/vx/Malware Analysis/2025/

642 directories 0 files
Name Size Modified
Go up
2024-01-15 - NoaBot Botnet - Sandboxing with ELFEN and Analysis/
2025-01-02 - NonEuclid RAT/
2025-01-03 - RATs on the island (Remote Access Trojans in Sri Lanka's Cybersecurity Landscape)/
2025-01-03 - SwaetRAT Delivery Through Python/
2025-01-04 - Solara - Roblox Executor Malware/
2025-01-06 - EAGERBEE, with updated and novel components, targets the Middle East/
2025-01-06 - Hangro - Investigating North Korean VPN Infrastructure Part 1/
2025-01-07 - PacketCrypt Classic Cryptocurrency Miner on PHP Servers/
2025-01-07 - Turla Cyber Campaign Targeting Pakistan’s Critical Infrastructure/
2025-01-07 - Unveiling Russian Surveillance Tech Expansion in Central Asia and Latin America/
2025-01-08 - Akira Ransomware Group & Malware Analysis Report/
2025-01-08 - TMPN (Skuld) Stealer - The dark side of open source/
2025-01-09 - Hackers claim to breach Russian state agency managing property, land records/
2025-01-09 - HexaLocker V2 - Skuld Stealer Paving the Way prior to Encryption/
2025-01-10 - FunkSec – Alleged Top Ransomware Group Powered by AI/
2025-01-13 - Abusing AWS Native Services- Ransomware Encrypting S3 Buckets with SSE-C/
2025-01-13 - Double-Tap Campaign - Russia-nexus APT possibly related to APT28 conducts cyber espionage on Central Asia and Kazakhstan diplomatic relations/
2025-01-14 - From Royal to BlackSuit/
2025-01-14 - Justice Department and FBI Conduct International Operation to Delete Malware Used by China-Backed Hackers/
2025-01-14 - More Than Malware Families- Retooling Our Approach to Tracking Software/
2025-01-14 - One Mikro Typo - How a simple DNS misconfiguration enables malware delivery by a Russian botnet/
2025-01-14 - Russia's largest platform for state procurement hit by cyberattack from pro-Ukraine group/
2025-01-15 - Article 113- One of the Russian-Ukrainian cyberwars, a review of the first major blackout in Ukraine caused by the Sandworm APT organization/
2025-01-15 - BabbleLoader - A Deep Dive into EDR and Machine Learning-Based Endpoint Protection Evasion/
2025-01-15 - F.A.C.C.T. found new attacks of pro-Ukrainian cyber spies Sticky Werewolf/
2025-01-15 - Zombies Never Die - Analysis of the Current Situation of Large Botnet AIRASHI/
2025-01-16 - Analysis of Threat Actor Data Posting/
2025-01-16 - FortiGate Firewall Configs Dumped- Revisiting CVE-2022-40684 Exploitation/
2025-01-16 - Lazarus APT - Techniques for Hunting Contagious Interview/
2025-01-16 - MintsLoader - StealC and BOINC Delivery/
2025-01-16 - New Star Blizzard spear-phishing campaign targets WhatsApp accounts/
2025-01-16 - Will the Real Volt Typhoon Please Stand Up/
2025-01-20 - APT actor classification “addiction” - Practical issues of attribution seen in Lazarus subgroup classification/
2025-01-20 - Qbot is Back.Connect/
2025-01-21 - Love and hate under war - The GamaCopy organization, which imitates the Russian Gamaredon, uses military — related bait to launch attacks on Russia/
2025-01-21 - Silent Lynx APT Targets Various Entities Across Kyrgyzstan & Neighbouring Nations/
2025-01-22 - Categorizing Software with Code Families/
2025-01-22 - PlushDaemon compromises supply chain of Korean VPN service/
2025-01-23 - Cluster of Infrastructure likely used by Affiliate of Dark Scorpius (Black Basta)/
2025-01-23 - Helldown Ransomware Malware Analysis Report/
2025-01-23 - Lumma Stealer - Fake CAPTCHAs & New Techniques to Evade Detection/
2025-01-23 - RID Hijacking Technique Utilized by Andariel Attack Group/
2025-01-23 - The J-Magic Show - Magic Packets and Where to find them/
2025-01-25 - Sophos MDR tracks two ransomware campaigns using “email bombing,” Microsoft Teams “vishing”/
2025-01-27 - Cobalt Strike and a Pair of SOCKS Lead to LockBit Ransomware/
2025-01-27 - Technical Analysis of Xloader Versions 6 and 7 - Part 1/
2025-01-29 - North Korean APT Lazarus Targets Developers with Malicious npm Package/
2025-01-29 - Operation Phantom Circuit - North Korea’s Global Data Exfiltration Campaign/
2025-01-30 - Backdoor found in two healthcare patient monitors, linked to IP in China/
2025-01-30 - Coyote Banking Trojan - A Stealthy Attack via LNK Files/
2025-01-30 - Cybercrime websites selling hacking tools to transnational organized crime groups seized/
2025-01-30 - One ClickFix and LummaStealer reCAPTCHA’s Our Attention - Part 1/
2025-01-30 - Ongoing Email Bombing Campaigns leading to Remote Access and Post-Exploitation/
2025-01-30 - TAG-124’s Multi-Layered TDS Infrastructure and Extensive User Base/
2025-01-30 - UAC-0063 - Cyber Espionage Operation Expanding from Central Asia/
2025-01-31 - Attackers Leveraging Microsoft Teams Defaults and Quick Assist for Social Engineering Attacks/
2025-02-02 - Do the CONTEC CMS8000 Patient Monitors Contain a Chinese Backdoor - The Reality is More Complicated…/
2025-02-03 - LegionLoader exposed/
2025-02-03 - macOS FlexibleFerret - Further Variants of DPRK Malware Family Unearthed/
2025-02-04 - Analyzing ELF-Sshdinjector.A!tr with a Human and Artificial Analyst/
2025-02-04 - CVE-2025-0411 - Ukrainian Organizations Targeted in Zero-Day Campaign and Homoglyph Attacks/
2025-02-04 - Unpacking the BADBOX Botnet with Censys/
2025-02-05 - Lazarus Group Targets Organizations with Sophisticated LinkedIn Recruiting Scam/
2025-02-05 - Stealthy Attack - Dual Injection Undermines Chrome’s App-Bound Encryption/
2025-02-06 - Code injection attacks using publicly disclosed ASP.NET machine keys/
2025-02-06 - Google Tag Manager Skimmer Steals Credit Card Info From Magento Site/
2025-02-07 - SI-CERT TZ016 - BeaverTail & InvisibleFerret/
2025-02-09 - Analysis of malicious mobile applications impersonating popular Polish apps — OLX, Allegro, IKO/
2025-02-10 - Further insights into Ivanti CSA 4.6 vulnerabilities exploitation/
2025-02-10 - Tracking Ransomware - January 2025/
2025-02-11 - RATatouille - Cooking Up Chaos in the I2P Kitchen/
2025-02-11 - Sandworm APT Exploits Trojanized KMS Tools to Target Ukrainian Users in Cyber Espionage Campaign/
2025-02-11 - Sandworm APT Targets Ukrainian Users with Trojanized Microsoft KMS Activation Tools in Cyber Espionage Campaigns/
2025-02-12 - BTMOB RAT - Newly Discovered Android Malware Spreading via Phishing Sites/
2025-02-12 - Defying tunneling - A Wicked approach to detecting malicious network traffic/
2025-02-12 - North Korean Hackers Exploit PowerShell Trick to Hijack Devices in New Cyberattack/
