Forensic Analysis

• Andrew Garrett
  Why iOS and Android Handle GPS Differently and What It Means for Accuracy and Digital Forensics

• Oleg Afonin at Elcomsoft
  Using the Extraction Agent in 2026: Compatibility, Signing, Firewall, and Extraction Tips

• Howard Oakley at ‘The Eclectic Light Company’

  • Does iCloud Drive now lose almost all metadata?
  • What gets synced in iCloud Drive?
  • Chinese whispers in PDF metadata
  • Explainer: QuickLook

• Marco Neumann at ‘Be-binary 4n6’
  Beyond the C — SEGB and Biome Forensics with crush

• North Loop Consulting
  Raising a Ghost: Reviving Actions Taken by a Deleted iOS App

• OSINT Team

  • SOC257 — VPN Connection Detected from Unauthorized Country
  • AI Forensics | TryHackMe Write-up

• Seth Enoka
  Prefetch: Execution Evidence and Its Limits

• Steve Whalen at Sumuri
  Why APFS Snapshots Change Everything in Mac Forensics

• The DFIR Report
  Flash Alert: EtherRat and TukTuk C2 End in The Gentleman Ransomware

Threat hunting/threat intelligence

• Abdul Mhanni
  Shai Hulud and Looking Into the Deep End of Supply Chain Mayhem

• Acronis
  The remote access blind spot: An analysis of RMM tool risk for SMBs

• Raphael Silva at Aikido
  Mini Shai-Hulud Is Back: npm Worm Hits over 160 Packages, including Mistral and Tanstack

• Arctic Wolf
  Mini Shai-Hulud: Supply Chain Malware Attack

• Jason Palmer and Nadia Mahmood at AWS Security
  Detecting and preventing crypto mining in your AWS environment

• Axelarator
  We Have Packet Capture at Home

• Derek Rush at Bishop Fox
  Otto Support – Logging and Visibility in MCP Servers

• Bitdefender

  • FamousSparrow APT Targets Azerbaijani Oil and Gas Industry
  • Bitdefender Threat Debrief | May 2026

• Gábor Lázár at Black Cell
  Detection-as-Code Feed – 2026 April

• Rebecca Harpur at BlackFog
  Breaking Down CoPhish: How Copilot Studio Became a Phishing Platform

• Brad Duncan at Malware Traffic Analysis
  2026-05-11: Google ad for Claude leads to macOS malware infection

• Brian Krebs at ‘Krebs on Security’
  Patch Tuesday, May 2026 Edition

• Daniel Whitcombe at Bridewell
  Tycoon 2FA Strikes Back: Why a Global Takedown Only Lasted 2 Weeks

• Censys
  The Ultimate Guide to Detection Engineering with Censys

• CERT-AGID

  • Smishing a tema INPS: falso “bonus carburante”
  • Sintesi riepilogativa delle campagne malevole nella settimana del 9 – 15 maggio

• Check Point

  • 11th May – Threat Intelligence Report
  • The State of Ransomware – Q1 2026
  • Cyber Threats Spike in April 2026 as Ransomware Expands and Attack Volumes Climb After Short-Lived Moderation
  • Thus Spoke…The Gentlemen

• Cisco’s Talos

  • State-sponsored actors, better known as the friends you don’t want
  • Ongoing exploitation of Cisco Catalyst SD-WAN vulnerabilities

• CloudSEK
  Inside a Tor Backed Supply Chain Worm

• CrowdStrike
  Now Live: The CrowdStrike 2026 Financial Services Threat Landscape Report

• CTF导航

  • 链锁裂变｜TeamPCP 供应链攻击劫持 guardrails-ai，七模块凭据收割全景分析
  • APT-C-55（Kimsuky）组织依托GitHub+Dropbox分发恶意载荷的攻击活动分析

• Cybersec Sentinel
  Fake Claude Code Install Guide Hides MacSync Infostealer in Active Google Ads Campaign

• Cyfirma
  Weekly Intelligence Report – 15 May 2026

• Datadog Security Labs

  • Malicious Coding Agent Skills and the Risk of Dynamic Context
  • Backdoored Cemu release linked to TanStack and Mistral supply chain campaign
  • Shai-Hulud Goes Open Source
  • Backdoored node-ipc npm releases steal developer credentials through DNS queries

• Detect FYI

  • Measuring Threat Detection Accuracy
  • The Hidden Security Risk in Microsoft Teams: Detecting AI Note-Taking Bots with KQL

