#nim — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #nim, aggregated by home.social.
-
Fast and Furious - Nimbus Manticore Operations During the Iranian Conflict
The Iranian IRGC-affiliated threat actor Nimbus Manticore launched sophisticated cyber operations during Operation Epic Fury, the US military campaign against Iran beginning February 28, 2026. The campaigns targeted organizations in aviation and software sectors across the United States, Europe, and Middle East using career-themed phishing lures. For the first time, the actor employed SEO poisoning techniques and introduced MiniFast, a previously undocumented backdoor showing signs of AI-assisted development. The operations leveraged AppDomain hijacking and abused legitimate Zoom installer execution flows for malware deployment. The actor demonstrated rapid adaptation capabilities during wartime conditions, maintaining high operational availability while expanding targeting to US-based aviation companies. Multiple campaign waves were observed from February through April 2026, with persistent infrastructure and evolving techniques.
Pulse ID: 6a141fcbde28865faa897cb4
Pulse Link: https://otx.alienvault.com/pulse/6a141fcbde28865faa897cb4
Pulse Author: AlienVault
Created: 2026-05-25 10:09:15Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#BackDoor #CyberSecurity #Europe #IRGC #InfoSec #Iran #Malware #MiddleEast #Military #Nim #OTX #OpenThreatExchange #Phishing #RAT #SEOPoisoning #UnitedStates #Zoom #bot #AlienVault
-
Fast and Furious - Nimbus Manticore Operations During the Iranian Conflict
The Iranian IRGC-affiliated threat actor Nimbus Manticore launched sophisticated cyber operations during Operation Epic Fury, the US military campaign against Iran beginning February 28, 2026. The campaigns targeted organizations in aviation and software sectors across the United States, Europe, and Middle East using career-themed phishing lures. For the first time, the actor employed SEO poisoning techniques and introduced MiniFast, a previously undocumented backdoor showing signs of AI-assisted development. The operations leveraged AppDomain hijacking and abused legitimate Zoom installer execution flows for malware deployment. The actor demonstrated rapid adaptation capabilities during wartime conditions, maintaining high operational availability while expanding targeting to US-based aviation companies. Multiple campaign waves were observed from February through April 2026, with persistent infrastructure and evolving techniques.
Pulse ID: 6a141fcbde28865faa897cb4
Pulse Link: https://otx.alienvault.com/pulse/6a141fcbde28865faa897cb4
Pulse Author: AlienVault
Created: 2026-05-25 10:09:15Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#BackDoor #CyberSecurity #Europe #IRGC #InfoSec #Iran #Malware #MiddleEast #Military #Nim #OTX #OpenThreatExchange #Phishing #RAT #SEOPoisoning #UnitedStates #Zoom #bot #AlienVault
-
Fast and Furious - Nimbus Manticore Operations During the Iranian Conflict
The Iranian IRGC-affiliated threat actor Nimbus Manticore launched sophisticated cyber operations during Operation Epic Fury, the US military campaign against Iran beginning February 28, 2026. The campaigns targeted organizations in aviation and software sectors across the United States, Europe, and Middle East using career-themed phishing lures. For the first time, the actor employed SEO poisoning techniques and introduced MiniFast, a previously undocumented backdoor showing signs of AI-assisted development. The operations leveraged AppDomain hijacking and abused legitimate Zoom installer execution flows for malware deployment. The actor demonstrated rapid adaptation capabilities during wartime conditions, maintaining high operational availability while expanding targeting to US-based aviation companies. Multiple campaign waves were observed from February through April 2026, with persistent infrastructure and evolving techniques.
Pulse ID: 6a141fcbde28865faa897cb4
Pulse Link: https://otx.alienvault.com/pulse/6a141fcbde28865faa897cb4
Pulse Author: AlienVault
Created: 2026-05-25 10:09:15Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#BackDoor #CyberSecurity #Europe #IRGC #InfoSec #Iran #Malware #MiddleEast #Military #Nim #OTX #OpenThreatExchange #Phishing #RAT #SEOPoisoning #UnitedStates #Zoom #bot #AlienVault
-
Fast and Furious - Nimbus Manticore Operations During the Iranian Conflict
The Iranian IRGC-affiliated threat actor Nimbus Manticore launched sophisticated cyber operations during Operation Epic Fury, the US military campaign against Iran beginning February 28, 2026. The campaigns targeted organizations in aviation and software sectors across the United States, Europe, and Middle East using career-themed phishing lures. For the first time, the actor employed SEO poisoning techniques and introduced MiniFast, a previously undocumented backdoor showing signs of AI-assisted development. The operations leveraged AppDomain hijacking and abused legitimate Zoom installer execution flows for malware deployment. The actor demonstrated rapid adaptation capabilities during wartime conditions, maintaining high operational availability while expanding targeting to US-based aviation companies. Multiple campaign waves were observed from February through April 2026, with persistent infrastructure and evolving techniques.
