Out of the Woods: The Threat Hunting Podcast

Top Headlines: The Hacker News | Microsoft Discloses DNS-Based ClickFix Attack Using Nslookup for Malware Staging: https://thehackernews.com/2026/02/microsoft-discloses-dns-based-clickfix.html?m=1 Straiker | SmartLoader Clones Oura Ring MCP to Deploy Supply Chain Attack: https://www.straiker.ai/blog/smartloader-clones-oura-ring-mcp-to-deploy-supply-chain-attack InfoStealers | Hudson Rock Identifies Real-World Infostealer Infection Targeting OpenClaw Configurations: https://www.infostealers.com/article/hudson-rock-identifies-real-world-infostealer-infection-targeting-openclaw-configurations/ Forcepoint | ScreenConnect Under Attack: SmartScreen Evasion and RMM Abuse: https://www.forcepoint.com/blog/x-labs/screenconnect-attack ----------Stay in Touch!Twitter: https://twitter.com/Intel471IncLinkedIn: https://www.linkedin.com/company/intel-471/YouTube: https://www.youtube.com/channel/UCIL4ElcM6oLd3n36hM4_wkgDiscord: https://discord.gg/DR4mcW4zBrFacebook: https://www.facebook.com/Intel471Inc/

*On-Demand - Threat Hunting Workshop: Hunting for Privilege Escalation - Level 2Watch Now: https://www.intel471.com/resources/webinars/threat-hunting-workshop-hunting-for-privilege-escalation-level-2----------Top Headlines: Socket | Malicious dYdX Packages Published to npm and PyPI After Maintainer Compromise: https://socket.dev/blog/malicious-dydx-packages-published-to-npm-and-pypi Help Net Security | State-backed phishing attacks targeting military officials and journalists on Signal: https://www.helpnetsecurity.com/2026/02/06/state-linked-phishing-europe-journalists-signal/?web_view=true Cisco Talos | Knife Cutting the Edge: Disclosing a China-nexus gateway-monitoring AitM framework: https://blog.talosintelligence.com/knife-cutting Huntress | They Got In Through SonicWall. Then They Tried to Kill Every Security Tool: https://www.huntress.com/blog/encase-byovd-edr-killer ----------Stay in Touch!Twitter: https://twitter.com/Intel471IncLinkedIn: https://www.linkedin.com/company/intel-471/YouTube: https://www.youtube.com/channel/UCIL4ElcM6oLd3n36hM4_wkgDiscord: https://discord.gg/DR4mcW4zBrFacebook: https://www.facebook.com/Intel471Inc/

*Threat Hunting Workshop: Hunting for Privilege Escalation - Level 2February 11, 2026 | 12:00 - 1:00 PM ETSign Up: https://www.intel471.com/resources/webinars/threat-hunting-workshop-hunting-for-privilege-escalation-level-2Top Headlines: VulnCheck | Metro4Shell: Exploitation of React Native’s Metro Server in the Wild: https://www.vulncheck.com/blog/metro4shell_eitw Notepad | Notepad++ Hijacked by State-Sponsored Hackers: https://notepad-plus-plus.org/news/hijacked-incident-info-update/ ThreatLabz | Operation Neusploit: APT28 Uses CVE-2026-21509: https://www.zscaler.com/blogs/security-research/apt28-leverages-cve-2026-21509-operation-neusploit CERT-UA | "Danger Bulletin": UAC-0001 (APT28) carries out cyberattacks against Ukraine and EU countries using the CVE-2026-21509 exploit (CERT-UA#19542): https://cert.gov.ua/article/6287250 ----------Stay in Touch!Twitter: https://twitter.com/Intel471IncLinkedIn: https://www.linkedin.com/company/intel-471/YouTube: https://www.youtube.com/channel/UCIL4ElcM6oLd3n36hM4_wkgDiscord: https://discord.gg/DR4mcW4zBrFacebook: https://www.facebook.com/Intel471Inc/

*Threat Hunting Workshop: Hunting for Privilege Escalation - Level 2February 11, 2026 | 12:00 - 1:00 PM ETSign Up: https://www.intel471.com/resources/webinars/threat-hunting-workshop-hunting-for-privilege-escalation-level-2----------Out of the Woods: The Threat Hunting Podcast returned with a live episode focused on the trends threat hunters saw repeatedly throughout 2025 and what those patterns point to next.This episode serves as a threat hunter’s year in review. The discussion walks through the actors, malware, behaviors, tactics, and techniques that consistently surfaced over the year, ties those findings back to MITRE ATT&CK, and connects themes across recent episodes. The focus is on what stayed consistent, what mattered most during hunts, and what those signals reveal about where attention should remain.The conversation also looks ahead. Based on what emerged in 2025 and how hunts played out across environments, the panel shares perspectives on what is likely to continue, where focus is expected to remain in 2026, and what threat hunters should keep in mind going forward.Topics covered include: Threat actors, malware, and behaviors that appeared most often in 2025 Tactics and techniques that consistently surfaced across hunts, mapped to MITRE ATT&CK Common hunt themes observed across environments throughout the year What 2025 trends suggest about threat hunting focus in 2026 Behaviors and techniques likely to remain relevant moving forward Watch the episode here: https://youtu.be/GyYTTMNyjCE?si=WynwmHS1psGN9KqO----------Stay in Touch!Twitter: https://twitter.com/Intel471IncLinkedIn: https://www.linkedin.com/company/intel-471/YouTube: https://www.youtube.com/channel/UCIL4ElcM6oLd3n36hM4_wkgDiscord: https://discord.gg/DR4mcW4zBrFacebook: https://www.facebook.com/Intel471Inc/

