Better Cybersecurity and Threat Intelligence RSS feeds
Upgrade Your RSS Experience
Personalized cybersecurity and threat intelligence RSS feeds where content is categorized, summarized and tagged. All coming straight from a professionally and continuously curated set of primary sources.
MuddyWater APT Deploys Phoenix Backdoor Version 4 in Government-Targeted Phishing Campaign
Executive Summary
Iran-linked APT group MuddyWater conducted sophisticated phishing operations against government and international entities in the Middle East and North Africa, deploying an updated Phoenix backdoor version 4. The campaign leveraged compromised email accounts accessed via NordVPN to distribute macro-enabled Word documents, which delivered FakeUpdate injector and Phoenix backdoor with Winlogon persistence. Additional tools included custom Chromium-based credential stealers and RMM utilities hosted on C2 infrastructure at screenai[.]online, demonstrating the MOIS-affiliated group's continued focus on geopolitical intelligence gathering.
Technical Summary
The attack chain begins with VBA macro-enabled Word documents that drop FakeUpdate loader, which uses AES decryption to inject Phoenix backdoor v4 into its own process. Phoenix establishes persistence via HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon registry modification, creates sysprocupdate.exe mutex, and beacons to C2 using WinHTTP for command polling supporting file operations, shell execution, and sleep interval updates. The campaign also deployed Chromium_Stealer targeting Chrome, Opera, Brave, and Edge browsers, extracting encrypted credentials using OS crypto APIs and staging output in C:\Users\Public\Downloads\cobe-notes.txt.
Source: https://blog.polyswarm.io/muddywater-targets-mena-governments-with-phoenix-backdoor
MuddyWater APT Deploys Phoenix Backdoor Version 4 in Government-Targeted Phishing Campaign
Executive Summary
Iran-linked APT group MuddyWater conducted sophisticated phishing operations against government and international entities in the Middle East and North Africa, deploying an updated Phoenix backdoor version 4. The campaign leveraged compromised email accounts accessed via NordVPN to distribute macro-enabled Word documents, which delivered FakeUpdate injector and Phoenix backdoor with Winlogon persistence. Additional tools included custom Chromium-based credential stealers and RMM utilities hosted on C2 infrastructure at screenai[.]online, demonstrating the MOIS-affiliated group's continued focus on geopolitical intelligence gathering.
Technical Summary
The attack chain begins with VBA macro-enabled Word documents that drop FakeUpdate loader, which uses AES decryption to inject Phoenix backdoor v4 into its own process. Phoenix establishes persistence via HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon registry modification, creates sysprocupdate.exe mutex, and beacons to C2 using WinHTTP for command polling supporting file operations, shell execution, and sleep interval updates. The campaign also deployed Chromium_Stealer targeting Chrome, Opera, Brave, and Edge browsers, extracting encrypted credentials using OS crypto APIs and staging output in C:\Users\Public\Downloads\cobe-notes.txt.
Source: https://blog.polyswarm.io/muddywater-targets-mena-governments-with-phoenix-backdoor
Perhaps you already know what you're looking for?
Why wait? Try It Immediately!
Use this public RSS Test Feed (NOT yet active) to experience the Cyber Espresso.
Why wait? Try It Immediately!
Use this public RSS Test Feed (NOT yet active) to experience the Cyber Espresso.
https://app.cyberespresso.eu/abcdef12345/feeds/a740e322-92cd-453f-bb6a-6f49d9805251
The Noise-to-Signal Problem
There's too much content out there, and it's getting increasingly difficult to find quality threat intelligence — the signal. Low-quality marketing and promotional content is polluting existing feeds, diluting the signal that we all seek. While the time varies between individuals, cybersecurity professionals spend an average of 30 minutes daily — nearly 3 hours per week — filtering, skimming, and reading to stay current with the threat landscape. The majority of this time is spent determining what actually matters rather than analyzing actionable intelligence.
We can't afford to spend that much time on just filtering, this has to change. We need to reclaim our time and more quickly get to what matters. We can't continue to fight the torrent of information coming our way, we have to work smarter.
Published Articles
Sources
283
Tagged as primary
Unfiltered
57
Last 24 hours
Filtered
10
Last 24 hours
Our Solution: Augmented RSS feeds
Our approach is to leverage RSS because we love it, but we make it better - we augment it.
1. Source Curation
We don't collect from every available feed, we collect from where we think it matters.
These are primary sources, and we maintain this list continously so you don't have to.
Real Stats
283 primary sources
2. Intelligent Processing
Low quality articles, marketing and promotional content and technically superficial content pollute our feeds.
Noise will be filtered, signal will be categorized, tagged and source referenced.
Real Stats
57 articles published, 10 approved
3. Personalized Feeds
Instead of individually subscribing to 283 sources, you subscribe to a few personalized feeds.
Your personalized feeds are populated only based on what you want in them.
Real Stats
1622 feeds created so far
APEX - The Augmentation Platform EXperience
The Cyber Espresso is only the beginning, the first step towards a larger augmentation platform for cybersecurity professionals. We want to make you better. Defend more confidently. Know more, see more. We want to augment your cybersecurity senses.