Pulse ID: 6a141fcbde28865faa897cb4
Pulse Link: https://otx.alienvault.com/pulse/6a141fcbde28865faa897cb4
Pulse Author: AlienVault
Created: 2026-05-25 10:09:15Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#BackDoor #CyberSecurity #Europe #IRGC #InfoSec #Iran #Malware #MiddleEast #Military #Nim #OTX #OpenThreatExchange #Phishing #RAT #SEOPoisoning #UnitedStates #Zoom #bot #AlienVault
-
Fast and Furious - Nimbus Manticore Operations During the Iranian Conflict
The Iranian IRGC-affiliated threat actor Nimbus Manticore launched sophisticated cyber operations during Operation Epic Fury, the US military campaign against Iran beginning February 28, 2026. The campaigns targeted organizations in aviation and software sectors across the United States, Europe, and Middle East using career-themed phishing lures. For the first time, the actor employed SEO poisoning techniques and introduced MiniFast, a previously undocumented backdoor showing signs of AI-assisted development. The operations leveraged AppDomain hijacking and abused legitimate Zoom installer execution flows for malware deployment. The actor demonstrated rapid adaptation capabilities during wartime conditions, maintaining high operational availability while expanding targeting to US-based aviation companies. Multiple campaign waves were observed from February through April 2026, with persistent infrastructure and evolving techniques.
Pulse ID: 6a141fcbde28865faa897cb4
Pulse Link: https://otx.alienvault.com/pulse/6a141fcbde28865faa897cb4
Pulse Author: AlienVault
Created: 2026-05-25 10:09:15Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#BackDoor #CyberSecurity #Europe #IRGC #InfoSec #Iran #Malware #MiddleEast #Military #Nim #OTX #OpenThreatExchange #Phishing #RAT #SEOPoisoning #UnitedStates #Zoom #bot #AlienVault
-
My actual ranking for your criteria:
1. #Nim - https://nim-lang.org
2. #Odin - https://odin-lang.org
3. #Gleam - https://gleam.run
4. #Zig - https://ziglang.org
5. #Go - https://go.devI just started learning #OdinLang this weekend myself.
-
My actual ranking for your criteria:
1. #Nim - https://nim-lang.org
2. #Odin - https://odin-lang.org
3. #Gleam - https://gleam.run
4. #Zig - https://ziglang.org
5. #Go - https://go.devI just started learning #OdinLang this weekend myself.
-
My actual ranking for your criteria:
1. #Nim - https://nim-lang.org
2. #Odin - https://odin-lang.org
3. #Gleam - https://gleam.run
4. #Zig - https://ziglang.org
5. #Go - https://go.devI just started learning #OdinLang this weekend myself.
-
My actual ranking for your criteria:
1. #Nim - https://nim-lang.org
2. #Odin - https://odin-lang.org
3. #Gleam - https://gleam.run
4. #Zig - https://ziglang.org
5. #Go - https://go.devI just started learning #OdinLang this weekend myself.
-
My actual ranking for your criteria:
1. #Nim - https://nim-lang.org
2. #Odin - https://odin-lang.org
3. #Gleam - https://gleam.run
4. #Zig - https://ziglang.org
5. #Go - https://go.devI just started learning #OdinLang this weekend myself.
-
Unmasking a Multi-Stage Loader: AutoIt Abuse Leading to Vidar Stealer Command-and-Control Communication
A sophisticated multi-stage infection chain was identified through proactive threat hunting, beginning with the execution of MicrosoftToolkit.exe, a commonly abused hack tool. The attack employed file masquerading techniques, renaming a .dot file to .bat format to evade detection. The malware performed process discovery and attempted to terminate security-related processes before extracting payloads using extract32.exe. An AutoIt-compiled executable (Replies.scr) functioned as a loader, processing an external encrypted payload file and establishing command-and-control communication with infrastructure associated with Vidar Stealer. The malware demonstrated advanced anti-analysis capabilities, including debugger detection and instrumentation callback queries. It targeted credentials, browser data, cryptocurrency wallets, and system information. Post-execution cleanup routines deleted artifacts and terminated processes to minimize forensic evidence and evade detection, significantly complicating incident res...
