/vx/Malware Analysis/2025/

308 directories 0 files
Name Size Modified
Go up
2025-01-02 - NonEuclid RAT/
2025-01-03 - RATs on the island (Remote Access Trojans in Sri Lanka's Cybersecurity Landscape)/
2025-01-03 - SwaetRAT Delivery Through Python/
2025-01-04 - Solara - Roblox Executor Malware/
2025-01-06 - EAGERBEE, with updated and novel components, targets the Middle East/
2025-01-06 - Hangro - Investigating North Korean VPN Infrastructure Part 1/
2025-01-07 - PacketCrypt Classic Cryptocurrency Miner on PHP Servers/
2025-01-07 - Turla Cyber Campaign Targeting Pakistan’s Critical Infrastructure/
2025-01-07 - Unveiling Russian Surveillance Tech Expansion in Central Asia and Latin America/
2025-01-08 - Akira Ransomware Group & Malware Analysis Report/
2025-01-08 - TMPN (Skuld) Stealer - The dark side of open source/
2025-01-09 - Hackers claim to breach Russian state agency managing property, land records/
2025-01-09 - HexaLocker V2 - Skuld Stealer Paving the Way prior to Encryption/
2025-01-10 - FunkSec – Alleged Top Ransomware Group Powered by AI/
2025-01-13 - Abusing AWS Native Services- Ransomware Encrypting S3 Buckets with SSE-C/
2025-01-13 - Double-Tap Campaign - Russia-nexus APT possibly related to APT28 conducts cyber espionage on Central Asia and Kazakhstan diplomatic relations/
2025-01-14 - From Royal to BlackSuit/
2025-01-14 - Justice Department and FBI Conduct International Operation to Delete Malware Used by China-Backed Hackers/
2025-01-14 - More Than Malware Families- Retooling Our Approach to Tracking Software/
2025-01-14 - One Mikro Typo - How a simple DNS misconfiguration enables malware delivery by a Russian botnet/
2025-01-14 - Russia's largest platform for state procurement hit by cyberattack from pro-Ukraine group/
2025-01-15 - Article 113- One of the Russian-Ukrainian cyberwars, a review of the first major blackout in Ukraine caused by the Sandworm APT organization/
2025-01-15 - BabbleLoader - A Deep Dive into EDR and Machine Learning-Based Endpoint Protection Evasion/
2025-01-15 - F.A.C.C.T. found new attacks of pro-Ukrainian cyber spies Sticky Werewolf/
2025-01-15 - Zombies Never Die - Analysis of the Current Situation of Large Botnet AIRASHI/
2025-01-16 - Analysis of Threat Actor Data Posting/
2025-01-16 - FortiGate Firewall Configs Dumped- Revisiting CVE-2022-40684 Exploitation/
2025-01-16 - Lazarus APT - Techniques for Hunting Contagious Interview/
2025-01-16 - MintsLoader - StealC and BOINC Delivery/
2025-01-16 - New Star Blizzard spear-phishing campaign targets WhatsApp accounts/
2025-01-16 - Will the Real Volt Typhoon Please Stand Up/
2025-01-20 - APT actor classification “addiction” - Practical issues of attribution seen in Lazarus subgroup classification/
2025-01-20 - Qbot is Back.Connect/
2025-01-21 - Love and hate under war - The GamaCopy organization, which imitates the Russian Gamaredon, uses military — related bait to launch attacks on Russia/
2025-01-21 - Silent Lynx APT Targets Various Entities Across Kyrgyzstan & Neighbouring Nations/
2025-01-22 - Categorizing Software with Code Families/
2025-01-22 - PlushDaemon compromises supply chain of Korean VPN service/
2025-01-23 - Cluster of Infrastructure likely used by Affiliate of Dark Scorpius (Black Basta)/
2025-01-23 - Helldown Ransomware Malware Analysis Report/
2025-01-23 - Lumma Stealer - Fake CAPTCHAs & New Techniques to Evade Detection/
2025-01-23 - RID Hijacking Technique Utilized by Andariel Attack Group/
2025-01-23 - The J-Magic Show - Magic Packets and Where to find them/
