Malware News
The latest NEWS about malwares, DFIR, hacking, security issues, thoughts and ... Partner channel: @cveNotify For ads: https://telega.io/c/malwr
Show more๐ Analytical overview of Telegram channel Malware News
Channel Malware News (@malwr) in the English language segment is an active participant. Currently, the community unites 14 993 subscribers, ranking 8 580 in the Technologies & Applications category and 2 535 in the USA region.
๐ Audience metrics and dynamics
Since its creation on ะฝะตะฒัะดะพะผะพ, the project has demonstrated rapid growth, gathering an audience of 14 993 subscribers.
According to the latest data from 03 July, 2026, the channel demonstrates stable activity. Although there has been a change in the number of participants by 695 over the last 30 days and by 31 over the last 24 hours, overall reach remains high.
- Verification status: Not verified
- Engagement rate (ER): The average audience engagement rate is 4.35%. Within the first 24 hours after publication, content typically collects 2.39% reactions from the total number of subscribers.
- Post reach: On average, each post receives 651 views. Within the first day, a publication typically gains 358 views.
- Reactions and interaction: The audience actively supports content: the average number of reactions per post is 1.
- Thematic interests: Content is focused on key topics such as threat, kernel, cve-2025, actor, attack.
๐ Description and content policy
The author describes the resource as a platform for expressing subjective opinions:
โThe latest NEWS about malwares, DFIR, hacking, security issues, thoughts and ...
Partner channel: @cveNotify
For ads: https://telega.io/c/malwrโ
Thanks to the high frequency of updates (latest data received on 04 July, 2026), the channel maintains relevance and a high level of publication reach. Analytics show that the audience actively interacts with content, making it an important point of influence in the Technologies & Applications category.
Data loading in progress...
| Date | Subscriber Growth | Mentions | Channels | |
| 04 July | +16 | |||
| 03 July | +31 | |||
| 02 July | +29 | |||
| 01 July | +20 |
| 2 | The Gentlemen RaaS: rapid growth and a new ransomware variant
Kaspersky researchers analyze incidents related to The Gentlemen RaaS group, disclose their tools and TTPs, and find a new ransomware variant.
https://securelist.com/the-gentlemen-raas/120447/
๐@malwr | 208 |
| 3 | Accelerating EDR Evasion with LLM-Driven Analysis
SpecterOps reverse engineered Cortex XDR with LLMs to extract YARA rules, ML models, and behavioral detections.
https://specterops.io/blog/2026/06/29/llm-powered-edr-analysis/
๐@malwr | 322 |
| 4 | Silent Swap: A Crypto Clipper Extension Campaign
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/crypto-clipper-wallet-swapping-browser-extension-malware/
๐@malwr | 302 |
| 5 | Donโt eat the ChocoPoCs! Vulnerability researchers were targeted by trojanised exploits
A suspicious contribution request led YesWeHack and Sekoia researchers to uncover sophisticated malware targeting the vulnerability research supply chain.
https://www.yeswehack.com/news/chocopocs-vulnerability-researchers-trojanised-exploits?utm_source=reddit&utm_medium=social&utm_campaign=chocopocs-vulnerability-researchers
๐@malwr | 428 |
| 6 | Rhacknarok/hacksguard: A blazingly fast, multi-threaded TUI malware analysis tool built in Rust. Features deep PE parsing, YARA scanning, and heuristic risk scoring.
https://github.com/Rhacknarok/hacksguard
๐@malwr | 497 |
| 7 | How I broke Rhysida ransomware encryption
Rhysida derives every per-file AES key from a PRNG seeded with the encryption timestamp. Recover the timestamp and you regenerate every key. A reverse-engineering walkthrough and a minimal decryptor.
https://sigreturn.com/blog/rhysida-analysis-decryption/
๐@malwr | 445 |
| 8 | Win x64 Shellcode รขยย Part 2: TEB, PEB and List of Loaded Modules
In the previous part, we explained why shellcode cannot use statically written addresses of Windows API functions. The solution lies in the structures that Windows maintains directly in the memory of each process. Today we will look at them closely.
