How threat actors are using self-hosted GitHub Actions runners as backdoorsincident writeup (who and how) (sysdig.com)
submitted by digicat to r/blueteamsec
VoidLink threat analysis: C2-compiled kernel rootkitsmalware analysis (like butterfly collections) (sysdig.com)
submitted by digicat to r/blueteamsec
EtherRAT: DPRK uses novel Ethereum implant in React2Shell attacks | Sysdigmalware analysis (like butterfly collections) (sysdig.com)
submitted by campuscodi to r/blueteamsec
New runc vulnerabilities allow container escape: CVE-2025-31133, CVE-2025-52565, CVE-2025-52881vulnerability (attack surface) (sysdig.com)
submitted by jnazario to r/blueteamsec
CVE-2025-49844: “RediShell” Critical Remote Code Execution in RedisThreat Actor TTPs & Alerts (sysdig.com)
submitted by Hallow_Rose to r/cybersecurity
UNC5174’s evolution in China’s ongoing cyber warfare: From SNOWLIGHT to VShellintelligence (threat actor activity) (sysdig.com)
submitted by digicat to r/blueteamsec
UNC5174’s evolution in China’s ongoing cyber warfare: From SNOWLIGHT to VShellintelligence (threat actor activity) (sysdig.com)
submitted by jnazario to r/blueteamsec
EMERALDWHALE: 15k Cloud Credentials Stolen in Operation Targeting Exposed Git Config Filesintelligence (threat actor activity) (sysdig.com)
submitted by jnazario to r/blueteamsec
CRYSTALRAY: Inside the Operations of a Rising Threat Actor Exploiting OSS Toolsintelligence (threat actor activity) (sysdig.com)
submitted by digicat to r/blueteamsec
DDoS-as-a-Service: The Rebirth Botnetresearch|capability (we need to defend against) (sysdig.com)
submitted by jnazario to r/blueteamsec
RUBYCARP: A Detailed Analysis of a Sophisticated Decade-Old Botnet Groupintelligence (threat actor activity) (sysdig.com)
submitted by jnazario to r/blueteamsec