*[LIVE] Out of the Woods: The Threat Hunting Podcast – Threat Hunting Year in Review: 2025 Trends and What’s NextJanuary 29, 2026 | 12:00 - 1:30 PM ETSign Up: https://www.intel471.com/resources/podcasts/threat-hunting-year-in-review-2025-trends-and-whats-next*Threat Hunting Workshop: Hunting for Privilege Escalation - Level 2February 11, 2026 | 12:00 - 1:00 PM ETSign Up: https://www.intel471.com/resources/webinars/threat-hunting-workshop-hunting-for-privilege-escalation-level-2Top Headlines: Google Cloud Blog | Releasing Rainbow Tables to Accelerate Protocol Deprecation: https://cloud.google.com/blog/topics/threat-intelligence/net-ntlmv1-deprecation-rainbow-tables BleepingComputer | Hackers exploit security testing apps to breach Fortune 500 firms: https://www.bleepingcomputer.com/news/security/hackers-exploit-security-testing-apps-to-breach-fortune-500-firms/?&web_view=true CyberArk | UNO reverse card: stealing cookies from cookie stealers: https://www.cyberark.com/resources/all-blog-posts/uno-reverse-card-stealing-cookies-from-cookie-stealers Malwarebytes | Can you use too many LOLBins to drop some RATs?: https://www.malwarebytes.com/blog/news/2026/01/can-you-use-too-many-lolbins-to-drop-some-rats?web_view=true ----------Stay in Touch!Twitter: https://twitter.com/Intel471IncLinkedIn: https://www.linkedin.com/company/intel-471/YouTube: https://www.youtube.com/channel/UCIL4ElcM6oLd3n36hM4_wkgDiscord: https://discord.gg/DR4mcW4zBrFacebook: https://www.facebook.com/Intel471Inc/

*[LIVE] Out of the Woods: The Threat Hunting Podcast – Threat Hunting Year in Review: 2025 Trends and What’s NextJanuary 29, 2026 | 12:00 - 1:30 PM ETSign Up: https://www.intel471.com/resources/podcasts/threat-hunting-year-in-review-2025-trends-and-whats-nextTop Headlines: Securonix | Analyzing PHALT#BLYX: How Fake BSODs and Trusted Build Tools Are Used to Construct a Malware Infection: https://www.securonix.com/blog/analyzing-phaltblyx-how-fake-bsods-and-trusted-build-tools-are-used-to-construct-a-malware-infection/ https://mp.weixin.qq.com/mp/wappoc_appmsgcaptcha?poc_token=HM4cYGmjT2nsqEAFwWn2Sj9R90gqZmI2tEvjWdak&target_url=https%3A%2F%2Fmp.weixin.qq.com%2Fs%3F__biz%3DMzUyMjk4NzExMA%3D%3D%26mid%3D2247507757%26idx%3D1%26sn%3Dcf6b118e88395af45a000aae80811264 CYFIRMA | APT36 : Multi-Stage LNK Malware Campaign Targeting Indian Government Entities: https://www.cyfirma.com/research/apt36-multi-stage-lnk-malware-campaign-targeting-indian-government-entities/ BleepingComputer | VSCode IDE forks expose users to "recommended extension" attacks: https://www.bleepingcomputer.com/news/security/vscode-ide-forks-expose-users-to-recommended-extension-attacks/?&web_view=true ----------Stay in Touch!Twitter: https://twitter.com/Intel471IncLinkedIn: https://www.linkedin.com/company/intel-471/YouTube: https://www.youtube.com/channel/UCIL4ElcM6oLd3n36hM4_wkgDiscord: https://discord.gg/DR4mcW4zBrFacebook: https://www.facebook.com/Intel471Inc/

Top Headlines: welivesecurity.com | LongNosedGoblin tries to sniff out governmental affairs in Southeast Asia and Japan: https://www.welivesecurity.com/en/eset-research/longnosedgoblin-tries-sniff-out-governmental-affairs-southeast-asia-japan/ Resecurity | DIG AI: Uncensored Darknet AI Assistant at the Service of Criminals and Terrorists: https://www.resecurity.com/blog/article/dig-ai-uncensored-darknet-ai-assistant-at-the-service-of-criminals-and-terrorists?&web_view=true koi.ai | NPM Package With 56K Downloads Caught Stealing WhatsApp Messages: https://www.koi.ai/blog/npm-package-with-56k-downloads-malware-stealing-whatsapp-messages zscaler.com | Zscaler Threat Hunting Catches Evasive SideWinder APT Campaign: https://www.zscaler.com/blogs/security-research/zscaler-threat-hunting-catches-evasive-sidewinder-apt-campaign?&web_view=true ---------- Stay in Touch! Twitter: https://twitter.com/Intel471Inc LinkedIn: https://www.linkedin.com/company/intel-471/ YouTube: https://www.youtube.com/channel/UCIL4ElcM6oLd3n36hM4_wkg Discord: https://discord.gg/DR4mcW4zBr Facebook: https://www.facebook.com/Intel471Inc/

