Endi mavjud! Telegram Tadqiqoti 2025 — yilning asosiy insaytlari 
Malware News
Kanalga Telegram’da o‘tish
The latest NEWS about malwares, DFIR, hacking, security issues, thoughts and ... Partner channel: @cveNotify For ads: https://telega.io/c/malwr
Ko'proq ko'rsatish📈 Telegram kanali Malware News analitikasi
Malware News (@malwr) Ingliz til segmentidagi kanali faol ishtirokchi. Hozirda hamjamiyat 14 825 obunachidan iborat bo'lib, Texnologiyalar & Aralashmalar toifasida 8 704-o'rinni va AQSH mintaqasida 2 561-o'rinni egallagan.
📊 Auditoriya ko‘rsatkichlari va dinamika
невідомо sanasidan buyon loyiha tez o‘sib, 14 825 obunachiga ega bo‘ldi.
26 Iyun, 2026 dagi oxirgi ma’lumotlarga ko‘ra kanal barqaror faollikka ega. Oxirgi 30 kunda obunachilar soni 664 ga, so‘nggi 24 soatda esa 31 ga o‘zgardi va umumiy qamrov yuqori darajada qolmoqda.
- Tasdiqlash holati: Tasdiqlanmagan
- Jalb etish (ER): Auditoriya o‘rtacha 4.27% darajada jalb etiladi. Nashrdan keyingi dastlabki 24 soatda kontent odatda umumiy obunachilar sonining 2.37% ini tashkil etuvchi reaksiyalarni to‘playdi.
- Post qamrovi: Har bir post o‘rtacha 633 marta ko‘riladi; birinchi sutkada odatda 351 ta ko‘rish yig‘iladi.
- Reaksiyalar va o‘zaro ta’sir: Auditoriya faol: har bir postga o‘rtacha 1 ta reaksiya keladi.
- Tematik yo‘nalishlar: Kontent threat, kernel, cve-2025, actor, attack kabi asosiy mavzularga jamlangan.
📝 Tavsif va kontent siyosati
Muallif resursni shaxsiy fikrni ifoda etish maydoni sifatida ta’riflaydi:
“The latest NEWS about malwares, DFIR, hacking, security issues, thoughts and ...
Partner channel: @cveNotify
For ads: https://telega.io/c/malwr”
Yuqori yangilanish chastotasi (oxirgi ma’lumot 27 Iyun, 2026 da olingan) sababli kanal doimo dolzarb va katta qamrovli bo‘lib qoladi. Analitika auditoriya kontent bilan faol hamkorlik qilishini, uni Texnologiyalar & Aralashmalar toifasidagi muhim ta’sir nuqtasiga aylantirishini ko‘rsatadi.
14 825
Obunachilar
+3124 soatlar
+1977 kunlar
+66430 kunlar
Postlar arxiv
14 825
heavener: This is what happens when you can't afford EDR licenses
A modular engine that runs real vendor detection logic from reverse-engineered EDR components against live or replayed Windows telemetry.
https://blog.otterpwn.com/projects/heavener
🎖@malwr
14 825
andreicscs/HoneyWire: HoneyWire: The Open-Source, Unlimited Deception Platform. Turn any Linux machine into an enterprise-grade canary in 60 seconds.
https://github.com/andreicscs/HoneyWire
HoneyWire is a lightweight, Distributed High-Signal Security Early-Warning System Builder, designed for internal networks. It leverages its architecture and UX to make it incredibly easy to build a new Cyber Canary server or deploy HoneyWires on existing ones. Using deception technology, it replaces the "magnifying glass" approach of traditional SIEMs which often drown analysts in false positives by surveilling legitimate traffic with a High-Fidelity Tripwire model.🎖@malwr
14 825
orloxgr/ClamShield: Windows security UI for ClamAV/YARA with real-time shield, scheduled scans, SecuriteInfo/SaneSecurity signatures, DNS protection, quarantine, VirusTotal checks, and auto-updates.
https://github.com/orloxgr/ClamShield
🎖@malwr
14 825
Harnessing the Power of Cobalt Strike Profiles for EDR Evasion – Part 3 | White Knight Labs
This blog post is a continuation of the previous entry “Harnessing the Power of Cobalt Strike Profiles for EDR Evasion“ and its follow-up, Part 2. Following
https://whiteknightlabs.com/2026/06/15/harnessing-the-power-of-cobalt-strike-profiles-for-edr-evasion-part-3/
🎖@malwr
14 825
The Latest Addition to Turla’s Intelligence Gathering Apparatus | Google Cloud Blog
Analysis of a backdoor, STOCKSTAY, that has been continually developed and deployed by the Russia-linked threat actor Turla.