Pulse ID: 6a01c2382e61b490cfa457e4
Pulse Link: https://otx.alienvault.com/pulse/6a01c2382e61b490cfa457e4
Pulse Author: AlienVault
Created: 2026-05-11 11:49:12Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#Autoit #Browser #CyberSecurity #InfoSec #Malware #Microsoft #Nim #OTX #OpenThreatExchange #RAT #Vidar #bot #cryptocurrency #AlienVault
-
Threat Brief: Exploitation of PAN-OS Captive Portal Zero-Day for Unauthenticated Remote Code Execution
A buffer overflow vulnerability in the User-ID Authentication Portal of PAN-OS software allows unauthenticated attackers to execute arbitrary code with root privileges on PA-Series and VM-Series firewalls. Limited exploitation has been observed starting April 9, 2026, by a likely state-sponsored threat cluster. Attackers successfully achieved remote code execution by injecting shellcode into nginx worker processes. Post-exploitation activities included deployment of EarthWorm and ReverseSocks5 tunneling tools, Active Directory enumeration using compromised firewall credentials, and systematic log destruction to evade detection. The attackers demonstrated operational discipline with intermittent interactive sessions over multiple weeks, using open-source tools instead of proprietary malware to minimize detection. The vulnerability poses elevated risk when the portal is exposed to untrusted networks or the public internet.
Pulse ID: 69fc45baaffc99649cda5385
Pulse Link: https://otx.alienvault.com/pulse/69fc45baaffc99649cda5385
Pulse Author: AlienVault
Created: 2026-05-07 07:56:42Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#CyberSecurity #InfoSec #Malware #Nginx #Nim #OTX #OpenThreatExchange #RAT #RCE #RemoteCodeExecution #Rust #ShellCode #Vulnerability #Worm #ZeroDay #bot #socks5 #AlienVault
-
Threat Brief: Exploitation of PAN-OS Captive Portal Zero-Day for Unauthenticated Remote Code Execution
A buffer overflow vulnerability in the User-ID Authentication Portal of PAN-OS software allows unauthenticated attackers to execute arbitrary code with root privileges on PA-Series and VM-Series firewalls. Limited exploitation has been observed starting April 9, 2026, by a likely state-sponsored threat cluster. Attackers successfully achieved remote code execution by injecting shellcode into nginx worker processes. Post-exploitation activities included deployment of EarthWorm and ReverseSocks5 tunneling tools, Active Directory enumeration using compromised firewall credentials, and systematic log destruction to evade detection. The attackers demonstrated operational discipline with intermittent interactive sessions over multiple weeks, using open-source tools instead of proprietary malware to minimize detection. The vulnerability poses elevated risk when the portal is exposed to untrusted networks or the public internet.
Pulse ID: 69fc45baaffc99649cda5385
Pulse Link: https://otx.alienvault.com/pulse/69fc45baaffc99649cda5385
Pulse Author: AlienVault
Created: 2026-05-07 07:56:42Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#CyberSecurity #InfoSec #Malware #Nginx #Nim #OTX #OpenThreatExchange #RAT #RCE #RemoteCodeExecution #Rust #ShellCode #Vulnerability #Worm #ZeroDay #bot #socks5 #AlienVault
-
Threat Brief: Exploitation of PAN-OS Captive Portal Zero-Day for Unauthenticated Remote Code Execution
A buffer overflow vulnerability in the User-ID Authentication Portal of PAN-OS software allows unauthenticated attackers to execute arbitrary code with root privileges on PA-Series and VM-Series firewalls. Limited exploitation has been observed starting April 9, 2026, by a likely state-sponsored threat cluster. Attackers successfully achieved remote code execution by injecting shellcode into nginx worker processes. Post-exploitation activities included deployment of EarthWorm and ReverseSocks5 tunneling tools, Active Directory enumeration using compromised firewall credentials, and systematic log destruction to evade detection. The attackers demonstrated operational discipline with intermittent interactive sessions over multiple weeks, using open-source tools instead of proprietary malware to minimize detection. The vulnerability poses elevated risk when the portal is exposed to untrusted networks or the public internet.
Pulse ID: 69fc45baaffc99649cda5385
Pulse Link: https://otx.alienvault.com/pulse/69fc45baaffc99649cda5385
Pulse Author: AlienVault
Created: 2026-05-07 07:56:42Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#CyberSecurity #InfoSec #Malware #Nginx #Nim #OTX #OpenThreatExchange #RAT #RCE #RemoteCodeExecution #Rust #ShellCode #Vulnerability #Worm #ZeroDay #bot #socks5 #AlienVault
-
Threat Brief: Exploitation of PAN-OS Captive Portal Zero-Day for Unauthenticated Remote Code Execution
A buffer overflow vulnerability in the User-ID Authentication Portal of PAN-OS software allows unauthenticated attackers to execute arbitrary code with root privileges on PA-Series and VM-Series firewalls. Limited exploitation has been observed starting April 9, 2026, by a likely state-sponsored threat cluster. Attackers successfully achieved remote code execution by injecting shellcode into nginx worker processes. Post-exploitation activities included deployment of EarthWorm and ReverseSocks5 tunneling tools, Active Directory enumeration using compromised firewall credentials, and systematic log destruction to evade detection. The attackers demonstrated operational discipline with intermittent interactive sessions over multiple weeks, using open-source tools instead of proprietary malware to minimize detection. The vulnerability poses elevated risk when the portal is exposed to untrusted networks or the public internet.