Top Headlines: Unit 42 | Exploitation of Critical Vulnerability in React Server Components (Updated December 12): https://unit42.paloaltonetworks.com/cve-2025-55182-react-and-cve-2025-66478-next/ hackread.com | New PyStoreRAT Malware Targets OSINT Researchers Through GitHub: https://hackread.com/pystorerat-rat-malware-github-osint-researchers/?web_view=true Check Point Research | Ink Dragon's Relay Network and Stealthy Offensive Operation: https://research.checkpoint.com/2025/ink-dragons-relay-network-and-offensive-operation/ KOI.ai | Inside GhostPoster: How a PNG Icon Infected 50,000 Firefox Users: https://www.koi.ai/blog/inside-ghostposter-how-a-png-icon-infected-50-000-firefox-browser-users ---------- Stay in Touch! Twitter: https://twitter.com/Intel471Inc LinkedIn: https://www.linkedin.com/company/intel-471/ YouTube: https://www.youtube.com/channel/UCIL4ElcM6oLd3n36hM4_wkg Discord: https://discord.gg/DR4mcW4zBr Facebook: https://www.facebook.com/Intel471Inc/

Top Headlines: securelist.com | The Tsundere botnet uses the Ethereum blockchain to infect its targets: https://securelist.com/tsundere-node-js-botnet-uses-ethereum-blockchain/117979/ Group-IB | Bloody Wolf: A Blunt Crowbar Threat To Justice: https://www.group-ib.com/blog/bloody-wolf/ welivesecurity.com | MuddyWater: Snakes by the riverbank: https://www.welivesecurity.com/en/eset-research/muddywater-snakes-riverbank/ Fortinet Blog | ShadowV2 Casts a Shadow Over IoT Devices: https://www.fortinet.com/blog/threat-research/shadowv2-casts-a-shadow-over-iot-devices?&web_view=true darktrace.com | ShadowV2: An emerging DDoS for hire botnet: https://www.darktrace.com/blog/shadowv2-an-emerging-ddos-for-hire-botnet ---------- Stay in Touch! Twitter: https://twitter.com/Intel471Inc LinkedIn: https://www.linkedin.com/company/intel-471/ YouTube: https://www.youtube.com/channel/UCIL4ElcM6oLd3n36hM4_wkg Discord: https://discord.gg/DR4mcW4zBr Facebook: https://www.facebook.com/Intel471Inc/

