LATEST POST
ClickFix Gets Sneaky: Lumma & Rhadamanthys Hiding in PNG Pixels
Notes on a fantastic Huntress write-up by Anna Pham and Ben Folland, walking through a ClickFix campaign where LummaC2 and Rhadamanthys are delivered via steganography inside PNG images.
FEATURED
ClickFix Gets Sneaky: Lumma & Rhadamanthys Hiding in PNG Pixels
AI-Powered Malware: Dynamic Code Generation and the Rise of Adaptive Threats
AI Data Exposure — The Human Factor Behind GPT Incidents
Sextortion Scams Are Back: What They Are, How They Work, and Why They’re So Effective
PREVIOUS POSTS
Cloud Forensics — Investigating Incidents in AWS, Azure & GCP
Cloud breaches look chaotic at first: APIs everywhere, short‑lived resources, and logs scattered across regions and services. This post walks through how to think about cloud forensics, what to collect, and how to rec...
DarkGate Malware — Loader, Stealer, and RAT in One
DarkGate has quietly evolved into a mature malware-as-a-service platform: loader, stealer, and full-featured RAT. This deep dive breaks down how it spreads, how it operates, and how to hunt it in your environment.
Weekly Threat Trends — Week Commencing 17 Nov 2025
A deep, narrative-driven exploration of autonomous intrusion ecosystems, self-optimizing phishing kits, reinforcement-learning exfil bots, cloud persistence, and intelligent malware families shaping the week.
Email Forensics — Tracing a Phish End-to-End
Phishing is the initial access vector in most intrusions. This deep guide walks through header analysis, payload extraction, and chain reconstruction so you can follow a phish from delivery to C2.
BlackCat (ALPHV) — Ransomware’s Fall and the Clones That Followed
BlackCat (ALPHV) pushed ransomware evolution: polished extortion flows, strong encryption, and a mature affiliate model. This post dissects its internals, TTPs, detection artefacts, and the wave of copycats that follo...
Weekly Threat Trends — Week Commencing 10 Nov 2025
A story-driven deep dive into this week's evolving cyber landscape — adaptive malware, self-healing botnets, AI weaponization, deepfake-driven deception, and cloud persistence redefining how attackers think.
From JSON Keeper to TsunamiKit — Inside the BeaverTail & InvisibleFerret Attack Chain
North Korean threat actors are now abusing fake API keys, JSON Keeper blobs, and GitHub-hosted Node.js projects to deliver a JavaScript loader known as BeaverTail, which drops a Python backdoor (InvisibleFerret) and a...
Network Forensics — Tracking a C2 Through PCAPs
Follow the traffic, find the truth. A hands-on guide to identifying command-and-control activity using Wireshark, Zeek, and open-source techniques.
Rhadamanthys — Modular Malware Done Right (For the Wrong Reasons)
A deep dive into Rhadamanthys, the stealer-loader hybrid redefining modular malware design. We explore its internal architecture, infection vectors, and what defenders can learn from its engineering.
