now holds context—ask follow-up questions without restating your query – Import Magnet Axiom (.mfdb) cases directly for AI analysis – Similar face search and grouping across pictures, no external tools needed – Timestamped transcriptions in audio and video help pin statements to exact moments  Request your trial of Belkasoft X with BelkaGPT today

Sponsored by Belkasoft

As always, thanks to those who give a little back for their support!

FORENSIC ANALYSIS

• Adam at Hexacorn
  ShimBad the Sailor, Part 3
  
  
• Berla
  Analyzing Driver Behavior Using Vehicle Data
  
  
• Christopher Eng at Ogmini
  Magnet Virtual Summit 2026 CTF – AAR Cipher Challenges
  
  
• Craig Ball at ‘Ball in your Court’
  Detecting Deep Fakes
  
  
• Detect FYI
  Introducing AppsIndex.db: New Windows 11 Artifact for Tracking Start Menu Application Execution
  
  
• Oleg Afonin at Elcomsoft
  USB Device Forensics on Windows 10 and 11
  
  
• Forensafe
  Apple Maps
  
  
• Haider at HK_Dig4nsics
  Clonezilla as a Forensic Imaging Tool
  
  
• Howard Oakley at ‘The Eclectic Light Company’
  Investigate a past event in the log
  
  
• The DFIR Report
  Apache ActiveMQ Exploit Leads to LockBit Ransomware
  
  
• Alessandro Gario at Trail of Bits
  mquire: Linux memory forensics without external dependencies
  

THREAT INTELLIGENCE/HUNTING

• ACSC
  Exploitation of Cisco SD-WAN appliances
  
  
• Kyle Lefton at Akamai
  Zerobot Malware Targets n8n Automation Platform
  
  
• Annex Security
  • Pixel Perfect: Sold Extension Injects Code Through Pixel
  • Promise Bomb crashes browsers to install malware
    
    
• ASEC
  January 2026 Threat Trend Report on APT Attacks (South Korea)
  
  
• Francis Guibernau at AttackIQ
  Emulating the Mutative BlackByte Ransomware
  
  
• Bishop Fox
  Introducing CloudFox GCP: Attack Path Identification for Google Cloud
  
  
• Wendy McCague at BlackFog
  Steaelite RAT Enables Double Extortion Attacks from a Single Panel
  
  
• Brad Duncan at Malware Traffic Analysis
  2026-02-28: Traffic Analysis Exercise – Easy as 123
  
  
• Brian Krebs at ‘Krebs on Security’
  Who is the Kimwolf Botmaster “Dort”?
  
  
• Gavin Knapp, Joshua Penny and Yashraj Solanki at Bridewell
  Intelligence Insights: Jan 2026
  
  
• CERT-AGID
  Sintesi riepilogativa delle campagne malevole nella settimana del 21 – 27 febbraio
  
  
• Chainalysis
  Total Ransomware Payments Stagnate for Second Consecutive Year, While Attacks Escalate
  
  
• Check Point
  • 23rd February – Threat Intelligence Report
  • 2025: The Untold Stories of Check Point Research
  • Caught in the Hook: RCE and API Token Exfiltration Through Claude Code Project Files | CVE-2025-59536 | CVE-2026-21852
    
    
• Cisco’s Talos
  • New Dohdoor malware campaign targets education and health care
  • Active exploitation of Cisco Catalyst SD-WAN by UAT-8616
    
    
• Bashyam Anant and Himanshu Anand at Cloudflare
  Toxic combinations: when small signals add up to a security incident
  
  
• Cofense
  • PII Pillage: How Attackers Use BitPanda to Plunder Credentials
  • Punchbowl Phishing Attack Explained: How Digital Invites Are Used to Steal Credentials
  • Abusing Windows File Explorer and WebDAV for Malware Delivery
    
    
• Confiant
  Disrupting 59M Malicious Impressions: Inside D-Shortiez Testing Infrastructure and Campaign Management
  
  
• CrowdStrike
  • CrowdStrike 2026 Global Threat Report: The Evasive Adversary Wields AI
  • The Art of Deception: How Threat Actors Master Typosquatting Campaigns to Bypass Detection
    
    
• Ctrl-Alt-Int3l
  Diesel Vortex: Exploring connections to Russian LLCs
  
  
• CyberBoo
  Microsoft Defender for Endpoint Part 10: Threat Analytics & Intelligence
  