Can You Identify the Nation-State Actor?​​​​‌ ‍ ​‍​‍‌‍ ‌ ​‍‌‍‍‌‌‍‌ ‌‍‍‌‌‍ ‍​‍​‍​ ‍‍​‍​‍‌  ​ ‌‍​‌‌‍ ‍‌‍‍‌‌ ‌​‌ ‍‌​‍ ‍‌‍‍‌‌‍ ​‍​‍​‍ ​​‍​‍‌‍‍​‌ ​‍‌‍‌‌‌‍‌‍​‍​‍​ ‍‍​‍​‍‌‍‍​‌ ‌​‌ ‌​‌ ​​‌ ​ ​ ‍‍​‍ ​‍ ‌‍‍‌‌‍ ‍‌ ‌​‌‍‌‌‌‍ ​​ ‌​​ ‌ ​ ​‌​‍ ‍‌ ​ ‌‍​‌‌‍ ‍‌‍‍‌‌ ‌​‌ ‍‌​‍ ‍‌ ​ ‌ ‌​‌ ‌‌‌‍‌​‌‍‍‌‌‍ ​‍ ‌‍‍‌‌‍ ‍‌ ‌​‌‍‌‌‌‍ ‍‌ ‌​​‍ ‌‍‌‌‌‍‌​‌‍‍‌‌ ‌​​‍ ‌‍ ‌‌‍ ‌‍‌​‌‍‌‌​ ‌‌ ​​‌ ​‍‌‍‌‌‌ ​ ‌‍‌‌‌‍ ‍‌ ‌​‌‍​‌‌ ‌​‌‍‍‌‌‍ ‌‍ ‍​ ‍ ‌‍‍‌‌‍‌​​ ‌‌‍‌‍​ ‍​‌‍‌‍​ ​‌​ ‌​‌‍​‍​ ‍‌‌‍​‌​‍ ‌‌‍‌‍​ ​‍‌‍​‌​ ‌‌​‍ ‌​ ‌​‌‍‌​​ ​​​ ‍‌​‍ ‌​ ‍‌​ Out of the Woods: The Threat Hunting Podcast returns for another special edition episode that challenges how you think about adversary behavior. This live, interactive session will focus on a nation-state actor, revealing one phase of their campaign at a time as our hosts provide tradecraft clues and analysis.​​​​‌ Participants will examine how observed techniques align to MITRE ATT&CK, how vertical-specific targeting shapes operational decisions, and how behavioral patterns emerge across campaigns. Before the final reveal, attendees will have the chance to submit their best guess on which nation-state threat actor is behind the activity.​​​​‌ What You’ll Learn:​​​​‌ ‍ ​‍​‍‌‍ ‌ ​‍‌‍‍‌‌‍‌ ‌‍‍‌‌‍ ‍​‍​‍​ ‍‍​‍​‍‌ ​ ‌‍​‌‌‍ ‍‌‍‍‌‌ ‌​‌ ‍‌​‍ ‍‌‍‍‌‌‍ ​‍​‍​‍ ​​‍​‍‌‍‍​‌ ​‍‌‍‌‌‌‍‌‍​‍​‍​ ‍‍​‍​‍‌‍‍​‌ ‌​‌ ‌​‌ ​​‌ ​ ​ ‍‍​‍ ​‍ ‌‍‍‌‌‍ ‍‌ ‌​‌‍‌‌‌‍ ​​ ‌​​ ‌ ​ ​‌​‍ ‍‌ ​ ‌‍​‌‌‍ ‍‌‍‍‌‌ ‌​‌ ‍‌​‍ ‍‌ ​ ‌ ‌​‌ ‌‌‌‍‌​‌‍‍‌‌‍ ​‍ ‌‍‍‌‌‍ ‍‌ ‌​‌‍‌‌‌‍ ‍‌ ‌​​‍ ‌‍‌‌‌‍‌​‌‍‍‌‌ ‌​​‍ ‌‍ ‌‌‍ ‌‍‌​‌‍‌‌​ ‌‌ ​​‌ ​‍‌‍‌‌‌ ​ ‌‍‌‌‌‍ ‍‌ ‌​‌‍​‌‌ ‌​‌‍‍‌‌‍ ‌‍ ‍​ ‍ ‌‍‍‌‌‍‌​​ ‌‌‍‌‍​ ‍​‌‍‌‍​ ​‌​ ‌​‌‍​‍​ ‍‌‌‍​‌​‍ ‌‌‍‌‍​ ​‍‌‍​‌​ ‌‌​‍ ‌​ ‌​‌‍‌​​ ​​​ ‍‌​‍ ‌​ ‍‌​ ​‍‌‍‌‍​ ‌ ​‍ ‌​ ​‍​ ‍‌​ ‌‌‌‍​‍‌‍​‍‌‍‌‍‌‍‌‌​ ‍‌‌‍‌‍​ ‌​​ ​‍​ ‍‌​ ‍ ‌ ‌​‌ ‍‌‌ ​​‌‍‌‌​ ‌‌ ​​‌‍ ‌‍‌​‌‍​ ‌‍​‌‌ ​ ‌ ‌​​ ‍ ‌ ​​‌‍​‌‌ ‌​‌‍‍​​ ‌‌ ​​‌‍​‌‌‍‌ ‌‍‌‌‌​​‍‌ ‌‌‌‍‍‌‌‍ ​‌‍‌​‌‍‌‌‌ ​‍​‍‌‌​ ‌‌‌​​‍‌‌ ‌‍‍ ‌‍‌‌‌ ‍‌​‍‌‌​ ​ ‌​‌​​‍‌‌​ ​ ‌​‌​​‍‌‌​ ​‍​ ​‍‌‍‌​‌‍​‌‌‍‌‌​ ​​‌‍‌‍​ ​‍‌‍​ Real adversary behavior – A phase-by-phase look at a real nation-state campaign MITRE ATT&CK in context – How techniques appear in real incidents​​​​‌ ‍ ​‍​‍‌‍ ‌ ​‍‌‍‍‌‌‍‌ ‌‍‍‌‌‍ ‍​‍​‍​ ‍‍​‍​‍‌ ​ ‌‍​‌‌‍ ‍‌‍‍‌‌ ‌​‌ ‍‌​‍ ‍‌‍‍‌‌‍ ​‍​‍​‍ ​​‍​‍‌‍‍​‌ ​‍‌‍‌‌‌‍‌‍​‍​‍​ ‍‍​‍​‍‌‍‍​‌ ‌​‌ ‌​‌ ​​‌ ​ ​ Recognizing tradecraft patterns – What links behaviors across operations​​​​‌ ‍ ​‍​‍‌‍ ‌ ​‍‌‍‍‌‌‍‌ ‌‍‍‌‌‍ ‍​‍​‍​ ‍‍​‍​‍‌ ​ ‌‍​‌‌‍ ‍‌‍‍‌‌ ‌​‌ ‍‌​‍ ‍‌‍‍‌‌‍ Sector-specific targeting – How industries influence attacker decisions​​​​‌ ‍ ​‍​‍‌‍ ‌ ​‍‌‍‍‌‌‍‌ ‌‍‍‌‌‍ ‍​‍​‍​ ‍‍​‍​‍‌ ​ ‌‍​‌‌‍ ‍‌‍‍‌‌ ‌​‌ ‍‌​‍ ‍‌‍‍‌‌‍ ​‍​‍​‍ ​​‍​‍‌‍‍​‌ ​‍‌‍‌‌‌‍‌‍​‍​‍​ ‍‍​‍​‍‌‍‍​‌ ‌​‌ Interactive analysis – Submit your guess before the reveal​​​​‌ Watch the episode here: https://youtu.be/GyYTTMNyjCE?si=WynwmHS1psGN9KqO