2025-01-25 - Sophos MDR tracks two ransomware campaigns using “email bombing,” Microsoft Teams “vishing”/
2025-01-27 - Cobalt Strike and a Pair of SOCKS Lead to LockBit Ransomware/
2025-01-27 - Technical Analysis of Xloader Versions 6 and 7 - Part 1/
2025-01-29 - North Korean APT Lazarus Targets Developers with Malicious npm Package/
2025-01-29 - Operation Phantom Circuit - North Korea’s Global Data Exfiltration Campaign/
2025-01-30 - Backdoor found in two healthcare patient monitors, linked to IP in China/
2025-01-30 - Coyote Banking Trojan - A Stealthy Attack via LNK Files/
2025-01-30 - Cybercrime websites selling hacking tools to transnational organized crime groups seized/
2025-01-30 - One ClickFix and LummaStealer reCAPTCHA’s Our Attention - Part 1/
2025-01-30 - Ongoing Email Bombing Campaigns leading to Remote Access and Post-Exploitation/
2025-01-30 - TAG-124’s Multi-Layered TDS Infrastructure and Extensive User Base/
2025-01-30 - UAC-0063 - Cyber Espionage Operation Expanding from Central Asia/
2025-01-31 - Attackers Leveraging Microsoft Teams Defaults and Quick Assist for Social Engineering Attacks/
2025-02-02 - Do the CONTEC CMS8000 Patient Monitors Contain a Chinese Backdoor - The Reality is More Complicated…/
2025-02-03 - LegionLoader exposed/
2025-02-03 - macOS FlexibleFerret - Further Variants of DPRK Malware Family Unearthed/
2025-02-04 - Analyzing ELF-Sshdinjector.A!tr with a Human and Artificial Analyst/
2025-02-04 - CVE-2025-0411 - Ukrainian Organizations Targeted in Zero-Day Campaign and Homoglyph Attacks/
2025-02-04 - Unpacking the BADBOX Botnet with Censys/
2025-02-05 - Lazarus Group Targets Organizations with Sophisticated LinkedIn Recruiting Scam/
2025-02-05 - Stealthy Attack - Dual Injection Undermines Chrome’s App-Bound Encryption/
2025-02-06 - Code injection attacks using publicly disclosed ASP.NET machine keys/
2025-02-06 - Google Tag Manager Skimmer Steals Credit Card Info From Magento Site/
2025-02-07 - SI-CERT TZ016 - BeaverTail & InvisibleFerret/
2025-02-09 - Analysis of malicious mobile applications impersonating popular Polish apps — OLX, Allegro, IKO/
2025-02-10 - Further insights into Ivanti CSA 4.6 vulnerabilities exploitation/
2025-02-10 - Tracking Ransomware - January 2025/
2025-02-11 - RATatouille - Cooking Up Chaos in the I2P Kitchen/
2025-02-11 - Sandworm APT Exploits Trojanized KMS Tools to Target Ukrainian Users in Cyber Espionage Campaign/
2025-02-11 - Sandworm APT Targets Ukrainian Users with Trojanized Microsoft KMS Activation Tools in Cyber Espionage Campaigns/
2025-02-12 - BTMOB RAT - Newly Discovered Android Malware Spreading via Phishing Sites/
2025-02-12 - Defying tunneling - A Wicked approach to detecting malicious network traffic/
2025-02-12 - North Korean Hackers Exploit PowerShell Trick to Hijack Devices in New Cyberattack/
2025-02-12 - Surge in attacks exploiting old ThinkPHP and ownCloud flaws/
2025-02-12 - Suspected North Korean hacker hacks a large number of data from a government document system developer/
2025-02-12 - The BadPilot campaign - Seashell Blizzard subgroup conducts multiyear global access operation/
2025-02-12 - Two tales and one Antidot(e) — a new mobile malware campaign in Poland/
2025-02-12 - Unpacking Pyarmor v8+ scripts/
2025-02-13 - Analyzing DEEP#DRIVE- North Korean Threat Actors Observed Exploiting Trusted Platforms for Targeted Attacks/
2025-02-13 - China-linked Espionage Tools Used in Ransomware Attacks/
2025-02-13 - Cybercrooks Are Using Fake Job Listings to Steal Crypto/