Pulse ID: 69fc45baaffc99649cda5385
Pulse Link: https://otx.alienvault.com/pulse/69fc45baaffc99649cda5385
Pulse Author: AlienVault
Created: 2026-05-07 07:56:42Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#CyberSecurity #InfoSec #Malware #Nginx #Nim #OTX #OpenThreatExchange #RAT #RCE #RemoteCodeExecution #Rust #ShellCode #Vulnerability #Worm #ZeroDay #bot #socks5 #AlienVault
-
Threat Brief: Exploitation of PAN-OS Captive Portal Zero-Day for Unauthenticated Remote Code Execution
A buffer overflow vulnerability in the User-ID Authentication Portal of PAN-OS software allows unauthenticated attackers to execute arbitrary code with root privileges on PA-Series and VM-Series firewalls. Limited exploitation has been observed starting April 9, 2026, by a likely state-sponsored threat cluster. Attackers successfully achieved remote code execution by injecting shellcode into nginx worker processes. Post-exploitation activities included deployment of EarthWorm and ReverseSocks5 tunneling tools, Active Directory enumeration using compromised firewall credentials, and systematic log destruction to evade detection. The attackers demonstrated operational discipline with intermittent interactive sessions over multiple weeks, using open-source tools instead of proprietary malware to minimize detection. The vulnerability poses elevated risk when the portal is exposed to untrusted networks or the public internet.
Pulse ID: 69fc45baaffc99649cda5385
Pulse Link: https://otx.alienvault.com/pulse/69fc45baaffc99649cda5385
Pulse Author: AlienVault
Created: 2026-05-07 07:56:42Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#CyberSecurity #InfoSec #Malware #Nginx #Nim #OTX #OpenThreatExchange #RAT #RCE #RemoteCodeExecution #Rust #ShellCode #Vulnerability #Worm #ZeroDay #bot #socks5 #AlienVault
-
Popular DAEMON Tools software compromised
Since April 8, 2026, installers of DAEMON Tools software have been compromised with malicious payloads distributed through the legitimate website. Versions 12.5.0.2421 to 12.5.0.2434 contain trojaned binaries (DTHelper.exe, DiscSoftBusServiceLite.exe, DTShellHlp.exe) signed with legitimate developer certificates. The attack has affected thousands of systems across over 100 countries, though advanced payloads were selectively deployed to approximately a dozen machines in government, scientific, manufacturing, and retail organizations. Initial infection establishes backdoor communications to typosquatted domains, followed by deployment of an information collector for system profiling. Targeted systems receive additional implants including a minimalistic backdoor and QUIC RAT. Chinese-language strings found in malicious components suggest a Chinese-speaking threat actor. The attack remains active at time of publication, demonstrating sophisticated supply chain compromise techniques comparable to the 2023 3CX ...
Pulse ID: 69f9fd6e0328f7a1be1faa20
Pulse Link: https://otx.alienvault.com/pulse/69f9fd6e0328f7a1be1faa20
Pulse Author: AlienVault
Created: 2026-05-05 14:23:42Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#BackDoor #Chinese #CyberSecurity #Government #InfoSec #Mac #Manufacturing #Nim #OTX #OpenThreatExchange #RAT #SupplyChain #Trojan #bot #AlienVault
-
Lorem Ipsum Malware: Trojanized MS Teams Installers
An emerging threat group is conducting a global SEO-poisoning campaign distributing trojanized Microsoft Teams installers that deploy a multi-stage shellcode loader and backdoor designated Lorem Ipsum. Active since February 2026, the campaign targets users searching for Microsoft Teams across six countries, with confirmed targeting of a US healthcare organization. The operators evolved rapidly from minimally obfuscated test builds to sophisticated loaders featuring substitution cipher decoding, XOR-encrypted shellcode, DLL sideloading, and JFIF-disguised C2 traffic. The malware distinctively abuses letsdiskuss[.]com, a legitimate India-based platform, as a dead-drop resolver for C2 infrastructure. Attackers use validly signed MSI installers with three-day Microsoft ID Verified certificates, NameCheap-registered infrastructure weaponized within hours, and per-victim UUID-tracked callbacks. Development velocity suggests possible LLM-assisted tooling, indicating a well-funded mid-tier criminal actor operating...
