#elf — Public Fediverse posts

Care to assist an elf girl?
(Commissioner's OC, Alicia)

 #elf #blushing #nsfw #breasts #nude #vagina #blonde #commission

ELF GIRL Assasin #Low #Game #3Dmodel #Warrior #Pbr #Darkelf #Elfgirl #Elf #Rpg #Fantasy #Lowpoly #Character #Animated #Girl #AssetStore

https://u3dn.com/packages/elf-girl-assasin-189502

TanStack npm Packages Compromised in Ongoing Supply-Chain Attack

Socket detected 84 compromised TanStack npm package artifacts modified with credential-stealing malware targeting CI systems, including GitHub Actions. Affected packages like @tanstack/react-router have over 12 million weekly downloads. The malicious versions contain router_init.js, a heavily obfuscated file with daemonization capabilities and environment variable access for GitHub Actions secrets. The compromise exploited GitHub Actions cache poisoning and pull_request_target patterns to extract OIDC tokens and authenticate malicious npm publishes through trusted-publisher bindings. The malware harvests credentials from GitHub Actions, AWS (IMDS, Secrets Manager, SSM), HashiCorp Vault, and Kubernetes, while establishing persistence in Claude Code and VS Code directories. Exfiltration occurs through Session's decentralized P2P network. The campaign includes self-propagation mechanisms that steal npm OIDC tokens and autonomously republish compromised packages. Updates indicate expansion to OpenSearch, Mistr...

Pulse ID: 6a033148e786c959261ff66f
Pulse Link: https://otx.alienvault.com/pulse/6a033148e786c959261ff66f
Pulse Author: AlienVault
Created: 2026-05-12 13:55:20

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#AWS #CyberSecurity #ELF #GitHub #InfoSec #Malware #NPM #OTX #OpenThreatExchange #RAT #Rust #SMS #bot #AlienVault

TanStack npm Packages Compromised in Ongoing Supply-Chain Attack

Socket detected 84 compromised TanStack npm package artifacts modified with credential-stealing malware targeting CI systems, including GitHub Actions. Affected packages like @tanstack/react-router have over 12 million weekly downloads. The malicious versions contain router_init.js, a heavily obfuscated file with daemonization capabilities and environment variable access for GitHub Actions secrets. The compromise exploited GitHub Actions cache poisoning and pull_request_target patterns to extract OIDC tokens and authenticate malicious npm publishes through trusted-publisher bindings. The malware harvests credentials from GitHub Actions, AWS (IMDS, Secrets Manager, SSM), HashiCorp Vault, and Kubernetes, while establishing persistence in Claude Code and VS Code directories. Exfiltration occurs through Session's decentralized P2P network. The campaign includes self-propagation mechanisms that steal npm OIDC tokens and autonomously republish compromised packages. Updates indicate expansion to OpenSearch, Mistr...

Pulse ID: 6a033148e786c959261ff66f
Pulse Link: https://otx.alienvault.com/pulse/6a033148e786c959261ff66f
Pulse Author: AlienVault
Created: 2026-05-12 13:55:20

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#AWS #CyberSecurity #ELF #GitHub #InfoSec #Malware #NPM #OTX #OpenThreatExchange #RAT #Rust #SMS #bot #AlienVault

TanStack npm Packages Compromised in Ongoing Supply-Chain Attack

Socket detected 84 compromised TanStack npm package artifacts modified with credential-stealing malware targeting CI systems, including GitHub Actions. Affected packages like @tanstack/react-router have over 12 million weekly downloads. The malicious versions contain router_init.js, a heavily obfuscated file with daemonization capabilities and environment variable access for GitHub Actions secrets. The compromise exploited GitHub Actions cache poisoning and pull_request_target patterns to extract OIDC tokens and authenticate malicious npm publishes through trusted-publisher bindings. The malware harvests credentials from GitHub Actions, AWS (IMDS, Secrets Manager, SSM), HashiCorp Vault, and Kubernetes, while establishing persistence in Claude Code and VS Code directories. Exfiltration occurs through Session's decentralized P2P network. The campaign includes self-propagation mechanisms that steal npm OIDC tokens and autonomously republish compromised packages. Updates indicate expansion to OpenSearch, Mistr...