• Disconinja
  Weekly Threat Infrastructure Investigation(Week20)

• Esentire

  • Amatera Stealer 4.0.2 Beta: What’s New in This Variant
  • Tycoon 2FA Operators Adopt OAuth Device Code Phishing

• Fabian Bader at Cloudbrothers
  Now You See Me: AADGraphActivityLogs

• FalconFeeds

  • Beyond DDoS: How NoName057(16) Became a Tool of Geopolitical Pressure
  • UAT-8302: China-Linked APT Deploying Shared Malware Arsenal Against Governments Across Three Continents

• Andréanne Bergeron at Flare
  One Out of Four Infostealer Victims Have Corporate Infrastructure Access

• Yun Zheng Hu and Mick Koomen at Fox-IT
  Three Lazarus RATs coming for your cheese

• Google Cloud Threat Intelligence

  • GTIG AI Threat Tracker: Adversaries Leverage AI for Vulnerability Exploitation, Augmented Operations, and Initial Access
  • Welcome to BlackFile: Inside a Vishing Extortion Operation

• Anthony Gerlach and Anton Fomin at Group-IB
  The French 2-Step: Exposing a Multi-stage Scam Targeting the National Railway Company in France

• Hack for Lab

  • Living-off-the-Cloud Attack-Chain Detection: CloudTrail and VPC Flow Fusion
  • Insider Threat Detection from VPC Flow Logs (UEBA Without Endpoints)
  • Kubernetes East-West Attack Hunting from VPC Flow Logs
  • Tor and Anonymizer Egress Hunting on VPC Flow Logs
  • Cloud Cryptojacking Detection at Scale: Mining-Pool Hunting on AWS
  • TLS Fingerprinting (JA3, JA4, JARM) for Encrypted C2 Hunting
  • DGA and DNS-Tunnel Hunting at Scale on VPC Flow Logs

• Hudson Rock
  How The Gentlemen Ransomware Group Operates: A Blueprint Built on Infostealer Credentials

• Hunt IO

  • CVE-2025-32975: The Open Directory Behind the KACE SMA Breach and 60+ Downstream Victims
  • How TeamPCP’s Python Toolkit Survives a C2 Takedown: FIRESCALE, GitHub, and the Victim’s Own Account

• Huntress

  • How EvilTokens Turbocharges Old School Phishing with AI
  • Threat Actors Weaponize Tiflux RMMs in Malspam Attacks
  • dMSA Ouroboros: Self-Sustaining Credential Extraction in Windows Server 2025

• Chris Campbell at Inde
  Collapsing Grace Period: When Your Adversaries Never Tire

• Maël Le Touz and Elena Puga at Infoblox
  Lookalike Domains Expose the iPhone Theft Economy

• InfoSec Write-ups

  • How to Detect Persistence Mechanisms with Elastic SIEM: SOC Analyst Hands-On Lab | Hunt Forward Lab…
  • APT41 Targeting Pharmaceutical Sector: Log4Shell to Domain Compromise
  • ClickFix Attack Exposed: How Fake CAPTCHA Delivers Malware
  • From Vercel Typosquatting to an Obfuscated macOS Malware Loader

• Invictus Incident Response
  How to respond to an incident in Kubernetes | EKS | Invictus Incident Response

• Jonathan Johnson
  EtwWatcher

• Keisuke Shikano at JPCERT/CC
  TSUBAME Report Overflow (Oct-Dec 2025)

• Kim Zetter at ZERO DAY

  • Experts Confirm the Fast16 Malware Was Sabotaging Nuclear Weapons Tests, Likely in Iran
  • Timeline of Iran’s Nuclear Program and the Stuxnet and Fast16 Attacks

• Bert-Jan Pals at KQL Query
  [DxBP] Part 2 – Detection Engineering Best Practices: Performance, Readability & Maintenance

• Lab52
  Trends in Radio Frequency Spectrum Activity and Its Impact on the Geopolitical Landscape

• Matthew Plascencia
  Vulnerability spotlight: CopyFail and DirtyFrag

• Microsoft Security

  • Accelerating detection engineering using AI-assisted synthetic attack logs generation
  • Undermining the trust boundary: Investigating a stealthy intrusion through third-party compromise
  • Kazuar: Anatomy of a nation-state botnet
  • When configuration becomes a vulnerability: Exploitable misconfigurations in AI apps

• Ray Fernandez at Moonlock
  Malicious Homebrew ads are spreading MacSync stealer