2025-02-13 - From South America to Southeast Asia - The Fragile Web of REF7707/
2025-02-13 - Inside the Scam - North Korea’s IT Worker Threat/
2025-02-13 - Multiple Russian Threat Actors Targeting Microsoft Device Code Authentication/
2025-02-13 - RedMike (Salt Typhoon) Exploits Vulnerable Cisco Devices of Global Telecommunications Providers/
2025-02-13 - Storm-2372 conducts device code phishing campaign/
2025-02-13 - Technical Analysis of Xloader Versions 6 and 7 - Part 2/
2025-02-13 - Threat hunting case study - SocGholish/
2025-02-13 - You've Got Malware - FINALDRAFT Hides in Your Drafts/
2025-02-15 - Dissecting a fresh BlankGrabber sample/
2025-02-18 - An inside look at NSA (Equation Group) TTPs from China’s lense/
2025-02-18 - An Update on Fake Updates - Two New Actors, and New Mac Malware/
2025-02-18 - Exposing the Deceit - Phishing Sites Impersonating Government Entities/
2025-02-18 - IOCs Green Nailao campaign (NailaoLocker, ShadowPad)/
2025-02-19 - #StopRansomware - Ghost (Cring) Ransomware/
2025-02-19 - Technical Analysis of Lockbit4.0 Evasion Tales/
2025-02-19 - The Pangu Team—iOS Jailbreak and Vulnerability Research Giant- A Member of i-SOON’s Exploit-Sharing Network/
2025-02-20 - 48 Minutes - How Fast Phishing Attacks Exploit Weaknesses/
2025-02-20 - APT-C-28 Group Launched New Cyber Attack With Fileless RokRat Malware/
2025-02-20 - DeceptiveDevelopment targets freelance developers/
2025-02-20 - GhostSocks - Lumma's Partner In Proxy/
2025-02-20 - Linkc Ransomware - The New Cybercriminal Group Targeting Artificial Intelligence Data/
2025-02-20 - Meet NailaoLocker - a ransomware distributed in Europe by ShadowPad and PlugX backdoors/
2025-02-20 - Updated Shadowpad Malware Leads to Ransomware Deployment/
2025-02-20 - Weathering the storm - In the midst of a Typhoon/
2025-02-21 - Angry Likho - Old beasts in a new forest/
2025-02-21 - How’s that for a malicious Linkc, new group launches DLS/
2025-02-21 - TRM Links North Korea to Record $1.5 Billion Record Hack/
2025-02-24 - Android trojan TgToxic updates its capabilities/
2025-02-24 - Auto-Color - An Emerging and Evasive Linux Backdoor/
2025-02-24 - Cryptocurrency APT Intelligence - Unveiling Lazarus Group’s Intrusion Techniques/
2025-02-24 - LCRYX Ransomware - How a VB Ransomware Locks Your System/
2025-02-24 - Six Months Undetected - Analysis of archive.org hosted .NET PE Injector/
2025-02-24 - The GitVenom campaign - Cryptocurrency theft using GitHub/
2025-02-25 - Ghostwriter - New Campaign Targets Ukrainian Government and Belarusian Opposition/
2025-02-25 - PolarEdge - Unveiling an uncovered ORB network/
2025-02-26 - Alert Number - I-022625-PSA - North Korea Responsible for $1.5 Billion Bybit Hack/
2025-02-26 - Inside BlackBasta - What Leaked Conversations Reveal About Their Ransomware Operations/
2025-02-27 - BlackBasta Leaks - Lessons from the Ascension Health attack/
2025-02-27 - Disrupting a global cybercrime network abusing generative AI/
2025-02-27 - Long Live The Vo1d Botnet - New Variant Hits 1.6 Million TV Globally/
2025-02-27 - Modern Approach to Attributing Hacktivist Groups/
2025-02-27 - NailaoLoader - Hiding Execution Flow via Patching/
2025-02-27 - NanoCore Malware Analysis/
2025-02-27 - Phishing Email Attacks by the Larva-24005 Group Targeting Japan/
2025-02-27 - Russian campaign targeting Romanian WhatsApp numbers/
2025-02-27 - Squidoor - Suspected Chinese Threat Actor’s Backdoor Targets Global Organizations/
2025-02-27 - The Rise of the Fake Tech Workforce - State-Sponsored Infiltration of U.S. Technical Supply Chains/