  
• Cybersec Sentinel
  • UnsolicitedBooker Deploys MarsSnake Against Telecom Providers
  • What Is Moonrise RAT and Why It Poses a Serious Risk
    
    
• Cyble
  SURXRAT: From ArsinkRAT roots to LLM Module Downloads Signaling Capability Expansion
  
  
• Cyfirma
  Weekly Intelligence Report – 27 February 2026
  
  
• Darktrace
  What the Darktrace Annual Threat Report 2026 Means for Security Leaders
  
  
• Martin McCloskey at Datadog Security Labs
  Hook, line, and vault: A technical deep dive into the 1Phish kit
  
  
• Alex Teixeira at Detect FYI
  Whose endpoint is this… kali?!
  
  
• Disconinja
  Weekly Threat Infrastructure Investigation(Week7)
  
  
• Dzianis Skliar
  How Domain Enumeration, Content Discovery, Leaked Secrets, and Service URLs Converge into…
  
  
• Elastic Security Labs
  • Beyond Behaviors: AI-Augmented Detection Engineering with ES|QL COMPLETION
  • Make The Most of Network Firewall Logs with Elastic Security
    
    
• Erik Hjelmvik at Netresec
  CISA mixup of IOC domains
  
  
• Diana Wright at Esentire
  How Cybercriminals Customized Attacks for Five Industries in 2025
  
  
• Jotte Sonneveld and Jacob Virsilas at Eye Research
  Ghosts in the Cloud: Hijacking Orphaned Azure Blob Storage
  
  
• Bharti Goel at F5 Labs
  The Ghost in the Shell: Why Agentic AI is a Corporate Security Nightmare
  
  
• FalconFeeds
  • Leaking for Leverage: The Strategic Timing of Data Leaks to Influence Political Agendas
  • Digital Embargoes: Can Cyber Sanctions Deter State-Backed Threat Actors?
    
    
• Flashpoint
  Understanding the DarkCloud Infostealer
  
  
• Genians
  Chronology of MuddyWater APT Attacks Targeting the Middle East
  
  
• Google Cloud Threat Intelligence
  Exposing the Undercurrent: Disrupting the GRIDTIDE Global Cyber Espionage Campaign
  
  
• GreyNoise
  • 2026 GreyNoise State of the Edge Report: Where Attacks Concentrate and Defenses Fall Short
  • Active Reconnaissance Campaign Targets SonicWall Firewalls Through Commercial Proxy Infrastructure
    
    
• GreyNoise Labs
  • GreyNoise Labs Weekly OAST (Well-known Out-of-band Interaction Domains) Report • Week Ending 2026-02-20
  • What’s That String? That Time a Weird String Revealed a Whole Operation
    
    
• Vlada Govorova and Hans Figueroa at Group-IB
  GTFire Phishing Scheme: Avoiding Detection Using Google Services
  
  
• HP Wolf Security
  Reviewing Zero-day Vulnerabilities Exploited in Malware Campaigns in 2025
  
  
• Hunt & Hackett
  Most cyber incidents not caused by innovative attacks, but overdue maintenance
  
  
• Infoblox
  Abusing .arpa: The TLD That Isn’t Supposed to Host Anything
  
  
• Manuel Feifel at InfoGuard Labs
  Abusing Cortex XDR Live Terminal as a C2
  
  
• Intrinsec
  CERT Intrinsec Incidents Report 2025
  
  
• Invictus Incident Response
  The Consent Epidemic: OAuth Risk in Microsoft Entra
  
  
• Kirtar Oza
  The Double Agent(Dhurandhar): A Red Team Exercise in AI Supply Chain Compromise
  
  
• Bert-Jan Pals at KQL Query
  [DxBP] Part 1 – Technical Detection Engineering Best Practices
  
  
• Microsoft Security
  • Developer-targeting campaign using malicious Next.js repositories
  • Threat modeling AI applications
    
    
• Natto Thoughts
  China’s National Research Center for Information Technology Security: Is It Part of the PLA Cyberspace Force?
  