Pulse ID: 6a033148e786c959261ff66f
Pulse Link: https://otx.alienvault.com/pulse/6a033148e786c959261ff66f
Pulse Author: AlienVault
Created: 2026-05-12 13:55:20

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#AWS #CyberSecurity #ELF #GitHub #InfoSec #Malware #NPM #OTX #OpenThreatExchange #RAT #Rust #SMS #bot #AlienVault

TanStack npm Packages Compromised in Ongoing Supply-Chain Attack

Socket detected 84 compromised TanStack npm package artifacts modified with credential-stealing malware targeting CI systems, including GitHub Actions. Affected packages like @tanstack/react-router have over 12 million weekly downloads. The malicious versions contain router_init.js, a heavily obfuscated file with daemonization capabilities and environment variable access for GitHub Actions secrets. The compromise exploited GitHub Actions cache poisoning and pull_request_target patterns to extract OIDC tokens and authenticate malicious npm publishes through trusted-publisher bindings. The malware harvests credentials from GitHub Actions, AWS (IMDS, Secrets Manager, SSM), HashiCorp Vault, and Kubernetes, while establishing persistence in Claude Code and VS Code directories. Exfiltration occurs through Session's decentralized P2P network. The campaign includes self-propagation mechanisms that steal npm OIDC tokens and autonomously republish compromised packages. Updates indicate expansion to OpenSearch, Mistr...

Pulse ID: 6a033148e786c959261ff66f
Pulse Link: https://otx.alienvault.com/pulse/6a033148e786c959261ff66f
Pulse Author: AlienVault
Created: 2026-05-12 13:55:20

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#AWS #CyberSecurity #ELF #GitHub #InfoSec #Malware #NPM #OTX #OpenThreatExchange #RAT #Rust #SMS #bot #AlienVault

TanStack npm Packages Compromised in Ongoing Supply-Chain Attack

Socket detected 84 compromised TanStack npm package artifacts modified with credential-stealing malware targeting CI systems, including GitHub Actions. Affected packages like @tanstack/react-router have over 12 million weekly downloads. The malicious versions contain router_init.js, a heavily obfuscated file with daemonization capabilities and environment variable access for GitHub Actions secrets. The compromise exploited GitHub Actions cache poisoning and pull_request_target patterns to extract OIDC tokens and authenticate malicious npm publishes through trusted-publisher bindings. The malware harvests credentials from GitHub Actions, AWS (IMDS, Secrets Manager, SSM), HashiCorp Vault, and Kubernetes, while establishing persistence in Claude Code and VS Code directories. Exfiltration occurs through Session's decentralized P2P network. The campaign includes self-propagation mechanisms that steal npm OIDC tokens and autonomously republish compromised packages. Updates indicate expansion to OpenSearch, Mistr...

Pulse ID: 6a033148e786c959261ff66f
Pulse Link: https://otx.alienvault.com/pulse/6a033148e786c959261ff66f
Pulse Author: AlienVault
Created: 2026-05-12 13:55:20

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#AWS #CyberSecurity #ELF #GitHub #InfoSec #Malware #NPM #OTX #OpenThreatExchange #RAT #Rust #SMS #bot #AlienVault

Dark elf bolt throwers #wargaming #oldhammer #miniaturepainting #warhammercommunity #warhammer #oldworld #paintingwarhammer #nerdlings #fantasy #elf #elves #darkelves

Dark elf bolt throwers #wargaming #oldhammer #miniaturepainting #warhammercommunity #warhammer #oldworld #paintingwarhammer #nerdlings #fantasy #elf #elves #darkelves

