Threat Analyze

Researching CVE-2025-14847 (Mongo memory leak): Defensive Strategies and Detection Techniques

27 December 2025 - Posted in Threat Analyze by Jok3r

Background: A few days ago, there was a notification about a memory leak issue (CVE) affecting MongoDB. Shortly after, a proof-of-concept (POC) was released on one of the version control channels. As [...] Read more

AI-Powered Polymorphic Phishing Pages: Detection Methods and Defensive Strategies

29 November 2025 - Posted in Threat Analyze by Jok3r

Background: As AI technologies rapidly advance, it is essential for us as cybersecurity specialists to understand how we can defend against emerging threats. One scenario that comes to mind is the [...] Read more

Investigating Malicious Activity in WSL Environments

13 September 2025 - Posted in Threat Analyze by Jok3r

Background: Some XDR and EDR solutions are not effective when dealing with threats hidden inside WSL. In certain cases, it can also be challenging for digital forensic specialists to detect threats [...] Read more

State-Linked Hacker Toolset Analysis & Defense Blueprint

12 August 2025 - Posted in Threat Analyze by Jok3r

Background: Recently, some unknown specialists uploaded several dumps from servers that, according to their claims, are related to Kimsuky (State sponsored) systems. As cybersecurity defenders, we [...] Read more

Knock, knock: Why the recent announcement about mobile spyware leak was fake

06 July 2025 - Posted in Threat Analyze by Jok3r

Background: Recently, a Telegram account announced the publication of source codes related to a mobile spyware. Before drawing any final conclusions, it is important to understand that this [...] Read more

Not the First, Not the Last: Understanding the 16 Billion Infostealer Leak

21 June 2025 - Posted in Threat Analyze by Jok3r

Background: Recently, the media reported on a leak of 16 billion cleartext passwords that were found on an underground platform. As a result, the team behind the discovery noticed that the names of [...] Read more

The Invisible Threat: How to Detect Physical Keystroke Injection Implants

15 June 2025 - Posted in Threat Analyze by Jok3r

Background: In today's cybersecurity landscape, there are many attack types. One of them is hardware-based, which can be leveraged by threat actors to connect special keystroke injection devices into [...] Read more

No Way to Escape: Linux Malware Sandbox Detection Development Fundamental Component from Scratch

07 June 2025 - Posted in Threat Analyze by Jok3r

Background: Linux malware is a rare example that can be encountered within an environment during its functional process. This presents a real challenge for beginners attempting malware analysis [...] Read more

Inside the Attack: How Smishing Campaigns Are Evolving with Covert Data Theft Methods

16 May 2025 - Posted in Threat Analyze by Jok3r

Background: Recently, there has been a noticeable increase in attacks carried out by fraudsters. These attackers use various delivery methods, ranging from social media platforms to SMS messages and [...] Read more

Abusing Trusted Relationships (T1199): Delivering Malicious Emails by Compromising Historical Recipients

26 January 2025 - Posted in Threat Analyze by Jok3r

Background: From time to time, the infosec community observes trends where threat actors abuse Trusted Relationships (T1199) to deliver malware to known recipients. This technique exploits the fact [...] Read more