*[LIVE] Out of the Woods: The Threat Hunting Podcast – Guess Who Edition November 19, 2025 | 12:00 - 1:30 PM ET Sign Up: https://www.intel471.com/resources/podcasts/guess-who-the-adversary-edition-2 ---------- Top Headlines: Secure Annex | SleepyDuck malware invades Cursor through Open VSX: https://secureannex.com/blog/sleepyduck-malware/ Arctic Wolf | UNC6384 Weaponizes ZDI-CAN-25373 Vulnerability to Deploy PlugX Against Hungarian and Belgian Diplomatic Entities: https://arcticwolf.com/resources/blog/unc6384-weaponizes-zdi-can-25373-vulnerability-to-deploy-plugx/ Unit 42 | Microsoft WSUS Remote Code Execution (CVE-2025-59287) Actively Exploited in the Wild: https://unit42.paloaltonetworks.com/microsoft-cve-2025-59287/ Unit 42 | Suspected Nation-State Threat Actor Uses New Airstalk Malware in a Supply Chain Attack: https://unit42.paloaltonetworks.com/new-windows-based-malware-family-airstalk/ ---------- Stay in Touch! Twitter: https://twitter.com/Intel471Inc LinkedIn: https://www.linkedin.com/company/intel-471/ YouTube: https://www.youtube.com/channel/UCIL4ElcM6oLd3n36hM4_wkg Discord: https://discord.gg/DR4mcW4zBr Facebook: https://www.facebook.com/Intel471Inc/

*Threat Hunting Management Workshop: The Business Value of Threat Hunting October 29, 2025 | 12:00 - 12:30 PM ET Sign Up: https://www.intel471.com/resources/webinars/threat-hunting-management-workshop-the-business-value-of-threat-hunting *[LIVE] Out of the Woods: The Threat Hunting Podcast – Guess Who Edition November 19, 2025 | 12:00 - 1:30 PM ET Sign Up: https://www.intel471.com/resources/podcasts/guess-who-the-adversary-edition-2 ---------- Top Headlines: Koi | GlassWorm: First Self-Propagating Worm Using Invisible Code Hits OpenVSX Marketplace: https://www.koi.ai/blog/glassworm-first-self-propagating-worm-using-invisible-code-hits-openvsx-marketplace Cisco Talos Blog | BeaverTail and OtterCookie Evolve with a New Javascript Module: https://blog.talosintelligence.com/beavertail-and-ottercookie/ Synacktiv | LinkPro: eBPF Rootkit Analysis: https://www.synacktiv.com/en/publications/linkpro-ebpf-rootkit-analysis BleepingComputer | American Airlines Subsidiary Envoy Confirms Oracle Data Theft Attack: https://www.bleepingcomputer.com/news/security/american-airlines-subsidiary-envoy-confirms-oracle-data-theft-attack/?&web_view=true ---------- Stay in Touch! Twitter: https://twitter.com/Intel471Inc LinkedIn: https://www.linkedin.com/company/intel-471/ YouTube: https://www.youtube.com/channel/UCIL4ElcM6oLd3n36hM4_wkg Discord: https://discord.gg/DR4mcW4zBr Facebook: https://www.facebook.com/Intel471Inc/

*Threat Hunting Management Workshop: The Business Value of Threat Hunting October 29, 2025 | 12:00 - 12:30 PM ET Sign Up: https://www.intel471.com/resources/webinars/threat-hunting-management-workshop-the-business-value-of-threat-hunting ---------- Top Headlines: Cisco Talos | Velociraptor Leveraged in Ransomware Attacks: https://blog.talosintelligence.com/velociraptor-leveraged-in-ransomware-attacks/ GBHackers Security | Hackers Use Court-Themed Phishing to Deliver Info-Stealer Malware: https://gbhackers.com/info-stealer-malware/?web_view=true FortiGuard Labs | New Stealit Campaign Abuses Node.js Single Executable Application: https://www.fortinet.com/blog/threat-research/stealit-campaign-abuses-nodejs-single-executable-application eSecurity Planet | AI Chatbots Used as Backdoors in New Cyberattacks: https://www.esecurityplanet.com/news/ai-exploited-prompt-injection/?&web_view=true ---------- Stay in Touch! Twitter: https://twitter.com/Intel471Inc LinkedIn: https://www.linkedin.com/company/intel-471/ YouTube: https://www.youtube.com/channel/UCIL4ElcM6oLd3n36hM4_wkg Discord: https://discord.gg/DR4mcW4zBr Facebook: https://www.facebook.com/Intel471Inc/