https://cloud.google.com/blog/topics/threat-intelligence/stockstay-turla-intelligence-gathering/
🎖@malwr
14 825
Luma - the official Frida GUI
Luma, the official Frida GUI. Interactive dynamic instrumentation for macOS, Windows, and Linux.
https://luma.frida.re/
🎖@malwr
14 825
Gamaredon in 2025: Leveraging tunnels, workers, dead drops, and new alliances
ESET Research analyzes Gamaredon’s new toolset and the group’s growing reliance on legitimate online services to hide its C&C infrastructure and exfiltrate stolen data
https://www.welivesecurity.com/en/eset-research/gamaredon-2025-leveraging-tunnels-workers-dead-drops-new-alliances/
https://web-assets.esetstatic.com/wls/en/papers/white-papers/gamaredon-in-2025.pdf
🎖@malwr
14 825
Evaluating Mexico’s New Cybersecurity Plan
Explore an analysis of Mexico’s 2025–2030 National Cybersecurity Plan. Discover how Mexico is addressing critical threats like ransomware, organized crime, and AI-driven attacks while preparing its digital infrastructure for the 2026 FIFA World Cup and beyond
https://www.recordedfuture.com/research/mexico-new-cybersecurity-plan-evaluation
https://assets.recordedfuture.com/insikt-report-pdfs/2026/cta-2026-0625.pdf
🎖@malwr
14 825
1689er/exclusion-auditor: Read-only NGAV/EDR exclusion risk and hygiene auditor (CrowdStrike-first, vendor-agnostic).
https://github.com/1689er/exclusion-auditor
🎖@malwr
14 825
Ping32 RMM and ValleyRAT
Fareed Radzi recently blogged about a malware campaign observed earlier in June by Kasperskys GReAT team. The malware campaign embedded malicious code in VBScripts, which were distributed through WhatsApp DMs. The VBScript then dropped the legitimate Remote Monitoring and Management (RMM) tool Manag...
https://www.netresec.com/?page=Blog&month=2026-06&post=Ping32-RMM-and-ValleyRAT
🎖@malwr
14 825
Introduction to COM usage by Windows threats
Component Object Model (COM) is a fundamental Windows technology used by legitimate applications for object activation, inter-process communication, automation and language-independent component reuse. Those same qualities make it useful to threat actors.
https://blog.talosintelligence.com/introduction-to-com-usage-by-windows-threats/
🎖@malwr
14 825
Hackmosphere/DefenderBypass: A guide to learning antivirus evasion
https://github.com/hackmosphere/DefenderBypass
🎖@malwr
14 825
ESET takes part in Operation Endgame to disrupt Amadey and Stealc
ESET researchers assisted in the global disruption of the Amadey botnet and Stealc infostealer, providing technical analysis, infrastructure tracking, and affiliate-level insights.
https://www.welivesecurity.com/en/eset-research/eset-takes-part-operation-endgame-disrupt-amadey-stealc/
🎖@malwr
14 825
X-3306/Project-Onyx: Advanced EDR Evasion via AI Telemetry Spoofing & WASM Sandboxing. Project Onyx is a PoC Red Team pipeline designed to demonstrate advanced evasion techniques against modern EDR systems. It shifts away from traditional signature-based obfuscation towards behavioral camouflage and strict environmental keying.
https://github.com/X-3306/Project-Onyx
🎖@malwr
14 825
macOS.Gaslight | Rust Backdoor Turns Prompt Injection on the Analyst, Not the Sandbox
DPRK-linked implant embeds 38 fabricated system messages that spoof an LLM triage harness, hiding a credential stealer and Telegram C2 underneath.
https://www.sentinelone.com/labs/macos-gaslight-rust-backdoor-turns-prompt-injection-on-the-analyst-not-the-sandbox/
🎖@malwr
14 825
VECT: Ransomware by design, Wiper by accident
https://research.checkpoint.com/2026/vect-ransomware-by-design-wiper-by-accident/
🎖@malwr
14 825
MemNixFS/MemNixFS: Linux Memory Forensics Framework That Transforms Memory Dumps Into a Navigable Filesystem
https://github.com/MemNixFS/MemNixFS
🎖@malwr
14 825
Build your own vulnerability harness
We break down the technical architecture behind our multi-stage vulnerability discovery harness and automated triage loop. Learn how we manage state controls, squash false positives through adversarial review, and route around LLM context limits.
https://blog.cloudflare.com/build-your-own-vulnerability-harness/
🎖@malwr
