| If your organisation is interested in sponsoring an upcoming post then reach out via the contact form! |
| No sponsor this week |
As always, thanks to those who give a little back for their support!
Forensic Analysis
-
Alexis Brignoni at LEAPPs Blog
-
Oleg Afonin at Elcomsoft
Four Tools, One Workflow: Using Elcomsoft Desktop Forensic Tools on the Same Case -
Forensafe
ArtiFast MCP Features -
Magnet Forensics
Bringing C2PA to the desktop: Enhancing media analysis in Magnet Verify -
Matthew Plascencia
Practical SQL Queries for Digital Forensics -
North Loop Consulting
Apple Did Your Homework: Pre-Analyzed Data in Biome Databases -
Salvation DATA
WhatsApp Forensics: Investigating Digital Evidence on Modern Mobile Devices
Threat hunting/threat intelligence
-
0xMatheuZ
BPF Map Poisoning: Attacking the EDR from the Inside -
Callie Baron and Piotr Wojtyla at Abnormal Security
2026 Attack Landscape Report: Higher Education’s 7x Lateral Attack Problem -
Hunter Schwartz at Aikido
Compromised @injectivelabs/sdk-ts exfiltrates wallet keys through fake telemetry -
Any.Run
US Threat Landscape Alert: 30 Active Malware Families Ranked by Real Sandbox Data -
Artem Baranov
Enhancing the Threat Intelligence AI Model with Technical Knowledge About Windows Kernel Mode Malware -
ASEC
- Q2 2026 Vulnerability Trends Report
- Vidar Infostealer Being Spread through Phishing Emails
- Files Locked Behind a White Padlock: A Warning from WhiteLock Ransomware
- Q2 2026 Statistical Report on Malware Targeting Windows Web Servers
- Statistical Report on Malware Targeting Linux SSH Servers in the Second Quarter of 2026
- Statistical Report on Malware Targeting Windows Database Servers in the Second Quarter of 2026
- June 2026 Dark Web Issue Trend Report
- June 2026 Dark Web Threat Actor Trend Report
- June 2026 Dark Web Breach Incident Trend Report
-
Ayelen Torello at AttackIQ
Inside Everest Ransomware: Dissecting a ConfuserEx-Protected .NET Encryptor with Wake-on-LAN Capabilities -
BI.Zone
Clubfoot Wolf launches massive offensive on Russian businesses -
Bob Rudis
Your Logs Contain a Plea for Assistance In a Packet Bottle and You Likely Never Noticed It -
Brian Krebs at ‘Krebs on Security’
Felons, Fraudsters Flog Offensive Cybersecurity Startup -
BushidoToken
UK Cybercrime Journal: SMS Blaster Gang Convicted -
CERT-AGID
Sintesi riepilogativa delle campagne malevole nella settimana del 4 – 10 luglio -
Check Point
-
Jungsoo An, Asheer Malhotra, Vanja Svajcer, and Brandon White at Cisco’s Talos
UAT-7810 continues building ORB networks using new malware -
Corelight
-
David Keller at CrowdStrike
CrowdStrike Uncovers New Prompt Injection Techniques -
Cyb3rhawk
VPN Brute Tool: Infrastructure analysis -
Oleg at Cybercrime Diaries
Crime and Punishment in the Russian-Speaking Cybercriminal Underground -
Cyberdom
Entra ID User App Config Abuse -
Dark Atlas