  
• Oleg Skulkin at ‘Know Your Adversary’
  • 377. Adversaries Continue to Add Employee Monitoring Tools to Their Arsenal
  • 378. Hunting for APT37: Zoho WorkDrive Abuse
    
    
• Adithya Vellal at Petra Security
  When Users Receive An Email From Themselves… But They Didn’t Send It
  
  
• Sıla Özeren Hacıoğlu at Picus Security
  • T1219 Remote Access Tools Technique Explained
  • T1497.003 Time Based Checks in MITRE ATT&CK Explained
  • T1497.002 User Activity Based Checks in MITRE ATT&CK Explained
  • T1497.003 Time Based Checks in MITRE ATT&CK Explained
  • T1497.001 System Checks in MITRE ATT&CK Explained
  • T1497.002 User Activity Based Checks in MITRE ATT&CK Explained
  • T1497.001 System Checks in MITRE ATT&CK Explained
  • RESURGE Malware Exploits Ivanti Connect Secure CVE-2025-0282 Vulnerability
    
    
• Positive Technologies
  Positive Technologies discovers unique tools of APT group targeting telecom companies in the CIS countries
  
  
• Alex.Turing and Acey9 at Qi’anxin X Lab
  围剿FUNNULL黑产：深度揭秘RingH23与MacCMS投毒攻击链
  
  
• Recorded Future
  • Preparing for Russia’s New Generation Warfare in Europe
  • January 2026 CVE Landscape: 23 Critical Vulnerabilities Mark 5% Increase, APT28 Exploits Microsoft Office Zero-Day
    
    
• Red Canary
  • ChatGPT in your inbox? Investigating Entra apps that request unexpected permissions
  • The million-dollar front door and the tailgater: Why strong auth could fail at SaaS session integrity
    
    
• Jon Seland and Aditya Ganjam Mahesh at S-RM
  Cyber threat advisory: Mimecast Portal leveraged in BEC attacks
  
  
• SANS Internet Storm Center
  • Another day, another malicious JPEG, (Mon, Feb 23rd)
  • Open Redirects: A Forgotten Vulnerability?, (Tue, Feb 24th)
  • Finding Signal in the Noise: Lessons Learned Running a Honeypot with AI Assistance [Guest Diary], (Tue, Feb 24th)
  • The CLAIR Model: A Synthesized Conceptual Framework for Mapping Critical Infrastructure Interdependencies [Guest Diary], (Wed, Feb 25th)
  • Fake Fedex Email Delivers Donuts!, (Fri, Feb 27th)
    
    
• Securonix
  Securonix Threat Labs Monthly Intelligence Insights | January 2026
  
  
• SentinelOne
  SentinelOne Intelligence Brief: Iranian Cyber Activity Outlook
  
  
• Silent Push
  The Investigative Gap: Why Forensic Context is the SOC’s Greatest Bottleneck
  
  
• SOCRadar
  Dark Web Profile: Andariel
  
  
• Sophos
  • The Active Adversary Report: Safety in numbers
  • Nowhere, man: The 2026 Active Adversary Report
    
    
• SuspectFile
  • Ransomware Attack on Langley Twigg Law: Updates, Official Statements and Reconstruction of Events According to Anubis
  • Doubts Over Bashe’s Claims: Technical Analysis and Open Questions
    
    
• Symantec Enterprise
  North Korean Lazarus Group Now Working With Medusa Ransomware
  
  
• Crystal Morin at Sysdig
  LLMjacking: From Emerging Threat to Black Market Reality
  
  
• System Weakness
  • Windows Event Logs
  • Day 95: MITRE ATT&CK
    
    
• Ron Popov at Tenable
  New Malicious npm Package “ambar-src” Targets Developers with Open Source Malware
  
  
• Trend Micro
  • From LinkedIn to Tailored Attack in 30 Minutes: How AI Accelerates Target Profiling for Cybercrime
  • From Holiday Snap to Custom Scam in 30 Minutes: How AI Turns Public Photos Into Targeted Attacks
  • The Industrialization of Botnets: Automation and Scale as a New Threat Infrastructure
    
    
• Carlos Perez at TrustedSec
  Building a Detection Foundation: Part 1 – The Single-Source Problem
  
  
• Daniel Kelley at Varonis
  1Campaign: A New Cloaking Platform Helping Attackers Abuse Google Ads
  
  
• VMRay
  Hydra Saiga: Covert Espionage and Infiltration of Critical Utilities
  
  
• Блог Solar 4RAYS
  Ландшафт вредоносных атак: аналитика с сенсоров в 4-м квартале + полный 2025 год
  