Are you ready for the first step?
Better Cybersecurity and Threat Intelligence RSS feeds
Upgrade Your RSS Experience
Personalized cybersecurity and threat intelligence RSS feeds where content is categorized, summarized and tagged. All coming straight from a professionally and continuously curated set of primary sources.
MuddyWater APT Deploys Phoenix Backdoor Version 4 in Government-Targeted Phishing Campaign
Executive Summary
Iran-linked APT group MuddyWater conducted sophisticated phishing operations against government and international entities in the Middle East and North Africa, deploying an updated Phoenix backdoor version 4. The campaign leveraged compromised email accounts accessed via NordVPN to distribute macro-enabled Word documents, which delivered FakeUpdate injector and Phoenix backdoor with Winlogon persistence. Additional tools included custom Chromium-based credential stealers and RMM utilities hosted on C2 infrastructure at screenai[.]online, demonstrating the MOIS-affiliated group's continued focus on geopolitical intelligence gathering.
Technical Summary
The attack chain begins with VBA macro-enabled Word documents that drop FakeUpdate loader, which uses AES decryption to inject Phoenix backdoor v4 into its own process. Phoenix establishes persistence via HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon registry modification, creates sysprocupdate.exe mutex, and beacons to C2 using WinHTTP for command polling supporting file operations, shell execution, and sleep interval updates. The campaign also deployed Chromium_Stealer targeting Chrome, Opera, Brave, and Edge browsers, extracting encrypted credentials using OS crypto APIs and staging output in C:\Users\Public\Downloads\cobe-notes.txt.
Source: https://blog.polyswarm.io/muddywater-targets-mena-governments-with-phoenix-backdoor
MuddyWater APT Deploys Phoenix Backdoor Version 4 in Government-Targeted Phishing Campaign
Executive Summary
Iran-linked APT group MuddyWater conducted sophisticated phishing operations against government and international entities in the Middle East and North Africa, deploying an updated Phoenix backdoor version 4. The campaign leveraged compromised email accounts accessed via NordVPN to distribute macro-enabled Word documents, which delivered FakeUpdate injector and Phoenix backdoor with Winlogon persistence. Additional tools included custom Chromium-based credential stealers and RMM utilities hosted on C2 infrastructure at screenai[.]online, demonstrating the MOIS-affiliated group's continued focus on geopolitical intelligence gathering.
Technical Summary
The attack chain begins with VBA macro-enabled Word documents that drop FakeUpdate loader, which uses AES decryption to inject Phoenix backdoor v4 into its own process. Phoenix establishes persistence via HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon registry modification, creates sysprocupdate.exe mutex, and beacons to C2 using WinHTTP for command polling supporting file operations, shell execution, and sleep interval updates. The campaign also deployed Chromium_Stealer targeting Chrome, Opera, Brave, and Edge browsers, extracting encrypted credentials using OS crypto APIs and staging output in C:\Users\Public\Downloads\cobe-notes.txt.
Source: https://blog.polyswarm.io/muddywater-targets-mena-governments-with-phoenix-backdoor
Perhaps you already know what you're looking for?
Why wait? Try It Immediately!
Use this public RSS Test Feed (NOT yet active) to experience the Cyber Espresso.
https://app.cyberespresso.eu/abcdef12345/feeds/a740e322-92cd-453f-bb6a-6f49d9805251
The Noise-to-Signal Problem
There's too much content out there, and it's getting increasingly difficult to find quality threat intelligence — the signal. Low-quality marketing and promotional content is polluting existing feeds, diluting the signal that we all seek. While the time varies between individuals, cybersecurity professionals spend an average of 30 minutes daily — nearly 3 hours per week — filtering, skimming, and reading to stay current with the threat landscape. The majority of this time is spent determining what actually matters rather than analyzing actionable intelligence.
We can't afford to spend that much time on just filtering, this has to change. We need to reclaim our time and more quickly get to what matters. We can't continue to fight the torrent of information coming our way, we have to work smarter. Our solution is to add a layer of augmentation and here is how it works.
Published Articles
Sources
283
Tagged as primary
Unfiltered
57
Last 24 hours
Filtered
10
Last 24 hours
Our Solution: Augmented RSS feeds
Our approach is to leverage RSS because we love it, but make it better - augment it.
1. Source Curation
We don't collect from every available feed, we collect from where we think it matters.
These are primary sources, and we maintain this list continously so you don't have to.
Real Stats
283 primary sources
2. Intelligent Processing
Low quality articles, marketing and promotional content and technically superficial content pollute our feeds.
Noise will be filtered, signal will be categorized, tagged and source referenced.
Real Stats
57 articles published, 10 approved
3. Personalized Feeds
Instead of individually subscribing to 283 sources, you subscribe to a few personalized feeds.
Your personalized feeds are populated only based on what you want in them.
Real Stats
1622 feeds created so far
APEX - The Augmentation Platform EXperience
The Cyber Espresso is only the beginning, the first step towards a larger augmentation platform for cybersecurity professionals. We want to make you better. Defend more confidently. Know more, see more. We want to augment your cybersecurity senses.
Are you ready for the first step?
