Netcrook
26 Junio 2026
Legacy Forensics: How Phone Extraction Tech Outlives Vendor Cutoffs
A reported iPhone extraction in Russia shows how commercial forensic tools can keep shaping high-risk investigations long after a vendor says it has left a market.
When a USB Drive Becomes a Spy: The Defense Risk Hidden in Plain Sight
A reported case involving counterfeit USB drives in Japan's defense ecosystem shows how unvetted removable media can still slip into highly sensitive environments.
The USB Trap Inside a Defense Network
A reported case involving counterfeit, malware-infected USB drives shows how a single removable device can become a trust-boundary problem in sensitive military environments.
Military AI Is Moving Faster Than the Rules That Contain It
The real security problem is not whether battlefield AI is smart enough, but whether commanders, engineers, and operators can still control it when sensors lie, links fail, or decisions outrun human review.
Turla’s New StockStay Backdoor Shows Espionage Code Still Evolves Under Pressure
Google-linked threat research has surfaced StockStay as a fresh malware line in Turla operations, underscoring how targeted espionage campaigns keep rebuilding their access paths rather than relying on a single implant.
Apple Pulls VK Apps, and the Storefront Becomes the Story
The removal of several VK-related apps from the App Store shows how one distribution gate can reshape access to social, media, and mail services in a single move.
TinyRCT and the Quiet Web-Shell Campaign Hidden in Southeast Asia’s Critical Networks
A Unit 42-tracked intrusion cluster blended open-source tooling with a custom .NET backdoor, raising the stakes for governments and energy operators that depend on exposed web applications.
Inside STOCKSTAY: The Windows Backdoor That Hides Like Ordinary Software
A newly identified .NET implant shows how espionage tooling can borrow the look and feel of normal desktop apps while keeping remote tasking quietly alive.
When a Seized iPhone Leaves a Trail: The Pivovarov Case and the Forensics Behind It
A mobile device can reveal not only what was inside it, but also how it was accessed - and, in this case, two different evidence layers point toward Cellebrite UFED use.
StockStay and the Silent Shape of Modern Espionage
A reported Turla-linked backdoor aimed at Ukrainian government and military targets shows how state-style intrusion kits now lean on modular design, web-like traffic, and host-specific behavior.
Inside the Seized iPhone: Why Physical Custody Is Still the Weakest Link
A reported Cellebrite-assisted extraction from a detained activist’s iPhone shows how device seizure, not remote hacking, can become the decisive moment in modern surveillance and repression cases.
Tiny Implant, Big Shadow: The Tunneling Tradecraft Hitting Southeast Asia’s Energy Sector
A newly identified .NET backdoor and a mix of legitimate remote-access utilities show how modern intrusions can hide inside normal admin traffic.
TinyRCT Turns a Quiet Foothold Into a Theft Machine
A custom .NET backdoor tied to a Southeast Asia intrusion cluster shows how modern espionage now relies on trusted Windows paths, tunneling software, and low-noise exfiltration.
When a File-Extraction Bug Becomes an Espionage Tool
A Windows archive flaw, a little-seen filesystem feature, and a stealer family linked to Ukraine-focused targeting show how old software mistakes can keep paying off for attackers.