2025-02-12 - Surge in attacks exploiting old ThinkPHP and ownCloud flaws/
2025-02-12 - Suspected North Korean hacker hacks a large number of data from a government document system developer/
2025-02-12 - The BadPilot campaign - Seashell Blizzard subgroup conducts multiyear global access operation/
2025-02-12 - Two tales and one Antidot(e) — a new mobile malware campaign in Poland/
2025-02-12 - Unpacking Pyarmor v8+ scripts/
2025-02-13 - Analyzing DEEP#DRIVE- North Korean Threat Actors Observed Exploiting Trusted Platforms for Targeted Attacks/
2025-02-13 - China-linked Espionage Tools Used in Ransomware Attacks/
2025-02-13 - Cybercrooks Are Using Fake Job Listings to Steal Crypto/
2025-02-13 - From South America to Southeast Asia - The Fragile Web of REF7707/
2025-02-13 - Inside the Scam - North Korea’s IT Worker Threat/
2025-02-13 - Multiple Russian Threat Actors Targeting Microsoft Device Code Authentication/
2025-02-13 - RedMike (Salt Typhoon) Exploits Vulnerable Cisco Devices of Global Telecommunications Providers/
2025-02-13 - Storm-2372 conducts device code phishing campaign/
2025-02-13 - Technical Analysis of Xloader Versions 6 and 7 - Part 2/
2025-02-13 - Threat hunting case study - SocGholish/
2025-02-13 - You've Got Malware - FINALDRAFT Hides in Your Drafts/
2025-02-15 - Dissecting a fresh BlankGrabber sample/
2025-02-18 - An inside look at NSA (Equation Group) TTPs from China’s lense/
2025-02-18 - An Update on Fake Updates - Two New Actors, and New Mac Malware/
2025-02-18 - Exposing the Deceit - Phishing Sites Impersonating Government Entities/
2025-02-18 - IOCs Green Nailao campaign (NailaoLocker, ShadowPad)/
2025-02-19 - #StopRansomware - Ghost (Cring) Ransomware/
2025-02-19 - Technical Analysis of Lockbit4.0 Evasion Tales/
2025-02-19 - The Pangu Team—iOS Jailbreak and Vulnerability Research Giant- A Member of i-SOON’s Exploit-Sharing Network/
2025-02-20 - 48 Minutes - How Fast Phishing Attacks Exploit Weaknesses/
2025-02-20 - APT-C-28 Group Launched New Cyber Attack With Fileless RokRat Malware/
2025-02-20 - DeceptiveDevelopment targets freelance developers/
2025-02-20 - GhostSocks - Lumma's Partner In Proxy/
2025-02-20 - Linkc Ransomware - The New Cybercriminal Group Targeting Artificial Intelligence Data/
2025-02-20 - Meet NailaoLocker - a ransomware distributed in Europe by ShadowPad and PlugX backdoors/
2025-02-20 - Updated Shadowpad Malware Leads to Ransomware Deployment/
2025-02-20 - Weathering the storm - In the midst of a Typhoon/
2025-02-21 - Angry Likho - Old beasts in a new forest/
2025-02-21 - How’s that for a malicious Linkc, new group launches DLS/
2025-02-21 - TRM Links North Korea to Record $1.5 Billion Record Hack/
2025-02-24 - Android trojan TgToxic updates its capabilities/
2025-02-24 - Auto-Color - An Emerging and Evasive Linux Backdoor/
2025-02-24 - Cryptocurrency APT Intelligence - Unveiling Lazarus Group’s Intrusion Techniques/
2025-02-24 - LCRYX Ransomware - How a VB Ransomware Locks Your System/
2025-02-24 - Six Months Undetected - Analysis of archive.org hosted .NET PE Injector/
2025-02-24 - The GitVenom campaign - Cryptocurrency theft using GitHub/
2025-02-25 - Ghostwriter - New Campaign Targets Ukrainian Government and Belarusian Opposition/
2025-02-25 - PolarEdge - Unveiling an uncovered ORB network/
2025-02-26 - Alert Number - I-022625-PSA - North Korea Responsible for $1.5 Billion Bybit Hack/
2025-02-26 - Inside BlackBasta - What Leaked Conversations Reveal About Their Ransomware Operations/
2025-02-27 - BlackBasta Leaks - Lessons from the Ascension Health attack/
2025-02-27 - Disrupting a global cybercrime network abusing generative AI/
2025-02-27 - Long Live The Vo1d Botnet - New Variant Hits 1.6 Million TV Globally/
2025-02-27 - Modern Approach to Attributing Hacktivist Groups/
2025-02-27 - NailaoLoader - Hiding Execution Flow via Patching/
2025-02-27 - NanoCore Malware Analysis/
2025-02-27 - Phishing Email Attacks by the Larva-24005 Group Targeting Japan/
2025-02-27 - Russian campaign targeting Romanian WhatsApp numbers/
2025-02-27 - Squidoor - Suspected Chinese Threat Actor’s Backdoor Targets Global Organizations/
2025-02-27 - The Rise of the Fake Tech Workforce - State-Sponsored Infiltration of U.S. Technical Supply Chains/
2025-02-27 - Winos 4.0 Spreads via Impersonation of Official Email to Target Users in Taiwan/
2025-02-28 - Agent AI, Basta Parser Extraordinaire/
2025-02-28 - Black Basta exposed - A look at a cybercrime data leak/
2025-02-28 - JavaGhost’s Persistent Phishing Attacks From the Cloud/
2025-02-28 - New DDoS Botnet Discovered - Over 30,000 Hacked Devices, Majority of Observed Activity Traced to Iran/
2025-02-28 - Notorious Malware, Spam Host “Prospero” Moves to Kaspersky Lab/
2025-03-01 - An in-depth analysis of APT37’s latest campaign/
2025-03-01 - Ransomware - de REvil à Black Basta, que sait-on de Tramp/
2025-03-02 - Pivoting on Black Basta's (leaked) Infrastructure/
2025-03-03 - Black Basta and Cactus Ransomware Groups Add BackConnect Malware to Their Arsenal/
2025-03-03 - PureLogs Deep Analysis- Evasion, Data Theft, and Encryption Mechanism/
2025-03-04 - Analysis of Kimsuky Group association with emergency martial arts-themed APT attack/
2025-03-04 - Black Basta Leak Analysis/
2025-03-04 - Likely DPRK Network Backstops on GitHub, Targets Companies Globally/
2025-03-04 - Ragnar Loader Indicators of Compromise (IOC)/
2025-03-04 - Thousands of websites hit by four backdoors in 3rd party JavaScript attack/
2025-03-04 - Tracking Emmenhtal/
2025-03-05 - Initial Takeaways from the Black Basta Chat Leaks/
2025-03-05 - Satori Threat Intelligence Disruption - BADBOX 2.0 Targets Consumer Devices with Multiple Fraud Schemes/
2025-03-05 - Silk Typhoon targeting IT supply chain/
2025-03-05 - Water Ouroboros/
2025-03-06 - Deciphering Black Basta’s Infrastructure from the Chat Leak/
2025-03-06 - The Next Level - Typo DGAs Used in Malicious Redirection Chains/
2025-03-06 - Unveiling EncryptHub - Analysis of a multi-stage malware campaign/
2025-03-07 - Akira Ransomware Expands to Linux - The attacking abilities and strategies/
2025-03-07 - Remote Monitoring and Management (RMM) Tooling Increasingly an Attacker’s First Choice/
2025-03-10 - Blind Eagle- …And Justice for All/
2025-03-10 - DieNet and #Shiite_Harvest claimed responsibility for disabling ten significant Iraqi websites/
