29
https://www.reddit.com/r/blueteamsec/ Thanks to @reddit2telegram and @r_channels
Rusland voert cybercampagne uit tegen Signal- en Whatsapp-accounts | AIVD - Russia launches cyber campaign against Signal and WhatsApp accounts
https://www-aivd-nl.translate.goog/actueel/nieuws/2026/03/09/rusland-voert-cybercampagne-uit-tegen-signal--en-whatsapp-accounts?_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=nl&_x_tr_pto=wapp&_x_tr_hist=true
https://redd.it/1rpanlt
@r_blueteamsec
bromure: Secure, ephemeral browsing in a disposable VM (macOS only)
https://github.com/rderaison/bromure
https://redd.it/1rozwgc
@r_blueteamsec
Daily BlueTeamSec Briefing Archive - daily AI generated podcast of the last 24hours of posts
https://briefing.workshop1.net/
https://redd.it/1rowtkz
@r_blueteamsec
hackerbot-claw: An AI-Powered Bot Actively Exploiting GitHub Actions - Microsoft, DataDog, and CNCF Projects Hit So Far
https://www.stepsecurity.io/blog/hackerbot-claw-github-actions-exploitation
https://redd.it/1roaywt
@r_blueteamsec
neko: A self hosted virtual browser that runs in docker and uses WebRTC.
https://github.com/m1k1o/neko
https://redd.it/1ro2vuq
@r_blueteamsec
Proactive Preparation and Hardening Against Destructive Attacks: 2026 Edition
https://cloud.google.com/blog/topics/threat-intelligence/preparation-hardening-destructive-attacks
https://redd.it/1roe5i1
@r_blueteamsec
CTO at NCSC Summary: week ending March 8th
https://ctoatncsc.substack.com/p/cto-at-ncsc-summary-week-ending-march-e9f
https://redd.it/1rn632c
@r_blueteamsec
Delinea Protocol Handler - Return of the MSI: RCE via Custom Launcher
https://blog.amberwolf.com/blog/2026/february/delinea-protocol-handler---return-of-the-msi/
https://redd.it/1rhzpub
@r_blueteamsec
Exploiting Integer Overflow in the Nginx Web Server: A Deep Dive into the Vulnerability
https://hackmag.com/security/nginx-int-overflow
https://redd.it/1rhp3ni
@r_blueteamsec
MacNoise is an extensible and modular macOS system telemetry generation framework. It generates real system events (network connections, file writes, process spawns, plist mutations, TCC permission probes, and more) so security teams can validate that their EDR, SIEM, and detects
https://github.com/0xv1n/macnoise
https://redd.it/1rhqt3v
@r_blueteamsec
Nemesis 2.2 - We want to thank the United Kingdom’s National Cyber Security Centre (NCSC) for helping to fund this development effort that produced all this great new defensive functionality!
