Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2026-02-17GoogleDaniel Sislo, Fernando Tomlinson, John Scarbrough, Jr., Nick Harbour, PETER UKHANOV, Rich Reece
From BRICKSTORM to GRIMBOLT: UNC6201 Exploiting a Dell RecoverPoint for Virtual Machines Zero-Day
BRICKSTORM GRIMBOLT SLAYSTYLE UNC6201
2026-02-15Github (jrm360seclab)Johny Metellus
AODIN X1BQ Projector — Pre-Installed Vo1d Botnet Malware
Void
2026-01-29FortninetAngelo Deveraturda, Jared Betts, John Simmons, Ken Evans, Mark Robson, Omar Avilez Melo, Xiaopeng Zhang
Interlock Ransomware: New Techniques, Same Old Tricks
Interlock
2025-12-18HelpNetSecurityJohn Wilson
Clipping Scripted Sparrow’s wings: Tracking a global phishing ring
Scripted Sparrow
2025-12-01FORTRAJohn Wilson
Unknown
Scripted Sparrow
2025-09-24GoogleAshley Pearson, Austin Larsen, BRAD SLAYBAUGH, Doug Bienstock, Geoff Carstairs, John Wolfram, Josh Madeley, Josh Murchie, Matt Lin, Sarah Yoder
Another BRICKSTORM: Stealthy Backdoor Enabling Espionage into Tech and Legal Sectors
BRICKSTORM
2025-08-19Red CanaryChris Brook, Christina Johns, Tyler Edmonds
Patching for persistence: How DripDropper Linux malware moves through the cloud
2025-06-12CitizenLabBill Marczak, John Scott-Railton
Graphite Caught: First Forensic Confirmation of Paragon’s iOS Mercenary Spyware Finds Journalists Targeted
2025-05-29FortinetJohn Simmons, Xiaopeng Zhang
Deep Dive into a Dumped Malware without a PE Header
2025-05-01FortinetFaisal Abdul Malik Qureshi, Fred Gutierrez, Hossein Jazi, John Simmons, Mark Robson, Said Wali, Xiaopeng Zhang
FortiGuard Incident Response Team Detects Intrusion into Middle East Critical National Infrastructure
Havoc
2025-04-16SpyCloudAurora Johnson, Keegan Keplinger
Exposed Credentials & Ransomware Operations: Using LLMs to Digest 200K Messages from the Black Basta Chats
Black Basta Black Basta
2025-04-03MandiantJacob Thompson, John Wolfram, Josh Murchie, Matt Lin, Michael Edie
Suspected China-Nexus Threat Actor Actively Exploiting Critical Ivanti Connect Secure Vulnerability (CVE-2025-22457)
SPAWNSNARE
2025-03-18TrellixJambul Tologonov, John Fokker
Analysis of Black Basta Ransomware Chat Leaks
Black Basta Black Basta
2025-03-12YouTube (John Hammond)John Hammond
LEAKED Russian Hackers Internal Chats
Black Basta Black Basta
2025-03-11Trend MicroCj Arsley Mateo, Darrel Tristan Virtusio, Jacob Santos, Junestherry Dela Cruz, Paul John Bardon
AI-Assisted Fake GitHub Repositories Fuel SmartLoader and LummaStealer Distribution
Lumma Stealer SmartLoader Water Kurita
2025-03-07FortinetFaisal Abdul Malik Qureshi, Fred Gutierrez, Hossein Jazi, John Simmons, Mark Robson, Said Wali, Xiaopeng Zhang
Investigating Iranian Intrusion into Strategic Middle East Critical Infrastructure
Havoc
2025-02-20ReliaquestJohn Dilgen
48 Minutes: How Fast Phishing Attacks Exploit Weaknesses
ReedBed
2024-11-20TrellixJambul Tologonov, John Fokker, Phuc Pham
Phobos: Stealthy Ransomware That Operated Under the Radar - Until Now
8Base CryptXXXX Dharma Phobos
2024-11-07Cisco TalosAliza Johnson, Chetan Raghuprasad, Elio Biasiotto, Michael Szeliga
Unwrapping the emerging Interlock ransomware attack
Interlock Rhysida
2024-09-20Trend MicroCharles Adrian Marty, Christian Alpuerto, John Paul Lim, Kyle Philippe Yu, Mark Chester De Quiroz, Mohammed Malubay
How Ransomhub Ransomware Uses EDRKillShifter to Disable EDR and Antivirus Protections
RansomHub Water Bakunawa