Dark elf bolt throwers #wargaming #oldhammer #miniaturepainting #warhammercommunity #warhammer #oldworld #paintingwarhammer #nerdlings #fantasy #elf #elves #darkelves

A hidden domain deep in the forest where elves reside. Concealed by ancient magic, only those granted permission may ever find this place. To any other, they only ever see a lush, dark forest.

https://youtu.be/SPoybd4Yytw

#composer #fantasy #musician #music #vgm #fantasymusic #classicalmusic #originalmusic #originalcomposition #instrumental #gamedev #elven #elf #elves #dndmusic #dnd #harp #recorder #mystical #magical

A hidden domain deep in the forest where elves reside. Concealed by ancient magic, only those granted permission may ever find this place. To any other, they only ever see a lush, dark forest.

https://youtu.be/SPoybd4Yytw

#composer #fantasy #musician #music #vgm #fantasymusic #classicalmusic #originalmusic #originalcomposition #instrumental #gamedev #elven #elf #elves #dndmusic #dnd #harp #recorder #mystical #magical

A hidden domain deep in the forest where elves reside. Concealed by ancient magic, only those granted permission may ever find this place. To any other, they only ever see a lush, dark forest.

https://youtu.be/SPoybd4Yytw

#composer #fantasy #musician #music #vgm #fantasymusic #classicalmusic #originalmusic #originalcomposition #instrumental #gamedev #elven #elf #elves #dndmusic #dnd #harp #recorder #mystical #magical

A hidden domain deep in the forest where elves reside. Concealed by ancient magic, only those granted permission may ever find this place. To any other, they only ever see a lush, dark forest.

https://youtu.be/SPoybd4Yytw

#composer #fantasy #musician #music #vgm #fantasymusic #classicalmusic #originalmusic #originalcomposition #instrumental #gamedev #elven #elf #elves #dndmusic #dnd #harp #recorder #mystical #magical

A hidden domain deep in the forest where elves reside. Concealed by ancient magic, only those granted permission may ever find this place. To any other, they only ever see a lush, dark forest.

https://youtu.be/SPoybd4Yytw

#composer #fantasy #musician #music #vgm #fantasymusic #classicalmusic #originalmusic #originalcomposition #instrumental #gamedev #elven #elf #elves #dndmusic #dnd #harp #recorder #mystical #magical

In the ever-growing tourist industry, English proficiency is essential for workers. It enhances communication with international visitors.

A solid command of English can significantly improve job opportunities, allowing employees to stand out in a competitive market.

Last, English serves as a bridge for cultural exchange, enabling workers to share their local knowledge with tourists.

English is not just a language; it’s a vital tool for success in tourism.

#ingles #esl #tourism #elf

In the ever-growing tourist industry, English proficiency is essential for workers. It enhances communication with international visitors.

A solid command of English can significantly improve job opportunities, allowing employees to stand out in a competitive market.

Last, English serves as a bridge for cultural exchange, enabling workers to share their local knowledge with tourists.

English is not just a language; it’s a vital tool for success in tourism.

#ingles #esl #tourism #elf

In the ever-growing tourist industry, English proficiency is essential for workers. It enhances communication with international visitors.

A solid command of English can significantly improve job opportunities, allowing employees to stand out in a competitive market.

Last, English serves as a bridge for cultural exchange, enabling workers to share their local knowledge with tourists.

English is not just a language; it’s a vital tool for success in tourism.

#ingles #esl #tourism #elf

In the ever-growing tourist industry, English proficiency is essential for workers. It enhances communication with international visitors.

A solid command of English can significantly improve job opportunities, allowing employees to stand out in a competitive market.

Last, English serves as a bridge for cultural exchange, enabling workers to share their local knowledge with tourists.

English is not just a language; it’s a vital tool for success in tourism.

#ingles #esl #tourism #elf

In the ever-growing tourist industry, English proficiency is essential for workers. It enhances communication with international visitors.