2025-03-10 - Lazarus Strikes npm Again with New Wave of Malicious Packages/
2025-03-10 - Trump Cryptocurrency Delivers ConnectWise RAT/
2025-03-11 - AI-Assisted Fake GitHub Repositories Fuel SmartLoader and LummaStealer Distribution/
2025-03-11 - Blind Eagle Hacks Colombian Institutions Using NTLM Flaw, RATs and GitHub-Based Attacks/
2025-03-11 - Cato CTRL Threat Research - Ballista – New IoT Botnet Targeting Thousands of TP-Link Archer Routers/
2025-03-11 - DCRat backdoor returns/
2025-03-11 - DragonForce Ransomware - Unveiling Its Tactics and Impact/
2025-03-11 - IOCs for Anubis Backdoor/
2025-03-12 - Ghost in the Router - China-Nexus Espionage Actor UNC3886 Targets Juniper Routers/
2025-03-12 - Golang backdoor with a side of ChromeUpdateAlert App/
2025-03-12 - Lookout Discovers New Spyware by North Korean APT37/
2025-03-12 - Medusa Ransomware/
2025-03-13 - Analyzing OBSCURE#BAT Threat Actors Lure Victims into Executing Malicious Batch Scripts to Deploy Stealthy Rootkits/
2025-03-13 - ArechClient; Decoding IOCs and finding the onboard browser extension/
2025-03-13 - Botnets never die/
2025-03-13 - Decrypting Encrypted files from Akira Ransomware (Linux-ESXI variant 2024) using a bunch of GPUs/
2025-03-13 - Inside BRUTED - Black Basta (RaaS) Members Used Automated Brute Forcing Framework to Target Edge Network Devices/
2025-03-13 - New Ransomware Operator Exploits Fortinet Vulnerability Duo/
2025-03-13 - Tracking Ransomware - February 2025/
2025-03-13 - Work Hard, Pay Harder!/
2025-03-14 - Android Banking Trojan – OctoV2, masquerading as Deepseek AI/
2025-03-14 - Lumma Stealer – A tale that starts with a fake Captcha/
2025-03-14 - SocGholish’s Intrusion Techniques Facilitate Distribution of RansomHub Ransomware/
2025-03-15 - Understanding SalatStealer - Features and Impact/
2025-03-16 - Analyzing the RedTiger Malware Stealer/
2025-03-16 - Bybit – What We Know So Far/
2025-03-17 - Black Basta’s blunder - exploiting the gang’s leaked chats/
2025-03-17 - DollyWay World Domination - Eight Years of Evolving Website Malware Campaigns/
2025-03-18 - Code-signing certificate abuse in the Black Basta chat leaks (and how to fight back)/
2025-03-18 - Operation AkaiRyū - MirrorFace invites Europe to Expo 2025 and revives ANEL backdoor/
2025-03-20 - Operation FishMedley/
2025-03-20 - Reversing FUD AMOS Stealer/
2025-03-20 - UAT-5918 targets critical infrastructure entities in Taiwan/
2025-03-22 - Back to Business - Lumma Stealer Returns with Stealthier Methods/
2025-03-23 - Analyzing Vidar Stealer/
2025-03-24 - Weaver Ant, the Web Shell Whisperer - Tracking a Live China-nexus Operation/
2025-03-25 - IBM X-Force discovers new Sheriff Backdoor used to target Ukraine/
2025-03-25 - Inside DollyWay’s C2 Infrastructure - Traffic Direction Systems and the LosPollos Connection/
2025-03-25 - Inside Kimsuky’s Latest Cyberattack - Analyzing Malicious Scripts and Payloads/
2025-03-25 - On the Hunt for Ghost(Socks)/
2025-03-25 - Operation ForumTroll - APT attack with Google Chrome zero-day exploit chain/
2025-03-25 - Phishing Campaign Targets Defense and Aerospace Firms Linked to Ukraine Conflict/
2025-03-25 - Tempted to Classifying APT Actors- Practical Challenges of Attribution in the Case of Lazarus’s Subgroup/
2025-03-26 - CoffeeLoader - A Brew of Stealthy Techniques/
2025-03-26 - Lynx Ransomware - Learn details about the operation and how to mitigate this threat/
2025-03-26 - The Long and Short(cut) of It- KoiLoader Analysis/
2025-03-27 - A Phishing Tale of DoH and DNS MX Abuse/
2025-03-28 - A Deep Dive into Water Gamayun’s Arsenal and Infrastructure/
2025-03-28 - Exposing Crocodilus - New Device Takeover Malware Targeting Android Devices/
2025-03-28 - Hidden Malware Strikes Again - Mu-Plugins Under Attack/
2025-03-28 - TsarBot - A New Android Banking Trojan Targeting Over 750 Banking, Finance, and Cryptocurrency Applications/
2025-03-31 - Analyzing New HijackLoader Evasion Tactics/
2025-03-31 - CPU_HU - Fileless cryptominer targeting exposed PostgreSQL with over 1.5K victims/
2025-03-31 - DarkCloud Stealer/
2025-03-31 - From Contagious to ClickFake Interview - Lazarus leveraging the ClickFix tactic/
2025-03-31 - Gootloader Returns - Malware Hidden in Google Ads for Legal Documents/
2025-03-31 - Malware hiding in plain sight - Spying on North Korean Hackers/
2025-03-31 - Operation HollowQuill - Malware delivered into Russian R&D Networks via Research Decoy PDFs/
2025-03-31 - The Espionage Toolkit of Earth Alux - A Closer Look at its Advanced Techniques/
2025-04-01 - Auto-color - Linux backdoor/
2025-04-01 - Salvador Stealer - New Android Malware That Phishes Banking Details & OTPs/
2025-04-01 - Same Russian-Speaking Threat Actor, New Tactics Abuse of Cloudflare Services for Phishing and Telegram to Filter Victim IPs/
2025-04-02 - An in-depth look at Black Basta's TTPs/
2025-04-02 - BeaverTail and Tropidoor Malware Distributed via Recruitment Emails/
2025-04-02 - Tracking Adversaries - EvilCorp, the RansomHub affiliate/
2025-04-03 - Threat actors leverage tax season to deploy tax-themed phishing campaigns/
2025-04-03 - UAC-0219 Attack Detection - A New Cyber-Espionage Campaign Using a PowerShell Stealer WRECKSTEEL/
2025-04-04 - Lazarus Expands Malicious npm Campaign - 11 New Packages Add Malware Loaders and Bitbucket Payloads/
2025-04-04 - OPSEC Failure Exposes Coquettte's Malware Campaigns on Bulletproof Hosting Servers/
2025-04-07 - UAC-0226 Attack Detection - New Cyber-Espionage Campaign Targeting Ukrainian Innovation Hubs and Government Entities with GIFTEDCROOK Stealer/
2025-04-08 - Exploitation of CLFS zero-day leads to ransomware activity/
2025-04-08 - Goodbye HTA, Hello MSI- New TTPs and Clusters of an APT driven by Multi-Platform Attacks/
2025-04-08 - Inside DanaBot’s Infrastructure - In Support of Operation Endgame II/
2025-04-08 - State-Sponsored Tactics - How Gamaredon and ShadowPad Operate and Rotate Their Infrastructure/
2025-04-10 - GOFFEE continues to attack organizations in Russia/
2025-04-10 - Newly Registered Domains Distributing SpyNote Malware/
2025-04-11 - Flesh Stealer - A Report on Multivector Data Theft/
2025-04-11 - Interview with the Chollima/
2025-04-11 - Threat Spotlight - Hijacked and Hidden - New Backdoor and Persistence Technique/
2025-04-14 - BPFDoor’s Hidden Controller Used Against Asia, Middle East Targets/
2025-04-14 - New Malware Variant Identified - ResolverRAT Enters the Maze/