*Threat Hunting Management Workshop: The Business Value of Threat Hunting October 29, 2025 | 12:00 - 12:30 PM ET Sign Up: https://www.intel471.com/resources/webinars/threat-hunting-management-workshop-the-business-value-of-threat-hunting ---------- Top Headlines: LastPass | Large-Scale Attack Targeting Macs via GitHub Pages Impersonating Companies to Attempt to Deliver Stealer Malware: https://blog.lastpass.com/posts/attack-targeting-macs-via-github-pages Cisco Talos BlogCisco Talos Blog | How RainyDay, Turian and a new PlugX variant abuse DLL search order hijacking: https://blog.talosintelligence.com/how-rainyday-turian-and-a-new-plugx-variant-abuse-dll-search-order-hijacking/?&web_view=true Trend MicroTrend Micro | AI-Powered App Exposes User Data, Creates Risk of Supply Chain Attacks: https://www.trendmicro.com/en_us/research/25/i/ai-powered-app-exposes-user-data.html?&web_view=true SentinelOne | Prompts as Code & Embedded Keys | The Hunt for LLM-Enabled Malware: https://www.sentinelone.com/labs/prompts-as-code-embedded-keys-the-hunt-for-llm-enabled-malware/ ---------- Stay in Touch! Twitter: https://twitter.com/Intel471Inc LinkedIn: https://www.linkedin.com/company/intel-471/ YouTube: https://www.youtube.com/channel/UCIL4ElcM6oLd3n36hM4_wkg Discord: https://discord.gg/DR4mcW4zBr Facebook: https://www.facebook.com/Intel471Inc/

Top Headlines: LastPass Labs | Large-Scale Attack Targeting Macs via GitHub Pages Impersonating Companies to Attempt to Deliver Stealer Malware: https://blog.lastpass.com/posts/attack-targeting-macs-via-github-pages Cisco Talos Blog | How RainyDay, Turian and a new PlugX variant abuse DLL search order hijacking: https://blog.talosintelligence.com/how-rainyday-turian-and-a-new-plugx-variant-abuse-dll-search-order-hijacking/?&web_view=true SentinelOne | Prompts as Code & Embedded Keys | The Hunt for LLM-Enabled Malware: https://www.sentinelone.com/labs/prompts-as-code-embedded-keys-the-hunt-for-llm-enabled-malware/ Trend MicroTrend Micro | AI-Powered App Exposes User Data, Creates Risk of Supply Chain Attacks: https://www.trendmicro.com/en_us/research/25/i/ai-powered-app-exposes-user-data.html?&web_view=true ---------- Stay in Touch! Twitter: https://twitter.com/Intel471Inc LinkedIn: https://www.linkedin.com/company/intel-471/ YouTube: https://www.youtube.com/channel/UCIL4ElcM6oLd3n36hM4_wkg Discord: https://discord.gg/DR4mcW4zBr Facebook: https://www.facebook.com/Intel471Inc/

*Threat Hunting Workshop: Hunting for Persistence - Level 2 September 24, 2025 | 12:00 - 1:00 PM ET Sign Up: https://www.intel471.com/resources/webinars/threat-hunting-workshop-16-hunting-for-persistence-level-2 ---------- Top Headlines: Jamf Threat Labs | Learn about ChillyHell, a modular Mac backdoor: https://www.jamf.com/blog/chillyhell-a-modular-macos-backdoor/ SecureList | Malicious MCP servers used in supply chain attacks: https://securelist.com/model-context-protocol-for-ai-integration-abused-in-supply-chain-attacks/117473/?web_view=true Bitdefender Blog | EggStreme Malware: Unpacking a New APT Framework Targeting a Philippine Military Company: https://www.bitdefender.com/en-us/blog/businessinsights/eggstreme-fileless-malware-cyberattack-apac welivesecurity | Introducing HybridPetya: Petya/NotPetya copycat with UEFI Secure Boot bypass: https://www.welivesecurity.com/en/eset-research/introducing-hybridpetya-petya-notpetya-copycat-uefi-secure-boot-bypass/ ---------- Stay in Touch! Twitter: https://twitter.com/Intel471Inc LinkedIn: https://www.linkedin.com/company/intel-471/ YouTube: https://www.youtube.com/channel/UCIL4ElcM6oLd3n36hM4_wkg Discord: https://discord.gg/DR4mcW4zBr Facebook: https://www.facebook.com/Intel471Inc/

In this episode of Out of the Woods, we explored how AI is reshaping security operations beyond threat hunting. We highlighted real progress in insider threat detection, faster triage, and incident response while underscoring the ongoing need for human judgment. We also addressed integration challenges, tool sprawl, skill gaps, and risks such as hallucinations, bias, and deepfakes, before closing with what to expect as regulations tighten and attackers continue to weaponize AI. ---- Stay in Touch! Twitter: https://twitter.com/Intel471Inc LinkedIn: https://www.linkedin.com/company/intel-471/ YouTube: https://www.youtube.com/channel/UCIL4ElcM6oLd3n36hM4_wkg Discord: https://discord.gg/DR4mcW4zBr Facebook: https://www.facebook.com/Intel471Inc/