A solid command of English can significantly improve job opportunities, allowing employees to stand out in a competitive market.

Last, English serves as a bridge for cultural exchange, enabling workers to share their local knowledge with tourists.

English is not just a language; it’s a vital tool for success in tourism.

#ingles #esl #tourism #elf

TCLBANKER: Brazilian Banking Trojan Spreading via WhatsApp and Outlook

A sophisticated Brazilian banking trojan named TCLBANKER has been identified, representing a significant evolution of the MAVERICK/SORVEPOTEL malware family. The campaign employs a trojanized Logitech installer that deploys two .NET Reactor-protected modules through DLL side-loading. The banking trojan monitors 59 Brazilian financial institutions using UI Automation and features a WPF-based full-screen overlay framework for operator-driven social engineering attacks, including credential harvesting and fake system screens. A secondary worm module enables self-propagation through WhatsApp session hijacking and Outlook COM automation, sending phishing messages from victims' own accounts. The malware implements robust anti-analysis capabilities including environment-gated payload decryption, comprehensive watchdog systems, and ETW patching. Infrastructure is hosted on Cloudflare Workers, with evidence suggesting the campaign was detected in early operational stages.

Pulse ID: 69fb97e531a95b262c4925aa
Pulse Link: https://otx.alienvault.com/pulse/69fb97e531a95b262c4925aa
Pulse Author: AlienVault
Created: 2026-05-06 19:35:01

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Bank #BankingTrojan #Brazil #Cloud #CredentialHarvesting #CyberSecurity #ELF #InfoSec #Malware #NET #OTX #OpenThreatExchange #Outlook #Phishing #RAT #SocialEngineering #Trojan #WatchDog #WhatsApp #Worm #bot #AlienVault

TCLBANKER: Brazilian Banking Trojan Spreading via WhatsApp and Outlook

A sophisticated Brazilian banking trojan named TCLBANKER has been identified, representing a significant evolution of the MAVERICK/SORVEPOTEL malware family. The campaign employs a trojanized Logitech installer that deploys two .NET Reactor-protected modules through DLL side-loading. The banking trojan monitors 59 Brazilian financial institutions using UI Automation and features a WPF-based full-screen overlay framework for operator-driven social engineering attacks, including credential harvesting and fake system screens. A secondary worm module enables self-propagation through WhatsApp session hijacking and Outlook COM automation, sending phishing messages from victims' own accounts. The malware implements robust anti-analysis capabilities including environment-gated payload decryption, comprehensive watchdog systems, and ETW patching. Infrastructure is hosted on Cloudflare Workers, with evidence suggesting the campaign was detected in early operational stages.

Pulse ID: 69fb97e531a95b262c4925aa
Pulse Link: https://otx.alienvault.com/pulse/69fb97e531a95b262c4925aa
Pulse Author: AlienVault
Created: 2026-05-06 19:35:01

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Bank #BankingTrojan #Brazil #Cloud #CredentialHarvesting #CyberSecurity #ELF #InfoSec #Malware #NET #OTX #OpenThreatExchange #Outlook #Phishing #RAT #SocialEngineering #Trojan #WatchDog #WhatsApp #Worm #bot #AlienVault

TCLBANKER: Brazilian Banking Trojan Spreading via WhatsApp and Outlook

A sophisticated Brazilian banking trojan named TCLBANKER has been identified, representing a significant evolution of the MAVERICK/SORVEPOTEL malware family. The campaign employs a trojanized Logitech installer that deploys two .NET Reactor-protected modules through DLL side-loading. The banking trojan monitors 59 Brazilian financial institutions using UI Automation and features a WPF-based full-screen overlay framework for operator-driven social engineering attacks, including credential harvesting and fake system screens. A secondary worm module enables self-propagation through WhatsApp session hijacking and Outlook COM automation, sending phishing messages from victims' own accounts. The malware implements robust anti-analysis capabilities including environment-gated payload decryption, comprehensive watchdog systems, and ETW patching. Infrastructure is hosted on Cloudflare Workers, with evidence suggesting the campaign was detected in early operational stages.

