Blog

  • From GitHub Repos to Lazarus
    Introduction Many, many months ago, a GitHub repository belonging to a threat actor targeting a company operating in the airport management sector since September 2024 caught my attention. Since I did not have the chance to examine this repository, which had a considerable amount of activity, in detail at the time, I cloned and set…
  • There Is A Threat Actor Out There
    Introduction In recent years, as a cybersecurity researcher who frequently engages in conversations with threat actors who lack knowledge or concern about Operations Security (OPSEC) (Examples: Chasing the Threat Actor, Investment Scammers, WhatsApp Scammers), I once again had the opportunity to converse with another threat actor. The story of this article began almost a year…
  • Istanbul Senin Data Breach
    Introduction When the calendar showed May 26, 2025, a post appeared on DarkForums — a platform frequented by cybercriminals — from a threat actor using the alias kovalidis. In the message, the actor, claiming to be (or posing as) a member of the Powerful Greek Army (PGA) hacker group, announced that they were selling the…
  • Phishing Cloaking Techniques
    Introduction Those of you who have read my blog post titled Investment Scammers have seen how scammers try to lure innocent people into their traps through fake ads on social media and networks. Just as in that article, websites play a critical role in fraud attempts and are essential for the operations of scammers. In…
  • How Are We Getting Phished?
    Introduction Over the past 10 years of my 20-year cybersecurity career—primarily within Turkey’s leading banks and IT subsidiaries—I’ve taken on leadership and executive roles, including CISO, thanks to the knowledge, experience, and achievements I’ve gained. While the winds have carried me into executive leadership roles in recent years, I’ve continued to stay passionately connected to…