2025-02-27 - Winos 4.0 Spreads via Impersonation of Official Email to Target Users in Taiwan/
2025-02-28 - Agent AI, Basta Parser Extraordinaire/
2025-02-28 - Black Basta exposed - A look at a cybercrime data leak/
2025-02-28 - JavaGhost’s Persistent Phishing Attacks From the Cloud/
2025-02-28 - New DDoS Botnet Discovered - Over 30,000 Hacked Devices, Majority of Observed Activity Traced to Iran/
2025-02-28 - Notorious Malware, Spam Host “Prospero” Moves to Kaspersky Lab/
2025-03-01 - An in-depth analysis of APT37’s latest campaign/
2025-03-01 - Ransomware - de REvil à Black Basta, que sait-on de Tramp/
2025-03-02 - Pivoting on Black Basta's (leaked) Infrastructure/
2025-03-03 - Black Basta and Cactus Ransomware Groups Add BackConnect Malware to Their Arsenal/
2025-03-03 - PureLogs Deep Analysis- Evasion, Data Theft, and Encryption Mechanism/
2025-03-04 - Analysis of Kimsuky Group association with emergency martial arts-themed APT attack/
2025-03-04 - Black Basta Leak Analysis/
2025-03-04 - Likely DPRK Network Backstops on GitHub, Targets Companies Globally/
2025-03-04 - Ragnar Loader Indicators of Compromise (IOC)/
2025-03-04 - Thousands of websites hit by four backdoors in 3rd party JavaScript attack/
2025-03-04 - Tracking Emmenhtal/
2025-03-05 - Initial Takeaways from the Black Basta Chat Leaks/
2025-03-05 - Satori Threat Intelligence Disruption - BADBOX 2.0 Targets Consumer Devices with Multiple Fraud Schemes/
2025-03-05 - Silk Typhoon targeting IT supply chain/
2025-03-05 - Water Ouroboros/
2025-03-06 - Deciphering Black Basta’s Infrastructure from the Chat Leak/
2025-03-06 - The Next Level - Typo DGAs Used in Malicious Redirection Chains/
2025-03-06 - Unveiling EncryptHub - Analysis of a multi-stage malware campaign/
2025-03-07 - Akira Ransomware Expands to Linux - The attacking abilities and strategies/
2025-03-07 - Remote Monitoring and Management (RMM) Tooling Increasingly an Attacker’s First Choice/
2025-03-10 - Blind Eagle- …And Justice for All/
2025-03-10 - DieNet and #Shiite_Harvest claimed responsibility for disabling ten significant Iraqi websites/
2025-03-10 - Lazarus Strikes npm Again with New Wave of Malicious Packages/
2025-03-10 - Trump Cryptocurrency Delivers ConnectWise RAT/
2025-03-11 - AI-Assisted Fake GitHub Repositories Fuel SmartLoader and LummaStealer Distribution/
2025-03-11 - Blind Eagle Hacks Colombian Institutions Using NTLM Flaw, RATs and GitHub-Based Attacks/
2025-03-11 - Cato CTRL Threat Research - Ballista – New IoT Botnet Targeting Thousands of TP-Link Archer Routers/
2025-03-11 - DCRat backdoor returns/
2025-03-11 - DragonForce Ransomware - Unveiling Its Tactics and Impact/
2025-03-11 - IOCs for Anubis Backdoor/
2025-03-12 - Ghost in the Router - China-Nexus Espionage Actor UNC3886 Targets Juniper Routers/
2025-03-12 - Golang backdoor with a side of ChromeUpdateAlert App/
2025-03-12 - Lookout Discovers New Spyware by North Korean APT37/
2025-03-12 - Medusa Ransomware/
2025-03-13 - Analyzing OBSCURE#BAT Threat Actors Lure Victims into Executing Malicious Batch Scripts to Deploy Stealthy Rootkits/
2025-03-13 - ArechClient; Decoding IOCs and finding the onboard browser extension/
2025-03-13 - Botnets never die/
2025-03-13 - Decrypting Encrypted files from Akira Ransomware (Linux-ESXI variant 2024) using a bunch of GPUs/
2025-03-13 - Inside BRUTED - Black Basta (RaaS) Members Used Automated Brute Forcing Framework to Target Edge Network Devices/
2025-03-13 - New Ransomware Operator Exploits Fortinet Vulnerability Duo/
2025-03-13 - Tracking Ransomware - February 2025/