https://specterops.io/blog/2026/02/25/nemesis-2-2/
https://redd.it/1rgzk6f
@r_blueteamsec
Malware Analysis: Using archive.org to deliver malware
Archive.org Stego Delivers Remcos and AsyncRAT
https://www.derp.ca/research/archive-org-stego-campaign/
https://redd.it/1rhhs80
@r_blueteamsec
TTPRunner: Run TTPs - Feed it a threat report. It builds the attack plan. You approve. It executes
https://github.com/Antonlovesdnb/TTPRunner
https://redd.it/1rh9ugs
@r_blueteamsec
Hydra Saiga: Covert Espionage and Infiltration of Critical Utilities
https://www.vmray.com/hydra-saiga-covert-espionage-and-infiltration-of-critical-utilities/
https://redd.it/1rhc74t
@r_blueteamsec
Zerobot Malware Targets n8n Automation Platform
https://www.akamai.com/blog/security-research/2026/feb/zerobot-malware-targets-n8n-automation-platform
https://redd.it/1rh82mv
@r_blueteamsec
How I infiltrated phishing panels targeting European banks and tracked down their operators
https://inti.io/p/how-i-infiltrated-phishing-panels
https://redd.it/1roywtt
@r_blueteamsec
From a Sophisticated Browser-Extension Supply-Chain Compromise to a VibeCoded Twist: A Chrome Extension as the Initial Access Vector for a Broader Malware Chain
https://monxresearch-sec.github.io/shotbird-extension-malware-report/
https://redd.it/1rotaz9
@r_blueteamsec
White House Unveils President Trump’s Cyber Strategy for America
https://www.whitehouse.gov/articles/2026/03/white-house-unveils-president-trumps-cyber-strategy-for-america/
https://redd.it/1rnprsk
@r_blueteamsec
Malicious npm Package pino-sdk-v2 Exfiltrates Secrets to Discord
https://safedep.io/malicious-npm-package-pino-sdk-v2-env-exfiltration/
https://redd.it/1ropfm3
@r_blueteamsec
GhostWeaver - a malware that lives up to its name
https://www.derp.ca/research/ghostweaver-tag124-powershell-rat/
https://redd.it/1ro56dw
@r_blueteamsec
How we built high speed threat hunting for email security
https://sublime.security/blog/how-we-built-high-speed-threat-hunting-for-email-security/
https://redd.it/1roaowg
@r_blueteamsec
Intelligence Brief: Iranian Cyber Activity Outlook
https://www.sentinelone.com/blog/sentinelone-intelligence-brief-iranian-cyber-activity-outlook/
https://redd.it/1rib6kq
@r_blueteamsec
CVE-2026-20841: Arbitrary Code Execution in the Windows Notepad
https://www.zerodayinitiative.com/blog/2026/2/19/cve-2026-20841-arbitrary-code-execution-in-the-windows-notepad
https://redd.it/1rhp35x
@r_blueteamsec
What Windows Server 2025 Quietly Did to Your NTLM Relay
https://decoder.cloud/2026/02/25/what-windows-server-2025-quietly-did-to-your-ntlm-relay/
https://redd.it/1rhql9v
@r_blueteamsec
Zerobot Malware Targets n8n Automation Platform - active exploitation of command injection vulnerabilities CVE-2025-7544 and CVE-2025-68613 against Tenda AC1206 routers and the n8n automation platform.
https://www.akamai.com/blog/security-research/2026/feb/zerobot-malware-targets-n8n-automation-platform
https://redd.it/1rhpcrb
@r_blueteamsec
Found an interesting behavioral C2 & reverse shell detection tool — thoughts?
I came across a host-based behavioral detection tool focused on:
\- Reverse shells
\- Beaconing C2 traffic
\- Interpreter-to-network correlation
\- Heuristic scoring
\- Real-time curses TUI
It inspects process trees, correlates sockets to PIDs, and attempts to detect C2-like behavior without relying purely on static signatures.
Curious what people think about this detection approach compared to EDR-based methods.
Repo: https://github.com/dereeqw/BerrySentinel
https://redd.it/1rhjwwv
@r_blueteamsec
Inside a fake Google security check that becomes a browser RAT
https://www.malwarebytes.com/blog/privacy/2026/02/inside-a-fake-google-security-check-that-becomes-a-browser-rat
https://redd.it/1rh8282
@r_blueteamsec
Caught in the Hook: RCE and API Token Exfiltration Through Claude Code Project Files | CVE-2025-59536 | CVE-2026-21852
https://research.checkpoint.com/2026/rce-and-api-token-exfiltration-through-claude-code-project-files-cve-2025-59536/
https://redd.it/1rha13s
@r_blueteamsec
Building virtual iPhone using VPHONE600AP component of recently released PCC firmware
https://github.com/wh1te4ever/super-tart-vphone-writeup
https://redd.it/1rh654u
@r_blueteamsec
Threat Attribution Framework
https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/threat-attribution-framework-how-trendai-applies-structure-over-speculation
https://redd.it/1rgz5kf
@r_blueteamsec