Pulse ID: 69fb97e531a95b262c4925aa
Pulse Link: https://otx.alienvault.com/pulse/69fb97e531a95b262c4925aa
Pulse Author: AlienVault
Created: 2026-05-06 19:35:01

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Bank #BankingTrojan #Brazil #Cloud #CredentialHarvesting #CyberSecurity #ELF #InfoSec #Malware #NET #OTX #OpenThreatExchange #Outlook #Phishing #RAT #SocialEngineering #Trojan #WatchDog #WhatsApp #Worm #bot #AlienVault

TCLBANKER: Brazilian Banking Trojan Spreading via WhatsApp and Outlook

A sophisticated Brazilian banking trojan named TCLBANKER has been identified, representing a significant evolution of the MAVERICK/SORVEPOTEL malware family. The campaign employs a trojanized Logitech installer that deploys two .NET Reactor-protected modules through DLL side-loading. The banking trojan monitors 59 Brazilian financial institutions using UI Automation and features a WPF-based full-screen overlay framework for operator-driven social engineering attacks, including credential harvesting and fake system screens. A secondary worm module enables self-propagation through WhatsApp session hijacking and Outlook COM automation, sending phishing messages from victims' own accounts. The malware implements robust anti-analysis capabilities including environment-gated payload decryption, comprehensive watchdog systems, and ETW patching. Infrastructure is hosted on Cloudflare Workers, with evidence suggesting the campaign was detected in early operational stages.

Pulse ID: 69fb97e531a95b262c4925aa
Pulse Link: https://otx.alienvault.com/pulse/69fb97e531a95b262c4925aa
Pulse Author: AlienVault
Created: 2026-05-06 19:35:01

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Bank #BankingTrojan #Brazil #Cloud #CredentialHarvesting #CyberSecurity #ELF #InfoSec #Malware #NET #OTX #OpenThreatExchange #Outlook #Phishing #RAT #SocialEngineering #Trojan #WatchDog #WhatsApp #Worm #bot #AlienVault

TCLBANKER: Brazilian Banking Trojan Spreading via WhatsApp and Outlook

A sophisticated Brazilian banking trojan named TCLBANKER has been identified, representing a significant evolution of the MAVERICK/SORVEPOTEL malware family. The campaign employs a trojanized Logitech installer that deploys two .NET Reactor-protected modules through DLL side-loading. The banking trojan monitors 59 Brazilian financial institutions using UI Automation and features a WPF-based full-screen overlay framework for operator-driven social engineering attacks, including credential harvesting and fake system screens. A secondary worm module enables self-propagation through WhatsApp session hijacking and Outlook COM automation, sending phishing messages from victims' own accounts. The malware implements robust anti-analysis capabilities including environment-gated payload decryption, comprehensive watchdog systems, and ETW patching. Infrastructure is hosted on Cloudflare Workers, with evidence suggesting the campaign was detected in early operational stages.

Pulse ID: 69fb97e531a95b262c4925aa
Pulse Link: https://otx.alienvault.com/pulse/69fb97e531a95b262c4925aa
Pulse Author: AlienVault
Created: 2026-05-06 19:35:01

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Bank #BankingTrojan #Brazil #Cloud #CredentialHarvesting #CyberSecurity #ELF #InfoSec #Malware #NET #OTX #OpenThreatExchange #Outlook #Phishing #RAT #SocialEngineering #Trojan #WatchDog #WhatsApp #Worm #bot #AlienVault

Anime Character Art Pack: 2425 #Anime #Character #Sprites #Facialexpressions #2D #Png #Transparent #Fullbody #Halfbody #Face #Woman #Elf #Princess #Fairy #AssetStore

https://u3dn.com/packages/anime-character-art-pack-2425-306515

Boop, happy Wednesday.
.
#mastodon #elf #makeup #goth #alt

High elf hero #wargaming #oldhammer #miniaturepainting #warhammercommunity #warhammer #oldworld #paintingwarhammer #nerdlings #fantasy #elf #elves #highelves

