Sentrilite – Open source, Lightweight, Real time, Kernel level System Observability and Audit tool (Powered by eBPF + AI)
Umbral Stealer config extractor.ipynb - Config extractor of obfuscated umbral stealer samples and CLEANED (de4dot) samples writen in DotNet. hashes
MaaS Appeal: An Infostealer Rises From The Ashes — NOVABLIGHT is a NodeJS-based Malware-as-a-Service (MaaS) information stealer developed and sold by a threat group that demonstrates French-language
Sealed Chain of Deception: Actors leveraging Node.JS to Launch JSCeal - The campaign leverages malicious advertisements to lure victims to install fake applications which impersonate ~ 50 common apps
Spear Phishing Campaign Delivers VIP Keylogger via Email Attachment - AutoIt script is utilized to deliver and execute the malicious payload.
Auto-Color Backdoor: the threat actor had exploited CVE-2025-31324 - Over the course of three days, a threat actor gained access to the customer’s network, attempted to download suspicious files
RansomFS: an example of using canary files and directories, chained with different threshold engines to map a PID to its malicious behaviour and trigger a response when this threshold is breached.
PENGUIN (Personalized EmulatioN Generated Using Instrumented Analysis) takes a target centric approach to rehosting using a precise and tailored specification of the rehosting process
Critical Vulnerability in AI Vibe Coding platform Base44 Allowing Unauthorized Access to Private Applications