Pulse ID: 69f92fedbdf318f94db2fc63
Pulse Link: https://otx.alienvault.com/pulse/69f92fedbdf318f94db2fc63
Pulse Author: AlienVault
Created: 2026-05-04 23:46:53Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#BackDoor #CyberSecurity #Healthcare #India #InfoSec #Malware #Microsoft #MicrosoftTeams #Namecheap #Nim #OTX #OpenThreatExchange #RAT #ShellCode #SideLoading #Trojan #bot #AlienVault
-
Lorem Ipsum Malware: Trojanized MS Teams Installers
An emerging threat group is conducting a global SEO-poisoning campaign distributing trojanized Microsoft Teams installers that deploy a multi-stage shellcode loader and backdoor designated Lorem Ipsum. Active since February 2026, the campaign targets users searching for Microsoft Teams across six countries, with confirmed targeting of a US healthcare organization. The operators evolved rapidly from minimally obfuscated test builds to sophisticated loaders featuring substitution cipher decoding, XOR-encrypted shellcode, DLL sideloading, and JFIF-disguised C2 traffic. The malware distinctively abuses letsdiskuss[.]com, a legitimate India-based platform, as a dead-drop resolver for C2 infrastructure. Attackers use validly signed MSI installers with three-day Microsoft ID Verified certificates, NameCheap-registered infrastructure weaponized within hours, and per-victim UUID-tracked callbacks. Development velocity suggests possible LLM-assisted tooling, indicating a well-funded mid-tier criminal actor operating...
Pulse ID: 69f92fedbdf318f94db2fc63
Pulse Link: https://otx.alienvault.com/pulse/69f92fedbdf318f94db2fc63
Pulse Author: AlienVault
Created: 2026-05-04 23:46:53Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#BackDoor #CyberSecurity #Healthcare #India #InfoSec #Malware #Microsoft #MicrosoftTeams #Namecheap #Nim #OTX #OpenThreatExchange #RAT #ShellCode #SideLoading #Trojan #bot #AlienVault
-
Lorem Ipsum Malware: Trojanized MS Teams Installers
An emerging threat group is conducting a global SEO-poisoning campaign distributing trojanized Microsoft Teams installers that deploy a multi-stage shellcode loader and backdoor designated Lorem Ipsum. Active since February 2026, the campaign targets users searching for Microsoft Teams across six countries, with confirmed targeting of a US healthcare organization. The operators evolved rapidly from minimally obfuscated test builds to sophisticated loaders featuring substitution cipher decoding, XOR-encrypted shellcode, DLL sideloading, and JFIF-disguised C2 traffic. The malware distinctively abuses letsdiskuss[.]com, a legitimate India-based platform, as a dead-drop resolver for C2 infrastructure. Attackers use validly signed MSI installers with three-day Microsoft ID Verified certificates, NameCheap-registered infrastructure weaponized within hours, and per-victim UUID-tracked callbacks. Development velocity suggests possible LLM-assisted tooling, indicating a well-funded mid-tier criminal actor operating...
Pulse ID: 69f92fedbdf318f94db2fc63
Pulse Link: https://otx.alienvault.com/pulse/69f92fedbdf318f94db2fc63
Pulse Author: AlienVault
Created: 2026-05-04 23:46:53Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#BackDoor #CyberSecurity #Healthcare #India #InfoSec #Malware #Microsoft #MicrosoftTeams #Namecheap #Nim #OTX #OpenThreatExchange #RAT #ShellCode #SideLoading #Trojan #bot #AlienVault
-
Lorem Ipsum Malware: Trojanized MS Teams Installers
An emerging threat group is conducting a global SEO-poisoning campaign distributing trojanized Microsoft Teams installers that deploy a multi-stage shellcode loader and backdoor designated Lorem Ipsum. Active since February 2026, the campaign targets users searching for Microsoft Teams across six countries, with confirmed targeting of a US healthcare organization. The operators evolved rapidly from minimally obfuscated test builds to sophisticated loaders featuring substitution cipher decoding, XOR-encrypted shellcode, DLL sideloading, and JFIF-disguised C2 traffic. The malware distinctively abuses letsdiskuss[.]com, a legitimate India-based platform, as a dead-drop resolver for C2 infrastructure. Attackers use validly signed MSI installers with three-day Microsoft ID Verified certificates, NameCheap-registered infrastructure weaponized within hours, and per-victim UUID-tracked callbacks. Development velocity suggests possible LLM-assisted tooling, indicating a well-funded mid-tier criminal actor operating...