High elf hero #wargaming #oldhammer #miniaturepainting #warhammercommunity #warhammer #oldworld #paintingwarhammer #nerdlings #fantasy #elf #elves #highelves

High elf hero #wargaming #oldhammer #miniaturepainting #warhammercommunity #warhammer #oldworld #paintingwarhammer #nerdlings #fantasy #elf #elves #highelves

Lusty Treasure

GET ALL 24 VERSIONS HERE
https://www.patreon.com/posts/157460732
Includes Nudity, Milk, Pregnant Lusty, Body Writing, and some Dragons come to play <3

#Lusty #GoldenWeek #GoldenBikini #GoldBikini #BigTits #Redhead #Elf #Fantasy #NSFW #Art #Artist

Lusty Treasure

GET ALL 24 VERSIONS HERE
https://www.patreon.com/posts/157460732
Includes Nudity, Milk, Pregnant Lusty, Body Writing, and some Dragons come to play <3

#Lusty #GoldenWeek #GoldenBikini #GoldBikini #BigTits #Redhead #Elf #Fantasy #NSFW #Art #Artist

Lusty Treasure

GET ALL 24 VERSIONS HERE
https://www.patreon.com/posts/157460732
Includes Nudity, Milk, Pregnant Lusty, Body Writing, and some Dragons come to play <3

#Lusty #GoldenWeek #GoldenBikini #GoldBikini #BigTits #Redhead #Elf #Fantasy #NSFW #Art #Artist

Lusty Treasure

GET ALL 24 VERSIONS HERE
https://www.patreon.com/posts/157460732
Includes Nudity, Milk, Pregnant Lusty, Body Writing, and some Dragons come to play <3

#Lusty #GoldenWeek #GoldenBikini #GoldBikini #BigTits #Redhead #Elf #Fantasy #NSFW #Art #Artist

Lusty Treasure

GET ALL 24 VERSIONS HERE
https://www.patreon.com/posts/157460732
Includes Nudity, Milk, Pregnant Lusty, Body Writing, and some Dragons come to play <3

#Lusty #GoldenWeek #GoldenBikini #GoldBikini #BigTits #Redhead #Elf #Fantasy #NSFW #Art #Artist

Stretch it out.
.
#mastodon #cosplay #elf #goth

#funny #fun #comedy #humor #humour #silly #verse #poetry #poem #elf #elvis #santa #northpole #limerick

#funny #fun #comedy #humor #humour #silly #verse #poetry #poem #elf #elvis #santa #northpole #limerick

#funny #fun #comedy #humor #humour #silly #verse #poetry #poem #elf #elvis #santa #northpole #limerick

PhantomRaven Wave 5: New Undocumented NPM Supply Chain Campaign Targets DeFi, Cloud, and AI Developers

A fifth wave of the PhantomRaven NPM supply chain attack campaign has been discovered, utilizing 33 new malicious packages and fresh command-and-control infrastructure registered on March 10, 2026. The operation employs a sophisticated three-stage payload delivery mechanism using Remote Dynamic Dependency techniques to bypass static analysis. Malicious packages self-reference dependencies pointing to attacker-controlled servers at pack[.]nppacks[.]com, which deliver droppers that harvest developer credentials, system information, CI/CD tokens, GitHub repository names, and email addresses from Git configurations, NPM settings, and environment variables. The campaign specifically targets DeFi cryptocurrency developers, cloud infrastructure engineers working with Azure CDK, and AI application developers. All collected data is exfiltrated via POST requests to mozbra.php on the C2 server. Infrastructure analysis reveals connections to a legitimate Pakistani IT services company domain, suggesting potential accou...