Better Cybersecurity and Threat Intelligence RSS feeds
Upgrade Your RSS Experience
Personalized cybersecurity and threat intelligence RSS feeds where content is categorized, summarized and tagged. All coming straight from a professionally and continuously curated set of primary sources.
MuddyWater APT Deploys Phoenix Backdoor Version 4 in Government-Targeted Phishing Campaign
Executive Summary
Iran-linked APT group MuddyWater conducted sophisticated phishing operations against government and international entities in the Middle East and North Africa, deploying an updated Phoenix backdoor version 4. The campaign leveraged compromised email accounts accessed via NordVPN to distribute macro-enabled Word documents, which delivered FakeUpdate injector and Phoenix backdoor with Winlogon persistence. Additional tools included custom Chromium-based credential stealers and RMM utilities hosted on C2 infrastructure at screenai[.]online, demonstrating the MOIS-affiliated group's continued focus on geopolitical intelligence gathering.
Technical Summary
The attack chain begins with VBA macro-enabled Word documents that drop FakeUpdate loader, which uses AES decryption to inject Phoenix backdoor v4 into its own process. Phoenix establishes persistence via HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon registry modification, creates sysprocupdate.exe mutex, and beacons to C2 using WinHTTP for command polling supporting file operations, shell execution, and sleep interval updates. The campaign also deployed Chromium_Stealer targeting Chrome, Opera, Brave, and Edge browsers, extracting encrypted credentials using OS crypto APIs and staging output in C:\Users\Public\Downloads\cobe-notes.txt.
Source: https://blog.polyswarm.io/muddywater-targets-mena-governments-with-phoenix-backdoor
MuddyWater APT Deploys Phoenix Backdoor Version 4 in Government-Targeted Phishing Campaign
Executive Summary
Iran-linked APT group MuddyWater conducted sophisticated phishing operations against government and international entities in the Middle East and North Africa, deploying an updated Phoenix backdoor version 4. The campaign leveraged compromised email accounts accessed via NordVPN to distribute macro-enabled Word documents, which delivered FakeUpdate injector and Phoenix backdoor with Winlogon persistence. Additional tools included custom Chromium-based credential stealers and RMM utilities hosted on C2 infrastructure at screenai[.]online, demonstrating the MOIS-affiliated group's continued focus on geopolitical intelligence gathering.
Technical Summary
The attack chain begins with VBA macro-enabled Word documents that drop FakeUpdate loader, which uses AES decryption to inject Phoenix backdoor v4 into its own process. Phoenix establishes persistence via HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon registry modification, creates sysprocupdate.exe mutex, and beacons to C2 using WinHTTP for command polling supporting file operations, shell execution, and sleep interval updates. The campaign also deployed Chromium_Stealer targeting Chrome, Opera, Brave, and Edge browsers, extracting encrypted credentials using OS crypto APIs and staging output in C:\Users\Public\Downloads\cobe-notes.txt.
Source: https://blog.polyswarm.io/muddywater-targets-mena-governments-with-phoenix-backdoor
Perhaps you already know what you're looking for?
Why wait? Try It Immediately!
Use this public RSS Test Feed (NOT yet active) to experience the Cyber Espresso.
Why wait? Try It Immediately!
Use this public RSS Test Feed (NOT yet active) to experience the Cyber Espresso.
https://app.cyberespresso.eu/abcdef12345/feeds/a740e322-92cd-453f-bb6a-6f49d9805251
The Noise-to-Signal Problem
There's too much content out there, and it's getting increasingly difficult to find quality threat intelligence — the signal. Low-quality marketing and promotional content is polluting existing feeds, diluting the signal that we all seek. While the time varies between individuals, cybersecurity professionals spend an average of 30 minutes daily — nearly 3 hours per week — filtering, skimming, and reading to stay current with the threat landscape. The majority of this time is spent determining what actually matters rather than analyzing actionable intelligence.
We can't afford to spend that much time on just filtering, this has to change. We need to reclaim our time and more quickly get to what matters. We can't continue to fight the torrent of information coming our way, we have to work smarter.
Published Articles
Sources
283
Tagged as primary
Unfiltered
57
Last 24 hours
Filtered
10
Last 24 hours
Our Solution: Augmented RSS feeds
Our approach is to leverage RSS because we love it, but we make it better - we augment it.
1. Source Curation
We don't collect from every available feed, we collect from where we think it matters.
These are primary sources, and we maintain this list continously so you don't have to.
Real Stats
283 primary sources
2. Intelligent Processing
Low quality articles, marketing and promotional content and technically superficial content pollute our feeds.
Noise will be filtered, signal will be categorized, tagged and source referenced.
Real Stats
57 articles published, 10 approved
3. Personalized Feeds
Instead of individually subscribing to 283 sources, you subscribe to a few personalized feeds.
Your personalized feeds are populated only based on what you want in them.
Real Stats
1622 feeds created so far
APEX - The Augmentation Platform EXperience
The Cyber Espresso is only the beginning, the first step towards a larger augmentation platform for cybersecurity professionals. We want to make you better. Defend more confidently. Know more, see more. We want to augment your cybersecurity senses.
