Available now! Telegram Research 2025 โ the year's key insights 
Malware News
Open in Telegram
The latest NEWS about malwares, DFIR, hacking, security issues, thoughts and ... Partner channel: @cveNotify For ads: https://telega.io/c/malwr
Show more๐ Analytical overview of Telegram channel Malware News
Channel Malware News (@malwr) in the English language segment is an active participant. Currently, the community unites 14 825 subscribers, ranking 8 704 in the Technologies & Applications category and 2 561 in the USA region.
๐ Audience metrics and dynamics
Since its creation on ะฝะตะฒัะดะพะผะพ, the project has demonstrated rapid growth, gathering an audience of 14 825 subscribers.
According to the latest data from 26 June, 2026, the channel demonstrates stable activity. Although there has been a change in the number of participants by 664 over the last 30 days and by 31 over the last 24 hours, overall reach remains high.
- Verification status: Not verified
- Engagement rate (ER): The average audience engagement rate is 4.27%. Within the first 24 hours after publication, content typically collects 2.37% reactions from the total number of subscribers.
- Post reach: On average, each post receives 633 views. Within the first day, a publication typically gains 351 views.
- Reactions and interaction: The audience actively supports content: the average number of reactions per post is 1.
- Thematic interests: Content is focused on key topics such as threat, kernel, cve-2025, actor, attack.
๐ Description and content policy
The author describes the resource as a platform for expressing subjective opinions:
โThe latest NEWS about malwares, DFIR, hacking, security issues, thoughts and ...
Partner channel: @cveNotify
For ads: https://telega.io/c/malwrโ
Thanks to the high frequency of updates (latest data received on 27 June, 2026), the channel maintains relevance and a high level of publication reach. Analytics show that the audience actively interacts with content, making it an important point of influence in the Technologies & Applications category.
14 825
Subscribers
+3124 hours
+1977 days
+66430 days
Posts Archive
14 825
heavener: This is what happens when you can't afford EDR licenses
A modular engine that runs real vendor detection logic from reverse-engineered EDR components against live or replayed Windows telemetry.
https://blog.otterpwn.com/projects/heavener
๐@malwr
14 825
andreicscs/HoneyWire: HoneyWire: The Open-Source, Unlimited Deception Platform. Turn any Linux machine into an enterprise-grade canary in 60 seconds.
https://github.com/andreicscs/HoneyWire
HoneyWire is a lightweight, Distributed High-Signal Security Early-Warning System Builder, designed for internal networks. It leverages its architecture and UX to make it incredibly easy to build a new Cyber Canary server or deploy HoneyWires on existing ones. Using deception technology, it replaces the "magnifying glass" approach of traditional SIEMs which often drown analysts in false positives by surveilling legitimate traffic with a High-Fidelity Tripwire model.๐@malwr
14 825
orloxgr/ClamShield: Windows security UI for ClamAV/YARA with real-time shield, scheduled scans, SecuriteInfo/SaneSecurity signatures, DNS protection, quarantine, VirusTotal checks, and auto-updates.
https://github.com/orloxgr/ClamShield
๐@malwr
14 825
Harnessing the Power of Cobalt Strike Profiles for EDR Evasion โ Part 3 | White Knight Labs
This blog post is a continuation of the previous entry โHarnessing the Power of Cobalt Strike Profiles for EDR Evasionโ and its follow-up, Part 2. Following
https://whiteknightlabs.com/2026/06/15/harnessing-the-power-of-cobalt-strike-profiles-for-edr-evasion-part-3/
๐@malwr
14 825
The Latest Addition to Turlaโs Intelligence Gathering Apparatus | Google Cloud Blog
Analysis of a backdoor, STOCKSTAY, that has been continually developed and deployed by the Russia-linked threat actor Turla.
https://cloud.google.com/blog/topics/threat-intelligence/stockstay-turla-intelligence-gathering/
๐@malwr
14 825
Luma - the official Frida GUI
Luma, the official Frida GUI. Interactive dynamic instrumentation for macOS, Windows, and Linux.
