*[LIVE] Out of the Woods: The Threat Hunting Podcast – Threat Hunting Year in Review: 2025 Trends and What’s Next
January 29, 2026 | 12:00 - 1:30 PM ET
Sign Up: https://www.intel471.com/resources/podcasts/threat-hunting-year-in-review-2025-trends-and-whats-next

*Threat Hunting Workshop: Hunting for Privilege Escalation - Level 2
February 11, 2026 | 12:00 - 1:00 PM ET
Sign Up: https://www.intel471.com/resources/webinars/threat-hunting-workshop-hunting-for-privilege-escalation-level-2

Top Headlines:

• Google Cloud Blog | Releasing Rainbow Tables to Accelerate Protocol Deprecation: https://cloud.google.com/blog/topics/threat-intelligence/net-ntlmv1-deprecation-rainbow-tables
• BleepingComputer | Hackers exploit security testing apps to breach Fortune 500 firms: https://www.bleepingcomputer.com/news/security/hackers-exploit-security-testing-apps-to-breach-fortune-500-firms/?&web_view=true
• CyberArk | UNO reverse card: stealing cookies from cookie stealers: https://www.cyberark.com/resources/all-blog-posts/uno-reverse-card-stealing-cookies-from-cookie-stealers
• Malwarebytes | Can you use too many LOLBins to drop some RATs?: https://www.malwarebytes.com/blog/news/2026/01/can-you-use-too-many-lolbins-to-drop-some-rats?web_view=true

----------

Stay in Touch!
Twitter: https://twitter.com/Intel471Inc
LinkedIn: https://www.linkedin.com/company/intel-471/
YouTube: https://www.youtube.com/channel/UCIL4ElcM6oLd3n36hM4_wkg
Discord: https://discord.gg/DR4mcW4zBr
Facebook: https://www.facebook.com/Intel471Inc/

*[LIVE] Out of the Woods: The Threat Hunting Podcast – Threat Hunting Year in Review: 2025 Trends and What’s Next
January 29, 2026 | 12:00 - 1:30 PM ET
Sign Up: https://www.intel471.com/resources/podcasts/threat-hunting-year-in-review-2025-trends-and-whats-next

Top Headlines:

• Securonix | Analyzing PHALT#BLYX: How Fake BSODs and Trusted Build Tools Are Used to Construct a Malware Infection: https://www.securonix.com/blog/analyzing-phaltblyx-how-fake-bsods-and-trusted-build-tools-are-used-to-construct-a-malware-infection/
• https://mp.weixin.qq.com/mp/wappoc_appmsgcaptcha?poc_token=HM4cYGmjT2nsqEAFwWn2Sj9R90gqZmI2tEvjWdak&target_url=https%3A%2F%2Fmp.weixin.qq.com%2Fs%3F__biz%3DMzUyMjk4NzExMA%3D%3D%26mid%3D2247507757%26idx%3D1%26sn%3Dcf6b118e88395af45a000aae80811264
• CYFIRMA | APT36 : Multi-Stage LNK Malware Campaign Targeting Indian Government Entities: https://www.cyfirma.com/research/apt36-multi-stage-lnk-malware-campaign-targeting-indian-government-entities/
• BleepingComputer | VSCode IDE forks expose users to "recommended extension" attacks: https://www.bleepingcomputer.com/news/security/vscode-ide-forks-expose-users-to-recommended-extension-attacks/?&web_view=true

----------

Stay in Touch!
Twitter: https://twitter.com/Intel471Inc
LinkedIn: https://www.linkedin.com/company/intel-471/
YouTube: https://www.youtube.com/channel/UCIL4ElcM6oLd3n36hM4_wkg
Discord: https://discord.gg/DR4mcW4zBr
Facebook: https://www.facebook.com/Intel471Inc/