2025-04-14 - Proton66 Part 1 - Mass Scanning and Exploit Campaigns/
2025-04-14 - Slow Pisces Targets Developers With Coding Challenges and Introduces New Customized Python Malware/
2025-04-15 - CyberSOC Insights - Analysis of a Black Basta Attack Campaign/
2025-04-15 - Hunting Mice In Tunnels II - Fake CAPTCHAs and Ransomware/
2025-04-15 - Renewed APT29 Phishing Campaign Against European Diplomats/
2025-04-15 - UNC5174’s evolution in China’s ongoing cyber warfare- From SNOWLIGHT to VShell/
2025-04-16 - Inside Gamaredon’s PteroLNK - Dead Drop Resolvers and evasive Infrastructure/
2025-04-16 - Interlock ransomware evolving under the radar/
2025-04-17 - Around the World in 90 Days - State-Sponsored Actors Try ClickFix/
2025-04-17 - Breaking the B0 ransomware - Investigation & Decryption/
2025-04-17 - IronHusky updates the forgotten MysterySnail RAT to target Russia and Mongolia/
2025-04-17 - Mitigating ELUSIVE COMET Zoom remote control attacks/
2025-04-17 - Proton66 Part 2 - Compromised WordPress Pages and Malware Campaigns/
2025-04-17 - Unmasking the new XorDDoS controller and infrastructure/
2025-04-21 - Unmasking the Evolving Threat - A Deep Dive into the Latest Version of Lumma InfoStealer with Code Flow Obfuscation/
2025-04-22 - Distribution of PebbleDash Malware in March 2025/
2025-04-22 - Infostealer Malware FormBook Spread via Phishing Campaign – Part I/
2025-04-22 - Phishing for Codes - Russian Threat Actors Target Microsoft 365 OAuth Workflows/
2025-04-22 - Russian organizations targeted by backdoor masquerading as secure networking software updates/
2025-04-23 - AsyncRAT Malware Analysis/
2025-04-23 - Introducing ToyMaker, an initial access broker working in cahoots with double extortion gangs/
2025-04-23 - Russian Infrastructure Plays Crucial Role in North Korean Cybercrime Operations/
2025-04-23 - Understanding the threat landscape for Kubernetes and containerized assets/
2025-04-24 - Contagious Interview (DPRK) Launches a New Campaign Creating Three Front Companies to Deliver a Trio of Malware - BeaverTail, InvisibleFerret, and OtterCookie/
2025-04-24 - Crypters And Tools. Part 2- Different Paws — Same Tangle/
2025-04-24 - Understanding Alcatraz ~ Obfuscator Analysis [EN]/
2025-04-25 - Earth Kurma APT Campaign Targets Southeast Asian Government, Telecom Sectors/
2025-04-25 - Rolling in the Deep(Web) - Lazarus Tsunami/
2025-04-25 - The Persistent Threat of Salt Typhoon - Tracking Exposures of Potentially Targeted Devices/
2025-04-28 - Top Tier Target - What It Takes to Defend a Cybersecurity Company from Today’s Adversaries/
2025-04-28 - Uncovering Actor TTP Patterns and the Role of DNS in Investment Scams/
2025-04-29 - Gremlin Stealer - New Stealer on Sale in Underground Forum/
2025-04-29 - Nitrogen Dropping Cobalt Strike – A Combination of “Chemical Elements”/
2025-04-29 - Russia – Assignment of cyber attacks against France to the Russian military intelligence service (APT28) (29 April 2025)/
2025-04-29 - Uncovering MintsLoader With Recorded Future Malware Intelligence Hunting/
2025-04-29 - Yet Another NodeJS Backdoor (YaNB)- A Modern Challenge/
2025-04-30 - Advisory - Pahalgam Attack themed decoys used by APT36 to target the Indian Government/
2025-04-30 - Finding Malware - Unveiling LUMMAC.V2 with Google Security Operations/
2025-05-01 - Deep Dive Fog ransomware/
2025-05-01 - FortiGuard Incident Response Team Detects Intrusion into Middle East Critical National Infrastructure/
2025-05-01 - I StealC You - Tracking the Rapid Changes To StealC/
2025-05-01 - TerraStealerV2 and TerraLogger - Golden Chickens' New Malware Families Discovered/
2025-05-02 - Prelude - Crypto Heist Causes HAVOC/
2025-05-02 - Venom Spider Uses Server-Side Polymorphism to Weave a Web Around Victims/
2025-05-05 - Negotiations with the Akira ransomware group - an ill-advised approach/
2025-05-06 - Defending Against UNC3944 - Cybercrime Hardening Guidance from the Frontlines/
2025-05-06 - Here Comes Mirai - IoT Devices RSVP to Active Exploitation/
2025-05-06 - Rise of Oriental Gudgeon/
2025-05-06 - Telegram Tango - Dancing with a Scammer/
2025-05-07 - Additional Features of OtterCookie Malware Used by WaterPlum/
2025-05-07 - COLDRIVER Using New Malware To Steal Documents From Western Targets and NGOs/
2025-05-07 - Iranian Cyber Actors Impersonate Model Agency in Suspected Espionage Operation/
2025-05-08 - Multilayered Email Attack - How a PDF Invoice and Geo-Fencing Led to RAT Malware/
2025-05-08 - Negotiations with the Akira ransomware group - an ill-advised approach/
2025-05-08 - Threat Analysis - SAP Vulnerability Exploited in the Wild by Chinese Threat Actor/
2025-05-09 - Classic Rock - Hunting a Botnet that preys on the Old/
2025-05-09 - Lumma Stealer, coming and going/
2025-05-12 - Analysis of APT37 Attack Case Disguised as a Think Tank for National Security Strategy in South Korea (Operation. ToyBox Story)/
2025-05-12 - Open-source toolset of an Ivanti CSA attacker/
2025-05-12 - Unveiling Swan Vector APT Targeting Taiwan and Japan with varied DLL Implants/
2025-05-13 - China-Nexus Nation State Actors Exploit SAP NetWeaver (CVE-2025-31324) to Target Critical Infrastructures/
2025-05-13 - Defining a new methodology for modeling and tracking compartmentalized threats/
2025-05-13 - Earth Ammit Disrupts Drone Supply Chains Through Coordinated Multi-Wave Attacks in Taiwan/
2025-05-13 - Sit, Fetch, Steal - Chihuahua Stealer - A new Breed of Infostealer/
2025-05-13 - TA406 Pivots to the Front/
2025-05-14 - Continued EAGERBEE (Thumtais) malware activity/
2025-05-14 - Technical Analysis of TransferLoader/
2025-05-15 - Ave Maria Malware Analysis/
2025-05-15 - Operation RoundPress/
2025-05-16 - DBatLoader (ModiLoader) Being Distributed to Turkish Users/
2025-05-16 - Printer company provided infected software downloads for half a year/
2025-05-16 - Ransomware Roundup – VanHelsing/
2025-05-17 - More_Eggs - A Venom Spider Backdoor Targeting HR/
2025-05-19 - A Sting on Bing - Bumblebee delivered through Bing SEO poisoning campaign/
2025-05-19 - Another Confluence Bites the Dust - Falling to ELPACO-team Ransomware/
2025-05-19 - Reversing a Microsoft-Signed Rootkit - The Netfilter Driver/
2025-05-20 - From banks to battalions - SideWinder’s attacks on South Asia’s public sector/
2025-05-21 - Disrupting Lumma Stealer - Microsoft leads global action against favored cybercrime tool/