Pulse ID: 69f92fedbdf318f94db2fc63
Pulse Link: https://otx.alienvault.com/pulse/69f92fedbdf318f94db2fc63
Pulse Author: AlienVault
Created: 2026-05-04 23:46:53Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#BackDoor #CyberSecurity #Healthcare #India #InfoSec #Malware #Microsoft #MicrosoftTeams #Namecheap #Nim #OTX #OpenThreatExchange #RAT #ShellCode #SideLoading #Trojan #bot #AlienVault
-
Lorem Ipsum Malware: Trojanized MS Teams Installers
An emerging threat group is conducting a global SEO-poisoning campaign distributing trojanized Microsoft Teams installers that deploy a multi-stage shellcode loader and backdoor designated Lorem Ipsum. Active since February 2026, the campaign targets users searching for Microsoft Teams across six countries, with confirmed targeting of a US healthcare organization. The operators evolved rapidly from minimally obfuscated test builds to sophisticated loaders featuring substitution cipher decoding, XOR-encrypted shellcode, DLL sideloading, and JFIF-disguised C2 traffic. The malware distinctively abuses letsdiskuss[.]com, a legitimate India-based platform, as a dead-drop resolver for C2 infrastructure. Attackers use validly signed MSI installers with three-day Microsoft ID Verified certificates, NameCheap-registered infrastructure weaponized within hours, and per-victim UUID-tracked callbacks. Development velocity suggests possible LLM-assisted tooling, indicating a well-funded mid-tier criminal actor operating...
Pulse ID: 69f92fedbdf318f94db2fc63
Pulse Link: https://otx.alienvault.com/pulse/69f92fedbdf318f94db2fc63
Pulse Author: AlienVault
Created: 2026-05-04 23:46:53Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#BackDoor #CyberSecurity #Healthcare #India #InfoSec #Malware #Microsoft #MicrosoftTeams #Namecheap #Nim #OTX #OpenThreatExchange #RAT #ShellCode #SideLoading #Trojan #bot #AlienVault
-
Crypto Drainers as a Converging Threat: Insights into Emerging Hybrid Attack Ecosystems
Cybercriminals are merging traditional malware operations with cryptocurrency-focused attacks, creating hybrid threat ecosystems. Modern crypto drainers have evolved into automated systems capable of extracting assets across multiple blockchains with minimal user interaction, supported by well-developed underground marketplaces offering drainer-as-a-service kits. Two case studies exemplify this convergence: StepDrainer operates as a multichain drainer-as-a-service platform that abuses Web3Modal and smart contract methods across over 20 blockchain networks, using AI-themed lures and polished interfaces to deceive victims into connecting wallets. EtherRAT represents a hybrid Windows implant delivered through trojanized TFTP installers, combining traditional RAT capabilities with blockchain-aware functionality including Ethereum RPC endpoints and embedded wallet addresses. Both threats demonstrate how cryptocurrency theft infrastructure now intersects with mainstream attack surfaces affecting enterprise envir...
Pulse ID: 69ea724596582ed94bc23acf
Pulse Link: https://otx.alienvault.com/pulse/69ea724596582ed94bc23acf
Pulse Author: AlienVault
Created: 2026-04-23 19:25:57Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#BlockChain #CyberSecurity #Endpoint #InfoSec #Malware #Nim #OTX #OpenThreatExchange #RAT #RPC #Trojan #Web3 #Windows #bot #cryptocurrency #AlienVault
-
Crypto Drainers as a Converging Threat: Insights into Emerging Hybrid Attack Ecosystems
Cybercriminals are merging traditional malware operations with cryptocurrency-focused attacks, creating hybrid threat ecosystems. Modern crypto drainers have evolved into automated systems capable of extracting assets across multiple blockchains with minimal user interaction, supported by well-developed underground marketplaces offering drainer-as-a-service kits. Two case studies exemplify this convergence: StepDrainer operates as a multichain drainer-as-a-service platform that abuses Web3Modal and smart contract methods across over 20 blockchain networks, using AI-themed lures and polished interfaces to deceive victims into connecting wallets. EtherRAT represents a hybrid Windows implant delivered through trojanized TFTP installers, combining traditional RAT capabilities with blockchain-aware functionality including Ethereum RPC endpoints and embedded wallet addresses. Both threats demonstrate how cryptocurrency theft infrastructure now intersects with mainstream attack surfaces affecting enterprise envir...
