| Stop scaling headcount. Scale your SecOps. Most security teams don’t have a talent problem, they have a noise problem. Material Security unifies your cloud workspace, providing detection and response across email, files, and accounts. From automating phishing remediation to revoking risky OAuth permissions and auditing file shares, we eliminate manual toil. Stop fighting fragmented consoles. Simplify your workspace security with Material. |
| Sponsored by Material Security |
As always, thanks to those who give a little back for their support!
Forensic Analysis
-
Martino Jerian at Amped
Fifty Shades of Fake: Deepfakes, AI Enhancement, and Media Authenticity -
Andrew Garrett
What is a File Hash? -
CERT-Wavestone
StormCell : Quand la Blue Team passe à l’échelle en réponse à incident -
Dr. Neal Krawetz at ‘The Hacker Factor Blog’
Reversing SynthID -
Oleg Afonin at Elcomsoft
Low-Level Extraction for iOS 17 and 18 -
Forensafe
-
InfoSec Write-ups
[13Cubed] Chaos at Cobalt Challenge — Investigating Windows Endpoint -
North Loop Consulting
Full Physical .BIN file on the Autel KM100e… now what?
Threat hunting/threat intelligence
-
Aaron Orchard, Callie Baron, and Piotr Wojtyla at Abnormal AI
How ATHR Automates the Full TOAD Attack Chain with AI -
Any.Run
-
Nadir Izrael at Armis
Nation-State Attacks Hit Machine Speed: Key Takeaways of the 2026 Armis Cyberwarfare Report and What it Means for Security Teams -
ASEC
- Q1 2026 malware statistics report for Windows web servers
- Q1 2026 Malware Statistics Report for Linux SSH Servers
- Q1 2026 Malware Statistics Report for Windows Database Servers
- March 2026 Dark Web Issue Trends Report
- March 2026 Dark Web Threat Actor Trends Report
- March 2026 Dark Web Breach Trends Report
- March 2026 Ransomware Trends Report
- March 2026 Threat Trend Report on APT Groups
-
AttackIQ
-
Axel Z at Victory Road
Fragmentation and Blackout: How War Is Reshaping Iran’s Cyber Operations -
Ayelen Torello at AttackIQ
-
Barracuda
-
Eric J. Taylor at Barricade Cyber Solutions
CTI Report: ShadowByt3$ Ransomware Group -
Brad Duncan at Malware Traffic Analysis
-
Silas Cutler at Censys ARC
Rhadamanthys and the Limits of Private Sector Operations -
CERT Ukraine
Лікарні, органи місцевого самоврядування та оператори FPV – у фокусі кластера кіберзагроз UAC-0247 -
CERT-AGID
Sintesi riepilogativa delle campagne malevole nella settimana del 11 – 17 aprile -
Chainalysis
Sanctioned Russia-Linked Exchange Grinex Suspends Operations Following Alleged Cyberattack -
Check Point
-
Christian Bortone At XYBYTES
Abusing Overly Permissive Roles in Azure File Sync -
Cisco’s Talos
-
Don Santos at Cofense
Interactive Brokers Phishing Scam: Fake IRS W-8BEN Renewal Alert -
Christian Feuchter at Compass Security
Common Entra ID Security Assessment Findings – Part 4: Weak Conditional Access Policies -
Cybersec Sentinel
-
Cyble
-
Delivr.to
Bob’ll *Fix It: A Field Guide to the *Fix Family of User-Assisted Execution Techniques -
Disconinja
Weekly Threat Infrastructure Investigation(Week16) -
Salim Bitam, Samir Bousseaden, and Daniel Stepanic at Elastic Security Labs
Phantom in the vault: Obsidian abused to deliver PhantomPulse RAT -
Esentire