Are you ready for the first step?
Better Cybersecurity and Threat Intelligence RSS feeds
Upgrade Your RSS Experience
Personalized cybersecurity and threat intelligence RSS feeds where content is categorized, summarized and tagged. All coming straight from a professionally and continuously curated set of primary sources.
MuddyWater APT Deploys Phoenix Backdoor Version 4 in Government-Targeted Phishing Campaign
Executive Summary
Iran-linked APT group MuddyWater conducted sophisticated phishing operations against government and international entities in the Middle East and North Africa, deploying an updated Phoenix backdoor version 4. The campaign leveraged compromised email accounts accessed via NordVPN to distribute macro-enabled Word documents, which delivered FakeUpdate injector and Phoenix backdoor with Winlogon persistence. Additional tools included custom Chromium-based credential stealers and RMM utilities hosted on C2 infrastructure at screenai[.]online, demonstrating the MOIS-affiliated group's continued focus on geopolitical intelligence gathering.
Technical Summary
The attack chain begins with VBA macro-enabled Word documents that drop FakeUpdate loader, which uses AES decryption to inject Phoenix backdoor v4 into its own process. Phoenix establishes persistence via HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon registry modification, creates sysprocupdate.exe mutex, and beacons to C2 using WinHTTP for command polling supporting file operations, shell execution, and sleep interval updates. The campaign also deployed Chromium_Stealer targeting Chrome, Opera, Brave, and Edge browsers, extracting encrypted credentials using OS crypto APIs and staging output in C:\Users\Public\Downloads\cobe-notes.txt.
Source: https://blog.polyswarm.io/muddywater-targets-mena-governments-with-phoenix-backdoor
MuddyWater APT Deploys Phoenix Backdoor Version 4 in Government-Targeted Phishing Campaign
Executive Summary
Iran-linked APT group MuddyWater conducted sophisticated phishing operations against government and international entities in the Middle East and North Africa, deploying an updated Phoenix backdoor version 4. The campaign leveraged compromised email accounts accessed via NordVPN to distribute macro-enabled Word documents, which delivered FakeUpdate injector and Phoenix backdoor with Winlogon persistence. Additional tools included custom Chromium-based credential stealers and RMM utilities hosted on C2 infrastructure at screenai[.]online, demonstrating the MOIS-affiliated group's continued focus on geopolitical intelligence gathering.
Technical Summary
The attack chain begins with VBA macro-enabled Word documents that drop FakeUpdate loader, which uses AES decryption to inject Phoenix backdoor v4 into its own process. Phoenix establishes persistence via HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon registry modification, creates sysprocupdate.exe mutex, and beacons to C2 using WinHTTP for command polling supporting file operations, shell execution, and sleep interval updates. The campaign also deployed Chromium_Stealer targeting Chrome, Opera, Brave, and Edge browsers, extracting encrypted credentials using OS crypto APIs and staging output in C:\Users\Public\Downloads\cobe-notes.txt.
Source: https://blog.polyswarm.io/muddywater-targets-mena-governments-with-phoenix-backdoor
Perhaps you already know what you're looking for?
Why wait? Try It Immediately!
Use this public RSS Test Feed (NOT yet active) to experience the Cyber Espresso.
https://app.cyberespresso.eu/abcdef12345/feeds/a740e322-92cd-453f-bb6a-6f49d9805251
The Noise-to-Signal Problem
There's too much content out there, and it's getting increasingly difficult to find quality threat intelligence — the signal. Low-quality marketing and promotional content is polluting existing feeds, diluting the signal that we all seek. While the time varies between individuals, cybersecurity professionals spend an average of 30 minutes daily — nearly 3 hours per week — filtering, skimming, and reading to stay current with the threat landscape. The majority of this time is spent determining what actually matters rather than analyzing actionable intelligence.
We can't afford to spend that much time on just filtering, this has to change. We need to reclaim our time and more quickly get to what matters. We can't continue to fight the torrent of information coming our way, we have to work smarter. Our solution is to add a layer of augmentation and here is how it works.
Published Articles
Sources
283
Tagged as primary
Unfiltered
57
Last 24 hours
Filtered
10
Last 24 hours
Our Solution: Augmented RSS feeds
Our approach is to leverage RSS because we love it, but make it better - augment it.
1. Source Curation
We don't collect from every available feed, we collect from where we think it matters.
These are primary sources, and we maintain this list continously so you don't have to.
Real Stats
283 primary sources
2. Intelligent Processing
Low quality articles, marketing and promotional content and technically superficial content pollute our feeds.
Noise will be filtered, signal will be categorized, tagged and source referenced.
Real Stats
57 articles published, 10 approved
3. Personalized Feeds
Instead of individually subscribing to 283 sources, you subscribe to a few personalized feeds.
Your personalized feeds are populated only based on what you want in them.
Real Stats
1622 feeds created so far
APEX - The Augmentation Platform EXperience
The Cyber Espresso is only the beginning, the first step towards a larger augmentation platform for cybersecurity professionals. We want to make you better. Defend more confidently. Know more, see more. We want to augment your cybersecurity senses.
Are you ready for the first step?
