Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Mandiant free scanner script and YARA rules for Brickstorm on Linux and BSD appliances

Security Tool/Service
First reported
Last updated
Happening score
H score 10
1 unique sources, 1 articles

Summary

Hide ▲

Mandiant released a free scanner script and YARA rules to help defenders detect Brickstorm on Linux and BSD appliances. The release matters because these systems often lack EDR, making stealthy compromise harder to spot. The package also includes rules for Bricksteal and Slaystyle, broadening detection around the same malware set. Mandiant warned the scanner may miss some Brickstorm variants and does not validate persistence or vulnerable devices.

Related Happenings

Linux kernel Dirty Frag and Copy Fail 2 privilege escalation (multiple vulnerabilities)

Vulnerability
First: 11.05.2026 11:15 Last: 11.05.2026 11:15 Sources 1

About this happening: A newly disclosed **Linux kernel** local privilege-escalation flaw, **Dirty Frag and Copy Fail 2**, can let an unprivileged user reach **root** on affected systems. The bug chains...

Open Happening

Fast16 analysis reveals a sabotage worm that corrupts high-precision computations

Technical Analysis
First: 27.04.2026 16:09 Last: 27.04.2026 16:09 Sources 1

About this happening: Researchers identified **fast16**, a previously undocumented malware framework that can silently corrupt **high-precision computations**, exposing a sabotage method that can under...

Open Happening

Red Menshen telecom espionage campaign

Campaign
First: 26.03.2026 19:40 Last: 26.03.2026 19:40 Sources 1

About this happening: A **China-nexus** **Red Menshen** operation has sustained **covert access** in **telecom networks** across the **Middle East and Asia**, increasing the risk of **government espion...

Open Happening

EDR killer BYOVD analysis finds 54 tools abusing 34 vulnerable drivers

Technical Analysis
First: 19.03.2026 20:52 Last: 19.03.2026 20:52 Sources 1

About this happening: **54 EDR killers** were found abusing **BYOVD** through **34 vulnerable drivers**, showing how ransomware operators can **disable endpoint defenses** before encryption. The findin...

Open Happening

BlackSanta EDR killer malware activity targeting HR departments

Malware Activity
First: 11.03.2026 00:57 Last: 11.03.2026 00:57 Sources 1

About this happening: The **BlackSanta** malware operation has run for **more than a year**, targeting **HR departments** and using an **EDR killer** to weaken host defenses before payload execution. T...

Open Happening

Timeline

  1. 24.09.2025 17:00 2 articles · 8mo ago

    Mandiant releases Brickstorm scanner and YARA rules

    Detection Ioc Update

    Mandiant released a free scanner script that replicates a Brickstorm YARA rule for Linux and BSD appliances and included YARA rules for Bricksteal and Slaystyle to help defenders detect Brickstorm-related activity on systems that often lack EDR; Mandiant warned that the scanner may miss some Brickstorm variants and does not check persistence mechanisms or vulnerable devices.

    Show sources
    Open in new tab