September’s 3x CON: Part 2
What, Where & When: The 0x07th edition of SEC-T, an annual Stockholm-based conference, was held on 18-19 September at the stunning Anrika Nalen venue, just a 15 minute walk from the famous Gamla Stan. The Schedule This conference features only one track of presentations, which – in my opinion – is quite a good thing, […] more…September’s 3x CON: Part 1
What, Where & When: the 4th edition of 44CON, an annual IT Security Conference organized by Sense/Net Ltd, took place on 10-12 September in London, at a venue near the Earl’s Court exhibition center. Geeks, who happened to enjoy somewhat spooky historical monuments, could take a five minute walk from the venue to visit an […] more…Anthropic’s latest model is deliberately less powerful than Mythos (and that’s the point)
Anthropic has today released a new, improved Claude model, Opus 4.7, but has deliberately built it to be less capable than the highly-anticipated Claude Mythos. Anthropic calls Opus 4.7 a “notable improvement” over Opus 4.6, offering advanced software engineering capabilities and improved visioning, memory, instruction-following, and financial analysis. However, the yet-to-be-released (and inadvertently leaked) Mythos […] more…Apple announces the iPhone 17e and a new M4-powered iPad Air
Apple promised a big week of new product introductions and seems ready to deliver. Starting the week off are the iPhone 17e and an iPad Air with a powerful M4 chip. Both systems meet the promises we heard during pre-introduction speculation, but perhaps it is even more impressive that Apple has somehow also managed to offer […] more…Microsoft launches its second generation AI inference chip, Maia 200
Signaling that the future of AI may not just be how many tokens an AI model generates, but how optimally it does so, Microsoft has announced Maia 200, which it described as a breakthrough inference accelerator and inference powerhouse. The AI silicon is designed for heterogeneous AI infrastructure in multiple environments, and was specifically developed […] more…New Infostealer Campaign Targets Users via Spoofed Software Installers
Introduction As part of our commitment to sharing interesting hunts, we are launching these ‘Flash Hunting Findings’ to highlight active threats. Our latest investigation tracks an operation active between January 11 and January 15, 2026, which uses consistent ZIP file structures and a unique behash (“4acaac53c8340a8c236c91e68244e6cb”) for identification. The campaign relies on a trusted executable […] more…VTPRACTITIONERS{ACRONIS}: Tracking FileFix, Shadow Vector, and SideWinder
Introduction We have recently started a new blog series called #VTPRACTITIONERS. This series aims to share with the community what other practitioners are able to research using VirusTotal from a technical point of view. Our first blog saw our colleagues at SEQRITE tracking UNG0002, Silent Lynx, and DragonClone. In this new post, Acronis Threat Research […] more…VTPRACTITIONERS{SEQRITE}: Tracking UNG0002, Silent Lynx and DragonClone
Introduction One of the best parts of being at VirusTotal (VT) is seeing all the amazing ways our community uses our tools to hunt down threats. We love hearing about your successes, and we think the rest of the community would too. That’s why we’re so excited to start a new blog series where we’ll […] more…Advanced Threat Hunting: Automating Large-Scale Operations with LLMs
Last week, we were fortunate enough to attend the fantastic LABScon conference, organized by the SentinelOne Labs team. While there, we presented a workshop titled ‘Advanced Threat Hunting: Automating Large-Scale Operations with LLMs.’ The main goal of this workshop was to show attendees how they could automate their research using the VirusTotal API and Gemini. […] more…The future of smart glasses comes into focus
Twelve years ago, Google kicked off the human cyborg revolution with its Google Glass product. The ugly, clunky, expensive Glass product was way ahead of its time. But it signaled a future when ordinary-looking glasses with a heads-up display would enable hands-free “computing” anywhere, all the time. Well, that future time is now. Meta CEO […] more…OpenAI: Latest news and insights
OpenAI is an artificial intelligence organization comprised of the non-profit OpenAI, Inc. and several for-profit subsidiaries. The company is perhaps best known for its ChatGPT chatbot, which launched in 2022, kicking off a period of massive disruption in the tech industry and beyond. A complicated and increasingly contentious relationship with Microsoft, ongoing legal issues over […] more…Uncovering a Colombian Malware Campaign with AI Code Analysis
VirusTotal Code Insight keeps adding new file formats. This time, we’re looking at two vector-based formats from very different eras: SWF and SVG. Curiously, right after we rolled out this update in production, one of the very first submitted files gave us a perfect, and unexpected, example of Code Insight in action: it uncovered an […] more…Exploring the VirusTotal Dataset | An Analyst’s Guide to Effective Threat Research
By Aleksandar Milenkoski (SentinelOne) and Jose Luis Sánchez Martínez VirusTotal stores a vast collection of files, URLs, domains, and IPs submitted by users worldwide. It features a variety of functionalities and integrates third-party detection engines and tools to analyze the maliciousness of submitted artifacts and gather relevant related information, such as file properties, domain registrars, […] more…Tracking Threat Actors Using Images and Artifacts
When tracking adversaries, we commonly focus on the malware they employ in the final stages of the kill chain and infrastructure, often overlooking samples used in the initial ones. In this post, we will explore some ideas to track adversary activity leveraging images and artifacts mostly used during delivery. We presented this approach at the […] more…Know your enemies: An approach for CTI teams
VirusTotal’s Threat Landscape can be a valuable source of operational and tactical threat intelligence for CTI teams, for instance helping us find the latest malware trends used by a given Threat Actor to adjust our intelligence-led security posture accordingly. In this post, we will play the role of a CTI analyst working for a Singaporean […] more…VT Livehunt Cheat Sheet
Today we are happy to announce the release of our “Livehunt Cheat Sheet”, a guide to help you quickly implement monitoring rules in Livehunt. You can find the PDF version here. VirusTotal Livehunt is a service that continuously scans all incoming indicators and notifies you when any of them matches your rules. Livehunt not only […] more…More information
- Are The Days Of Unencrypted HTTP Numbered?
- Microsoft Internet Explorer CVE-2015-6086 Information Disclosure Vulnerability
- Comment on Kaspersky Security Bulletin 2015. Overall statistics for 2015 by Efren Alba
- BadAlloc: Microsoft Flags Major Security Holes in OT, IoT Devices
- New Zealand Government Hit by Ransomware Attack on IT Provider
- Four Arrested for ATM Skimming, Payment Card Fraud
- Over half of Brits have fallen victim to cybercrime, but most haven’t changed their online behaviour
- Researchers identify targeted email attack distributing Android Trojan app
- Like Jessica Alba? Don’t click Facebook links promising nude photos of her – or anyone else
- Prevalence and Impact of Password Exposure Vulnerabilities in ICS/OT