From Windows Telemetry to Arrest: How Microsoft’s GDID Helped Connect the Dots -
darkdefender
Threat Hunting for AI Agent Use and Abuse -
Datadog Security Labs
-
Koifsec at Detect FYI
Detection Engineering in the Era of Semantic Malware -
Elastic Security Labs
ClickFix to Cash-Out: Anatomy of a Mexican Banking-Fraud Toolkit -
Esentire
Trust Me, I’m IT: Threat Actors Deliver Deno-Based Backdoor “DenoGate” via Microsoft Teams -
FalconFeeds
Inside DieNet: From DDoS Collective to Multi-Vector Cyber Threat Group -
Vishal Thakur at FIRST
PR3TACK: The Preemptive Tactics & Countermeasures Knowledgebase -
Assaf Morag at Flare
Mycelium Framework: First Ever Witnessed AI-as-a-Service Botnet -
Soujanya Ain at GitGuardian
Every Laptop Is a Credential Store: Where Secrets Hide -
Shebin Mathew at Google Cloud Threat Intelligence
The ‘Ghost’ in the Database: Recovering Active ADFS Signing Keys via Machine DPAPI -
Group-IB
-
Laura Babbili at GuidePoint Security
Ransomware Insights from Q2 2026: More Threat Groups. More Victims. More Sophisticated Operations. -
Kieran Evans at Hidden Layer
What’s the ‘Matter’ with Skills? -
Reegun Jayapaul, Baskar M and Rahul Ramesh at Howler Cell
Tax Trap: Fake Indian ITR Notice to Dual RAT Deployment in Six Stages -
Hudson Rock
Infostealer Malware Triggers Major Database Breach at the Argentine Football Association -
Huntress
- Conditional Access Misconfigurations Exposed 55 Orgs with MFA On
- CitrixBleed 2 (CVE-2025-5777) 7Steps to Dragonforce Ransomware | Huntress
- AI-Coded Malware | Analyzing Vibe-Coded AD Enumeration | Huntress
- LoTL Abuse: How to Spot It vs. Normal Admin Activity | Huntress
- Meta Phishers Abuse Business Account Manager Service | Huntress
-
Infoblox
Fake Installers, Fake Reviews, Fake Services – Real Proxies, Real Victims -
Zev Schonberg at Intezer
Detection engineering in the AI era -
LevelBlue SpiderLabs
-
Lexfo
One Misconfigured Server, Three Active Campaigns: Full exposure of three AiTM Phishing Operators -
Moshe Siman Tov Bustan at OX Security
-
Suma Ballal at Netenrich
Business Email Compromise Detection: A 39-Minute Case Study -
Houssem Eddine Bordjiba at Okta
Vishing actors target Entra passkey enrollment -
OpenSourceMalware
-
Max Hirschberger & Ogulcan Ugur at Orange Cyberdefense
Process Parameter Poisoning -
Osanda Malith Jayathissa
Inside a TradingView Phishing Kill Chain: Dissecting a Self-Hosted ScreenConnect Phishing Campaign -
Palo Alto Networks
-
Proofpoint
One Email Closer to the Edge: UNK_MassTraction & the Physics of Exploitation -
Tristano Di Liberto, Alexa Feminella, and Daxton Wirth at ReliaQuest
Helix, a New Name in the Data Extortion Ecosystem? -
ReversingLabs
Spectra Analyze in Action: Hunting Device Code Phishing Pages -
SANS Internet Storm Center
- RCS and DNS: The NAPTR Record, (Mon, Jul 6th)
- More Odd DNS Records: NIMLOC, (Tue, Jul 7th)