*[LIVE] Out of the Woods: The Threat Hunting Podcast - AI for Security Teams: Scaling Impact Without Losing Control September 11, 2025 | 12:00 - 1:30 PM ET​​​​‌ Sign Up: https://www.intel471.com/resources/podcasts/ai-for-security-teams-scaling-impact-without-losing-control ‌ ​‍‌‍‍‌‌‍‌ ‌‍‍‌‌‍ ‍​‍​‍​ ‍‍​‍​‍‌ ​ ‌‍​‌‌‍ ‍‌‍‍‌‌ ‌​‌ ‍‌​‍ ‍‌‍‍‌‌‍ ​‍​‍​‍ ​​‍​‍‌‍‍​‌ ​‍‌‍‌‌‌‍‌‍​‍​‍​ ‍‍​‍​‍‌‍‍​‌ ‌​‌ ‌​‌ ​​‌ ​ ​ ‍‍​‍ ​‍ ‌‍‍‌‌‍ ‍‌ ‌​‌‍‌‌‌‍ ​​ ‌​​ ‌ ​ ​‌​‍ ‍‌ ​ ‌‍​‌‌‍ ‍‌‍‍‌‌ ‌​‌ ‍‌​‍ ‍‌ ​ ‌ ‌​‌ ‌‌‌‍‌​‌‍‍‌‌‍ ​‍ ‌‍‍‌‌‍ ‍‌ ‌​‌‍‌‌‌‍ ‍‌ ‌​​‍ ‌‍‌‌‌‍‌​‌‍‍‌‌ ‌​​‍ ‌‍ ‌‌‍ ‌‍‌​‌‍‌‌​ ‌‌ ​​‌ ​‍‌‍‌‌‌ ​ ‌‍‌‌‌‍ ‍‌ ‌​‌‍​‌‌ ‌​‌‍‍‌‌‍ ‌‍ ‍​ ‍ ‌‍‍‌‌‍‌​​ ‌‌‍‌‍‌‍​‌‌‍‌​​ ​‍​ ‌‍‌‍‌​​ ​ ​ ‍​​‍ ‌​ ‌ ​ ‌‍​ ​‌​ ‌​​‍ ‌​ ‌​‌‍‌‍‌‍‌‌​ ‌‌​‍ ‌‌‍​‌‌‍​‍​ ‌‌‌‍​‍​‍ ‌​​‍​‍‌‌​ ‌‌‌ *Threat Hunting Workshop: Hunting for Persistence - Level 2 September 24, 2025 | 12:00 - 1:00 PM ET Sign Up: https://www.intel471.com/resources/webinars/threat-hunting-workshop-16-hunting-for-persistence-level-2 ---------- Top Headlines: Microsoft Security Blog | Storm-0501’s evolving techniques lead to cloud-based ransomware: https://www.microsoft.com/en-us/security/blog/2025/08/27/storm-0501s-evolving-techniques-lead-to-cloud-based-ransomware/ Seqrite | Blogs on Information Technology, Network & Cybersecurity: https://www.seqrite.com/blog/operation-hankook-phantom-north-korean-apt37-targeting-south-korea/ Group-IB | ShadowSilk: A Cross-Border Binary Union for Data Exfiltration: https://www.group-ib.com/blog/shadowsilk/ Check Point Research | ZipLine Phishing Campaign Targets U.S. Manufacturing: https://research.checkpoint.com/2025/zipline-phishing-campaign/ ---------- Stay in Touch! Twitter: https://twitter.com/Intel471Inc LinkedIn: https://www.linkedin.com/company/intel-471/ YouTube: https://www.youtube.com/channel/UCIL4ElcM6oLd3n36hM4_wkg Discord: https://discord.gg/DR4mcW4zBr Facebook: https://www.facebook.com/Intel471Inc/

*[LIVE] Out of the Woods: The Threat Hunting Podcast - AI for Security Teams: Scaling Impact Without Losing Control September 11, 2025 | 12:00 - 1:30 PM ET​​​​‌ Sign Up: https://www.intel471.com/resources/podcasts/ai-for-security-teams-scaling-impact-without-losing-control ‌ ​‍‌‍‍‌‌‍‌ ‌‍‍‌‌‍ ‍​‍​‍​ ‍‍​‍​‍‌ ​ ‌‍​‌‌‍ ‍‌‍‍‌‌ ‌​‌ ‍‌​‍ ‍‌‍‍‌‌‍ ​‍​‍​‍ ​​‍​‍‌‍‍​‌ ​‍‌‍‌‌‌‍‌‍​‍​‍​ ‍‍​‍​‍‌‍‍​‌ ‌​‌ ‌​‌ ​​‌ ​ ​ ‍‍​‍ ​‍ ‌‍‍‌‌‍ ‍‌ ‌​‌‍‌‌‌‍ ​​ ‌​​ ‌ ​ ​‌​‍ ‍‌ ​ ‌‍​‌‌‍ ‍‌‍‍‌‌ ‌​‌ ‍‌​‍ ‍‌ ​ ‌ ‌​‌ ‌‌‌‍‌​‌‍‍‌‌‍ ​‍ ‌‍‍‌‌‍ ‍‌ ‌​‌‍‌‌‌‍ ‍‌ ‌​​‍ ‌‍‌‌‌‍‌​‌‍‍‌‌ ‌​​‍ ‌‍ ‌‌‍ ‌‍‌​‌‍‌‌​ ‌‌ ​​‌ ​‍‌‍‌‌‌ ​ ‌‍‌‌‌‍ ‍‌ ‌​‌‍​‌‌ ‌​‌‍‍‌‌‍ ‌‍ ‍​ ‍ ‌‍‍‌‌‍‌​​ ‌‌‍‌‍‌‍​‌‌‍‌​​ ​‍​ ‌‍‌‍‌​​ ​ ​ ‍​​‍ ‌​ ‌ ​ ‌‍​ ​‌​ ‌​​‍ ‌​ ‌​‌‍‌‍‌‍‌‌​ ‌‌​‍ ‌‌‍​‌‌‍​‍​ ‌‌‌‍​‍​‍ ‌​​‍​‍‌‌​ ‌‌‌ ---------- Top Headlines: Morphisec | Noodlophile Stealer Evolves: Targeted Copyright Phishing Hits Enterprises with Social Media Footprints: https://www.morphisec.com/blog/noodlophile-stealer-evolves-targeted-copyright-phishing-hits-enterprises-with-social-media-footprints/ Securelist by Kaspersky | PipeMagic in 2025: How the backdoor operators’ tactics have changed: https://securelist.com/pipemagic/117270/?web_view=true Cisco Talos Blog | UAT-7237 targets Taiwanese web hosting infrastructure: https://blog.talosintelligence.com/uat-7237-targets-web-hosting-infra/ Resucurity | 'Blue Locker' Analysis: Ransomware Targeting Oil & Gas Sector in Pakistan: https://www.resecurity.com/blog/article/blue-locker-analysis-ransomware-targeting-oil-gas-sector-in-pakistan ---------- Stay in Touch! Twitter: https://twitter.com/Intel471Inc LinkedIn: https://www.linkedin.com/company/intel-471/ YouTube: https://www.youtube.com/channel/UCIL4ElcM6oLd3n36hM4_wkg Discord: https://discord.gg/DR4mcW4zBr Facebook: https://www.facebook.com/Intel471Inc/

