Volexity (@Volexity) / X

Volexity

956 posts

Volexity

@Volexity

A security firm providing Incident Response, Proactive Threat Assessments, Trusted Advisory, and Threat Intelligence

Washington, DC

volexity.com

Joined September 2013

Pinned
Volexity
@Volexity
Jun 4
.@Volexity has published details from an incident response engagement in September 2025 involving multiple #BRICKSTORM variants deployed by a threat actor that Volexity tracks as VerdantBamboo. This case involved the breach of the victim organization’s MSP and multiple malware
23K
Volexity
@Volexity
Jun 2, 2022
.@Volexity discovers zero-day exploit impacting all current versions of Atlassian Confluence Server and Data Center. Attackers deploy in-memory Java implant to evade detection. Read more in our latest blog post: volexity.com/blog/2022/06/0… #DFIR #ThreatIntel #InfoSec
Zero-Day Exploitation of Atlassian Confluence
From volexity.com
Volexity
@Volexity
Mar 2, 2021
Volexity has identified multiple 0-day exploits in Microsoft Exchange resulting in authentication bypass and RCE. Actively exploited in the wild since at least January 2021. More here: volexity.com/blog/2021/03/0… #threatintel #dfir #infosec
Volexity
@Volexity
Dec 14, 2020
Supply Chain compromise of #SolarWinds provides Dark Halo actor with unauthorized remote access to select targets. @Volexity has also observed this group using novel methods to bypass 2FA. New research just posted to our blog: volexity.com/blog/2020/12/1… #threatintel #dfir #infosec
Volexity
@Volexity
Jan 10, 2024
.@Volexity detected an incident where it discovered a threat actor chained 2 #0days in Ivanti Connect Secure, CVE-2023-46805/CVE-2024-21887, to achieve RCE, modifying components of the software to backdoor the device. volexity.com/blog/2024/01/1… #dfir #threatintel #memoryforensics
Active Exploitation of Two Zero-Day Vulnerabilities in Ivanti Connect Secure VPN
From volexity.com
129K
Volexity
@Volexity
Aug 17, 2021
Volexity has identified a North Korean APT known as InkySquid exploiting users using recent exploits for IE and Edge via Strategic Web Compromises. More here: volexity.com/blog/2021/08/1… #threatintel #dfir
Volexity
@Volexity
Jun 13, 2024
.@Volexity analyzes #DISGOMOJI 🔥, Discord-based malware 💀 using emojis for C2. #DISGOMOJI is used by #UTA0137, a suspected Pakistan-based threat actor. Read the full analysis here: volexity.com/blog/2024/06/1… #dfir #threatintel
DISGOMOJI Malware Used to Target Indian Government
From volexity.com
138K
Volexity
@Volexity
Apr 12, 2024
Our latest blog post details @Volexity's identification & incident response associated with the Palo Alto Networks GlobalProtect #0day vuln, assigned CVE-2024-3400, that the team found being exploited in the wild. Read more here: volexity.com/blog/2024/04/1… #DFIR #ThreatIntel
Zero-Day Exploitation of Unauthenticated Remote Code Execution Vulnerability in GlobalProtect...
From volexity.com
148K
Volexity
@Volexity
Sep 15, 2023
Donut, an open-source project, is a set of tools to generate position-independent code to obfuscate, load & execute embedded/remote payloads. Today, @Volexity released "donut-decryptor" to help analyze payloads created with Donut: github.com/volexity/donut… [1/2] #dfir #threatintel
GitHub - volexity/donut-decryptor: Retrieve inner payloads from Donut samples
From github.com
21K
Volexity
@Volexity
Mar 8, 2021
Volexity has now observed that cyber espionage operations using the SSRF vulnerability CVE-2021-26855 started occurring on January 3, 2021, three days earlier than initially posted. This has been noted in the original blog post: volexity.com/blog/2021/03/0… #dfir #threatintel
Volexity
@Volexity
Mar 2, 2021
Volexity has identified multiple 0-day exploits in Microsoft Exchange resulting in authentication bypass and RCE. Actively exploited in the wild since at least January 2021. More here: volexity.com/blog/2021/03/0… #threatintel #dfir #infosec
Operation Exchange Marauder: Active Exploitation of Multiple Zero-Day Microsoft Exchange Vulnerab...
From volexity.com
Volexity
@Volexity
May 27, 2021
Targeted spear-phishing campaign against numerous organizations around the world. Suspected attribution: APT29 / The Dukes. Read more here: volexity.com/blog/2021/05/2… #dfir #threatintel #APT29 #TheDukes
Volexity
@Volexity
Jan 15, 2024
.@Volexity provides an update on its Ivanti Connect Secure VPN report concerning chained exploitation of CVE-2024-21887/CVE-2023-46805. Based on new data, 1700+ devices have been compromised following widespread exploitation. Details: volexity.com/blog/2024/01/1… #dfir #threatintel
Ivanti Connect Secure VPN Exploitation Goes Global
From volexity.com
167K
Volexity
@Volexity
Sep 2, 2019
Digital Crackdown - Uyghurs Targeted with Android Malware in Large-Scale Surveillance Operation: volexity.com/blog/2019/09/0… #dfir #threatintel #threat_intel
Digital Crackdown: Large-Scale Surveillance and Exploitation of Uyghurs
From volexity.com
Volexity
@Volexity
Oct 5, 2022
A recent post by Vietnamese cybersecurity company GTSC detailed findings from a #MicrosoftExchange breach that stemmed from CVE-2022-41040 and CVE-2022-41082. @Volexity ties this to a CN threat actor it tracks that targets organizations using #OWA and #Zimbra. #volexintel 1/7