Martin Zugec

"My country" = "Current administration". Trump was elected by 32% of eligible voters (hopefully some of them changed their minds now), I still hope majority is not supporting what's happening right now.

Cybersecurity Predictions 2026: Hype vs. Reality .

My attempt at more realistic/pragmatic cybersecurity predictions for 2026. Pls share if you've seen anything else worth reading, almost everything else this year is AI slop 💩
www.bitdefender.com/en-us/blog/b...

The Korean Leaks – Analyzing the Hybrid Geopolitical Campaign Targeting South Korean Financial Services With Qilin RaaS TL;DR The "Korean Leaks" campaign showcases a sophisticated supply chain attack against South Korea's financial sector.

An unusual ransom language 🤔
"Korean Leak is a reason to withdraw money from the country's stock market, because we have a volume of data whose publication will definitely deal a serious blow to the entire Korean market. And we will definitely do it."

www.bitdefender.com/en-us/blog/b...

Curly COMrades: Evasion and Persistence via Hidden Hyper-V Virtual Machines I'd like to thank my coauthors Adrian Schipor and Martin Zugec for their invaluable contributions to this research.

Curly COMrades APT now deploys a small Linux VM (120MB on disk, 256MB memory) on compromised Win10 machines (after enabling Hyper-V) that includes reverse shell + proxy to target environment: www.bitdefender.com/en-us/blog/b...

EggStreme Malware: Unpacking a New APT Framework Targeting a Philippine Military Company Bitdefender Labs uncovers details of a new, fileless malware framework called EggStreme. Read the blog to learn how this multi-stage toolset operates.

Our latest report analyzes a cyberattack by Chinese APT group targeting a military company in the Philippines. We found a new and advanced fileless malware toolset that we called EggStreme framework. Including GitHub repo for IOCs + live AMA

businessinsights.bitdefender.com/eggstreme-fi...

Detecting and countering misuse of AI: August 2025 Anthropic's threat intelligence report on AI cybercrime and other abuses

Similar thoughts about the Anthropic announcement, very dramatic: www.anthropic.com/news/detecti...

Curly COMrades: A New Threat Actor Targeting Geopolitical Hotbeds This research from Bitdefender Labs details a cluster of malicious activity we've been tracking since mid-2024.

Bitdefender Labs just published new research on a threat actor we've named "Curly COMrades" for their reliance on the curl.exe and COM hijacking for persistence. And because we don't want to glorify cybercriminals by giving them dramatic names :)

www.bitdefender.com/en-us/blog/b...

You forgot to mention which one is which ;)

I have one of the super-auto coffee machines (Miele). Avoid - you need to clean it daily anyway, and I need to take it apart once a month to prevent a buildup of mold.

Use cheat code "DOGE" to remove all those government employees chasing you ;)

RedCurl's Ransomware Debut: A Technical Deep Dive This research, conducted by Bitdefender Labs, presents the first documented analysis of a ransomware campaign attributed to the RedCurl group (also known as Earth Kapre or Red Wolf).

Bitdefender Labs has investigated a new ransomware family, QWCrypt, deployed by the RedCurl group (Earth Kapre/Red Wolf) for the first time. Notably, they're targeting hypervisors, not endpoints.

Also, not so sure if the "corporate espionage" label is accurate for this group

Technical Advisory: Mass Exploitation of CVE-2024-4577 Bitdefender is tracking new campaigns as threat actors exploit a vulnerability we first highlighted in June 2024.

We're seeing a massive spike in CVE-2024-4577 attacks, with new campaigns launched in February/March. Bitdefender Labs analyzed over 10K detections.

Also, an interesting battle of control, with some cryptojacking threat actors attempting to add firewall rules to block others.

The opposite where we are heading now is gilded age economy. 0% taxes, 50-75% tariffs.

Wondering if there was any good research done (e.g. by negotiators) about ransomware baselines from different groups 🤔 I know some groups are more willing than others to negotiate, but don't remember seeing a good write up on this topic

Fascinating read, thanks for sharing and great work (as always)!

UAC-0063: Cyber Espionage Operation Expanding from Central Asia Bitdefender Labs warns of an active cyber-espionage campaign targeting organizations in Central Asia and European countries.

Bitdefender Labs warns of an active cyber-espionage campaign targeting organizations in Central Asia and European countries by UAC-0063. Primary target are government organizations (including embassies).

www.bitdefender.com/en-us/blog/b...

Cybersecurity Predictions 2025: Hype vs. Reality Cybersecurity predictions are abundant this time each year, many filled with sensationalism and exaggerated threats.

I started reading various prediction pieces this year, and oh boy, it's an orgy of AI-infused buzzwords. Here are my predictions, wondering if there could be some significant changes to the RaaS ecosystem this year (hacktivists/lone wolves/APTs)

www.bitdefender.com/en-us/blog/b...

Sooo, should Twitter users be called Musketeers now?

Rollbacks that are based on VSS are doomed from beginning. Not that anyone cares :(

Absolutely fantastic, they should just take the whole game and turn it into a new Indy movie right away

Not the same, but I've just recently learned of a condition that I (and millions of fellow Americans) have and took me 40+ years to discover - aphantasia. Almost everyone with that condition haven't realized it doesn't happen for everyone :D

MITRE ATT&CK Evaluations - Round 6 full results for 3 core metrics (volume + FPs were added for the first time).

My favorite gadget of 2024 was Kindle Scribe, great for conferences and other note taking, but also document reviews (integrated with Office) or reading articles (offline)