¡Ya disponible! Investigación de Telegram 2025 — los principales insights del año 
Malware News
Ir al canal en Telegram
The latest NEWS about malwares, DFIR, hacking, security issues, thoughts and ... Partner channel: @cveNotify For ads: https://telega.io/c/malwr
Mostrar más📈 Análisis del canal de Telegram Malware News
El canal Malware News (@malwr) en el segmento lingüístico de Inglés es un actor destacado. Actualmente la comunidad reúne a 14 825 suscriptores, ocupando la posición 8 704 en la categoría Tecnologías y Aplicaciones y el puesto 2 561 en la región EEUU.
📊 Métricas de audiencia y dinámica
Desde su creación el невідомо, el proyecto ha mostrado un crecimiento acelerado, reuniendo a 14 825 suscriptores.
Según los últimos datos del 26 junio, 2026, el canal mantiene una actividad estable. En los últimos 30 días la variación de miembros fue de 664, y en las últimas 24 horas de 31, conservando un alto alcance.
- Estado de verificación: No verificado
- Tasa de interacción (ER): El promedio de interacción de la audiencia es 4.27%. Durante las primeras 24 horas tras publicar, el contenido suele obtener 2.37% de reacciones respecto al total de suscriptores.
- Alcance de las publicaciones: Cada publicación recibe en promedio 633 visualizaciones. En el primer día suele acumular 351 visualizaciones.
- Reacciones e interacción: La audiencia responde de forma activa: el promedio de reacciones por publicación es 1.
- Intereses temáticos: El contenido se centra en temas clave como threat, kernel, cve-2025, actor, attack.
📝 Descripción y política de contenido
El autor describe el recurso como un espacio para expresar opiniones subjetivas:
“The latest NEWS about malwares, DFIR, hacking, security issues, thoughts and ...
Partner channel: @cveNotify
For ads: https://telega.io/c/malwr”
Gracias a la alta frecuencia de actualizaciones (últimos datos recibidos el 27 junio, 2026), el canal mantiene la vigencia y un amplio alcance. La analítica demuestra que la audiencia interactúa activamente con el contenido, lo que lo convierte en un punto de referencia dentro de la categoría Tecnologías y Aplicaciones.
14 825
Suscriptores
+3124 horas
+1977 días
+66430 días
Archivo de publicaciones
14 825
heavener: This is what happens when you can't afford EDR licenses
A modular engine that runs real vendor detection logic from reverse-engineered EDR components against live or replayed Windows telemetry.
https://blog.otterpwn.com/projects/heavener
🎖@malwr
14 825
andreicscs/HoneyWire: HoneyWire: The Open-Source, Unlimited Deception Platform. Turn any Linux machine into an enterprise-grade canary in 60 seconds.
https://github.com/andreicscs/HoneyWire
HoneyWire is a lightweight, Distributed High-Signal Security Early-Warning System Builder, designed for internal networks. It leverages its architecture and UX to make it incredibly easy to build a new Cyber Canary server or deploy HoneyWires on existing ones. Using deception technology, it replaces the "magnifying glass" approach of traditional SIEMs which often drown analysts in false positives by surveilling legitimate traffic with a High-Fidelity Tripwire model.🎖@malwr
14 825
orloxgr/ClamShield: Windows security UI for ClamAV/YARA with real-time shield, scheduled scans, SecuriteInfo/SaneSecurity signatures, DNS protection, quarantine, VirusTotal checks, and auto-updates.
https://github.com/orloxgr/ClamShield
🎖@malwr
14 825
Harnessing the Power of Cobalt Strike Profiles for EDR Evasion – Part 3 | White Knight Labs
This blog post is a continuation of the previous entry “Harnessing the Power of Cobalt Strike Profiles for EDR Evasion“ and its follow-up, Part 2. Following
https://whiteknightlabs.com/2026/06/15/harnessing-the-power-of-cobalt-strike-profiles-for-edr-evasion-part-3/
🎖@malwr
14 825
The Latest Addition to Turla’s Intelligence Gathering Apparatus | Google Cloud Blog
Analysis of a backdoor, STOCKSTAY, that has been continually developed and deployed by the Russia-linked threat actor Turla.
https://cloud.google.com/blog/topics/threat-intelligence/stockstay-turla-intelligence-gathering/
🎖@malwr
14 825
Luma - the official Frida GUI
Luma, the official Frida GUI. Interactive dynamic instrumentation for macOS, Windows, and Linux.
