Post by Expel

We tracked threat actors and malware campaigns all year. Here are the heavy-hitters that Expel Intel discovered and/or covered in 2025. Not the headlines. Not the vendor hype. These are attacks that Expel Intel and our SOC saw in the wild or in production—the ones that worked, the ones that didn't, and what stopped them. Expel Intel's top 7 threat intel posts from 2025 👇 → Cache smuggling: When a picture isn’t a thousand words: https://lnkd.in/gH5mZkBZ → Observing Atlas Lion (part 1): Why take control when you can enroll?: https://lnkd.in/g3YCG7CR → Observing Atlas Lion (part 2): Winning the battle, with an eye on the war: https://lnkd.in/gUYb-d38 → Certified OysterLoader: Tracking Rhysida ransomware gang activity via code-signing certificates: https://lnkd.in/gVCeQgr7 → You don’t find ManualFinder, ManualFinder finds you: https://lnkd.in/gHpv83-M → Along for the ride: When legitimate software becomes a signed malware loader: https://lnkd.in/gVQ9WXqE → The history of AppSuite: the certs of the BaoLoader developer: https://lnkd.in/ghqZNZw8 If you're trying to stay ahead of what's actually happening, these are worth your time.