2025-05-21 - The obfuscation game - MUT-9332 targets Solidity developers via malicious VS Code extensions/
2025-05-21 - TikTok Videos Promise Pirated Apps, Deliver Vidar and StealC Infostealers Instead/
2025-05-22 - Danabot- Analyzing a fallen empire/
2025-05-22 - De-obfuscating ALCATRAZ/
2025-05-22 - Russia-Aligned TAG-110 Targets Tajikistan with Macro-Enabled Word Documents/
2025-05-22 - UAT-6382 exploits Cityworks zero-day vulnerability to deliver malware/
2025-05-22 - ViciousTrap – Infiltrate, Control, Lure- Turning edge devices into honeypots en masse/
2025-05-23 - Mysterious hacking group Careto was run by the Spanish government, sources say/
2025-05-27 - Earth Lamia Develops Custom Arsenal to Target Multiple Industries/
2025-05-27 - Infostealer Malware FormBook Spread via Phishing Campaign – Part II/
2025-05-27 - Inside a VenomRAT Malware Campaign/
2025-05-27 - New Russia-affiliated actor Void Blizzard targets critical sectors for espionage/
2025-05-27 - SafePay - The new kid on the block/
2025-05-28 - Bombardino Crocodilo in Poland — analysis of IKO Lokaty mobile malware campaign/
2025-05-28 - GreyNoise Discovers Stealthy Backdoor Campaign Affecting Thousands of ASUS Routers/
2025-05-28 - Mark Your Calendar- APT41 Innovative Tactics/
2025-05-28 - NSIS Abuse and sRDI Shellcode - Anatomy of the Winos 4.0 Campaign/
2025-05-28 - Pakistan Telecommunication Company (PTCL) Targeted by Bitter APT During Heightened Regional Conflict/
2025-05-28 - PhaaS the Secrets - The Hidden Ties Between Tycoon2FA and Dadsec's Operations/
2025-05-28 - PumaBot - Novel Botnet Targeting IoT Surveillance Devices/
2025-05-29 - Chasing Eddies - New Rust-based InfoStealer used in CAPTCHA campaigns/
2025-05-29 - Deep Dive into a Dumped Malware without a PE Header/
2025-05-30 - Tracking AyySSHush - a Newly Discovered ASUS Router Botnet Campaign/
2025-05-31 - Crocodilus in the wild - Mapping the campaign in Poland/
2025-05-31 - Hidden Bear - The GRU hackers of Russia’s most notorious kill squad/
2025-06-02 - BPFDoor Part 1 - The past/
2025-06-02 - BPFDoor Part 2 - The Present/
2025-06-03 - Crocodilus Mobile Malware - Evolving Fast, Going Global/
2025-06-03 - In-depth Analysis of a 2025 ViperSoftX Variant/
2025-06-03 - OtterCookie - Analysis of Lazarus Group Malware Targeting Finance and Tech Professionals/
2025-06-04 - The Bitter End - Unraveling Eight Years of Espionage Antics—Part One/
2025-06-05 - Abusing Paste.ee to Deploy XWorm and AsyncRAT Across Global C2 Infrastructure/
2025-06-05 - Alert Number- I-060525-PSA - Home Internet Connected Devices Facilitate Criminal Activity/
2025-06-05 - Analysis of Spyware That Helped to Compromise a Syrian Army from Within/
2025-06-05 - BladedFeline - Whispering in the dark/
2025-06-05 - Newly identified wiper malware “PathWiper” targets critical infrastructure in Ukraine/
2025-06-05 - Scattered Spider Targets Tech Companies for Help-Desk Exploitation/
2025-06-06 - Operation DRAGONCLONE - Chinese Telecommunication industry targeted via VELETRIX & VShell malware/
2025-06-09 - Analysis of the Triple Combo Threat of the Kimsuky Group/
2025-06-09 - DanaBleed - DanaBot C2 Server Memory Leak Bug/
2025-06-09 - Follow the Smoke - China-nexus Threat Actors Hammer At the Doors of Top Tier Targets/
2025-06-09 - Sleep with one eye open- how Librarian Ghouls steal data by night/
2025-06-10 - CVE-2025-33053, Stealth Falcon and Horus - A Saga of Middle Eastern Cyber Espionage/
2025-06-12 - Fog Ransomware - Unusual Toolset Used in Recent Attack/
2025-06-12 - From Trust to Threat - Hijacked Discord Invites Used for Multi-Stage Malware Delivery/
2025-06-12 - Graphite Caught - First Forensic Confirmation of Paragon’s iOS Mercenary Spyware Finds Journalists Targeted/
2025-06-12 - Vexing and Vicious - The Eerie Relationship between WordPress Hackers and an Adtech Cabal/
2025-06-13 - GrayAlpha Uses Diverse Infection Vectors to Deploy PowerNet Loader and NetSupport RAT/
2025-06-14 - SpectraRansomware/
2025-06-15 - Team46 and TaxOff - Two sides of the same coin/
2025-06-16 - From SambaSpy to Sorillus - Dancing through a multi-language phishing campaign in Europe/
2025-06-16 - SadFuture - Mapping XDSpy latest evolution/
2025-06-17 - Critical Langflow Vulnerability (CVE-2025-3248) Actively Exploited to Deliver Flodrix Botnet/
2025-06-17 - Exploring a New KimJongRAT Stealer Variant and Its PowerShell Implementation/
2025-06-18 - A Wretch Client - From ClickFix deception to information stealer deployment/
2025-06-18 - Analyzing SERPENTINE#CLOUD - Threat Actors Abuse Cloudflare Tunnels to Infect Systems with Stealthy Python-Based Malware/
2025-06-18 - Fake Minecraft mods distributed by the Stargazers Ghost Network to steal gamers’ data/
2025-06-18 - Famous Chollima deploying Python version of GolangGhost RAT/
2025-06-18 - Feeling Blue(Noroff) - Inside a Sophisticated DPRK Web3 Intrusion/
2025-06-18 - Masslogger Fileless Variant – Spreads via .VBE, Hides in Registry/
2025-06-19 - Cobalt Strike Operators Leverage PowerShell Loaders Across Chinese, Russian, and Global Infrastructure/
2025-06-20 - Investigation of NailaoLocker Ransomware/
2025-06-20 - SpyMax - A Fake Wedding Invitation App Targeting Indian Mobile Users/
2025-06-20 - Zoom & doom - BlueNoroff call opens the door/
2025-06-20 - Zooming through BlueNoroff Indicators with Validin/
2025-06-23 - AnyDesk Clone Drops .NET Loader with AES Encrypted Payload and AV Evasion Delivering Phemedrone Stealer/
2025-06-23 - Bluenoroff (APT38) Live Infrastructure Hunting/
2025-06-23 - ConnectUnwise - Threat actors abuse ConnectWise as builder for signed malware/
2025-06-23 - Famous Chollima’s PylangGhost/
2025-06-24 - Another Wave - North Korean Contagious Interview Campaign Drops 35 New Malicious npm Packages/
2025-06-24 - Malware Analysis - Inside Lumma Stealer/
2025-06-25 - In the Wild - Malware Prototype with Embedded Prompt Injection/
2025-06-27 - Rage Against the Powershell - Qilin in the Name/
2025-06-27 - WEEVILPROXY/
2025-06-29 - Inside DarkGate - In-Depth Technical Analysis of the Malware-as-a-Service Threat/
2025-06-30 - Jasper Sleet - North Korean remote IT workers’ evolving tactics to infiltrate organizations/
2025-07-01 - DEVMAN Ransomware - Analysis of New DragonForce Variant/
2025-07-01 - Janela RAT and a stealer extension delivered together/
2025-07-01 - State Secrets for Sale - More Leaks from the Chinese Hack-for-Hire Industry/