Better Cybersecurity and Threat Intelligence RSS feeds
Upgrade Your RSS Experience
Personalized cybersecurity and threat intelligence RSS feeds where content is categorized, summarized and tagged. All coming straight from a professionally and continuously curated set of primary sources.
MuddyWater APT Deploys Phoenix Backdoor Version 4 in Government-Targeted Phishing Campaign
Executive Summary
Iran-linked APT group MuddyWater conducted sophisticated phishing operations against government and international entities in the Middle East and North Africa, deploying an updated Phoenix backdoor version 4. The campaign leveraged compromised email accounts accessed via NordVPN to distribute macro-enabled Word documents, which delivered FakeUpdate injector and Phoenix backdoor with Winlogon persistence. Additional tools included custom Chromium-based credential stealers and RMM utilities hosted on C2 infrastructure at screenai[.]online, demonstrating the MOIS-affiliated group's continued focus on geopolitical intelligence gathering.
Technical Summary
The attack chain begins with VBA macro-enabled Word documents that drop FakeUpdate loader, which uses AES decryption to inject Phoenix backdoor v4 into its own process. Phoenix establishes persistence via HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon registry modification, creates sysprocupdate.exe mutex, and beacons to C2 using WinHTTP for command polling supporting file operations, shell execution, and sleep interval updates. The campaign also deployed Chromium_Stealer targeting Chrome, Opera, Brave, and Edge browsers, extracting encrypted credentials using OS crypto APIs and staging output in C:\Users\Public\Downloads\cobe-notes.txt.
Source: https://blog.polyswarm.io/muddywater-targets-mena-governments-with-phoenix-backdoor
MuddyWater APT Deploys Phoenix Backdoor Version 4 in Government-Targeted Phishing Campaign
Executive Summary
Iran-linked APT group MuddyWater conducted sophisticated phishing operations against government and international entities in the Middle East and North Africa, deploying an updated Phoenix backdoor version 4. The campaign leveraged compromised email accounts accessed via NordVPN to distribute macro-enabled Word documents, which delivered FakeUpdate injector and Phoenix backdoor with Winlogon persistence. Additional tools included custom Chromium-based credential stealers and RMM utilities hosted on C2 infrastructure at screenai[.]online, demonstrating the MOIS-affiliated group's continued focus on geopolitical intelligence gathering.
Technical Summary
The attack chain begins with VBA macro-enabled Word documents that drop FakeUpdate loader, which uses AES decryption to inject Phoenix backdoor v4 into its own process. Phoenix establishes persistence via HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon registry modification, creates sysprocupdate.exe mutex, and beacons to C2 using WinHTTP for command polling supporting file operations, shell execution, and sleep interval updates. The campaign also deployed Chromium_Stealer targeting Chrome, Opera, Brave, and Edge browsers, extracting encrypted credentials using OS crypto APIs and staging output in C:\Users\Public\Downloads\cobe-notes.txt.
Source: https://blog.polyswarm.io/muddywater-targets-mena-governments-with-phoenix-backdoor
Perhaps you already know what you're looking for?
Why wait? Try It Immediately!
Use this public RSS Test Feed (NOT yet active) to experience the Cyber Espresso.
Why wait? Try It Immediately!
Use this public RSS Test Feed (NOT yet active) to experience the Cyber Espresso.
https://app.cyberespresso.eu/abcdef12345/feeds/a740e322-92cd-453f-bb6a-6f49d9805251
The Noise-to-Signal Problem
There's too much content out there, and it's getting increasingly difficult to find quality threat intelligence — the signal. Low-quality marketing and promotional content is polluting existing feeds, diluting the signal that we all seek. While the time varies between individuals, cybersecurity professionals spend an average of 30 minutes daily — nearly 3 hours per week — filtering, skimming, and reading to stay current with the threat landscape. The majority of this time is spent determining what actually matters rather than analyzing actionable intelligence.
We can't afford to spend that much time on just filtering, this has to change. We need to reclaim our time and more quickly get to what matters. We can't continue to fight the torrent of information coming our way, we have to work smarter.
Published Articles
Sources
283
Tagged as primary
Unfiltered
57
Last 24 hours
Filtered
10
Last 24 hours
Our Solution: Augmented RSS feeds
Our approach is to leverage RSS because we love it, but we make it better - we augment it.
1. Source Curation
We don't collect from every available feed, we collect from where we think it matters.
These are primary sources, and we maintain this list continously so you don't have to.
Real Stats
283 primary sources
2. Intelligent Processing
Low quality articles, marketing and promotional content and technically superficial content pollute our feeds.
Noise will be filtered, signal will be categorized, tagged and source referenced.
Real Stats
57 articles published, 10 approved
3. Personalized Feeds
Instead of individually subscribing to 283 sources, you subscribe to a few personalized feeds.
Your personalized feeds are populated only based on what you want in them.
Real Stats
1622 feeds created so far
APEX - The Augmentation Platform EXperience
The Cyber Espresso is only the beginning, the first step towards a larger augmentation platform for cybersecurity professionals. We want to make you better. Defend more confidently. Know more, see more. We want to augment your cybersecurity senses.