2025-03-13 - Work Hard, Pay Harder!/
2025-03-14 - Android Banking Trojan – OctoV2, masquerading as Deepseek AI/
2025-03-14 - Lumma Stealer – A tale that starts with a fake Captcha/
2025-03-14 - SocGholish’s Intrusion Techniques Facilitate Distribution of RansomHub Ransomware/
2025-03-15 - Understanding SalatStealer - Features and Impact/
2025-03-16 - Analyzing the RedTiger Malware Stealer/
2025-03-16 - Bybit – What We Know So Far/
2025-03-17 - Black Basta’s blunder - exploiting the gang’s leaked chats/
2025-03-17 - DollyWay World Domination - Eight Years of Evolving Website Malware Campaigns/
2025-03-18 - Code-signing certificate abuse in the Black Basta chat leaks (and how to fight back)/
2025-03-18 - Operation AkaiRyū - MirrorFace invites Europe to Expo 2025 and revives ANEL backdoor/
2025-03-20 - Operation FishMedley/
2025-03-20 - Reversing FUD AMOS Stealer/
2025-03-20 - UAT-5918 targets critical infrastructure entities in Taiwan/
2025-03-22 - Back to Business - Lumma Stealer Returns with Stealthier Methods/
2025-03-23 - Analyzing Vidar Stealer/
2025-03-24 - Weaver Ant, the Web Shell Whisperer - Tracking a Live China-nexus Operation/
2025-03-25 - IBM X-Force discovers new Sheriff Backdoor used to target Ukraine/
2025-03-25 - Inside DollyWay’s C2 Infrastructure - Traffic Direction Systems and the LosPollos Connection/
2025-03-25 - Inside Kimsuky’s Latest Cyberattack - Analyzing Malicious Scripts and Payloads/
2025-03-25 - On the Hunt for Ghost(Socks)/
2025-03-25 - Operation ForumTroll - APT attack with Google Chrome zero-day exploit chain/
2025-03-25 - Phishing Campaign Targets Defense and Aerospace Firms Linked to Ukraine Conflict/
2025-03-25 - Tempted to Classifying APT Actors- Practical Challenges of Attribution in the Case of Lazarus’s Subgroup/
2025-03-26 - CoffeeLoader - A Brew of Stealthy Techniques/
2025-03-26 - Lynx Ransomware - Learn details about the operation and how to mitigate this threat/
2025-03-26 - The Long and Short(cut) of It- KoiLoader Analysis/
2025-03-27 - A Phishing Tale of DoH and DNS MX Abuse/
2025-03-28 - A Deep Dive into Water Gamayun’s Arsenal and Infrastructure/
2025-03-28 - Exposing Crocodilus - New Device Takeover Malware Targeting Android Devices/
2025-03-28 - Hidden Malware Strikes Again - Mu-Plugins Under Attack/
2025-03-28 - TsarBot - A New Android Banking Trojan Targeting Over 750 Banking, Finance, and Cryptocurrency Applications/
2025-03-31 - Analyzing New HijackLoader Evasion Tactics/
2025-03-31 - CPU_HU - Fileless cryptominer targeting exposed PostgreSQL with over 1.5K victims/
2025-03-31 - DarkCloud Stealer/
2025-03-31 - From Contagious to ClickFake Interview - Lazarus leveraging the ClickFix tactic/
2025-03-31 - Gootloader Returns - Malware Hidden in Google Ads for Legal Documents/
2025-03-31 - Malware hiding in plain sight - Spying on North Korean Hackers/
2025-03-31 - Operation HollowQuill - Malware delivered into Russian R&D Networks via Research Decoy PDFs/
2025-03-31 - The Espionage Toolkit of Earth Alux - A Closer Look at its Advanced Techniques/
2025-04-01 - Auto-color - Linux backdoor/
2025-04-01 - Salvador Stealer - New Android Malware That Phishes Banking Details & OTPs/
2025-04-01 - Same Russian-Speaking Threat Actor, New Tactics Abuse of Cloudflare Services for Phishing and Telegram to Filter Victim IPs/
2025-04-02 - An in-depth look at Black Basta's TTPs/
2025-04-02 - BeaverTail and Tropidoor Malware Distributed via Recruitment Emails/
2025-04-02 - Tracking Adversaries - EvilCorp, the RansomHub affiliate/