2025-07-02 - @mentalpositive’s New macOS Stealer - AMOS Repackaged or a New Cyber Threat/
2025-07-02 - CrowdStrike Services Observes SCATTERED SPIDER Escalate Attacks Across Industries/
2025-07-02 - PureLogs Forensics/
2025-07-03 - Scattered Spider - Rapid7 Insights, Observations, and Recommendations/
2025-07-03 - XWorm Part 1 - Unraveling a Steganography-Based Downloader/
2025-07-06 - XWorm Part 2 - From Downloader to Config Extraction/
2025-07-08 - From Click to Compromise - Unveiling the Sophisticated Attack of DoNot APT Group on Southern European Government Entities/
2025-07-08 - Google and Microsoft Trusted Them. 2.3 Million Users Installed Them. They Were Malware/
2025-07-10 - Hive0145 back in German inboxes with Strela Stealer and a backdoor/
2025-07-12 - Global Group Ransomware-as-a-Service with AI-powered Negotiation/
2025-07-14 - Contagious Interview Campaign Escalates With 67 Malicious npm Packages and New Malware Loader/
2025-07-14 - GLOBAL GROUP - Emerging Ransomware-as-a-Service, Supporting AI Driven Negotiation and Mobile Control Panel for Their Affiliates/
2025-07-16 - Crocodilus - A deep dive into its structure and capabilities/
2025-07-16 - Phish and Chips - China-Aligned Espionage Actors Ramp Up Taiwan Semiconductor Industry Targeting/
2025-07-18 - How China’s Patriotic ‘Honkers’ Became the Nation’s Elite Cyberspies/
2025-07-19 - SharePoint 0-day uncovered (CVE-2025-53770)/
2025-07-20 - Perl based macOS-linux Stealer/
2025-07-20 - Scavenger Malware Distributed via eslint-config-prettier NPM Package Supply Chain Compromise/
2025-07-20 - Supply Chain Trojan sc_trojan_jwjf/
2025-07-21 - The SOC files - Rumble in the jungle or APT41’s new target in Africa/
2025-07-22 - Coyote in the Wild - First-Ever Malware That Abuses UI Automation/
2025-07-22 - Disrupting active exploitation of on-premises SharePoint vulnerabilities/
2025-07-23 - From Help Desk to Hypervisor - Defending Your VMware vSphere Estate from UNC3944/
2025-07-23 - HAFNIUM-Linked Hacker Xu Zewei - Riding the Tides of China’s Cyber Ecosystem/
2025-07-23 - Singapore Takes Unprecedented Military Action Against Chinese State-Sponsored Hackers/
2025-07-23 - Will the Real Salt Typhoon Please Stand Up/
2025-07-24 - Fire Ant - A Deep-Dive into Hypervisor-Level Espionage/
2025-07-24 - Hackers breach intelligence website used by CIA/
2025-07-25 - Threat Actors Lure Victims Into Downloading .HTA Files Using ClickFix To Spread Epsilon Red Ransomware/
2025-07-27 - Lumma Stealer — A Proliferating Threat in the Cybercrime Landscape/
2025-08-25 - Phishing Campaign Targeting Companies via UpCrypter/
2025-08-27 - Malicious Screen Connect Campaign Abuses AI-Themed Lures for Xworm Delivery/
2025-09-02 - Obscura an Obscure New Ransomware Variant/
2025-09-03 - Analyzing NotDoor Inside APT28’s Expanding Arsenal/
2025-09-03 - DragonForce Ransomware/
2025-09-03 - FANCY BEAR GONEPOSTAL – Espionage Tool Provides Backdoor Access to Microsoft Outlook/
2025-09-04 - Bells Ringing in Dar es Salaam/
2025-09-04 - New Botnet Emerges from the Shadows NightshadeC2/
2025-09-04 - North Korean Threat Actors Reveal Plans and Ops by Abusing Cyber Intel Platforms/
2025-09-05 - Unmasked Salat Stealer – A Deep Dive into Its Advanced Persistence Mechanisms and C2 Infrastructure/
2025-09-06 - Unknown Malware Using Azure Functions as C2/
2025-09-07 - APT37 Targets Windows with Rust Backdoor and Python/
2025-09-07 - ValleyRAT Exploiting BYOVD to Kill Endpoint Security/
2025-09-08 - Blurring the Lines Intrusion Shows Connection With Three Major Ransomware Gangs/
2025-09-08 - CyberVolk Ransomware Analysis of Double Encryption Structure and Disguised Decryption Logic/
2025-09-08 - MostereRAT Deployed AnyDeskTightVNC for Covert Full Access/
2025-09-08 - Off Your Docker Exposed APIs Are Targeted in New Malware Strain/
2025-09-09 - Agonizing Serpens (Aka Agrius) Targeting the Israeli Higher Education and Tech Sectors/
2025-09-09 - Analysis of Backdoor.WIN32.Buterat/
2025-09-09 - LunoBotnet A Self-Healing Linux Botnet with Modular DDoS and Cryptojacking Capabilities/
2025-09-09 - The Price of Free How Nulled Plugins Are Used to Weaken Your Defense/
2025-09-09 - Unmasking The Gentlemen Ransomware Tactics, Techniques, and Procedures Revealed/
2025-09-09 - ZynorRAT technical analysis Reverse engineering a novel, Turkish Go-based RAT/
2025-09-10 - AdaptixC2 A New Open-Source Framework Leveraged in Real-World Attacks/
2025-09-10 - EggStreme Malware Unpacking a New APT Framework Targeting a Philippine Military Company/
2025-09-10 - EvilAI Operators Use AI-Generated Code and Fake Apps for Far-Reaching Attacks/
2025-09-10 - Frankenstein Variant of the ToneShell Backdoor Targeting Myanmar/
2025-09-10 - Sidewinder APT leverages Nepal protests to push mobile malware/
2025-09-10 - Technical Analysis of kkRAT/
2025-09-10 - Trigona Rebranding Suspicions and Global Threats, and BlackNevas Ransomware Analysis/
2025-09-11 - Beaches and breaches/
2025-09-11 - Behind the Mask of Madgicx Plus A Chrome Extension Campaign Targeting Meta Advertisers/
2025-09-11 - Cyberspike Villager Cobalt Strikes AI-native Successor/
2025-09-11 - From Phishing to Payload How DarkCloud Stealer is Targeting Financial Organizations/
2025-09-11 - Hive0154, aka Mustang Panda, drops updated Toneshell backdoor and novel SnakeDisk USB worm/
2025-09-11 - Macc stealer evolves into MacSync Now with a backdoor/
2025-09-11 - Malware Campaign Leverages SVGs Email Attachments and CDNs to Drop XWorm and Remcos via BAT Scripts/
2025-09-11 - Vidar Infostealer in Action/
2025-09-12 - CastleRAT TAG-150s New Remote Access Trojan/
2025-09-12 - Dark Web Profile BQTLock Ransomware/
2025-09-12 - Deconstructing a Cyber Deception An Analysis of the Clickfix HijackLoader Phishing Campaign/
2025-09-12 - Introducing HybridPetya PetyaNotPetya copycat with UEFI Secure Boot bypass/
2025-09-12 - SEO Poisoning Attack Targets Chinese-Speaking Users with Fake Software Sites/
2025-09-12 - Silver fox intelligence sharing/
2025-09-12 - You’re invited Four phishing lures in campaigns dropping RMM tools/
2025-09-12 - Yurei The Ghost of Open Source Ransomware/
2025-09-13 - WhiteCobra's Playbook Exposed Critical Mistake Reveals 24-Extension Campaign Targeting VS Code and Cursor/
2025-09-14 - AI-Driven Deepfake Military ID Fraud Campaign/
2025-09-14 - The strongest in history Uncovering the inside story of the 115T-class hyperscale botnet AISURU/