Are you ready for the first step?
Better Cybersecurity and Threat Intelligence RSS feeds
Upgrade Your RSS Experience
Personalized cybersecurity and threat intelligence RSS feeds where content is categorized, summarized and tagged. All coming straight from a professionally and continuously curated set of primary sources.
MuddyWater APT Deploys Phoenix Backdoor Version 4 in Government-Targeted Phishing Campaign
Executive Summary
Iran-linked APT group MuddyWater conducted sophisticated phishing operations against government and international entities in the Middle East and North Africa, deploying an updated Phoenix backdoor version 4. The campaign leveraged compromised email accounts accessed via NordVPN to distribute macro-enabled Word documents, which delivered FakeUpdate injector and Phoenix backdoor with Winlogon persistence. Additional tools included custom Chromium-based credential stealers and RMM utilities hosted on C2 infrastructure at screenai[.]online, demonstrating the MOIS-affiliated group's continued focus on geopolitical intelligence gathering.
Technical Summary
The attack chain begins with VBA macro-enabled Word documents that drop FakeUpdate loader, which uses AES decryption to inject Phoenix backdoor v4 into its own process. Phoenix establishes persistence via HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon registry modification, creates sysprocupdate.exe mutex, and beacons to C2 using WinHTTP for command polling supporting file operations, shell execution, and sleep interval updates. The campaign also deployed Chromium_Stealer targeting Chrome, Opera, Brave, and Edge browsers, extracting encrypted credentials using OS crypto APIs and staging output in C:\Users\Public\Downloads\cobe-notes.txt.
Source: https://blog.polyswarm.io/muddywater-targets-mena-governments-with-phoenix-backdoor
MuddyWater APT Deploys Phoenix Backdoor Version 4 in Government-Targeted Phishing Campaign
Executive Summary
Iran-linked APT group MuddyWater conducted sophisticated phishing operations against government and international entities in the Middle East and North Africa, deploying an updated Phoenix backdoor version 4. The campaign leveraged compromised email accounts accessed via NordVPN to distribute macro-enabled Word documents, which delivered FakeUpdate injector and Phoenix backdoor with Winlogon persistence. Additional tools included custom Chromium-based credential stealers and RMM utilities hosted on C2 infrastructure at screenai[.]online, demonstrating the MOIS-affiliated group's continued focus on geopolitical intelligence gathering.
Technical Summary
The attack chain begins with VBA macro-enabled Word documents that drop FakeUpdate loader, which uses AES decryption to inject Phoenix backdoor v4 into its own process. Phoenix establishes persistence via HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon registry modification, creates sysprocupdate.exe mutex, and beacons to C2 using WinHTTP for command polling supporting file operations, shell execution, and sleep interval updates. The campaign also deployed Chromium_Stealer targeting Chrome, Opera, Brave, and Edge browsers, extracting encrypted credentials using OS crypto APIs and staging output in C:\Users\Public\Downloads\cobe-notes.txt.
Source: https://blog.polyswarm.io/muddywater-targets-mena-governments-with-phoenix-backdoor
Perhaps you already know what you're looking for?
Why wait? Try It Immediately!
Use this public RSS Test Feed (NOT yet active) to experience the Cyber Espresso.
https://app.cyberespresso.eu/abcdef12345/feeds/a740e322-92cd-453f-bb6a-6f49d9805251
The Noise-to-Signal Problem
There's too much content out there, and it's getting increasingly difficult to find quality threat intelligence — the signal. Low-quality marketing and promotional content is polluting existing feeds, diluting the signal that we all seek. While the time varies between individuals, cybersecurity professionals spend an average of 30 minutes daily — nearly 3 hours per week — filtering, skimming, and reading to stay current with the threat landscape. The majority of this time is spent determining what actually matters rather than analyzing actionable intelligence.
We can't afford to spend that much time on just filtering, this has to change. We need to reclaim our time and more quickly get to what matters. We can't continue to fight the torrent of information coming our way, we have to work smarter. Our solution is to add a layer of augmentation and here is how it works.
Published Articles
Sources
283
Tagged as primary
Unfiltered
57
Last 24 hours
Filtered
10
Last 24 hours
Our Solution: Augmented RSS feeds
Our approach is to leverage RSS because we love it, but make it better - augment it.
1. Source Curation
We don't collect from every available feed, we collect from where we think it matters.
These are primary sources, and we maintain this list continously so you don't have to.
Real Stats
283 primary sources
2. Intelligent Processing
Low quality articles, marketing and promotional content and technically superficial content pollute our feeds.
Noise will be filtered, signal will be categorized, tagged and source referenced.
Real Stats
57 articles published, 10 approved
3. Personalized Feeds
Instead of individually subscribing to 283 sources, you subscribe to a few personalized feeds.
Your personalized feeds are populated only based on what you want in them.
Real Stats
1622 feeds created so far
APEX - The Augmentation Platform EXperience
The Cyber Espresso is only the beginning, the first step towards a larger augmentation platform for cybersecurity professionals. We want to make you better. Defend more confidently. Know more, see more. We want to augment your cybersecurity senses.
Are you ready for the first step?