Multi-Stage SEO Poisoning Campaign Targets Chinese-Speaking Developers with Kong RAT -
F5 Labs
Azure-Hosted Scanning Cluster Launches WordPress Webshell Discovery Campaign -
FalconFeeds
UNC1069: DPRK’s Deepfake-Driven Cyber Campaign Targeting Crypto and Software Supply Chains -
g0njxa
Approaching stealers devs: a brief interview with notnullOSX (ex-0xfff) -
Jamie Collier and Robin Grunewald at Google Cloud Threat Intelligence
The German Cyber Criminal Überfall: Shifts in Europe’s Data Leak Landscape -
Anton Ushakov at Group-IB
W3LL Unmasked -
Laura Babbili at GuidePoint Security
Ransomware Insights from Q1 2026 -
Howler Cell
-
Hunt IO
Exposing Russian Malicious Infrastructure: 1,250+ C2 Servers Mapped Across 165 Providers -
Florian Scheiber at InfoGuard Labs
BravoX – The new Kids on the Block -
Andrey Pautov at InfoSec Write-ups
From Threat Intelligence to Detection: A Practitioner’s Guide -
Invictus Incident Response
Incident Response in Lambda Cloud: A Neocloud IR Guide -
Keith McCammon
Introducing Atomic Scorecard: A test tracking tool for ATT&CK + Atomic Red Team -
Jamie Mamroe at LevelBlue SpiderLabs
Why Attackers Are Bypassing Phishing Emails and Targeting Identity Instead -
Microsoft Security
-
Idan Cohen at Mitiga
ShinyHunters, Snowflake, and Rockstar: Another SaaS Leads to Compromise -
Oleg Skulkin at ‘Know Your Adversary’
387. Adversaries Found a Creative Way to Abuse MSBuild -
OpenSourceMalware
Stardrop Supply Chain Attack Targets Venture Capital Firms, Luxury Brands, and AI Companies -
Orange Cyberdefense
Smoking out an affiliate: SmokedHam, Qilin, a few Google ads and some bossware -
Moshe Siman Tov Bustan, Mustafa Naamnih, and Nir Zadok at OX Security
The Mother of All AI Supply Chains: Technical Deep Dive -
Asher Davila, Malav Vyas and Chris Navarrete at Palo Alto Networks
A Deep Dive Into Attempted Exploitation of CVE-2023-33538 -
Proofpoint
-
Nicholas Spagnola at Rapid7
ClickFix Phishing Campaign Masquerading as a Claude Installer -
Red Piranha
MacSync Stealer: How a MaaS Infostealer Is Quietly Draining macOS Endpoints -
John Dilgen & Alexa Feminella at ReliaQuest
Are Former Black Basta Affiliates Automating Executive Targeting? -
Resecurity
GEOINT in the Iran War: Targeting, Intelligence, and the Battle for Information Access -
John P. Mello Jr. at ReversingLabs
Vibeware: More than bad vibes for AppSec -
SANS Internet Storm Center
-
Sansec
Over 200 PrestaShop stores expose installer, allowing full takeover -
Securelist
-
Kush Pandya at Socket
108 Chrome Extensions Linked to Data Exfiltration and Session Theft via Shared C2 Infrastructure -
Morgan Demboski at Sophos
QEMU abused to evade detection and enable ransomware delivery -
Luke Wescott at Sublime Security
Using AI signals within malicious email for attack detection and threat hunting · Blog · Sublime Security -
Manish Rawat at System Weakness
I Found Hardcoded Credentials in a Single Command Line (APT29 Part 4) -
Sydney Marrone and Lauren Proehl at THOR Collective Dispatch
Mythos Won’t Kill Threat Hunting -
James McMurry at ThreatHunter AI
Stryker, Handala, MOIS, and MuddyWater: The Full Kill Chain and the Unified Detection Pack (v3) -
ThreatMon