• Mostafa Farghaly
  Chinese Smishing Campaign: How a Large-Scale Phishing Kit is Targeting 80+ Brands Across 20 Countries

• Jarrett Polcari at Nebulock
  AI Artifacts: A New Layer of Endpoint Activity to Hunt

• Oleg Skulkin at ‘Know Your Adversary’
  392. MuddyWater Abuses Sendit for Data Exfiltration

• OpenSourceMalware

  • TeamPCP hits 160+ packages including OpenSearch and Mistral AI
  • How malware abuses npm lifecycle scripts and VS Code tasks

• OX Security

  • “Shai-Hulud, Here We Go Again”: 170+ Packages Hit Across npm & PyPi
  • New MCP Security Flaws: Kubectl-mcp-server, Archon OS, and MarkItDown Vulnerabilities
  • CVE-2025-65719: Critical RCE in Kubectl MCP Server
  • MarkItDown MCP Exposes Developer Machines to File Theft
  • CVE-2025-69443: Archon OS Vulnerable To Unauthenticated Web-To-Client Attack
  • Shai-Hulud Goes Open Source: Malware Creators Leak Their Own Code to GitHub
  • node-ipc npm Package Breached, Spreading Infostealer Malware

• Stav Setty, Tom Fakterman and Shachar Roitman at Palo Alto Networks
  Inside AD CS Escalation: Unpacking Advanced Misuse Techniques and Tools

• Proofpoint
  Device Code Phishing is an Evolution in Identity Takeover

• ptwistedworld
  Enabling your Linux lab to monitor Copy Fail, DirtyFrag, and Fragnesia behavior for detection…

• Kelly Davenport at Push Security
  How we built an agentic threat hunting pipeline at Push

• Thomas Gardner at Red Canary
  Investigating server compromises with cgroups: A Linux DFIR primer

• ReliaQuest

  • ClickFix Evolves with PySoxy Proxying
  • Help-Desk Lures Drop KongTuke’s Evolved ModeloRAT

• Rohit Sadgune at Hack for Lab

  • Adaptive C2 Beacon Detection: FFT and DBSCAN on VPC Flow Logs
  • Lateral Movement Detection via Graph Analysis on VPC Flow Logs
  • Detecting Low-and-Slow Data Exfiltration with Isolation Forest + LSTM
  • Living-off-the-Land Kill Chain Detection with Markov Chains
  • Hunting Botnet Coordination and DDoS Staging with Clustering

• Aditya Ganjam Mahesh at S-RM
  Ransomware in focus: The Gentlemen

• SANS Internet Storm Center

  • YARA-X 1.16.0 Release, (Sun, May 10th)
  • Why we use CAPTCHAs, (Mon, May 11th)
  • Apple Patches Everything, (Mon, May 11th)
  • Proxying the Unproxyable? Sending EXE traffic to a Proxy, (Wed, May 13th)
  • Microsoft May 2026 Patch Tuesday, (Tue, May 12th)
  • [GUEST DIARY] Tearing apart website fraud to see how it works., (Wed, May 13th)
  • Simple bypass of the link preview function in Outlook Junk folder, (Thu, May 14th)
  • [Guest Diary] New Malware Libraries means New Signatures, (Fri, May 15th)

• Sansec

  • Composer vulnerability leaks GitHub tokens, threatens PHP supply chain
  • Critical FunnelKit vulnerability threatens 40,000+ WooCommerce checkouts

• Securelist

  • State of ransomware in 2026
  • Kimsuky targets organizations with PebbleDash-based tools

• SentinelOne
  Living Off the Pipeline: Defending Against CI/CD Subversion

• Snyk

  • TanStack Npm Packages Compromised Inside The Mini Shai Hulud Supply Chain Attack
  • Malicious node-ipc versions published to npm in suspected maintainer account compromise

• Socket

  • fsnotify Maintainer Dispute Sparks Supply Chain Concerns
  • Tanstack npm Packages Compromised in Ongoing Mini Shai-Hulud Supply-Chain Attack
  • GemStuffer Campaign Abuses RubyGems as Exfiltration Channel Targeting UK Local Government
  • TeamPCP and BreachForums Launch $1,000 Contest for Supply Chain Attacks

• SOCRadar

  • Dark Web Profile: Keymous+
  • Inside The Gentlemen Ransomware Leak: When the Hunter Becomes the Hunted

• Splunk
  Behind the Code: The Layered Defense-Evasion of VIP Keylogger

• Scott Lang at Spur
  2026 IP Intelligence Study:​ The Gap Between Data and Decisions