*[LIVE] Out of the Woods: The Threat Hunting Podcast - AI for Security Teams: Scaling Impact Without Losing Control September 11, 2025 | 12:00 - 1:30 PM ET​​​​‌ Sign Up: https://www.intel471.com/resources/podcasts/ai-for-security-teams-scaling-impact-without-losing-control ‌ ​‍‌‍‍‌‌‍‌ ‌‍‍‌‌‍ ‍​‍​‍​ ‍‍​‍​‍‌ ​ ‌‍​‌‌‍ ‍‌‍‍‌‌ ‌​‌ ‍‌​‍ ‍‌‍‍‌‌‍ ​‍​‍​‍ ​​‍​‍‌‍‍​‌ ​‍‌‍‌‌‌‍‌‍​‍​‍​ ‍‍​‍​‍‌‍‍​‌ ‌​‌ ‌​‌ ​​‌ ​ ​ ‍‍​‍ ​‍ ‌‍‍‌‌‍ ‍‌ ‌​‌‍‌‌‌‍ ​​ ‌​​ ‌ ​ ​‌​‍ ‍‌ ​ ‌‍​‌‌‍ ‍‌‍‍‌‌ ‌​‌ ‍‌​‍ ‍‌ ​ ‌ ‌​‌ ‌‌‌‍‌​‌‍‍‌‌‍ ​‍ ‌‍‍‌‌‍ ‍‌ ‌​‌‍‌‌‌‍ ‍‌ ‌​​‍ ‌‍‌‌‌‍‌​‌‍‍‌‌ ‌​​‍ ‌‍ ‌‌‍ ‌‍‌​‌‍‌‌​ ‌‌ ​​‌ ​‍‌‍‌‌‌ ​ ‌‍‌‌‌‍ ‍‌ ‌​‌‍​‌‌ ‌​‌‍‍‌‌‍ ‌‍ ‍​ ‍ ‌‍‍‌‌‍‌​​ ‌‌‍‌‍‌‍​‌‌‍‌​​ ​‍​ ‌‍‌‍‌​​ ​ ​ ‍​​‍ ‌​ ‌ ​ ‌‍​ ​‌​ ‌​​‍ ‌​ ‌​‌‍‌‍‌‍‌‌​ ‌‌​‍ ‌‌‍​‌‌‍​‍​ ‌‌‌‍​‍​‍ ‌​​‍​‍‌‌​ ‌‌‌ ---------- Top Headlines: Silent Push | Unmasking SocGholish: Silent Push Untangles the Malware Web Behind the “Pioneer of Fake Updates” and Its Operator, TA569: https://www.silentpush.com/blog/socgholish/ welivesecurity.com | Update WinRAR tools now: RomCom and others exploiting zero-day vulnerability: https://www.welivesecurity.com/en/eset-research/update-winrar-tools-now-romcom-and-others-exploiting-zero-day-vulnerability/ ReliaQuest | ShinyHunters Targets Salesforce Amid Clues of Scattered Spider Collaboration: https://reliaquest.com/blog/threat-spotlight-shinyhunters-data-breach-targets-salesforce-amid-scattered-spider-collaboration/ Talos Intelligence | Malvertising campaign leads to PS1Bot, a multi-stage malware framework: https://blog.talosintelligence.com/ps1bot-malvertising-campaign/?&web_view=true ---------- Stay in Touch! Twitter: https://twitter.com/Intel471Inc LinkedIn: https://www.linkedin.com/company/intel-471/ YouTube: https://www.youtube.com/channel/UCIL4ElcM6oLd3n36hM4_wkg Discord: https://discord.gg/DR4mcW4zBr Facebook: https://www.facebook.com/Intel471Inc/