- My Stack Simulator, (Wed, Jul 8th)
- HELP_ME_ESCAPE_FROM_BELARUS_PLEASE [Guest Diary], (Tue, Jul 7th)
- “Comment stuffing” in an HTML phishing attachment as a mechanism for evading AI-based detection?, (Fri, Jul 10th)
- Wireshark 4.6.7 Released, (Sat, Jul 11th)
-
Securelist
-
Security Alliance
2Q 2026 Threat Intel Summary -
Aleksandar Milenkoski & Julian-Ferdinand Vögele at SentinelOne
One Target, Two Flags | Rival Espionage Actors Converge On Pakistani Law Enforcement -
Seqrite
From Invoice to AnyDesk: Uncovering a Phishing Campaign Targeting Russian Aerospace Organizations -
Sophos
When AI agents look like attackers: what behavioral telemetry tells us -
Sygnia
-
Symantec Enterprise
GodDamn Ransomware: Latest Beast Rebrand Uses Malicious Driver to Disable Defenses -
Tapetum Labs
The Outsider, Part 2: Putting a Price on a Phishing Machine -
James McMurry at ThreatHunter AI
SharePoint Is on Fire Again: What CISA’s CVE-2026-45659 Warning Means, and How to Hunt It -
ThreatMon
-
Umut Bayram at Picus Security
-
Lucie Cardiet at Vectra AI
VECT and TeamPCP: The Ransomware Kill Chain, Reversed by Lucie Cardiet -
Jiří Kropáč at WeLiveSecurity
ESET Threat Report H1 2026
Upcoming events/webinars
-
ADF Solutions
-
Black Hills Information Security
BHIS – Talkin’ Bout [infosec] News 2026-07-13 -
Cellebrite
Genesis Live: From Data Dump to Smoking Gun -
Huntress
Tradecraft Tuesday | The Cost of a Weak CAP: Anatomy of a Major Password Spray Attack -
Magnet Forensics
-
Monolith Forensics
Workshop Wednesday: iOS Biome Data & Forensic Artifacts -
SANS
The Post-Mythos Defenders’ Playbook: The Ban, the Reversal, and What Defenders Do Now -
Silent Push
Use Case Deep Dive: Your EDR Fired on an IP. Here’s How to Know if it’s Part of Something Bigger.
Presentations/podcasts
-
Alexis Brignoni
Digital Forensics Now Podcast S3 – 6 -
Black Hat
Black Hat Europe 2025 | Not Just Victims: The Hidden Villains Inside Infostealer Logs -
Black Hills Information Security
Proxy Execution with Microsoft Edge WebView2 – Matthew Eidelberg -
Huntress
LOLBins Explained in 3 Minutes -
InfoSec_Bret
IR – SOC324 – Sudoers File Modification Detected -
Magnet Forensics
-
Monolith Forensics
-
MyDFIR
-
Off By One Security
Human Expertise Still Matters: AI Vulnerability Discovery, Triage, and Patching -
Open Source Forensics Lab
How To Crack Passwords with HASHCAT on ALMALINUX -
OpenSourceMalware
The OpenSourceMalware Show #12 -
Parsing The Truth: One Byte at a Time Podcast
S2 E6: Brett Shavers and the Investigative Mindset -
Proofpoint
OMITB: Trusting the wrong package. -
Sandfly Security
Sandfly 5.8 – Agentless Linux Security and SSH Key Incident Response Actions -
SANS Cloud Security
AI-Driven DevSecOps Part 3: Agentic Code Review in GitLab & GitHub -
THE Security Insights Show
Just Us! The AI & Security Insights Show Episode 295 | “What is Security in the World of AI”?