Prerequisites Before reading this part, it is advisable to read and understand the previous part. At the same time, it is highly advisable to have at least a basic understanding of what virtual memory and a pointer are.
https://proteqtum.com/posts/02-win-x64-shellcode-teb-peb_en/
๐@malwr | 385 |
| 9 | Fake Google and Cloudflare verification pages spread multiple malware families
https://www.malwarebytes.com/blog/threat-intel/2026/07/fake-google-and-cloudflare-verification-pages-spread-multiple-malware-families
๐@malwr | 347 |
| 10 | Reverse Engineering Warframeโs Anti-Cheat System
Warframe is the hit MMO game by Digital Extremes which is adored by many, being a curious Reverse Engineer I thought why not have a go atโฆ
https://medium.com/@ssushruth2003/reverse-engineering-warframes-anti-cheat-system-aae5e6272a4b
๐@malwr | 373 |
| 11 | Context Engineering | Compaction & Agent Memory for Automated Malware Analysis
Compaction cut input tokens 86% across long-running agent evals with no quality loss. Context discipline matters as much as model selection.
https://www.sentinelone.com/labs/context-engineering-compaction-agent-memory-for-automated-malware-analysis/
๐@malwr | 404 |
| 12 | greit0n/malwarebazaar-downloader: Pull MalwareBazaar samples into an isolated AV-testing lab โ safe-by-design CLI + glassmorphic desktop GUI (mbdl).
https://github.com/greit0n/malwarebazaar-downloader
๐@malwr | 562 |
| 13 | Iran-Nexus TAG-182 Disseminates MarkiRAT Surveillance Tool
Discover how Iranian-nexus threat cluster TAG-182 uses MarkiRAT malware and fake VPN/media apps to conduct cyber surveillance operations against domestic targets.
https://www.recordedfuture.com/research/nexus-tag182-disseminates-markirat
https://assets.recordedfuture.com/insikt-report-pdfs/2026/cta-ir-2026-0701.pdf
๐@malwr | 586 |
| 14 | Doctor Webโs Q2 2026 virus activity review
https://news.drweb.com/show/?i=15275&lng=en&c=5
๐@malwr | 555 |
| 15 | Doctor Webโs Q2 2026 review of virus activity on mobile devices
https://news.drweb.com/show/?i=15274&lng=en&c=5
๐@malwr | 488 |
| 16 | RadonCoding/binsafe: Obfuscator for compiled 64-bit portable executables.
https://github.com/RadonCoding/binsafe
๐@malwr | 395 |
| 17 | youssefnoob003/SindriKit: A foundational C library for building operationally credible offensive capabilities
https://github.com/youssefnoob003/SindriKit
๐@malwr | 373 |
| 18 | CitrixBleed To Infinity And Beyond (Citrix NetScaler Pre-Auth Memory Overread CVE-2026-8451)
Well, well, well - once again, the cat has dragged us in and spat us out.
Today, we find ourselves questioning the reality we sit within. Must it be so predictable, and why us? โBut watchTowr, what do you mean?โ
Well, if youโre here, you likely fit into one of
https://labs.watchtowr.com/citrixbleed-to-infinity-and-beyond-citrix-netscaler-pre-auth-memory-overread-cve-2026-8451/
๐@malwr | 477 |
| 19 | TuncorReUnion/TLAC-MODERN-LOCAL-ANTI-CHEAT-REUNIONED: This Anti-Cheat is local server based and fully open source. it's user space
https://github.com/TuncorReUnion/TLAC-MODERN-LOCAL-ANTI-CHEAT-REUNIONED
๐@malwr | 542 |
| 20 | Chaelsoo/Hollow
https://github.com/Chaelsoo/Hollow
hollow is a shellcode loader generator. You give it a raw shellcode binary and a profile, and it spits out a compiled Windows PE loader with your shellcode encrypted inside.
๐@malwr | 494 |
Available now! Telegram Research 2025 โ the year's key insights 
