Elles De Yeager
-
SpearSpecter — Iranian-linked APT42 uses WhatsApp lures and PowerShell backdoor
INDA analysis shows APT42’s SpearSpecter uses WhatsApp lures and a modular PowerShell backdoor that targets officials and family members; detection steps and IOCs are included in the report.
-
GTG-1002: AI-assisted espionage campaign abused an AI coding tool
A campaign tracked as GTG-1002 used an AI coding tool to automate reconnaissance, vulnerability validation, and exploit generation against roughly 30 organizations. The attackers relied on commodity tools rather than bespoke malware, making detection possible with standard defenses. Defenders should gate high‑risk actions, verify AI outputs, and prioritize patching.
-
What is EPSS? Exploit Prediction Scoring System
Explainer: what EPSS is and how teams use it to prioritize vulnerabilities.
-
What is OpenID Connect (OIDC)? — Explainer tied to CVE-2025-54603
A concise explainer of OpenID Connect (OIDC) and how product-level OIDC misimplementations (as in CVE-2025-54603) can lead to authentication bypasses.
-
What is GlobalProtect? Palo Alto Networks VPN Gateway Explained
GlobalProtect is Palo Alto Networks’ enterprise remote access gateway. This explainer covers how it works, why it matters, and the security considerations organizations should understand about CVE-2024-3400 and enterprise VPN security.
-
RondoDox Exploits Unpatched XWiki Servers (CVE-2025-24893)
RondoDox is exploiting CVE-2025-24893 in XWiki to run miners, gain shells and add servers to DDoS botnets.
-
What is PureHVNC?
PureHVNC is a RAT delivered via staged loaders using malicious SVG attachments; this explainer summarizes the infection chain, IOCs and detection steps.
-
Fake AI and WhatsApp apps on third‑party Android stores hide spyware, ad fraud
Appknox warns that fake ChatGPT, DALL·E and WhatsApp apps on third‑party Android stores range from harmless wrappers to spyware that intercepts OTPs.
-
Hijack Loader Delivers PureHVNC in Latin America; Insider Sells Exploits
Hijack Loader used malicious SVGs to deliver PureHVNC in Latin America; a separate DOJ case details an insider selling exploit tooling for cryptocurrency.
-
North Korea’s ‘Contagious Interview’ Malware Delivery
North Korean threat actors in the “Contagious Interview” campaign are now using JSON storage services to host and deliver malicious payloads, signaling an evolving strategy to evade detection and maintain persistence.