• Edward Roberts at Stairwell
  Deep Dive: YARA at Scale – Why the Best Threat Hunting Tool Is Underused, and What Continuous File Intelligence Fixes

• Step Security

  • TeamPCP’s Mini Shai-Hulud Is Back: A Self-Spreading Supply Chain Attack Compromises TanStack npm Packages
  • Active Supply Chain Attack: Malicious node-ipc Versions Published to npm

• Marco A. De Felice aka amvinfe at SuspectFile
  Ransomware, Transparency, and Invisible Victims: Dissent Responds to the Instructure Case

• Symantec Enterprise

  • Seedworm: Iran-Linked Hackers Breached Korean Electronics Maker in Global Spying Campaign
  • Fast16: Pre-Stuxnet Sabotage Tool Was Built to Subvert Nuclear Weapons Simulations

• System Weakness

  • Deep Diving into Digital Extortion: A Comparative Malware Analysis of WannaCrypt and AsyncRAT Phase 1
  • Deep Diving into Digital Extortion: A Comparative Malware Analysis of WannaCrypt and AsyncRAT Phase 2
  • LetsDefend | SOC124 — Scheduled Task Created
  • Catching APT29 staging malware in 197k+ Sysmon events (and why your detection rule misses it)

• The Hunter’s Ledger

  • Multi-Cluster Open-Directory Tenancy on 79.137.192.3 — Rhadamanthys MaaS Customer Loader, BellaMain Turkish PhaaS, and Inkognito VPN/Phishing
  • Inkognito — Russian-Speaking Multi-Product Fraud Operator (INK VPN, INK Lens 467+ Brand-Impersonation Phishing Library, BEC Burn Domains, CryptOne Fake Exchange)
  • BellaMain — Turkish Phishing-as-a-Service Panel with USOM Self-Monitor, Four-Bot Telegram C2, On-Demand TRUNCATE Anti-Forensics, and Wadanz Code-Author Signature

• ThreatMon

  • ThreatMon Seedworm Threat Intelligence Report
  • Ransomware 2026 Report April
  • Seedworm Expands Operations with Stealth-Focused Espionage Campaign

• Trend Micro

  • Inside Shadow-Earth-053: A China-Aligned Cyberespionage Campaign Against Government and Defense Sectors in Asia
  • Vibe Hacking: Two AI-Augmented Campaigns Target Government and Financial Sectors in Latin America
  • Analyzing TeamPCP’s Supply Chain Attacks: Checkmarx KICS and elementary-data in CI/CD Credential Theft

• Nick Thanos at Triskele Labs
  How SafePay is Targeting Australian Organisations with Borrowed Code and Calculated Precision

• UnderDefense
  Anatomy of a Targeted Phishing Attack: How We Caught a DocuSign Impersonation Campaign

• Kenneth Kinion at Valdin
  YouTube DMCA Phishing Infrastructure: Six Months Later

• Lucie Cardiet at Vectra AI
  Shai-Hulud Part 2: When the Worm Forged Its Own Security Certificate by Lucie Cardiet

• Julian Wolf at VMRay
  Threat Intelligence Insights: Pivoting off the Blockchain

• Rami McCarthy, Amitai Cohen, and Benjamin Read at Wiz
  Mini Shai-Hulud Strikes Again: TanStack + more npm Packages Compromised

• Yarix
  Unusual Data Exfiltration Paths: Leveraging Rclone for SharePoint Data Theft

Upcoming events/webinars

• ADF Solutions

  • ADF Weekly Mobile Training Sessions
  • ADF Weekly Computer Training Sessions

• Black Hills Information Security

  • BHIS – Talkin’ Bout [infosec] News 2026-05-18
  • FREE Threat Hunting Summit https://www.antisyphontraining.com/event/threat-hunting-summit/ #infosec

• Rebecca Harpur at BlackFog
  WEBINAR: The Ransomware Groups Defining Q1 2026 – Register now!

• Cellebrite
  Mobile Evidence in Crash and Workplace Investigations: Practical Tips for Seizure, Processing, and Review

• Magnet Forensics

  • Legal Unpacked S1:E8 // Search warrants for cloud data: Building legal process around how online data is actually stored
  • The future is now…Introducing Intelligent Insights and Intelligent Search, powered by Magnet AI

• SANS
  Stay Ahead of Ransomware Livestream – June 2026

• SentinelOne
  LABScon25 Replay | Breach Alpha: Trading on Cyber Fallout

• Nick Roy at Silent Push
  Use Case Deep Dive: A Domain Just Appeared in Your Logs. Is It a Threat?