Pulse ID: 69f8acdd6038448e350edbb9
Pulse Link: https://otx.alienvault.com/pulse/69f8acdd6038448e350edbb9
Pulse Author: AlienVault
Created: 2026-05-04 14:27:41

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Azure #Cloud #CyberSecurity #ELF #Email #GitHub #InfoSec #NPM #OTX #OpenThreatExchange #PHP #Pakistan #RAT #SupplyChain #Troll #bot #cryptocurrency #developers #AlienVault

Trigona Affiliates Deploy Custom Exfiltration Tool to Streamline Data Theft

Trigona ransomware affiliates deployed a custom exfiltration tool called uploader_client.exe during attacks in March 2026, marking a tactical shift from relying on off-the-shelf utilities like Rclone. The tool features parallel streams with five default connections, connection rotation after 2,048 MB transfers to evade network monitoring, and granular filtering to exclude low-value files. Prior to exfiltration, attackers disabled security defenses using kernel-level tools including HRSword, PCHunter, Gmer, YDark, and WKTools with vulnerable drivers. Remote access was established via AnyDesk, while credentials were harvested using Mimikatz and Nirsoft utilities. The custom tooling demonstrates higher technical maturity compared to typical ransomware operations, providing enhanced stealth capabilities while requiring greater development resources. Targeted data included invoices and high-value PDF documents from networked drives.

Pulse ID: 69f4e8812c7240e62187fe72
Pulse Link: https://otx.alienvault.com/pulse/69f4e8812c7240e62187fe72
Pulse Author: AlienVault
Created: 2026-05-01 17:53:05

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#AnyDesk #CyberSecurity #DataTheft #ELF #InfoSec #OTX #OpenThreatExchange #PDF #RAT #RCE #RansomWare #Rclone #Trigona #Word #bot #AlienVault

Harvester: APT Group Expands Toolset With New GoGra Linux Backdoor

The Harvester APT group has developed a new Linux version of its GoGra backdoor that uses the legitimate Microsoft Graph API and Outlook mailboxes as a covert command-and-control channel. The malware employs social engineering lures with tailored decoy documents, masquerading malicious ELF files as standard documents. Initial VirusTotal submissions originated from India and Afghanistan, indicating these regions as primary targets. The backdoor uses hardcoded Azure AD credentials to poll a specific mailbox folder at two-second intervals, executing commands received via encrypted emails and exfiltrating results through reply messages. Analysis confirms this Linux variant shares nearly identical code with a previously known Windows version, including matching spelling errors, demonstrating Harvester's multi-platform development strategy and continued focus on South Asian espionage operations.

Pulse ID: 69f4e882199e1fa40cbece45
Pulse Link: https://otx.alienvault.com/pulse/69f4e882199e1fa40cbece45
Pulse Author: AlienVault
Created: 2026-05-01 17:53:06

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Afghanistan #Asia #Azure #BackDoor #CyberSecurity #ELF #Email #Espionage #India #InfoSec #Linux #Malware #Microsoft #OTX #OpenThreatExchange #Outlook #RAT #Rust #SocialEngineering #SouthAsia #VirusTotal #Windows #bot #AlienVault

[Out of Place]

A small drawing project that went in an odd direction. Another 'modern elf', this one seems to have gotten herself a little lost.

As I've mentioned before, I'm often lazy about backgrounds. This time I decided to capitalise on that laziness by going in a more stylised, slightly 'pop art' direction.

I don't know. Is this a good approach, or should I just learn to draw backgrounds properly?

#MastoArt #FediArt #ArtistsOnMastodon #Fantasy #Illustration #Elf

Dark Elves Shades #wargaming #oldhammer #miniaturepainting #warhammercommunity #warhammer #oldworld #paintingwarhammer #nerdlings #fantasy #elf #elves #darkelves

Dark Elves Shades #wargaming #oldhammer #miniaturepainting #warhammercommunity #warhammer #oldworld #paintingwarhammer #nerdlings #fantasy #elf #elves #darkelves