Ransomware 2026 Report March -
Trellix
-
Ted Lee, Kakara Hiroyuki, and Feike Hacquebord Trend Micro
2025 APT Report: Staying Ahead of the Modern Threat Landscape -
Triskele Labs
-
Ugur Koc and Bert-Jan Pals at Kusto Insights
Kusto Insights – March Update -
Efstratios Lontzetidis and Christos Fotopoulos at Valdin
“Hello? I can’t hear you”: Investigating UNC1069’s Fake Meeting Tactics -
Lucie Cardiet at Vectra AI
The rise of supply chain-driven data theft in SaaS environments by Lucie Cardiet -
Bernardo Quintero at VirusTotal
VirusTotal Inside the Agent Loop -
István Márton at Wordfence
Attackers Actively Exploiting Critical Vulnerability in Ninja Forms – File Upload Plugin
Upcoming events/webinars
-
ADF Solutions
-
Brett Shavers
The DFIR Investigator vs the AI Investigator -
Cellebrite
-
Magnet Forensics
-
Silent Push
Workshop: Tracking Malware Infrastructure
Presentations/podcasts
-
Hexordia
Truth in Data: S2E7: Truth in Travel: The Space Time Connection -
Black Hat
-
Cellebrite
-
Cloud Security Podcast by Google
EP272 More Than Just Packets: Is NDR a “First-Class” Cloud Security Control? -
CQURE Academy
CQURE Hacks #78: 3 Advanced KQL Queries for Faster Security Analysis -
Dr Josh Stroschein
-
InfoSec_Bret
Challenge – Silent Drain -
JPCERT/CC
ICS Security Conference 2026 -
Karsten Hahn at Malware Analysis For Hedgehogs
Build your own AI based Dynamic Reversing Lab, x64dbg automate -
Michael Haggis
Is this the end of Security Detections MCP? -
Monolith Forensics
-
MSAB
#MSABMonday – CTF Q&A Part 4 | Final Breakdown & Key Takeaways -
MyDFIR
From 3 Certifications to Top 6 in a CTF (What 90 Days of SOC Training Did) -
Off By One Security
Offensive Security in Web3 from Exploit Mindset to DeFi Precision Bugs with Josselin Feist -
Parsing The Truth: One Byte at a Time Podcast
-
Permiso Security
Episode 09 – Mythos, GPT-5.4 Cyber, and Opus 4.7 -
Proofpoint
Magic Packets & Stealth Backdoors: The Art of Detection Engineering -
Chris Brook at Red Canary
Identity, browsers, and node.js: Everything you missed in the Threat Detection Report miniseries -
Team Cymru
AI Supply Chain Attacks, Iranian PLC Exploits, and DPRK IT Workers -
The Cyber Mentor
Getting Started with Windows Prefetch -
The Defender’s Advantage Podcast
Takeaways from the 2026 M-Trends Report -
The Weekly Purple Team
Why Upload When You Can Steal with VmKatz -
Three Buddy Problem
The Angry Spark APT Mystery: A Year-Long Backdoor, One Victim, Zero Attribution
Malware analysis
-
Akamai
The Telnyx SDK on PyPI Compromise and the 2026 TeamPCP Supply Chain Attacks -
Cleafy Labs
Unpacking the Unpackable: Malformed APKs as an Anti-Analysis Technique -
Calum Hall at Darktrace
Inside ZionSiphon: Darktrace’s Analysis of OT Malware Targeting Israeli Water Systems -
Stella Robertson at Domino Theory
From Stuxnet to Operation Epic Fury: The China-Iran Intelligence Nexus -
Vincent Li at Fortinet
Tracking Mirai Variant Nexcorium: A Vulnerability-Driven IoT Botnet Campaign -
Andrey Pautov at InfoSec Write-ups
Android Malware Analysis: A Practical Guide for Security Analysts -
OALABS Research
JitterDropper -
Cyd Tseng at OSINT Team
Malware Analysis: STX RAT -
Luca Garofalo at Paraben Corporation