Pulse ID: 69ea724596582ed94bc23acf
Pulse Link: https://otx.alienvault.com/pulse/69ea724596582ed94bc23acf
Pulse Author: AlienVault
Created: 2026-04-23 19:25:57Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#BlockChain #CyberSecurity #Endpoint #InfoSec #Malware #Nim #OTX #OpenThreatExchange #RAT #RPC #Trojan #Web3 #Windows #bot #cryptocurrency #AlienVault
-
Crypto Drainers as a Converging Threat: Insights into Emerging Hybrid Attack Ecosystems
Cybercriminals are merging traditional malware operations with cryptocurrency-focused attacks, creating hybrid threat ecosystems. Modern crypto drainers have evolved into automated systems capable of extracting assets across multiple blockchains with minimal user interaction, supported by well-developed underground marketplaces offering drainer-as-a-service kits. Two case studies exemplify this convergence: StepDrainer operates as a multichain drainer-as-a-service platform that abuses Web3Modal and smart contract methods across over 20 blockchain networks, using AI-themed lures and polished interfaces to deceive victims into connecting wallets. EtherRAT represents a hybrid Windows implant delivered through trojanized TFTP installers, combining traditional RAT capabilities with blockchain-aware functionality including Ethereum RPC endpoints and embedded wallet addresses. Both threats demonstrate how cryptocurrency theft infrastructure now intersects with mainstream attack surfaces affecting enterprise envir...
Pulse ID: 69ea724596582ed94bc23acf
Pulse Link: https://otx.alienvault.com/pulse/69ea724596582ed94bc23acf
Pulse Author: AlienVault
Created: 2026-04-23 19:25:57Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#BlockChain #CyberSecurity #Endpoint #InfoSec #Malware #Nim #OTX #OpenThreatExchange #RAT #RPC #Trojan #Web3 #Windows #bot #cryptocurrency #AlienVault
-
Crypto Drainers as a Converging Threat: Insights into Emerging Hybrid Attack Ecosystems
Cybercriminals are merging traditional malware operations with cryptocurrency-focused attacks, creating hybrid threat ecosystems. Modern crypto drainers have evolved into automated systems capable of extracting assets across multiple blockchains with minimal user interaction, supported by well-developed underground marketplaces offering drainer-as-a-service kits. Two case studies exemplify this convergence: StepDrainer operates as a multichain drainer-as-a-service platform that abuses Web3Modal and smart contract methods across over 20 blockchain networks, using AI-themed lures and polished interfaces to deceive victims into connecting wallets. EtherRAT represents a hybrid Windows implant delivered through trojanized TFTP installers, combining traditional RAT capabilities with blockchain-aware functionality including Ethereum RPC endpoints and embedded wallet addresses. Both threats demonstrate how cryptocurrency theft infrastructure now intersects with mainstream attack surfaces affecting enterprise envir...
Pulse ID: 69ea724596582ed94bc23acf
Pulse Link: https://otx.alienvault.com/pulse/69ea724596582ed94bc23acf
Pulse Author: AlienVault
Created: 2026-04-23 19:25:57Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#BlockChain #CyberSecurity #Endpoint #InfoSec #Malware #Nim #OTX #OpenThreatExchange #RAT #RPC #Trojan #Web3 #Windows #bot #cryptocurrency #AlienVault
-
Crypto Drainers as a Converging Threat: Insights into Emerging Hybrid Attack Ecosystems
Cybercriminals are merging traditional malware operations with cryptocurrency-focused attacks, creating hybrid threat ecosystems. Modern crypto drainers have evolved into automated systems capable of extracting assets across multiple blockchains with minimal user interaction, supported by well-developed underground marketplaces offering drainer-as-a-service kits. Two case studies exemplify this convergence: StepDrainer operates as a multichain drainer-as-a-service platform that abuses Web3Modal and smart contract methods across over 20 blockchain networks, using AI-themed lures and polished interfaces to deceive victims into connecting wallets. EtherRAT represents a hybrid Windows implant delivered through trojanized TFTP installers, combining traditional RAT capabilities with blockchain-aware functionality including Ethereum RPC endpoints and embedded wallet addresses. Both threats demonstrate how cryptocurrency theft infrastructure now intersects with mainstream attack surfaces affecting enterprise envir...