https://luma.frida.re/
🎖@malwr
14 825
Gamaredon in 2025: Leveraging tunnels, workers, dead drops, and new alliances
ESET Research analyzes Gamaredon’s new toolset and the group’s growing reliance on legitimate online services to hide its C&C infrastructure and exfiltrate stolen data
https://www.welivesecurity.com/en/eset-research/gamaredon-2025-leveraging-tunnels-workers-dead-drops-new-alliances/
https://web-assets.esetstatic.com/wls/en/papers/white-papers/gamaredon-in-2025.pdf
🎖@malwr
14 825
Evaluating Mexico’s New Cybersecurity Plan
Explore an analysis of Mexico’s 2025–2030 National Cybersecurity Plan. Discover how Mexico is addressing critical threats like ransomware, organized crime, and AI-driven attacks while preparing its digital infrastructure for the 2026 FIFA World Cup and beyond
https://www.recordedfuture.com/research/mexico-new-cybersecurity-plan-evaluation
https://assets.recordedfuture.com/insikt-report-pdfs/2026/cta-2026-0625.pdf
🎖@malwr
14 825
1689er/exclusion-auditor: Read-only NGAV/EDR exclusion risk and hygiene auditor (CrowdStrike-first, vendor-agnostic).
https://github.com/1689er/exclusion-auditor
🎖@malwr
14 825
Ping32 RMM and ValleyRAT
Fareed Radzi recently blogged about a malware campaign observed earlier in June by Kasperskys GReAT team. The malware campaign embedded malicious code in VBScripts, which were distributed through WhatsApp DMs. The VBScript then dropped the legitimate Remote Monitoring and Management (RMM) tool Manag...
https://www.netresec.com/?page=Blog&month=2026-06&post=Ping32-RMM-and-ValleyRAT
🎖@malwr
14 825
Introduction to COM usage by Windows threats
Component Object Model (COM) is a fundamental Windows technology used by legitimate applications for object activation, inter-process communication, automation and language-independent component reuse. Those same qualities make it useful to threat actors.
https://blog.talosintelligence.com/introduction-to-com-usage-by-windows-threats/
🎖@malwr
14 825
Hackmosphere/DefenderBypass: A guide to learning antivirus evasion
https://github.com/hackmosphere/DefenderBypass
🎖@malwr
14 825
ESET takes part in Operation Endgame to disrupt Amadey and Stealc
ESET researchers assisted in the global disruption of the Amadey botnet and Stealc infostealer, providing technical analysis, infrastructure tracking, and affiliate-level insights.
https://www.welivesecurity.com/en/eset-research/eset-takes-part-operation-endgame-disrupt-amadey-stealc/
🎖@malwr
14 825
X-3306/Project-Onyx: Advanced EDR Evasion via AI Telemetry Spoofing & WASM Sandboxing. Project Onyx is a PoC Red Team pipeline designed to demonstrate advanced evasion techniques against modern EDR systems. It shifts away from traditional signature-based obfuscation towards behavioral camouflage and strict environmental keying.
https://github.com/X-3306/Project-Onyx
🎖@malwr
14 825
macOS.Gaslight | Rust Backdoor Turns Prompt Injection on the Analyst, Not the Sandbox
DPRK-linked implant embeds 38 fabricated system messages that spoof an LLM triage harness, hiding a credential stealer and Telegram C2 underneath.
https://www.sentinelone.com/labs/macos-gaslight-rust-backdoor-turns-prompt-injection-on-the-analyst-not-the-sandbox/
🎖@malwr
14 825
VECT: Ransomware by design, Wiper by accident
https://research.checkpoint.com/2026/vect-ransomware-by-design-wiper-by-accident/
🎖@malwr
14 825
MemNixFS/MemNixFS: Linux Memory Forensics Framework That Transforms Memory Dumps Into a Navigable Filesystem
https://github.com/MemNixFS/MemNixFS
🎖@malwr
14 825
Build your own vulnerability harness
We break down the technical architecture behind our multi-stage vulnerability discovery harness and automated triage loop. Learn how we manage state controls, squash false positives through adversarial review, and route around LLM context limits.
https://blog.cloudflare.com/build-your-own-vulnerability-harness/
🎖@malwr