Inside Malicious Office Documents -
Robin Dost at Synaptic Systems
3.000 “Stealer” Samples, One Misconfigured Apache Server -
Sekoia
From APT28 to RePythonNET: automating .NET malware analysis -
Shubho57
Analysis of an HTA file -
Splunk
Not Just Annoying Ads: Adware Bundles Delivering Gh0st RAT -
Puja Srivastava at Sucuri
Joomla SEO Spam Injector: Obfuscated PHP Backdoor Hijacking Site Visitors -
Zhassulan Zhussupov
Mobile malware development trick 3. CPU info logger: anti-VM and anti-sandbox. Simple Android (Kotlin) example. -
Brett Stone-Gross at ZScaler
Payouts King Takes Aim at the Ransomware Throne
Miscellaneous
-
Adam at Hexacorn
WerReportCreate API -
ADF Solutions
Evolution of Forensic Intelligence Impacting Law Enforcement in 2026 -
Vivek Gautam, Arpit Gupta, and Ryan Gomes at AWS Security
Transform security logs into OCSF format using a configuration-driven ETL solution -
Brett Shavers at DFIR.Training
AI-enhanced crime will expose DFIR practitioners who ignore AI. -
Chris Wade at Cellebrite
The Myths of Claude Mythos and the Future of Digital Forensics: Evolution, Not Revolution -
Brian Carrier at Cyber Triage
Intro to MCP Servers for DFIR and SOC Investigations using AI -
CyberBoo
Microsoft Defender for Office 365 Part 6: Safe Attachments & Safe Links -
Fabian Mendoza at DFIR Dominican
DFIR Jobs Update – 04/13/26 -
DRIFT Linux
-
Forensic Focus
-
LimaCharlie
How to Connect Claude Code to LimaCharlie -
Magnet Forensics
Streamlined Mobile Workflows: Magnet One Case Stream for Verakey Early Access -
Rob T. Lee
The Mythos CISO Briefing: What I Actually Worked On This Weekend -
Steve Whalen at Sumuri
The MacBook Neo A18 Pro: A Forensic Deep Dive
Software releases/updates
-
Adrián Antón
EtwTiViewer_x64_Release-20260412 -
Akhil Dara
SQLite Forensic Analyzer -
Alexandre Borges
Malwoverview 8.0.1 -
Ali Jammal
-
Alwin Espiritu
-
ANSSI
DFIR-ORC v10.3.0 -
AppliedIR
Valhuntir v0.6.1 -
Cyber Triage
Cyber Triage 3.17: Use AI to Enrich and Report your DFIR Artifacts -
Didier Stevens
Update: cut-bytes.py Version 0.0.18 -
Digital Sleuth
winfor-salt v2026.6.8 -
Doug Metz at Baker Street Forensics
MalChela 3.2: More Cowbell? More Intel! -
Elcomsoft
iOS Forensic Toolkit 10.0 expands agent-based extraction up to iOS 18 -
Flip Forensics
AI Forensic Triage (AIFT) V1.5 – Multi Image Analysis; Correlate Across Multiple Systems in a Single Case -
Ghassan Elsman
Crow-Eye v0.9.1 -
Magnet Forensics
Introducing Live Endpoint Explorer in Magnet Nexus: triage in minutes, collect data with precision -
Mihir Choudhary
EventHawk -
OpenCTI
7.260417.0 -
Phil Harvey
ExifTool 13.57 -
radare2
6.1.4 -
SigmaHQ
pySigma v1.3.2 -
Sleuth Kit Labs
Autopsy 4.23.0 Release: Claude AI Assistant (MCP) & Cyber Triage Integration -
Studio d’Informatica Forense
DRIFT Linux: la nuova live distro forense italiana -
Thiago Canozzo Lahr
Unix-like Artifacts Collector uac-3.3.0 -
Toño Diaz
masstin v0.14.0
And that’s all for the week! If you think I’ve missed something, or want me to cover something specifically hit me up through the contact page or on the social pipes!
Discover more from This Week In 4n6
Subscribe to get the latest posts sent to your email.
