The FLINT Report: February 10 | Unmasking FleshStealer, Emoji Codebreaking, and Managed Attribution in Action
Unmasking FleshStealer: A New Infostealer Threat in 2025
“Infostealers have emerged as one of the most persistent and widespread threats in the cybercrime ecosystem. Flashpoint data shows a growing sophistication in how threat actors leverage these tools, particularly in bypassing security measures.” Ian Gray, VP of Intelligence at Flashpoint
Last year, information-stealing malware infected over 18 million devices, resulting in the exposure and sale of over 2.4 billion compromised credentials. This sensitive data—including login and account data, financials, and a gamut of personally identifiable information (PII)—allowed threat actors to carry out crippling ransomware attacks and numerous high-profile data breaches.
Going into 2025, infostealers remain a clear danger for organizations worldwide, as these malicious programs are readily available and cheaply sold across illicit marketplaces and forums. Flashpoint analysts have identified a new infostealer strain that is rapidly gaining attention due to its advanced evasion techniques and aggressive data harvesting capabilities—the FleshStealer Credential Stealer.
In this report, we dive into FleshStealer, explaining what it is and its potential impact on organizations.
The Language of Emojis in Threat Intelligence
Threat actors increasingly use emojis to communicate covertly, referencing themselves, their tactics, and even their procedures.What once seemed like playful symbols now serves as a secret code—a dictionary of slang and vernacular used to obfuscate critical information and strengthen their online communities.
In this live session, you’ll learn how to break the code with:
Can’t attend live? A recording and presentation summary will be provided to all registered participants.
Weekly Vulnerability Insights and Prioritization Report
This week's report highlights CVE-2025-24085, a use-after-free vulnerability in Apple's CoreMedia framework that has been exploited in the wild and potentially allows local privilege escalation. Additionally, CVE-2024-40890 and CVE-2024-40891 in multiple Zyxel products permit remote command execution via HTTP and Telnet, respectively. Currently, no official patches are available, necessitating immediate mitigation efforts.
领英推荐
Managed Attribution Snapshots
What’s New
Flashpoint Managed Attribution customers can now capture and save up to ten Snapshots of their virtual machines to quickly and easily restore them to a previous state. Notes can be added to each Snapshot to track changes.
Why it Matters
Maintaining a consistent and reliable working environment is crucial for digital research and cybersecurity. Digital operations often involve interacting with malicious files and programs that could compromise virtual machines. With Snapshots, Flashpoint Managed Attribution users can confidently conduct these operations, knowing they can quickly and easily revert to a previous state of their workspace without losing valuable time and data.
Join us at FS-ISAC 2025 Americas Spring Summit
Flashpoint is exhibiting at FS-ISAC Americas Spring Summit in New Orleans! Stop by Booth 3 to connect with our team and see how we help financial institutions stay ahead of cyber threats. Want a dedicated meeting? Book time with us here.
Get to Know Flashpoint
We hope you’re enjoying The FLINT Report! This newsletter is created by Flashpoint, a risk intelligence company headquartered in Washington, D.C. Our mission is to deliver timely, actionable intelligence to organizations in the public and private sectors, and help them help protect their most critical assets, infrastructure, and stakeholders from a wide range of cyber and physical security risks. Visit flashpoint.io to learn more.