Pulse ID: 69ea724596582ed94bc23acf
Pulse Link: https://otx.alienvault.com/pulse/69ea724596582ed94bc23acf
Pulse Author: AlienVault
Created: 2026-04-23 19:25:57Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#BlockChain #CyberSecurity #Endpoint #InfoSec #Malware #Nim #OTX #OpenThreatExchange #RAT #RPC #Trojan #Web3 #Windows #bot #cryptocurrency #AlienVault
-
Iranian APT Seedworm Targets Global Organizations via Microsoft Teams
In late February 2026, following escalating Middle East tensions and coordinated military actions, Iranian APT group Seedworm launched sophisticated social engineering attacks via Microsoft Teams. Attackers impersonated IT support personnel using deceptive Microsoft 365 tenant domains to convince victims to execute malicious MSI installers. The campaign deployed a custom backdoor called Dindoor, which leveraged legitimate Deno runtime to execute obfuscated payloads in-memory, minimizing detection. The operation included multiple components for persistence, command-and-control communications, and data exfiltration. Infrastructure overlapped with previously reported MuddyWater operations. The attack demonstrates the group's evolution in using collaboration platforms as initial access vectors while combining dual-use tooling with living-off-the-land techniques to bypass traditional security controls.
Pulse ID: 69e2417dcac9587a626c98a2
Pulse Link: https://otx.alienvault.com/pulse/69e2417dcac9587a626c98a2
Pulse Author: AlienVault
Created: 2026-04-17 14:19:41Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#BackDoor #CyberSecurity #InfoSec #Iran #Microsoft #MicrosoftTeams #MiddleEast #Military #MuddyWater #Nim #OTX #OpenThreatExchange #RAT #SeedWorm #SocialEngineering #Worm #bot #AlienVault
-
Executes the query and returns the first column of the first row of the result dataset. Returns
""if the dataset contains no rows or the database value isNULL.Dear NIM, WTF. Love, me.
-
Бесплатный API для нейросетей от NVIDIA: 100+ моделей, OpenAI-совместимый эндпоинт и 40 запросов в минуту
NVIDIA раздаёт бесплатные API-ключи к 100+ моделям: DeepSeek R1, Llama 3.3, Kimi K2.5, GLM-5 и другие. OpenAI-совместимый эндпоинт — меняешь base_url и model, всё работает. Регистрация за 2 минуты, без карты. Разбираю лимиты (40 req/min), подключение к Claude Code и OpenClaw, сравнение с OpenRouter и Groq, и зачем NVIDIA это делает.
-
Бесплатный API для нейросетей от NVIDIA: 100+ моделей, OpenAI-совместимый эндпоинт и 40 запросов в минуту NVIDIA раздаёт б...
#nvidia #api #llm #deepseek #бесплатно #нейросети #nim
Origin | Interest | Match -
One thing these slice-of-life vlogs show is the utter banality and homogeneity of post-industrial western culture across continents.
-
It's been two years trying to implement a structural equation modeling tool that runs in the gpu. It was only possible because of #nim and claude. It was fun and it works great. Infinite applications in science. The temporary site is in here: https://fastsem.netlify.app/
-
Tradition up: the new, weekly development report from my #opensource projects arrived. A roguelike game, #Nim binding to Nuklear GUI library and static code analyzer for Nim got some updates. More info: www.laeran.pl.eu.org/blog/devblog... Happy Easter everyone. 🐇
-
@simon_brooke #nim perhaps? Your lispy predilections may be piqued, provided the Python whitespace perversions don’t piss you off.
-
13-Mar-2026
#AI’s #gamePlaying still has flaws: #AlphaZero-style self-play tested on #Nim
Despite heavy training, agents show blind spots and can miss optimal moves -
13-Mar-2026
#AI’s #gamePlaying still has flaws: #AlphaZero-style self-play tested on #Nim
Despite heavy training, agents show blind spots and can miss optimal moves -
13-Mar-2026
#AI’s #gamePlaying still has flaws: #AlphaZero-style self-play tested on #Nim
Despite heavy training, agents show blind spots and can miss optimal moves -
13-Mar-2026
#AI’s #gamePlaying still has flaws: #AlphaZero-style self-play tested on #Nim
Despite heavy training, agents show blind spots and can miss optimal moves -
13-Mar-2026
#AI’s #gamePlaying still has flaws: #AlphaZero-style self-play tested on #Nim
Despite heavy training, agents show blind spots and can miss optimal moves -
The thing i really like about Nim is that whenever I think of a convenient language affordance, that's very helpful for some particular thing, it turns out they have one of those already! (Today I discovered they have source filters - https://nim-lang.org/docs/filters.html)
#nim #programming -
New #nim version is out: https://nim-lang.org/blog/2026/02/23/nim-228.html
-
Diori Hamani International Airport - Niamey, Niger
https://en.wikipedia.org/wiki/Diori_Hamani_International_Airport
https://www.openstreetmap.org/#map=13/13.481500/2.183610 -
Finally tried No Input Mixing!