Better Cybersecurity and Threat Intelligence RSS feeds
Upgrade Your RSS Experience
Personalized cybersecurity and threat intelligence RSS feeds where content is categorized, summarized and tagged. All coming straight from a professionally and continuously curated set of primary sources.
MuddyWater APT Deploys Phoenix Backdoor Version 4 in Government-Targeted Phishing Campaign
Executive Summary
Iran-linked APT group MuddyWater conducted sophisticated phishing operations against government and international entities in the Middle East and North Africa, deploying an updated Phoenix backdoor version 4. The campaign leveraged compromised email accounts accessed via NordVPN to distribute macro-enabled Word documents, which delivered FakeUpdate injector and Phoenix backdoor with Winlogon persistence. Additional tools included custom Chromium-based credential stealers and RMM utilities hosted on C2 infrastructure at screenai[.]online, demonstrating the MOIS-affiliated group's continued focus on geopolitical intelligence gathering.
Technical Summary
The attack chain begins with VBA macro-enabled Word documents that drop FakeUpdate loader, which uses AES decryption to inject Phoenix backdoor v4 into its own process. Phoenix establishes persistence via HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon registry modification, creates sysprocupdate.exe mutex, and beacons to C2 using WinHTTP for command polling supporting file operations, shell execution, and sleep interval updates. The campaign also deployed Chromium_Stealer targeting Chrome, Opera, Brave, and Edge browsers, extracting encrypted credentials using OS crypto APIs and staging output in C:\Users\Public\Downloads\cobe-notes.txt.
Source: https://blog.polyswarm.io/muddywater-targets-mena-governments-with-phoenix-backdoor
MuddyWater APT Deploys Phoenix Backdoor Version 4 in Government-Targeted Phishing Campaign
Executive Summary
Iran-linked APT group MuddyWater conducted sophisticated phishing operations against government and international entities in the Middle East and North Africa, deploying an updated Phoenix backdoor version 4. The campaign leveraged compromised email accounts accessed via NordVPN to distribute macro-enabled Word documents, which delivered FakeUpdate injector and Phoenix backdoor with Winlogon persistence. Additional tools included custom Chromium-based credential stealers and RMM utilities hosted on C2 infrastructure at screenai[.]online, demonstrating the MOIS-affiliated group's continued focus on geopolitical intelligence gathering.
Technical Summary
The attack chain begins with VBA macro-enabled Word documents that drop FakeUpdate loader, which uses AES decryption to inject Phoenix backdoor v4 into its own process. Phoenix establishes persistence via HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon registry modification, creates sysprocupdate.exe mutex, and beacons to C2 using WinHTTP for command polling supporting file operations, shell execution, and sleep interval updates. The campaign also deployed Chromium_Stealer targeting Chrome, Opera, Brave, and Edge browsers, extracting encrypted credentials using OS crypto APIs and staging output in C:\Users\Public\Downloads\cobe-notes.txt.
Source: https://blog.polyswarm.io/muddywater-targets-mena-governments-with-phoenix-backdoor
Perhaps you already know what you're looking for?
Why wait? Try It Immediately!
Use this public RSS Test Feed (NOT yet active) to experience the Cyber Espresso.
Why wait? Try It Immediately!
Use this public RSS Test Feed (NOT yet active) to experience the Cyber Espresso.
https://app.cyberespresso.eu/abcdef12345/feeds/a740e322-92cd-453f-bb6a-6f49d9805251
The Noise-to-Signal Problem
There's too much content out there, and it's getting increasingly difficult to find quality threat intelligence — the signal. Low-quality marketing and promotional content is polluting existing feeds, diluting the signal that we all seek. While the time varies between individuals, cybersecurity professionals spend an average of 30 minutes daily — nearly 3 hours per week — filtering, skimming, and reading to stay current with the threat landscape. The majority of this time is spent determining what actually matters rather than analyzing actionable intelligence.
We can't afford to spend that much time on just filtering, this has to change. We need to reclaim our time and more quickly get to what matters. We can't continue to fight the torrent of information coming our way, we have to work smarter.
Published Articles
Sources
283
Tagged as primary
Unfiltered
57
Last 24 hours
Filtered
10
Last 24 hours
Our Solution: Augmented RSS feeds
Our approach is to leverage RSS because we love it, but we make it better - we augment it.
1. Source Curation
We don't collect from every available feed, we collect from where we think it matters.
These are primary sources, and we maintain this list continously so you don't have to.
Real Stats
283 primary sources
2. Intelligent Processing
Low quality articles, marketing and promotional content and technically superficial content pollute our feeds.
Noise will be filtered, signal will be categorized, tagged and source referenced.
Real Stats
57 articles published, 10 approved
3. Personalized Feeds
Instead of individually subscribing to 283 sources, you subscribe to a few personalized feeds.
Your personalized feeds are populated only based on what you want in them.
Real Stats
1622 feeds created so far
APEX - The Augmentation Platform EXperience
The Cyber Espresso is only the beginning, the first step towards a larger augmentation platform for cybersecurity professionals. We want to make you better. Defend more confidently. Know more, see more. We want to augment your cybersecurity senses.