2025-09-15 - Digital Frontlines India Under Multi-Nation Hacktivist Attack/
2025-09-15 - Huntress Threat Advisory The Dangers of Storing Unencrypted Passwords/
2025-09-15 - Inside Maranhão Stealer Nodejs-Powered InfoStealer Using Reflective DLL Injection/
2025-09-15 - Magecart Skimmer Analysis From One Tweet to a Campaign/
2025-09-15 - SmokeLoader Rises From the Ashes/
2025-09-15 - 【高级威胁追踪(APT)】深入分析“伪猎者”组织Github仓库加密载荷/
2025-09-16 - AppSuite OneStart ManualFinder The Nexus of Deception/
2025-09-16 - APT28 Operation Phantom Net Voxel/
2025-09-16 - Elons ProximaBlack Shadow related ransomware attack via Oracle DBS External Jobs/
2025-09-16 - FileFix in the wild New FileFix campaign goes beyond POC and leverages steganography/
2025-09-16 - From Red Team to Rogue, Villager Threatens to Become the Next Cobalt Strike/
2025-09-16 - Going Underground China-aligned TA415 Conducts US-China Economic Relations Targeting Using VS Code Remote Tunnels/
2025-09-16 - Malicious PyPI Packages Deliver SilentSync RAT/
2025-09-16 - Raven Stealer/
2025-09-16 - RevengeHotels a new wave of attacks leveraging LLMs and VenomRAT/
2025-09-16 - Under the Pure Curtain From RAT to Builder to Coder/
2025-09-17 - BeaverTail variant distributed via malicious repositories and ClickFix lure/
2025-09-17 - EpiBrowser A Sophisticated PUP Masquerading as Chromium/
2025-09-17 - GOLD SALEMs Warlock operation joins busy ransomware landscape/
2025-09-17 - Kawa4096 Ransomware Aimed at Brand Effect through Imitation/
2025-09-17 - Malicious PyPI Packages Deliver SilentSync RAT/
2025-09-17 - Mapping the Infrastructure and Malware Ecosystem of MuddyWater/
2025-09-17 - NGC6061 серия фишинговых атак на органы власти/
2025-09-17 - Shai-Hulud Worm Compromises npm Ecosystem in Supply Chain Attack/
2025-09-17 - ShinyHunters Calling Financially Motivated Data Extortion Group Targeting Enterprise Cloud Applications/
2025-09-17 - When the Dash Hits the Fan Artificial Intelligence Exposes the Homoglyph Hustle/
2025-09-18 - CopyCop Deepens Its Playbook with New Websites and Targets/
2025-09-18 - CountLoader Silent Push Discovers New Malware Loader Being Served in 3 Different Versions/
2025-09-18 - Lessons Learned From Massive npm Supply Chain Attack Using Shai-Hulud Self-Replicating Malware/
2025-09-18 - SystemBC Bringing the Noise/
2025-09-18 - Tracking AsyncRAT via Trojanized ScreenConnect and Open Directories/
2025-09-18 - 위협 분석 성범죄자 고지 정보를 위장한 Kimsuky 공격/
2025-09-19 - DeerStealer Malware Campaign Stealth Persistence and Rootkit-Like Capabilities/
2025-09-19 - Gamaredon X Turla collab/
2025-09-19 - How AI-Native Development Platforms Enable Fake Captcha Pages/
2025-09-19 - Prompts as Code Embedded Keys The Hunt for LLM-Enabled Malware/
2025-09-19 - Unmasking Akira The ransomware tactics you cant afford to ignore/
2025-09-19 - 疑似APT-C-00海莲花投递Havoc木马/
2025-09-21 - Block Blasters - Forensic Report/
2025-09-21 - Fake Online Speedtest Application/
2025-09-21 - Technical Analysis of Zloader Updates/
2025-09-22 - Malicious fezbox npm Package Steals Browser Passwords from Cookies via Innovative QR Code Steganographic Technique/
2025-09-22 - Nimbus Manticore Deploys New Malware Targeting Europe/
2025-09-22 - Operation Rewrite Chinese-Speaking Threat Actors Deploy BadIIS in a Wide Scale SEO Poisoning Campaign/
2025-09-22 - YiBackdoor A New Malware Family With Links to IcedID and Latrodectus/
2025-09-22 - zerodayx1 Hacktivist groups turning to ransomware operations/
2025-09-23 - Another BRICKSTORM Stealthy Backdoor Enabling Espionage into Tech and Legal Sectors.pdf/
2025-09-23 - Bearlyfy эволюция новой группировки вымогателей иеё связь сPhantomCore/
2025-09-23 - COLDRIVER Updates Arsenal with BAITSWITCH and SIMPLEFIX/
2025-09-23 - GUNRA RANSOMWARE What You Don’t Know/
2025-09-23 - Hidden WordPress Backdoors Creating Admin Accounts/
2025-09-23 - How RainyDay, Turian and a new PlugX variant abuse DLL search order hijacking/
2025-09-23 - ShadowV2 An emerging DDoS for hire botnet/
2025-09-24 - AI vs AI Detecting an AI-obfuscated phishing campaign/
2025-09-24 - Bookworm to Stately Taurus Using the Unit 42 Attribution Framework/
2025-09-24 - From LNK to RAT Deep Dive into the LNK Malware Infection Chain/
2025-09-24 - Inside Salt Typhoon Chinas State-Corporate Advanced Persistent Threat/
2025-09-24 - Inside Vietnamese Threat Actor Lone Nones Copyright Takedown-Spoofing Campaign/
2025-09-24 - New LockBit 5.0 Targets Windows Linux ESXi/
2025-09-24 - RedNovember Targets Government, Defence, and Technology Organizations/
2025-09-25 - Botnet Loader-as-a-Service Infrastructure Distributing RondoDoX and Mirai Payloads/
2025-09-25 - Cavalry Werewolf атакует Россию через доверительные отношения между государствами/
2025-09-25 - DeceptiveDevelopment From primitive crypto theft to sophisticated AI-based deception/
2025-09-25 - Eye of the Storm Analyzing DarkClouds Latest Capabilities/
2025-09-25 - First Malicious MCP in the Wild The Postmark Backdoor That's Stealing Your Emails/
2025-09-25 - From Custom Scripts to Commodity RATs A Threat Actor’s Evolution to PureRAT/
2025-09-25 - It Is Bad Exploitation of Fortra GoAnywhere MFT CVE-2025-10035 - Part 2/
2025-09-25 - Massive npm infection the Shai-Hulud worm and patient zero/
2025-09-25 - XCSSET evolves again Analyzing the latest updates to XCSSET’s inventory/
2025-09-25 - Обновленные инструменты группировки BO Team/
2025-09-25 - 纯干货 银狐变种 技术分析揭穿病毒多层混淆虚拟化伪装/
2025-09-26 - Beyond Signatures Detecting Lumma Stealer with an ML-Powered Sandbox/
2025-09-26 - FBI warns of threat actors spoofing the FBI crime complaint website/
2025-09-26 - From SEO Poisoning to Malware Deployment Malvertising campaign uncovered/
2025-09-26 - HeartCrypts wholesale impersonation effort/
2025-09-26 - Olymp Loader A new Malware-as-a-Service written in Assembly/
2025-09-26 - Smash and Grab Aggressive Akira Campaign Targets SonicWall VPNs Deploys Ransomware in an Hour or Less/
2025-09-26 - SVG Phishing hits Ukraine with Amatera Stealer PureMiner/
2025-09-26 - XWorm RAT Delivered via Shellcode Multi-Stage Attack Analysis/
2025-09-28 - MS-SQL 서버 공격 사례에서 확인된 XiebroC2/
2025-09-29 - Acreed Infostealer Gaining Popularity Among Cybercriminals for C2 via Steam Platform/
2025-09-29 - Crypto24 Ransomware Uncovered Stealth Persistence and Enterprise-Scale Impact/
