Malware News
The latest NEWS about malwares, DFIR, hacking, security issues, thoughts and ... Partner channel: @cveNotify For ads: https://telega.io/c/malwr
إظهار المزيد📈 نظرة تحليلية على قناة تيليجرام Malware News
تُعد قناة Malware News (@malwr) في القطاع اللغوي الإنكليزية لاعباً نشطاً. يضم المجتمع حالياً 14 903 مشتركاً، محتلاً المرتبة 8 651 في فئة التكنولوجيات والتطبيقات والمرتبة 2 551 في منطقة الولايات المتحدة.
📊 مؤشرات الجمهور والحراك
منذ تأسيسه في невідомо، حقق المشروع نمواً سريعاً وجمع 14 903 مشتركاً.
بحسب آخر البيانات بتاريخ 30 يونيو, 2026، تحافظ القناة على نشاط مستقر. خلال آخر 30 يوماً تغيّر عدد الأعضاء بمقدار 672، وفي آخر 24 ساعة بمقدار 28، مع بقاء الوصول العام مرتفعاً.
- حالة التحقق: غير موثّقة
- معدل التفاعل (ER): يبلغ متوسط تفاعل الجمهور 4.46%. وخلال أول 24 ساعة من النشر يحصد المحتوى عادةً 2.46% من ردود الفعل نسبةً إلى إجمالي المشتركين.
- وصول المنشورات: يحصل كل منشور على متوسط 665 مشاهدة. وخلال اليوم الأول يجمع عادةً 366 مشاهدة.
- التفاعلات والاستجابة: يتفاعل الجمهور بانتظام؛ متوسط التفاعلات لكل منشور يبلغ 1.
- الاهتمامات الموضوعية: يركز المحتوى على مواضيع رئيسية مثل threat, kernel, cve-2025, actor, attack.
📝 الوصف وسياسة المحتوى
يصف المؤلف القناة بأنها مساحة للتعبير عن الآراء الذاتية:
“The latest NEWS about malwares, DFIR, hacking, security issues, thoughts and ...
Partner channel: @cveNotify
For ads: https://telega.io/c/malwr”
بفضل وتيرة التحديث المرتفعة (أحدث البيانات بتاريخ 01 يوليو, 2026) تحافظ القناة على حداثتها ومستوى وصول مرتفع. وتُظهر التحليلات تفاعلاً نشطاً من الجمهور، ما يجعلها نقطة تأثير مهمة ضمن فئة التكنولوجيات والتطبيقات.
جاري تحميل البيانات...
| التاريخ | نمو المشتركين | الإشارات | القنوات | |
| 01 يوليو | +5 |
| 2 | Chaelsoo/Hollow
https://github.com/Chaelsoo/Hollow
hollow is a shellcode loader generator. You give it a raw shellcode binary and a profile, and it spits out a compiled Windows PE loader with your shellcode encrypted inside.
🎖@malwr | 243 |
| 3 | Mustang Panda targets India's government and energy sectors with ZOHOMURK and MINIRECON
Acronis Threat Research Unit (TRU) has been tracking two concurrent campaigns orchestrated by Mustang Panda targeting Indian government entities, delivering new malware implants and abusing Zoho WorkDrive, a legitimate cloud storage platform commonly used in the Indian government sector.
https://www.acronis.com/en/tru/posts/mustang-panda-targets-indias-government-and-energy-sectors/
🎖@malwr | 331 |
| 4 | TONResolver RAT Abuses TON Blockchain to Target Japan's Hotel Industry
In this blog entry, TrendAI™ Research examines a wave of phishing emails observed in May 2026 that targeted Japanese accommodation facilities using Booking.com, detailing the victims, attack techniques used, and characteristics of the malware involved.
https://www.trendmicro.com/en_us/research/26/f/tonresolver.html
🎖@malwr | 271 |
| 5 | Enterprise Tech In, Shell Out (Progress Kemp LoadMaster Uninitialized Heap to Pre-Auth RCE CVE-2026-8037)
Welcome back to another watchTowr Labs blog post.
This time, we're looking at Progress Kemp LoadMaster, a load balancer that sits at the edge of a lot of enterprise networks. Edge appliances have a habit of becoming the way in rather than the thing keeping people out, and CVE-
https://labs.watchtowr.com/enterprise-tech-in-shell-out-progress-kemp-loadmaster-uninitialized-heap-to-pre-auth-rce-cve-2026-8037/
🎖@malwr | 261 |
| 6 | Anatomy of a WHQL-Signed Windows Filtering Platform (WFP) Kernel-Resident Network Backdoor - Nextron Systems
https://www.nextron-systems.com/2026/06/26/anatomy-of-a-whql-signed-windows-filtering-platform-wfp-kernel-resident-network-backdoor/
🎖@malwr | 250 |
| 7 | Adham504/iocforge: An advanced, production-ready Threat Intelligence utility that extracts Indicators of Compromise (IoCs) from many file formats, removes false positives, enriches them with live Threat Intelligence APIs, and produces rich JSON / CSV / HTML / summary reports.