• welivesecurity.com | LongNosedGoblin tries to sniff out governmental affairs in Southeast Asia and Japan: https://www.welivesecurity.com/en/eset-research/longnosedgoblin-tries-sniff-out-governmental-affairs-southeast-asia-japan/
• Resecurity | DIG AI: Uncensored Darknet AI Assistant at the Service of Criminals and Terrorists: https://www.resecurity.com/blog/article/dig-ai-uncensored-darknet-ai-assistant-at-the-service-of-criminals-and-terrorists?&web_view=true
• koi.ai | NPM Package With 56K Downloads Caught Stealing WhatsApp Messages: https://www.koi.ai/blog/npm-package-with-56k-downloads-malware-stealing-whatsapp-messages
• zscaler.com | Zscaler Threat Hunting Catches Evasive SideWinder APT Campaign: https://www.zscaler.com/blogs/security-research/zscaler-threat-hunting-catches-evasive-sidewinder-apt-campaign?&web_view=true

• Unit 42 | Exploitation of Critical Vulnerability in React Server Components (Updated December 12): https://unit42.paloaltonetworks.com/cve-2025-55182-react-and-cve-2025-66478-next/
• hackread.com | New PyStoreRAT Malware Targets OSINT Researchers Through GitHub: https://hackread.com/pystorerat-rat-malware-github-osint-researchers/?web_view=true
• Check Point Research | Ink Dragon's Relay Network and Stealthy Offensive Operation: https://research.checkpoint.com/2025/ink-dragons-relay-network-and-offensive-operation/
• KOI.ai | Inside GhostPoster: How a PNG Icon Infected 50,000 Firefox Users: https://www.koi.ai/blog/inside-ghostposter-how-a-png-icon-infected-50-000-firefox-browser-users

• securelist.com | The Tsundere botnet uses the Ethereum blockchain to infect its targets: https://securelist.com/tsundere-node-js-botnet-uses-ethereum-blockchain/117979/
• Group-IB | Bloody Wolf: A Blunt Crowbar Threat To Justice: https://www.group-ib.com/blog/bloody-wolf/
• welivesecurity.com | MuddyWater: Snakes by the riverbank: https://www.welivesecurity.com/en/eset-research/muddywater-snakes-riverbank/
• Fortinet Blog | ShadowV2 Casts a Shadow Over IoT Devices: https://www.fortinet.com/blog/threat-research/shadowv2-casts-a-shadow-over-iot-devices?&web_view=true
• darktrace.com | ShadowV2: An emerging DDoS for hire botnet: https://www.darktrace.com/blog/shadowv2-an-emerging-ddos-for-hire-botnet

• Secure Annex | SleepyDuck malware invades Cursor through Open VSX: https://secureannex.com/blog/sleepyduck-malware/
• Arctic Wolf | UNC6384 Weaponizes ZDI-CAN-25373 Vulnerability to Deploy PlugX Against Hungarian and Belgian Diplomatic Entities: https://arcticwolf.com/resources/blog/unc6384-weaponizes-zdi-can-25373-vulnerability-to-deploy-plugx/
• Unit 42 | Microsoft WSUS Remote Code Execution (CVE-2025-59287) Actively Exploited in the Wild: https://unit42.paloaltonetworks.com/microsoft-cve-2025-59287/
• Unit 42 | Suspected Nation-State Threat Actor Uses New Airstalk Malware in a Supply Chain Attack: https://unit42.paloaltonetworks.com/new-windows-based-malware-family-airstalk/

• Koi | GlassWorm: First Self-Propagating Worm Using Invisible Code Hits OpenVSX Marketplace: https://www.koi.ai/blog/glassworm-first-self-propagating-worm-using-invisible-code-hits-openvsx-marketplace
• Cisco Talos Blog | BeaverTail and OtterCookie Evolve with a New Javascript Module: https://blog.talosintelligence.com/beavertail-and-ottercookie/
• Synacktiv | LinkPro: eBPF Rootkit Analysis: https://www.synacktiv.com/en/publications/linkpro-ebpf-rootkit-analysis
• BleepingComputer | American Airlines Subsidiary Envoy Confirms Oracle Data Theft Attack: https://www.bleepingcomputer.com/news/security/american-airlines-subsidiary-envoy-confirms-oracle-data-theft-attack/?&web_view=true