UPCOMING EVENTS

• Black Hills Information Security
  • Talkin’ Bout [infosec] News 2026-03-02 #infosec #news
  • Breach Assessment – The Curious Case of the Comburglar w/ Troy Wojewoda
  • Intro to PAMSkeletonKey for Persistence w/ Ben Bowman
    
    
• Silent Push
  Workshop: Beyond the A Record: Practical DNS Pivoting
  
  
• Skill Stream
  AWS PrivEsc Attacks & Defense
  

PRESENTATIONS/PODCASTS

• Hexordia
  Truth in Data: S2EP4: Rebooting Justice: Re-examining Digital Evidence in Cold Cases
  
  
• Adversary Universe Podcast
  Speed, Stealth, and AI: The CrowdStrike 2026 Global Threat Report
  
  
• Archan Choudhury at BlackPerl
  Malicious Process Execution Triage- Splunk & EDR | Demo for Incident Response Course
  
  
• Ayush Anand
  Pre Ransomware Discovery Detection with Sigma (Elastic Demo) – Part 1
  
  
• Black Hat
  • Black Hat USA 2025 | Autonomous Timeline Analysis and Threat Hunting: An AI Agent for Timesketch
  • Black Hat USA 2025 | FACADE: High-Precision Insider Threat Detection Using Contrastive Learning
    
    
• Black Hills Information Security
  Talkin’ Bout [infosec] News 2026-02-23 #infosec #news
  
  
• BlueMonkey 4n6
  Magnet Virtual Summit – Capture The Flag – Feb 2026 – Cipher
  
  
• Cellebrite
  Tip Tuesday: Password Setting.mp4
  
  
• Cloud Security Podcast by Google
  EP264 Measuring Your (Agentic) SOC: Two Security Leaders Walk into a Podcast
  
  
• Dr Josh Stroschein
  • Implementing & Detecting XOR Obfuscation | Strings & Imports | Lesson 5
  • Stack Traces in ProcMon – Filtering Events, Exploring DLL Dependencies, and Investigating Call Sites
    
    
• FBI
  Ahead of the Threat Podcast: Season 2, Episode 2 — John Hammond
  
  
• Frank Victory
  DFIR 8 1 Memory Forensics Memory wcry
  
  
• Huntress
  What We’ve Learned From Protecting 4M Endpoints & 9M Identities
  
  
• InfoSec_Bret
  Challenge – Silent Update
  
  
• JPCERT/CC
  JSAC2026 -Day 2-
  
  
• Monolith Forensics
  • Create a New QA Entry in Monolith
  • How Your Digital Forensics Tools are Engineered & Why it Matters
    
    
• MSAB
  #MSABMonday – Capture the Flag Tips Part 3
  
  
• MyDFIR
  SOC Analyst Full Compromise Investigation | MYDFIR SOC Community
  
  
• Cerbero
  Memory Challenge 17: Recollection
  
  
• Off By One Security
  What Vector Embeddings Actually Are: Intuition to Reality
  
  
• Parsing The Truth: One Byte at a Time Podcast
  S1 E41: Karen Read 2024 Trial Series Introduction
  
  
• Proofpoint
  AI as a Tool, Not a Replacement: Malware Research in the Age of LLMs
  
  
• Team Cymru
  • Tokio Marine HCC’s Alex Bovicelli on the SMB Ransomware Wave the Industry Isn’t Talking About
  • The Long Game and the Laptop Farm
    
    
• THE Security Insights Show
  The “AI” Security Insights Show Episode 285 – Edward does his homework, lessons learned via MCP. Well sort of…!
  
  
• Three Buddy Problem
  War in Iran, Anthropic v Pentagon, Trenchant zero-day sanctions, AI stock market shocks
  

MALWARE

• Any.Run
  Moonrise RAT: A New Low-Detection Threat with High-Cost Consequences
  
  
• John Hammond at Black Hills Information Security, Inc.
  Malware Analysis: How to Analyze and Understand Malware
  
  
• CISA
  MAR-25993211-r1.v2 Ivanti Connect Secure (RESURGE)
  
  
• Ariel Davidpur at Fortinet
  Unmasking Agent Tesla: A Deep Dive into a Multi-Stage Campaign
  
  
• Karsten Hahn and John Dador at G Data Software
  Free Games, Costly Consequences
  