https://github.com/Adham504/iocforge
🎖@malwr | 440 |
| 8 | dantiicu/wine-nx: Experimental Wine runtime for Nintendo Switch: AArch64 Windows PE loading, Horizon/libnx integration, win32u USER/GDI bring-up, software framebuffer display, touch input, and early Notepad GUI support.
https://github.com/dantiicu/wine-nx
🎖@malwr | 472 |
| 9 | zenniskayy2k4/xAI-in-Malware-Detection: An AI-Powered Malware Detection Framework with MCP Integration
https://github.com/zenniskayy2k4/xAI-in-Malware-Detection
🎖@malwr | 503 |
| 10 | manikandantn68/window-persistence-Privilege-Escalation: A complete hands-on reference of 46 Windows persistence techniques used by real-world APT groups. Each technique includes MITRE ATT&CK TTP mapping, known threat actor attribution, attack commands, verification steps, and cleanup — organized from No-Admin to Admin level. Built for red teamers, malware analysts, and cybersecurity learners.
https://github.com/manikandantn68/window-persistence-Privilege-Escalation
🎖@malwr | 447 |
| 11 | Ethan-Andrews/Exploitarium-Detections: KQL detection rules for Microsoft Sentinel and Defender XDR covering the bikini/exploitarium anonymous disclosure — a personal research archive of 15 distinct vulnerability targets across 109 tracked files, released without vendor notification on June 23, 2026.
https://github.com/Ethan-Andrews/Exploitarium-Detections
🎖@malwr | 404 |
| 12 | diabloidyobane/BlindSpot: Reverse engineering a manually-mapped commercial cheat DLL in The Division 2. Documents the pe-sieve enumeration Blindspot (MEM_PRIVATE + header wiping). Anti-cheat safe — read-only Windows APIs only, no debugger, no injection. Pure Python. Includes the reconstructed PE, IDA database, scripts, and an academic paper of the workflow.
https://github.com/diabloidyobane/BlindSpot
🎖@malwr | 506 |
| 13 | Dissecting Apple's Sparse Image Format (ASIF) | schamper.dev
At WWDC 2025, Apple announced macOS 26 Tahoe. One of the new features in macOS Tahoe is a new disk image format: ASIF. Designed for use with virtual machines (its documentation lives under the Virtualization framework), ASIF takes a lot of inspiration from existing virtual disk formats. Practically, that means it’s another sparse virtual disk format, and functions very similar to sparse VMDK, VHDX or QCOW2 files (for the uninitiated, it allow you to store a large disk, or file, in a smaller, “sparse” manner).
https://schamper.dev/dissecting-apples-sparse-image-format-asif/
🎖@malwr | 504 |
| 14 | licitrasimone/CrystalSliver: Crystal Palace Evasion kit for Sliver
https://github.com/licitrasimone/CrystalSliver
🎖@malwr | 504 |
| 15 | 28Zaaky/khaos-c2: KHAOS is a modern C2 framework that routes agent traffic through cloud services already trusted by enterprise networks.
https://github.com/28Zaaky/khaos-c2
🎖@malwr | 505 |
| 16 | diabloidyobane/DriverScope: Static BYOVD hunting pipeline for Windows kernel drivers. Imports + IOCTL dispatch extraction (Capstone), cross-references LOLDrivers/MS Blocklist/KDU/VirusTotal, surfaces novel zero-day candidates. C++ comm-header generator for runtime validation. Pairs with Claude for triage.
https://github.com/diabloidyobane/DriverScope
🎖@malwr | 525 |
| 17 | heavener: This is what happens when you can't afford EDR licenses
A modular engine that runs real vendor detection logic from reverse-engineered EDR components against live or replayed Windows telemetry.
https://blog.otterpwn.com/projects/heavener
🎖@malwr | 581 |
| 18 | andreicscs/HoneyWire: HoneyWire: The Open-Source, Unlimited Deception Platform. Turn any Linux machine into an enterprise-grade canary in 60 seconds.
https://github.com/andreicscs/HoneyWire
HoneyWire is a lightweight, Distributed High-Signal Security Early-Warning System Builder, designed for internal networks. It leverages its architecture and UX to make it incredibly easy to build a new Cyber Canary server or deploy HoneyWires on existing ones. Using deception technology, it replaces the "magnifying glass" approach of traditional SIEMs which often drown analysts in false positives by surveilling legitimate traffic with a High-Fidelity Tripwire model.
🎖@malwr | 714 |
| 19 | orloxgr/ClamShield: Windows security UI for ClamAV/YARA with real-time shield, scheduled scans, SecuriteInfo/SaneSecurity signatures, DNS protection, quarantine, VirusTotal checks, and auto-updates.
https://github.com/orloxgr/ClamShield
🎖@malwr | 598 |
| 20 | Harnessing the Power of Cobalt Strike Profiles for EDR Evasion – Part 3 | White Knight Labs
This blog post is a continuation of the previous entry “Harnessing the Power of Cobalt Strike Profiles for EDR Evasion“ and its follow-up, Part 2. Following
https://whiteknightlabs.com/2026/06/15/harnessing-the-power-of-cobalt-strike-profiles-for-edr-evasion-part-3/
🎖@malwr | 554 |
متاح الآن! بحث تيليغرام 2025 — أهم رؤى العام 