Presentations/podcasts

• ADF Solutions

  • ADF On-Scene Digital Forensics: Winning Investigations Before the Lab
  • Adapting to Change: Harnessing AI and Triage Tools in Digital Forensics – A Fireside Chat
  • FedGov Interviews ADF CEO J.J.Wallia on the Evolution of Digital Forensics with Triage

• Black Hills Information Security

  • The Canvas / Instructure Breach – 2026-05-11 – BHIS – Talkin’ Bout [infosec] News
  • Intro to PAMSkeletonKey for Persistence w/ Ben Bowman

• Cloud Security Podcast by Google

  • EP276 AI Governance vs. The Hyper-Velocity Agentic Future: A Lawyer’s Take
  • EP277: CISO as CFO, From Citi to Celery, It’s All about the Cabbage

• Cyber Secrets

  • Entity setup in the CSI Linux Case Management System
  • Always verify when doing any investigation or forensics

• CYBERWARCON

  • Is Your North Korean IT Worker Quiet Quitting?
  • Cache Me If You Can: Modern IOS Spyware and the Vanishing Forensic Trail

• Dr Josh Stroschein
  [Workshop] Anti-Analysis Logic – Inspecting the .cctor & Anti-Debug

• Huntress
  Why Attackers Don’t Need Zero-Days (And What You’re Actually Missing)

• InfoSec_Bret
  Challenge – Android Forensics

• Jai Minton at Breach Log
  Ep5: Revealing Rootkits

• John Hammond
  The Payload Podcast 006

• Magnet Forensics
  AI Unpacked S2:E3 // A tale of two outputs – man vs. the machine

• Matthew Plascencia
  Linux Local Privilege Escalation | CopyFail & DirtyFrag

• Monolith Forensics

  • Monolith Mondays – Task System & Time Tracking
  • Unassign A Contact from Cases & Evidence in Monolith
  • Workshop Wednesdays Q1 2026 Supercut: Digital Forensics Highlights

• MSAB
  #MSABMonday – XRY – Pre Scan Addition

• MyDFIR

  • Same Alert. Real Attack or False Positive? (How SOC Analysts Decide)
  • CloutHaus (KC7 Cyber) | MYDFIR KQL Series | Cybersecurity Training

• Off By One Security
  The Challenges of Building an AI-driven Security Testing Platform and How We Solved Them

• Parsing The Truth: One Byte at a Time Podcast
  S1 E52: Karen Read 1-11 Lessons Learned

• Proofpoint
  The Phishing Explosion No One Saw Coming

• Sumuri
  How to Navigate the iOS Triage Results Screen in RECON ITR v26.0 | Filters, Bookmarks, and Reports

• Team Cymru
  The Canvas Breach, AI-Enabled Intrusions, and APT-29’s Easter Bunny

• The Cyber Mentor
  LIVE: 🕵️ HTB Sherlocks! | Cybersecurity | Blue Team

• The Weekly Purple Team
  🦀 OpenClaw as a C2 — And How to Catch It

• THOR Collective Dispatch
  Ask-a-Thrunt3r: April 2026 — Signal vs Myth 🐏

• Three Buddy Problem

  • The disappointing death of big-game APT reporting
  • The AI-powered 10x patch tsunami has arrived. Now what?

Malware analysis

• Moises Cerqueira at Any.Run
  LATAM Under Siege: Agent Tesla’s 18-Month Credential Theft Campaign Against Chilean Enterprises

• ASEC

  • April 2026 Dark Web Breach Incident Trend Report
  • April 2026 Dark Web Issue Trend Report
  • Dark Web Threat Actor Trend Report, April 2026
  • April 2026 Threat Trend Report on Ransomware
  • April 2026 Phishing Email Trends Report

• BI.Zone
  Tinker Tailor Soldier: Paper Werewolf’s latest toolkit

• Dark Atlas
  Phantom Stealer Analysis: Inside the Two-Layer Attack Chain Hidden Behind a Windows DLL

• Winnie Lin and Yurren Wan at Fortinet
  PureLogs: Delivery via PawsRunner Steganography

• Nicole Fishbein at Intezer
  OrBit (Re)turns: Tracking an open-source Linux rootkit across four years of forks and deployments

• Harshil Patel and Sakshi Jaiswal at McAfee Labs
  Sinkholing CountLoader: Insights into Its Recent Campaign

