*[LIVE] Out of the Woods Podcast: Guess Who: The Malware Edition March 25, 2026 | 12:00 - 1:30 PM ET Sign Up: https://www.intel471.com/resources/podcasts/guess-who-the-malware-edition-1 *Threat Hunting Management Workshop: Rethinking Priority March 18, 2026 | 12:00 - 12:30 PM ET Sign Up: https://www.intel471.com/resources/webinars/threat-hunting-management-workshop-rethinking-priority ----------
Top Headlines:
Arctic Wolf | SloppyLemming Deploys BurrowShell and Rust-Based RAT to Target Pakistan and Bangladesh: https://arcticwolf.com/resources/blog/sloppylemming-deploys-burrowshell-and-rust-based-rat-to-target-pakistan-and-bangladesh/
Socket | StegaBin: 26 Malicious npm Packages Use Pastebin Steganography to Deploy Multi-Stage Credential Stealer: https://socket.dev/blog/stegabin-26-malicious-npm-packages-use-pastebin-steganography
ThreatLabz | APT37 Adds New Tools For Air-Gapped Networks: https://www.zscaler.com/blogs/security-research/apt37-adds-new-capabilities-air-gapped-networks?&web_view=true#technical-analysis
Point Wild | Remcos Revisited: Inside the RAT’s Evolving Command-and-Control Techniques: https://www.pointwild.com/threat-intelligence/remcos-revisited-inside-the-rats-evolving-command-and-control-techniques/
Lab 52 | Operation MacroMaze: new APT28 campaign using basic tooling and legit infrastructure: https://lab52.io/blog/operation-macromaze-new-apt28-campaign-using-basic-tooling-and-legit-infrastructure/
therecord.media | Researchers warn Volt Typhoon still embedded in US utilities and some breaches may never be found: https://therecord.media/researchers-warn-volt-typhoon-still-active-critical-infrastructure?&web_view=true
The Hacker News | Microsoft Discloses DNS-Based ClickFix Attack Using Nslookup for Malware Staging: https://thehackernews.com/2026/02/microsoft-discloses-dns-based-clickfix.html?m=1
Straiker | SmartLoader Clones Oura Ring MCP to Deploy Supply Chain Attack: https://www.straiker.ai/blog/smartloader-clones-oura-ring-mcp-to-deploy-supply-chain-attack
Socket | Malicious dYdX Packages Published to npm and PyPI After Maintainer Compromise: https://socket.dev/blog/malicious-dydx-packages-published-to-npm-and-pypi
Help Net Security | State-backed phishing attacks targeting military officials and journalists on Signal: https://www.helpnetsecurity.com/2026/02/06/state-linked-phishing-europe-journalists-signal/?web_view=true
Cisco Talos | Knife Cutting the Edge: Disclosing a China-nexus gateway-monitoring AitM framework: https://blog.talosintelligence.com/knife-cutting
Huntress | They Got In Through SonicWall. Then They Tried to Kill Every Security Tool: https://www.huntress.com/blog/encase-byovd-edr-killer
CERT-UA | "Danger Bulletin": UAC-0001 (APT28) carries out cyberattacks against Ukraine and EU countries using the CVE-2026-21509 exploit (CERT-UA#19542): https://cert.gov.ua/article/6287250
About Out of the Woods: The Threat Hunting Podcast
Intel 471's podcast with a twist! Join us for the first fully interactive threat hunting podcast where you can hang out with threat hunters from all over the world!
Join a rag-tag bunch of threat hunters as they come out of the woods to explore some of the most burning issues related to cyber security. The Out of the Woods podcast is a casual talk covering the topics of threat hunting, security research, and threat intelligence, and some ranting and raving along the way, all over a cocktail or two!
The Out of the Woods cyber security podcast is filmed in front of a live studio audience, and by that we mean YOU! We're inviting folks to join us once a month for a LIVE evening of great technical discussions, where you can ask questions and give your opinion in real time on a variety of discussions about threat hunting, security research, blue teaming, and wherever else the evening takes us!
Listen to Out of the Woods: The Threat Hunting Podcast, The Diary Of A CEO with Steven Bartlett and many other podcasts from around the world with the radio.net app
South Africa