2025-04-03 - Threat actors leverage tax season to deploy tax-themed phishing campaigns/
2025-04-03 - UAC-0219 Attack Detection - A New Cyber-Espionage Campaign Using a PowerShell Stealer WRECKSTEEL/
2025-04-04 - Lazarus Expands Malicious npm Campaign - 11 New Packages Add Malware Loaders and Bitbucket Payloads/
2025-04-04 - OPSEC Failure Exposes Coquettte's Malware Campaigns on Bulletproof Hosting Servers/
2025-04-07 - UAC-0226 Attack Detection - New Cyber-Espionage Campaign Targeting Ukrainian Innovation Hubs and Government Entities with GIFTEDCROOK Stealer/
2025-04-08 - Exploitation of CLFS zero-day leads to ransomware activity/
2025-04-08 - Goodbye HTA, Hello MSI- New TTPs and Clusters of an APT driven by Multi-Platform Attacks/
2025-04-08 - Inside DanaBot’s Infrastructure - In Support of Operation Endgame II/
2025-04-08 - State-Sponsored Tactics - How Gamaredon and ShadowPad Operate and Rotate Their Infrastructure/
2025-04-10 - GOFFEE continues to attack organizations in Russia/
2025-04-10 - Newly Registered Domains Distributing SpyNote Malware/
2025-04-11 - Flesh Stealer - A Report on Multivector Data Theft/
2025-04-11 - Interview with the Chollima/
2025-04-11 - Threat Spotlight - Hijacked and Hidden - New Backdoor and Persistence Technique/
2025-04-14 - BPFDoor’s Hidden Controller Used Against Asia, Middle East Targets/
2025-04-14 - New Malware Variant Identified - ResolverRAT Enters the Maze/
2025-04-14 - Proton66 Part 1 - Mass Scanning and Exploit Campaigns/
2025-04-14 - Slow Pisces Targets Developers With Coding Challenges and Introduces New Customized Python Malware/
2025-04-15 - CyberSOC Insights - Analysis of a Black Basta Attack Campaign/
2025-04-15 - Hunting Mice In Tunnels II - Fake CAPTCHAs and Ransomware/
2025-04-15 - Renewed APT29 Phishing Campaign Against European Diplomats/
2025-04-15 - UNC5174’s evolution in China’s ongoing cyber warfare- From SNOWLIGHT to VShell/
2025-04-16 - Inside Gamaredon’s PteroLNK - Dead Drop Resolvers and evasive Infrastructure/
2025-04-16 - Interlock ransomware evolving under the radar/
2025-04-17 - Around the World in 90 Days - State-Sponsored Actors Try ClickFix/
2025-04-17 - Breaking the B0 ransomware - Investigation & Decryption/
2025-04-17 - IronHusky updates the forgotten MysterySnail RAT to target Russia and Mongolia/
2025-04-17 - Mitigating ELUSIVE COMET Zoom remote control attacks/
2025-04-17 - Proton66 Part 2 - Compromised WordPress Pages and Malware Campaigns/
2025-04-17 - Unmasking the new XorDDoS controller and infrastructure/
2025-04-21 - Unmasking the Evolving Threat - A Deep Dive into the Latest Version of Lumma InfoStealer with Code Flow Obfuscation/
2025-04-22 - Distribution of PebbleDash Malware in March 2025/
2025-04-22 - Infostealer Malware FormBook Spread via Phishing Campaign – Part I/
2025-04-22 - Phishing for Codes - Russian Threat Actors Target Microsoft 365 OAuth Workflows/
2025-04-22 - Russian organizations targeted by backdoor masquerading as secure networking software updates/
2025-04-23 - AsyncRAT Malware Analysis/
2025-04-23 - Introducing ToyMaker, an initial access broker working in cahoots with double extortion gangs/
2025-04-23 - Russian Infrastructure Plays Crucial Role in North Korean Cybercrime Operations/
2025-04-23 - Understanding the threat landscape for Kubernetes and containerized assets/
2025-04-24 - Contagious Interview (DPRK) Launches a New Campaign Creating Three Front Companies to Deliver a Trio of Malware - BeaverTail, InvisibleFerret, and OtterCookie/