Are you ready for the first step?
Better Cybersecurity and Threat Intelligence RSS feeds
Upgrade Your RSS Experience
Personalized cybersecurity and threat intelligence RSS feeds where content is categorized, summarized and tagged. All coming straight from a professionally and continuously curated set of primary sources.
MuddyWater APT Deploys Phoenix Backdoor Version 4 in Government-Targeted Phishing Campaign
Executive Summary
Iran-linked APT group MuddyWater conducted sophisticated phishing operations against government and international entities in the Middle East and North Africa, deploying an updated Phoenix backdoor version 4. The campaign leveraged compromised email accounts accessed via NordVPN to distribute macro-enabled Word documents, which delivered FakeUpdate injector and Phoenix backdoor with Winlogon persistence. Additional tools included custom Chromium-based credential stealers and RMM utilities hosted on C2 infrastructure at screenai[.]online, demonstrating the MOIS-affiliated group's continued focus on geopolitical intelligence gathering.
Technical Summary
The attack chain begins with VBA macro-enabled Word documents that drop FakeUpdate loader, which uses AES decryption to inject Phoenix backdoor v4 into its own process. Phoenix establishes persistence via HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon registry modification, creates sysprocupdate.exe mutex, and beacons to C2 using WinHTTP for command polling supporting file operations, shell execution, and sleep interval updates. The campaign also deployed Chromium_Stealer targeting Chrome, Opera, Brave, and Edge browsers, extracting encrypted credentials using OS crypto APIs and staging output in C:\Users\Public\Downloads\cobe-notes.txt.
Source: https://blog.polyswarm.io/muddywater-targets-mena-governments-with-phoenix-backdoor
MuddyWater APT Deploys Phoenix Backdoor Version 4 in Government-Targeted Phishing Campaign
Executive Summary
Iran-linked APT group MuddyWater conducted sophisticated phishing operations against government and international entities in the Middle East and North Africa, deploying an updated Phoenix backdoor version 4. The campaign leveraged compromised email accounts accessed via NordVPN to distribute macro-enabled Word documents, which delivered FakeUpdate injector and Phoenix backdoor with Winlogon persistence. Additional tools included custom Chromium-based credential stealers and RMM utilities hosted on C2 infrastructure at screenai[.]online, demonstrating the MOIS-affiliated group's continued focus on geopolitical intelligence gathering.
Technical Summary
The attack chain begins with VBA macro-enabled Word documents that drop FakeUpdate loader, which uses AES decryption to inject Phoenix backdoor v4 into its own process. Phoenix establishes persistence via HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon registry modification, creates sysprocupdate.exe mutex, and beacons to C2 using WinHTTP for command polling supporting file operations, shell execution, and sleep interval updates. The campaign also deployed Chromium_Stealer targeting Chrome, Opera, Brave, and Edge browsers, extracting encrypted credentials using OS crypto APIs and staging output in C:\Users\Public\Downloads\cobe-notes.txt.
Source: https://blog.polyswarm.io/muddywater-targets-mena-governments-with-phoenix-backdoor
Perhaps you already know what you're looking for?
Why wait? Try It Immediately!
Use this public RSS Test Feed (NOT yet active) to experience the Cyber Espresso.
https://app.cyberespresso.eu/abcdef12345/feeds/a740e322-92cd-453f-bb6a-6f49d9805251
The Noise-to-Signal Problem
There's too much content out there, and it's getting increasingly difficult to find quality threat intelligence — the signal. Low-quality marketing and promotional content is polluting existing feeds, diluting the signal that we all seek. While the time varies between individuals, cybersecurity professionals spend an average of 30 minutes daily — nearly 3 hours per week — filtering, skimming, and reading to stay current with the threat landscape. The majority of this time is spent determining what actually matters rather than analyzing actionable intelligence.
We can't afford to spend that much time on just filtering, this has to change. We need to reclaim our time and more quickly get to what matters. We can't continue to fight the torrent of information coming our way, we have to work smarter. Our solution is to add a layer of augmentation and here is how it works.
Published Articles
Sources
283
Tagged as primary
Unfiltered
57
Last 24 hours
Filtered
10
Last 24 hours
Our Solution: Augmented RSS feeds
Our approach is to leverage RSS because we love it, but make it better - augment it.
1. Source Curation
We don't collect from every available feed, we collect from where we think it matters.
These are primary sources, and we maintain this list continously so you don't have to.
Real Stats
283 primary sources
2. Intelligent Processing
Low quality articles, marketing and promotional content and technically superficial content pollute our feeds.
Noise will be filtered, signal will be categorized, tagged and source referenced.
Real Stats
57 articles published, 10 approved
3. Personalized Feeds
Instead of individually subscribing to 283 sources, you subscribe to a few personalized feeds.
Your personalized feeds are populated only based on what you want in them.
Real Stats
1622 feeds created so far
APEX - The Augmentation Platform EXperience
The Cyber Espresso is only the beginning, the first step towards a larger augmentation platform for cybersecurity professionals. We want to make you better. Defend more confidently. Know more, see more. We want to augment your cybersecurity senses.
Are you ready for the first step?