2025-09-29 - Cybercrime Observations from the Frontlines UNC6040 Proactive Hardening Recommendations/
2025-09-29 - DHCSpy - Discovering the Iranian APT MuddyWater/
2025-09-29 - From a Single Click How Lunar Spider Enabled a Near Two-Month Intrusion/
2025-09-29 - The Fake Bureau of Investigation How Cybercriminals Are Impersonating Government Pages/
2025-09-30 - 0day ICS attack in the wild/
2025-09-30 - Breakingdown of Patchwork APT/
2025-09-30 - Check Your Socks - A Deep Dive into soopsocks PyPI Package/
2025-09-30 - Datzbro RAT Hiding Behind Senior Travel Scams/
2025-09-30 - Detour Dog DNS Malware Powers Strela Stealer Campaigns/
2025-09-30 - GhostSocks From Initial Access to Residential Proxy/
2025-09-30 - Phantom Taurus A New Chinese Nexus APT and the Discovery of the NET-STAR Malware Suite/
2025-09-30 - Phishing for clues part 2 Exploring a yearlong AiTM Phishing Campaign/
2025-09-30 - Silent Smishing The Hidden Abuse of Cellular Router APIs/
2025-09-30 - WARMCOOKIE One Year Later New Features and FreshInsights/
2025-09-30 - Бекдор CABINETRAT використовується UAC-0245 для цільових кібератак у відношенні СОУ (CERT-UA#17479)/
2025-10-01 - FunkSecs FunkLocker How AI Is Powering the Next Wave of Ransomware/
2025-10-01 - Larva-25010 APT Down 공격자 PC 분석/
2025-10-01 - Lunar Spider Expands their Web via FakeCaptcha/
2025-10-01 - Operation SouthNet SideWinder Expands Phishing and Malware Operations in South Asia/
2025-10-01 - Rhadamanthys 0.9.x – walk through the updates/
2025-10-02 - Cavalry Werewolf raids Russias public sector with trusted relationship attacks/
2025-10-02 - Confucius Espionage From Stealer to Backdoor/
2025-10-02 - New spyware campaigns target privacy-conscious Android users in the UAE/
2025-10-02 - Self-Propagating Malware Spreading Via WhatsApp Targets Brazilian Users/
2025-10-02 - UAT-8099 Chinese-speaking cybercrime group targets high-value IIS for SEO fraud/
2025-10-02 - XWorm V6 Exploring Pivotal Plugins/
2025-10-03 - CN APT targets Serbian Government/
2025-10-03 - Malvertising Campaign Hides in Plain Sight on WordPress Websites/
2025-10-03 - Search Click Steal The Hidden Threat of Spoofed Ivanti VPN Client Sites/
2025-10-03 - SecuritySnack 18E-Crime/
2025-10-03 - TamperedChef Malvertising to Credential Theft/
2025-10-03 - When the monster bytes tracking TA585 and its arsenal/
2025-10-03 - Yurei Ransomware the Digital Ghost/
2025-10-06 - Detecting DLL hijacking with machine learning real-world cases/
2025-10-06 - Fake Microsoft Teams Installers Deliver Oyster Backdoor/
2025-10-06 - Investigating active exploitation of CVE-2025-10035 GoAnywhere Managed File Transfer vulnerability/
2025-10-06 - Klopatra exposing a new Android banking trojan operation with roots in Turkey/
2025-10-06 - Massive Malicious NPM Package Attack Threatens Software Supply Chains/
2025-10-06 - Mustang Panda Employ Publoader Through ClaimLoader Yes another DLL Side-Loading Technique Delivery/
2025-10-07 - 0-day vulnerability exploited by Cl0p patched by Oracle/
2025-10-07 - Akira Reloaded/
2025-10-07 - BatShadow’s Latest Play - Vietnamese Threat Group Uses Vampire Bot to Target Digital Professionals/
2025-10-07 - Phishing from Home The Hidden Danger in Remote Jobs Lurking in Tesla Google Ferrari and Glassdoor/
2025-10-07 - Shuyal Stealer Advanced Infostealer Targeting 19 Browsers/
2025-10-08 - APT Meets GPT Targeted Operations with Untamed LLMs/
2025-10-08 - CHAMELEONNET A Deep Dive into Multi-Stage NET Malware Leveraging Reflective Loading and Custom Decryption for Stealthy Operations/
2025-10-08 - Exploring Invoice Fraud Email Attempts with Validin/
2025-10-08 - Oracle E-Business Suite Zero-Day Exploited in Widespread Extortion Campaign/
2025-10-08 - RondoDox From Targeting Pwn2Own Vulnerabilities to Shotgunning Exploits/
2025-10-08 - The ClickFix Factory First Exposure of IUAM ClickFix Generator/
2025-10-08 - The Crown Prince Nezha A New Tool Favored by China-Nexus Threat Actors/
2025-10-08 - The Evolution of Chaos Ransomware Faster Smarter and More Dangerous/
2025-10-08 - Variants of BlackTech's Kivars malware identified in 2025/
2025-10-09 - AdaptixC2 Uncovered Capabilities Tactics Hunting Strategies/
2025-10-09 - Inside a Crypto Scam Nexus/
2025-10-09 - Inside Akira’s SonicWall Campaign Darktrace’s Detection and Response/
2025-10-09 - New Rust Malware ChaosBot Uses Discord for Command and Control/
2025-10-09 - Velociraptor leveraged in ransomware attacks/
2025-10-09 - Yurei A New Ransomware Threat/
2025-10-09 - Специалисты Angara MTDR зафиксировали активизацию деятельности группировки Rare Werewolf/
2025-10-10 - Astaroth Banking Trojan Abusing GitHub for Resilience/
2025-10-10 - New Stealit Campaign Abuses Nodejs Single Executable Application/
2025-10-13 - Judicial Notification Phish Targets Colombian Users SVG Attachment Deploys Info-stealer Malware/
2025-10-14 - GhostBat RAT Inside the Resurgence of RTO-Themed Android Malware/
2025-10-14 - Kaiji Malware Anatomy, Persistence and Detection/
2025-10-14 - LinkPro eBPF rootkit analysis/
2025-10-14 - Operation Zero Disco Attackers Exploit Cisco SNMP Vulnerability to Deploy Rootkits/
2025-10-14 - SOE-phisticated Persistence Inside Flax Typhoons ArcGIS Compromise/
2025-10-14 - Weaponized Trust Microsofts Logo as a Gateway to Tech Support Scams/
2025-10-14 - Протидія російським ДРГ UAC-0239 здійснює кібератаки з використанням фреймворку OrcaC2 та стілеру FILEMESS (CERT-UA#17691)/
2025-10-14 - 南亚某组织的双平台后门StealthServer/
2025-10-15 - ChaosBot Rust Malware Uses Discord API for Covert Command and Control/
2025-10-15 - Mysterious Elephant a growing threat/
2025-10-15 - New Group on the Block UNC5142 Leverages EtherHiding to Distribute Malware/
2025-10-15 - OtterCandy malware used by WaterPlum/
2025-10-15 - PhantomVAI Loader Delivers a Range of Infostealers/
2025-10-15 - Qilin Ransomware and the Ghost Bulletproof Hosting Conglomerate/
2025-10-15 - SecuritySnack Repo The Repo - NPM Phishing/
2025-10-15 - StealthServer A Dual-Platform Backdoor from a South Asian APT Group/
2025-10-15 - TigerJack's Malicious VSCode Extensions Steal Code, Mine Crypto, and Plant Backdoors/
2025-10-16 - Privacy and Prizes Rewards from a Malicious Browser Extension/
2025-10-18 - GlassWorm First Self-Propagating Worm Using Invisible Code Hits OpenVSX Marketplace/
2025-10-22 - Jingle Thief Inside a Cloud-Based Gift Card Fraud Campaign/
2025-10-24 - WSUS Deserialization Exploit in the Wild CVE202559287/