Malware analysis
-
Moises Cerqueira (0xOlympus) at Any.Run
Banana RAT Evolves: Comparing Two Recent Branches Through ANY.RUN -
Andrea Draghetti at D3Lab
Fake Banking Rewards, Telegram Delivery and Albiriox: Anatomy of an Android Malware Campaign -
Microsoft Security
GigaWiper: Anatomy of a destructive backdoor assembled from multiple malware -
Practical Security Analytics
Feature Spotlight: The Zig Payload Pipelines -
Pyae Heinn Kyaw
macOS ClickFix Loads Its C2 From a Polygon Smart Contract -
Shubho57
Analysis of an Malicious Sample -
Socket
- Coordinated npm and PyPI Campaign Typosquats Popular Secure Payment Apps
- Malicious Go Module Exposes GitHub Malware Lure Network Spanning 222 Repositories
- Fake Braintree NuGet Package Skims Credit Cards and Harvests Merchant Credentials
- Compromised Injective SDK npm Package Exfiltrates Wallet Keys and Mnemonics
- jscrambler npm Package Compromised in Supply Chain Attack
-
Step Security
-
Joshua Platt and Jason Reaves at Walmart
SpectrePaste
Miscellaneous
-
Belkasoft
Case Study: Belkasoft X Helps Unmask Property Fraud Mastermind -
Hayden Covington at Black Hills Information Security
Finding the “Goldilocks” Zone: A Practical Approach to Alert Triage -
Chris Partridge
Seven months of watching people typo NLTK on PyPI -
Brian Carrier at Cyber Triage
DFIR+AI 2026 Challenge Winners -
CyberBoo
Microsoft Defender for Office 365 Part 11: SecOps Guide – Incident Response with MDO -
Decrypting a Defense
Infinite Retention of Protester Data, World Cup Surveillance, Chatrie Location Data Decision, Clare Garvie Answers 5 Questions & More -
Fabian Mendoza at DFIR Dominican
DFIR Jobs Update – 07/06/26 -
DFIR notes
Educational Resources (femme first) -
Forensic Focus
- Cumulative Trauma In Digital Forensics And Policing With Ben Dimmock
- From Hours To Minutes: How New Jersey State Police Transformed Digital Evidence Triage
- CCTV Review Has Evolved. Have You? Introducing S21 CCTV v2.0
- From Inaccessible To Actionable: How Punjab Police Recovered Critical Evidence From Feature Phones
- Still Reviewing CCTV The Slow Way? See S21 CCTV v2.0 In Action
-
Lawrence Advocaten and Hunt & Hackett
Reporting cyber security incidents starts with understanding what happened -
Christos Giampoulakis and Theodoros Polyzos at NVISO Labs
Reducing Microsoft Sentinel Costs Without Compromising Detection – Part 2: The Firewall Quest -
Justin Palk at Red Siege Information Security
Improving Your Simple Windows Domain for Offensive Testing: Elastic Defend EDR -
Richard Bejtlich at TaoSecurity
I Wrote a New Book for Corelight -
Robin Dost at Synaptic Systems
Wenn der Staat das Licht ausmacht: Warum die IFG-Novelle die deutsche Threat-Intelligence-Arbeit trifft -
Security Onion
Possible Software RAID Issue With Recent mdadm Package -
TobyG at sentinel.blog
Sentinel-As-Code 26.07: From Markdown to the Boardroom -
Eoghan Casey at Solve-It
SOLVE-IT eXtensions (SOLVE-IT-X) -
John Patzakis at X1 Discovery
Kim v. Cushman & Wakefield: A Federal Court Confirms That Email Search Terms Don’t Work for Microsoft Teams
Software releases/updates
-
Arkime
v6.6.0 -
Arsenal Recon
LevelDB Recon Changelog v1.0.0.62 -
Canadian Centre for Cyber Security
Assemblyline v4.7.5.dev16 -
Datadog Security Labs
GuardDog Release v3.1.0 -
DFIRe
1.5.4 — July 12, 2026 -
Digital Sleuth
winfor-salt v2026.11.0 -
Doug Burks
-
Foxton Forensics
Browser History Examiner — Version History – Version 1.23.4 -
LEAPPs
-
Lethal Forensics
Microsoft-Analyzer-Suite v1.9.0 -
Metadata Forensics
HEART by Metadata Forensics -
Metaspike
Forensic Email Intelligence – 2.3.862 -
OpenCTI
-
Ryan Benson at dfir.blog
Hindsight adds Firefox support! -
Sigma
Release r2026-07-01 -
Timothy Vang
verdict-dfir v0.5.0 -
WithSecure Labs
Chainsaw v2.16.2 -
Yamato Security
Hayabusa v3.10.0 – Happy Independence Day Release -
Yaniv Radunsky
DFIR Companion v0.31.0
And that’s all for the week! If you think I’ve missed something, or want me to cover something specifically hit me up through the contact page or on the social pipes!
Discover more from This Week In 4n6
Subscribe to get the latest posts sent to your email.