blueteamsec

630 readers
41 users here now

For [Blue|Purple] Teams in Cyber Defence - covering discovery, detection, response, threat intelligence, malware, offensive tradecraft and tooling, deception, reverse engineering etc.

founded 2 years ago
MODERATORS
digicat
listing: all - local
901
3
Critical RCE Vulnerabilities Discovered in React & Next.js (www.wiz.io)
submitted 2 months ago by digicat to c/blueteamsec
0 comments fedilink
902
0
raptor: Raptor turns Claude Code into a general-purpose AI offensive/defensive security agent. By using Claude.md and creating rules, sub-agents, and skills, and orchestrating security tool usage (github.com)
submitted 2 months ago by digicat to c/blueteamsec
0 comments fedilink
903
3
Knownsec: The King of Vulnerability Missed Three Vulnerabilities of Its Own (nattothoughts.substack.com)
submitted 2 months ago by digicat to c/blueteamsec
0 comments fedilink
904
2
Principles for the Secure Integration of Artificial Intelligence in Operational Technology (media.defense.gov)
submitted 2 months ago by digicat to c/blueteamsec
0 comments fedilink
905
1
Defending against adversary-in-the-middle threats with phishing-resistant multi-factor authentication (ITSM.30.031) - Canadian Centre for Cyber Security (www.cyber.gc.ca)
submitted 2 months ago by digicat to c/blueteamsec
0 comments fedilink
906
1
MuddyWater: Snakes by the riverbank (www.welivesecurity.com)
submitted 2 months ago by digicat to c/blueteamsec
0 comments fedilink
907
2
Dragons in Thunder (ptsecurity.com)
submitted 2 months ago by digicat to c/blueteamsec
0 comments fedilink
908
4
Introducing constant-time support for LLVM to protect cryptographic code (blog.trailofbits.com)
submitted 2 months ago by digicat to c/blueteamsec
0 comments fedilink
909
4
AI agents find $4.6M in blockchain smart contract exploits (red.anthropic.com)
submitted 2 months ago by digicat to c/blueteamsec
0 comments fedilink
910
4
B2B Guest Access Creates an Unprotected Attack Vector - Microsoft’s B2B guest collaboration allows attackers to bypass all Defender for Office 365 protections by inviting users into malicious tenants (www.ontinue.com)
submitted 2 months ago by digicat to c/blueteamsec
0 comments fedilink
911
3
4.3 Million Browsers Infected: Inside ShadyPanda's 7-Year Malware Campaign (www.koi.ai)
submitted 2 months ago by digicat to c/blueteamsec
0 comments fedilink
912
3
DNS Uncovers Infrastructure Used in SSO Attacks (blogs.infoblox.com)
submitted 2 months ago by digicat to c/blueteamsec
0 comments fedilink
913
3
DNS Uncovers Infrastructure Used in SSO Attacks (blogs.infoblox.com)
submitted 2 months ago by digicat to c/blueteamsec
0 comments fedilink
914
1
What makes a responsible cyber actor: introducing the Pall Mall industry consultation on good practice (www.ncsc.gov.uk)
submitted 2 months ago by digicat to c/blueteamsec
0 comments fedilink
915
1
New Zealand Cyber Threat Report 2025 (www.ncsc.govt.nz)
submitted 2 months ago by digicat to c/blueteamsec
0 comments fedilink
916
6
How a Russian Threat Actor Uses a Recent WinRAR Vulnerability in Their Ukraine Operations (blog.synapticsystems.de)
submitted 2 months ago by digicat to c/blueteamsec
0 comments fedilink
917
2
how i found a europa.eu compromise (thanks to cricket) (blog.himanshuanand.com)
submitted 2 months ago by digicat to c/blueteamsec
0 comments fedilink
918
2
A new wiper attack has been identified affecting Ukraine. (self.blueteamsec)
submitted 2 months ago by digicat to c/blueteamsec
0 comments fedilink
 
 

"A new wiper attack has been identified by ClearSky Cyber Security affecting Ukraine. We named this wiper "GamaWiper" (VBS-based wiper). The intrusion chain begins with the exploitation of a vulnerable WinRAR version (CVE-2025-80880). We assess with moderate confidence that this activity is linked to the Gamaredon APT group. This marks the first observed instance of Gamaredon conducting destructive operations rather than its traditional espionage activities."

Related IoCs: 95262c4094a9a5e589a218e354ef54b3800aa0abc3b6a343bbcfdcbf021fc04f – initial ZIP with vulnerability CVE-2025-80880 68e21d7599d20444232415a7e74214ce50d7b4643215d83b8320e74c95a9dfd3 – downloaded VBA aafa4c206495163a5e408aa5c296139fe9f330a9f819a226c6934921493de9c6 – downloaded (padded+base64) wiper d4ce4776bdad9b741a1e8345b41737245b80f4cf8d361ebb1ae5415c7a4fe1eb – base64 encrypted wiper 9a39423ec90dc06a3058279cd744c08d83252d1c7096633b9853e435cc205755 – deobfuscated wiper

src: https://x.com/ClearskySec/status/1995061537183011084

919
3
Unmasking a new DPRK Front Company DredSoftLabs (medium.com)
submitted 2 months ago by digicat to c/blueteamsec
0 comments fedilink
920
1
Ivanti Post-Exploitation Lateral Movement — Analysis and Detection (medium.com)
submitted 2 months ago by digicat to c/blueteamsec
0 comments fedilink
921
0
Extending UniFi Monitoring in Microsoft Sentinel: Workbooks and Analytics Rules (sentinel.blog)
submitted 2 months ago by digicat to c/blueteamsec
0 comments fedilink
922
0
Integrating UniFi Network Monitoring into Microsoft Sentinel (sentinel.blog)
submitted 2 months ago by digicat to c/blueteamsec
0 comments fedilink
923
4
Analysis of the Rust implants found in the malicious VS Code extension (www.nextron-systems.com)
submitted 2 months ago by digicat to c/blueteamsec
0 comments fedilink
924
1
Risk-Based Alerting in Microsoft Sentinel (isaacdunham.github.io)
submitted 2 months ago by digicat to c/blueteamsec
0 comments fedilink
925
1
Hide the threat - GPO lateral movement (www.intrinsec.com)
submitted 2 months ago by digicat to c/blueteamsec
0 comments fedilink
view more: ‹ prev next ›