• Pranay Kumar Chhaparwal and Mark Lim at Palo Alto Networks
  Gremlin Stealer’s Evolved Tactics: Hiding in Plain Sight With Resource Files

• Qi’anxin X Lab
  Threat Actor Mr_Rot13 Actively Exploits CVE-2026-41940 for Backdoor Deployment

• Shubho57
  Analyzing a malicious macos password popup

• Sophos

  • Ransomware: AI changes the writer. It doesn’t change the math.
  • Why AMOS matters: The macOS malware stealing data at scale

• Michael Clark at Sysdig
  NATS-as-C2: Inside a new technique attackers are using to harvest cloud credentials and AI API keys

• ThreatFabric
  New TrickMo Variant: Device Take Over malware targeting Banking, Fintech, Wallet & Auth apps

• Damien Schaeffer at WeLiveSecurity
  FrostyNeighbor: Fresh mischief and digital shenanigans

• Шифровальщики-вымогатели The Digest “Crypto-Ransomware”

  • Lalia
  • Rex, Rex48

Miscellaneous

• Amnesty International Security Lab
  Android Intrusion Logging as a new source of data for consensual forensic analysis

• Brett Shavers

  • That Time I Bought Coke on a Skateboard
  • DFIR + AI Is Moving From Chatbot to Workflow Layer

• Cellebrite

  • Ask Your Evidence: 10 AI Prompts That Move Cases Forward
  • The Lasting Impacts: How to Support Young Adults Exploited as Children

• Brian Carrier at Cyber Triage
  DFIR + AI Primer: Using AI in AWS Bedrock for Better Data Privacy

• CyberBoo
  Microsoft Defender for Office 365 Part 9: Automated Investigation & Response (AIR)

• Derek Eiri
  Dell Machines and WinFE

• Fabian Mendoza at DFIR Dominican
  DFIR Jobs Update – 05/11/26

• Elastic Security Labs
  Elastic Security MCP App: Interactive security operations inside your AI Tools

• Forensic Focus

  • Eric Fookes, Founder & CEO, Fookes Software
  • Digital Forensics Jobs Round-Up, May 11 2026
  • Speed Up Your Video Redaction With Amped Replay
  • Digital Forensics Round-Up, May 13 2026
  • How Distressing Material Shapes Investigator Well-Being

• Magnet Forensics

  • Route View: Not just dots on a map anymore
  • How modern DFIR capabilities support meeting the NIS2 Directive

• Amber Schroader at Paraben Corporation
  Understanding the Risks of AI in Investigations

• Andreas Misje at Velocidex (Rapid7)
  Alerts and e-mail notifications in Velociraptor

• Shaji Damodharan at ADF Solutions

  • Navigating the New Norm: The Impact of the Landeck Ruling on Digital Forensics
  • On-Scene Digital Forensics: Winning Investigations before the Lab

• Simone Kraus
  From a Risk-Based SOC to a Threat-Informed SOC

• Steve Whalen at Sumuri
  AI Is Already Entering Investigative Workflows. Are We Thinking Enough About the Hardware?

• Ryan G. Cox at The Cybersec Café
  How AI Has Changed My Security Engineering Workflow

• Thomas Millar at TrustedSec
  Slamming the Door on Quick Assist Tech Support Scams and Abuse

Software releases/updates

• Daniel Benzano
  RDPuzzle v0.1.0

• Digital Sleuth
  winfor-salt v2026.8.18

• Doug Burks
  ohmypcap v2.1.0

• Eric Zimmerman
  ChangeLog

• Ghassan Elsman
  Crow-Eye v0.10.1

• IsoBuster
  IsoBuster 5.8 released

• Kevin Stokes
  xways-updater

• LEAPPs Org
  LAVA First public beta release bug fix

• Metaspike
  Forensic Email Collector (FEC) Changelog – 4.4.803.1410

• Microsoft
  msticpy v3.0.1

• Joachim Metz at Open Source DFIR
  Plaso 20260512 released

• OpenCTI
  7.260515.0

• TobyG at sentinel.blog
  Sentinel-As-Code: Wave 3

• Xways

  • X-Ways User Forum: X-Ways Forensics 21.4 SR-11
  • X-Ways User Forum: X-Ways Forensics 21.5 SR-13
  • X-Ways User Forum: X-Ways Forensics 21.6 SR-8
  • X-Ways User Forum: X-Ways Forensics 21.7 SR-4
  • X-Ways User Forum: X-Ways Forensics 21.8 Beta 6

• Victor M. Alvarez at YARA-X
  YARA-X just got faster