2025-04-24 - Crypters And Tools. Part 2- Different Paws — Same Tangle/
2025-04-24 - Understanding Alcatraz ~ Obfuscator Analysis [EN]/
2025-04-25 - Earth Kurma APT Campaign Targets Southeast Asian Government, Telecom Sectors/
2025-04-25 - Rolling in the Deep(Web) - Lazarus Tsunami/
2025-04-25 - The Persistent Threat of Salt Typhoon - Tracking Exposures of Potentially Targeted Devices/
2025-04-28 - Top Tier Target - What It Takes to Defend a Cybersecurity Company from Today’s Adversaries/
2025-04-28 - Uncovering Actor TTP Patterns and the Role of DNS in Investment Scams/
2025-04-29 - Gremlin Stealer - New Stealer on Sale in Underground Forum/
2025-04-29 - Nitrogen Dropping Cobalt Strike – A Combination of “Chemical Elements”/
2025-04-29 - Russia – Assignment of cyber attacks against France to the Russian military intelligence service (APT28) (29 April 2025)/
2025-04-29 - Uncovering MintsLoader With Recorded Future Malware Intelligence Hunting/
2025-04-29 - Yet Another NodeJS Backdoor (YaNB)- A Modern Challenge/
2025-04-30 - Advisory - Pahalgam Attack themed decoys used by APT36 to target the Indian Government/
2025-04-30 - Finding Malware - Unveiling LUMMAC.V2 with Google Security Operations/
2025-05-01 - Deep Dive Fog ransomware/
2025-05-01 - FortiGuard Incident Response Team Detects Intrusion into Middle East Critical National Infrastructure/
2025-05-01 - I StealC You - Tracking the Rapid Changes To StealC/
2025-05-01 - TerraStealerV2 and TerraLogger - Golden Chickens' New Malware Families Discovered/
2025-05-02 - Prelude - Crypto Heist Causes HAVOC/
2025-05-02 - Venom Spider Uses Server-Side Polymorphism to Weave a Web Around Victims/
2025-05-05 - Negotiations with the Akira ransomware group - an ill-advised approach/
2025-08-25 - Phishing Campaign Targeting Companies via UpCrypter/
2025-08-27 - Malicious Screen Connect Campaign Abuses AI-Themed Lures for Xworm Delivery/
2025-09-02 - Obscura an Obscure New Ransomware Variant/
2025-09-03 - Analyzing NotDoor Inside APT28’s Expanding Arsenal/
2025-09-03 - DragonForce Ransomware/
2025-09-03 - FANCY BEAR GONEPOSTAL – Espionage Tool Provides Backdoor Access to Microsoft Outlook/
2025-09-04 - Bells Ringing in Dar es Salaam/
2025-09-04 - New Botnet Emerges from the Shadows NightshadeC2/
2025-09-04 - North Korean Threat Actors Reveal Plans and Ops by Abusing Cyber Intel Platforms/
2025-09-05 - Unmasked Salat Stealer – A Deep Dive into Its Advanced Persistence Mechanisms and C2 Infrastructure/
2025-09-06 - Unknown Malware Using Azure Functions as C2/
2025-09-07 - APT37 Targets Windows with Rust Backdoor and Python/
2025-09-07 - ValleyRAT Exploiting BYOVD to Kill Endpoint Security/
2025-09-08 - Blurring the Lines Intrusion Shows Connection With Three Major Ransomware Gangs/
2025-09-08 - CyberVolk Ransomware Analysis of Double Encryption Structure and Disguised Decryption Logic/
2025-09-21 - Block Blasters - Forensic Report/
2025-09-29 - Cybercrime Observations from the Frontlines UNC6040 Proactive Hardening Recommendations/
2025-10-06 - Massive Malicious NPM Package Attack Threatens Software Supply Chains/
2025-10-07 - 0-day vulnerability exploited by Cl0p patched by Oracle/
2025-10-07 - Phishing from Home The Hidden Danger in Remote Jobs Lurking in Tesla Google Ferrari and Glassdoor/
2025-10-08 - Oracle E-Business Suite Zero-Day Exploited in Widespread Extortion Campaign/
2025-10-09 - AdaptixC2 Uncovered Capabilities Tactics Hunting Strategies/
2025-10-09 - Inside a Crypto Scam Nexus/
2025-10-09 - Inside Akira’s SonicWall Campaign Darktrace’s Detection and Response/