Log inOpen app
Volexity
958 posts
user avatar
Volexity
@Volexity
A security firm providing Incident Response, Proactive Threat Assessments, Trusted Advisory, and Threat Intelligence
Washington, DC
volexity.com
Joined September 2013
7
Following
8,367
Followers
user avatar
@Volexity

See Volexity’s full profile

Open X

New to X?

Sign up now to get your own personalized timeline!

Create account

By signing up, you agree to the Terms of Service and Privacy Policy, including Cookie Use.

Terms·Privacy·Cookies·Accessibility·Ads Info·© 2026 X Corp.
Don't miss what's happening
People on X are the first to know.
Log inSign up
  • Pinned
    user avatar
    Volexity
    @Volexity
    Jun 4
    .@Volexity has published details from an incident response engagement in September 2025 involving multiple #BRICKSTORM variants deployed by a threat actor that Volexity tracks as VerdantBamboo. This case involved the breach of the victim organization’s MSP and multiple malware
    22
    49
    23K
  • user avatar
    Volexity
    @Volexity
    Jun 2, 2022
    .@Volexity discovers zero-day exploit impacting all current versions of Atlassian Confluence Server and Data Center. Attackers deploy in-memory Java implant to evade detection. Read more in our latest blog post: volexity.com/blog/2022/06/0… #DFIR #ThreatIntel #InfoSec
    Zero-Day Exploitation of Atlassian Confluence
    From volexity.com
    15
    343
    601
  • user avatar
    Volexity
    @Volexity
    Mar 2, 2021
    Volexity has identified multiple 0-day exploits in Microsoft Exchange resulting in authentication bypass and RCE. Actively exploited in the wild since at least January 2021. More here: volexity.com/blog/2021/03/0… #threatintel #dfir #infosec
    7
    314
    499
  • user avatar
    Volexity
    @Volexity
    Dec 14, 2020
    Supply Chain compromise of #SolarWinds provides Dark Halo actor with unauthorized remote access to select targets. @Volexity has also observed this group using novel methods to bypass 2FA. New research just posted to our blog: volexity.com/blog/2020/12/1… #threatintel #dfir #infosec
    6
    203
    359
  • user avatar
    Volexity
    @Volexity
    Jan 10, 2024
    .@Volexity detected an incident where it discovered a threat actor chained 2 #0days in Ivanti Connect Secure, CVE-2023-46805/CVE-2024-21887, to achieve RCE, modifying components of the software to backdoor the device. volexity.com/blog/2024/01/1… #dfir #threatintel #memoryforensics
    volexity.com
    Active Exploitation of Two Zero-Day Vulnerabilities in Ivanti Connect Secure VPN
    Volexity has uncovered active in-the-wild exploitation of two vulnerabilities allowing unauthenticated remote code execution in Ivanti Connect Secure VPN appliances. An official security advisory and...
    3
    158
    285
    129K
  • user avatar
    Volexity
    @Volexity
    Aug 17, 2021
    Volexity has identified a North Korean APT known as InkySquid exploiting users using recent exploits for IE and Edge via Strategic Web Compromises. More here: volexity.com/blog/2021/08/1… #threatintel #dfir
    4
    155
    268
  • user avatar
    Volexity
    @Volexity
    Jun 13, 2024
    .@Volexity analyzes #DISGOMOJI 🔥, Discord-based malware 💀 using emojis for C2. #DISGOMOJI is used by #UTA0137, a suspected Pakistan-based threat actor. Read the full analysis here: volexity.com/blog/2024/06/1… #dfir #threatintel
    DISGOMOJI Malware Used to Target Indian Government
    From volexity.com
    79
    228
    138K
  • user avatar
    Volexity
    @Volexity
    Apr 12, 2024
    Our latest blog post details @Volexity's identification & incident response associated with the Palo Alto Networks GlobalProtect #0day vuln, assigned CVE-2024-3400, that the team found being exploited in the wild. Read more here: volexity.com/blog/2024/04/1… #DFIR #ThreatIntel
    Zero-Day Exploitation of Unauthenticated Remote Code Execution Vulnerability in GlobalProtect...
    From volexity.com
    2
    88
    185
    148K
  • user avatar
    Volexity
    @Volexity
    Sep 15, 2023
    Donut, an open-source project, is a set of tools to generate position-independent code to obfuscate, load & execute embedded/remote payloads. Today, @Volexity released "donut-decryptor" to help analyze payloads created with Donut: github.com/volexity/donut… [1/2] #dfir #threatintel
    GitHub - volexity/donut-decryptor: Retrieve inner payloads from Donut samples
    From github.com
    1
    63
    172
    21K
  • user avatar
    Volexity
    @Volexity
    Mar 8, 2021
    Volexity has now observed that cyber espionage operations using the SSRF vulnerability CVE-2021-26855 started occurring on January 3, 2021, three days earlier than initially posted. This has been noted in the original blog post: volexity.com/blog/2021/03/0… #dfir #threatintel
    user avatar
    Volexity
    @Volexity
    Mar 2, 2021
    Volexity has identified multiple 0-day exploits in Microsoft Exchange resulting in authentication bypass and RCE. Actively exploited in the wild since at least January 2021. More here: volexity.com/blog/2021/03/0… #threatintel #dfir #infosec
    77
    169
  • user avatar
    Volexity
    @Volexity
    May 27, 2021
    Targeted spear-phishing campaign against numerous organizations around the world. Suspected attribution: APT29 / The Dukes. Read more here: volexity.com/blog/2021/05/2… #dfir #threatintel #APT29 #TheDukes
    3
    96
    169
  • user avatar
    Volexity
    @Volexity
    Jan 15, 2024
    .@Volexity provides an update on its Ivanti Connect Secure VPN report concerning chained exploitation of CVE-2024-21887/CVE-2023-46805. Based on new data, 1700+ devices have been compromised following widespread exploitation. Details: volexity.com/blog/2024/01/1… #dfir #threatintel
    Ivanti Connect Secure VPN Exploitation Goes Global
    From volexity.com
    3
    104
    164
    167K
  • user avatar
    Volexity
    @Volexity
    Sep 2, 2019
    Digital Crackdown - Uyghurs Targeted with Android Malware in Large-Scale Surveillance Operation: volexity.com/blog/2019/09/0… #dfir #threatintel #threat_intel
    Digital Crackdown: Large-Scale Surveillance and Exploitation of Uyghurs
    From volexity.com
    105
    130
  • user avatar
    Volexity
    @Volexity
    Oct 5, 2022
    A recent post by Vietnamese cybersecurity company GTSC detailed findings from a #MicrosoftExchange breach that stemmed from CVE-2022-41040 and CVE-2022-41082. @Volexity ties this to a CN threat actor it tracks that targets organizations using #OWA and #Zimbra. #volexintel 1/7
    1
    56
    130