  
• Lab52
  PlugX Meeting Invitation via MSBuild and GDATA
  
  
• Ariel Davidpur at Malwarebytes
  Fake Huorong security site infects users with ValleyRAT
  
  
• ReversingLabs
  • Malicious NuGet package targets Stripe
  • Inside the NuGet hackers’ toolset
    
    
• John Tuckner at Secure Annex
  • Promise Bomb is a new Crashfix variant
  • Pixel Perfect: Sold Extension Injects Code Through Pixel
    
    
• Securite360
  OPSEC on a Budget: What BadAudio Reveals About APT24
  
  
• Shubho57
  • Analysis of Reynolds Ransomware Group
  • Analysis of a script file (SystemBC Botnet)
    
    
• Socket
  • Four Malicious NuGet Packages Target ASP.NET Developers With JIT Hooking and Credential Exfiltration
  • Malicious Go “crypto” Module Steals Passwords and Deploys Rekoobe Backdoor
  • StegaBin: 26 Malicious npm Packages Use Pastebin Steganography to Deploy Multi-Stage Credential Stealer
    
    
• Alfredo Oliveira, Buddy Tancio, David Fiser, Philippe Lin, and Roel Reyes at Trend Micro
  Malicious OpenClaw Skills Used to Distribute Atomic macOS Stealer
  
  
• Zhassulan Zhussupov
  MacOS malware persistence 4: AutoLaunched Applications. Simple C example
  
  
• Seongsu Park at ZScaler
  APT37 Adds New Capabilities for Air-Gapped Networks
  

MISCELLANEOUS

• Cyber Triage
  Computer Forensic Tools Comparison 2026: Scoring the 9 Top Tools
  
  
• Fabian Mendoza at DFIR Dominican
  DFIR Jobs Update – 02/23/26
  
  
• Forensic Focus
  • As AI And Cloud Evidence Redefine Digital Investigations, Thousands Gather For Magnet Virtual Summit
  • Belkasoft X Introduces Advanced Facial Recognition Capability To Accelerate Digital Evidence Review
  • Satisfying The Landeck Ruling With Advanced Search Profiles In ADF Pro
  • Back To Myrtle Beach: Techno East 2026 Returns To The Core Of DFIR
  • Cellebrite’s 2026 Industry Trends Report Reveals Smartphones As The Leading Source Of Digital Evidence In Investigations At 97%
  • Digital Forensics Round-Up, February 25 2026
  • Video Redaction Made Easy And Safe With Amped Replay
  • Passware Kit Mobile 2026 v2 Decrypts Samsung S21/S20 Series
    
    
• Adam Goss at Kraven Security
  From IT to SOC to CTI Analyst: The 3-Stage Career Roadmap and Mindset Shifts
  
  
• Magnet Forensics
  • As AI and cloud evidence redefine digital investigations, thousands gather for Magnet Virtual Summit 2026
  • Proving what’s real in a synthetic world
  • Highlights from Magnet Virtual Summit 2026
    
    
• Siddhant Mishra
  To AI or Not to AI in Your SIEM?
  

SOFTWARE UPDATES

• Acquired Security
  Forensic Timeliner v2.3
  
  
• Arkime
  v6.0.0-rc4: rc4 [skip ci] (#3741)
  
  
• Canadian Centre for Cyber Security
  Assemblyline v4.7.1.stable4
  
  
• Costas K
  LNK & Jumplist Browser
  
  
• Digital Sleuth
  winfor-salt v2026.2.2
  
  
• Foxton Forensics
  Browser History Examiner — Version History – Version 1.23.1
  
  
• Metaspike
  Forensic Email Collector (FEC) Changelog – 4.4.725.1147
  
  
• North Loop Consulting
  Arsenic v3.0
  
  
• OpenCTI
  7.260227.0
  
  
• Passware
  Passware Kit Mobile 2026 v2 Now Available
  
  
• Phil Harvey
  ExifTool 13.52
  
  
• Rio Asmara Suryadi
  MFT Reader — Forensic $MFT Analysis
  
  
• Ulf Frisk
  MemProcFS Version 5.17
  
  
• Xways
  • Viewer Component
  • X-Ways Forensics 21.8 Preview
    
    
• Yamato Security
  Hayabusa v3.8.1 – Spring Hayfever Release
  

And that’s all for the week! If you think I’ve missed something, or want me to cover something specifically hit me up through the contact page or on the social pipes!