Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

foresiet

Inside the Kimsuky APT Leak: Stolen GPKI Certificates, Rootkits, and a Personalized Cobalt Strike from North Korea's Cyber Unit

Aug 25, 2025 By Foresiet In Foresiet
In a rare and unprecedented incident, a massive operational dump belonging to the North Korean Kimsuky APT group was leaked on a dark web forum. The leak containing virtual machine images, VPS dumps, phishing kits, rootkits, and thousands of credentials offers an unparalleled look into the inner workings of one of Pyongyang’s most prolific cyber espionage groups.
Read Post
CrowdStrike

MURKY PANDA: A Trusted-Relationship Threat in the Cloud

Aug 21, 2025 By Counter Adversary Operations In CrowdStrike
Since 2023, CrowdStrike Services and CrowdStrike Counter Adversary Operations have investigated multiple intrusions conducted by MURKY PANDA, a sophisticated adversary leveraging advanced tradecraft to compromise high-profile targets. MURKY PANDA, active since at least 2023, is a cloud-conscious adversary with a broad targeting scope; the adversary’s operations have particularly focused on government, technology, academia, legal, and professional services entities in North America.
Read Post

Can threat actors make ChatGPT malware? #ai #cybersecurity #gpt5

Aug 21, 2025 By LimaCharlie In LimaCharlie
GPT-5 was jailbroken in under 24 hours using simple "storytelling" techniques that bypass safety guardrails. The key insight from our podcast? Individual AI requests appear legitimate but become dangerous when combined. Bad actors can request network code in one session, convincing emails in another, and credential collection forms in a third. Each task seems normal individually, but together they form a complete phishing toolkit.
View Video
CrowdStrike

Falcon Platform Prevents COOKIE SPIDER's SHAMOS Delivery on macOS

Aug 20, 2025 By Maddie Stewart - Suweera De Souza - Ash Leslie - Doug Brown In CrowdStrike
Between June and August 2025, the CrowdStrike Falcon platform successfully blocked a sophisticated malware campaign that attempted to compromise over 300 customer environments. The campaign deployed SHAMOS, a variant of Atomic macOS Stealer (AMOS) developed by the cybercriminal group COOKIE SPIDER. Operating as malware-as-a-service, COOKIE SPIDER rents this information stealer to cybercriminals who deploy it to harvest sensitive information and cryptocurrency assets from victims.
Read Post
kroll

XWORM Returns to Haunt Systems with Ghost Crypt

Aug 20, 2025 By Kroll In Kroll
Starting in July 2025, Kroll has observed a new delivery method coming from the XWORM malware family. Previously known to leverage a self-contained executable in order to drop the final payload, XWORM now uses Ghost Crypt which is a service publicized on HackForums and used to exploit DLL side-loading vulnerabilities in known applications. The service includes support for a range of malware families, including LUMMASTEALER, BLUELOADER, RHADAMANTHYS, XWORM, DCRAT, PURELOADER, STEALC and others.
Read Post

Why CTI Must Recommend, Not Just Report

Aug 18, 2025 By Rubrik In Rubrik
In traditional intel roles, analysts avoid making direct recommendations. But Scott Scher explains why that doesn’t work in the business world. CTI teams can’t just present options, they need to say what should happen next. Scott breaks down why effective CTI must go beyond context and offer clear, actionable guidance for defenders. Hidden Truths: Traditional intel avoids giving direct recommendations Business leaders and defenders want clear next steps CTI teams must say.
View Video

Copyright © 2026 OpsMatters™. All rights reserved.