https://luma.frida.re/
๐@malwr
14 825
Gamaredon in 2025: Leveraging tunnels, workers, dead drops, and new alliances
ESET Research analyzes Gamaredonโs new toolset and the groupโs growing reliance on legitimate online services to hide its C&C infrastructure and exfiltrate stolen data
https://www.welivesecurity.com/en/eset-research/gamaredon-2025-leveraging-tunnels-workers-dead-drops-new-alliances/
https://web-assets.esetstatic.com/wls/en/papers/white-papers/gamaredon-in-2025.pdf
๐@malwr
14 825
Evaluating Mexicoโs New Cybersecurity Plan
Explore an analysis of Mexicoโs 2025โ2030 National Cybersecurity Plan. Discover how Mexico is addressing critical threats like ransomware, organized crime, and AI-driven attacks while preparing its digital infrastructure for the 2026 FIFA World Cup and beyond
https://www.recordedfuture.com/research/mexico-new-cybersecurity-plan-evaluation
https://assets.recordedfuture.com/insikt-report-pdfs/2026/cta-2026-0625.pdf
๐@malwr
14 825
1689er/exclusion-auditor: Read-only NGAV/EDR exclusion risk and hygiene auditor (CrowdStrike-first, vendor-agnostic).
https://github.com/1689er/exclusion-auditor
๐@malwr
14 825
Ping32 RMM and ValleyRAT
Fareed Radzi recently blogged about a malware campaign observed earlier in June by Kasperskys GReAT team. The malware campaign embedded malicious code in VBScripts, which were distributed through WhatsApp DMs. The VBScript then dropped the legitimate Remote Monitoring and Management (RMM) tool Manag...
https://www.netresec.com/?page=Blog&month=2026-06&post=Ping32-RMM-and-ValleyRAT
๐@malwr
14 825
Introduction to COM usage by Windows threats
Component Object Model (COM) is a fundamental Windows technology used by legitimate applications for object activation, inter-process communication, automation and language-independent component reuse. Those same qualities make it useful to threat actors.
https://blog.talosintelligence.com/introduction-to-com-usage-by-windows-threats/
๐@malwr
14 825
Hackmosphere/DefenderBypass: A guide to learning antivirus evasion
https://github.com/hackmosphere/DefenderBypass
๐@malwr
14 825
ESET takes part in Operation Endgame to disrupt Amadey and Stealc
ESET researchers assisted in the global disruption of the Amadey botnet and Stealc infostealer, providing technical analysis, infrastructure tracking, and affiliate-level insights.
https://www.welivesecurity.com/en/eset-research/eset-takes-part-operation-endgame-disrupt-amadey-stealc/
๐@malwr
14 825
X-3306/Project-Onyx: Advanced EDR Evasion via AI Telemetry Spoofing & WASM Sandboxing. Project Onyx is a PoC Red Team pipeline designed to demonstrate advanced evasion techniques against modern EDR systems. It shifts away from traditional signature-based obfuscation towards behavioral camouflage and strict environmental keying.
https://github.com/X-3306/Project-Onyx
๐@malwr
14 825
macOS.Gaslight | Rust Backdoor Turns Prompt Injection on the Analyst, Not the Sandbox
DPRK-linked implant embeds 38 fabricated system messages that spoof an LLM triage harness, hiding a credential stealer and Telegram C2 underneath.
https://www.sentinelone.com/labs/macos-gaslight-rust-backdoor-turns-prompt-injection-on-the-analyst-not-the-sandbox/
๐@malwr
14 825
VECT: Ransomware by design, Wiper by accident
https://research.checkpoint.com/2026/vect-ransomware-by-design-wiper-by-accident/
๐@malwr
14 825
MemNixFS/MemNixFS: Linux Memory Forensics Framework That Transforms Memory Dumps Into a Navigable Filesystem
https://github.com/MemNixFS/MemNixFS
๐@malwr
14 825
Build your own vulnerability harness
We break down the technical architecture behind our multi-stage vulnerability discovery harness and automated triage loop. Learn how we manage state controls, squash false positives through adversarial review, and route around LLM context limits.
https://blog.cloudflare.com/build-your-own-vulnerability-harness/
๐@malwr
