Blog

Your inside look at what's on our mind...

Beware of the Bait: Malicious USPS Ad Fishing for Banking Credentials

BlueNoroff | How DPRK’s macOS RustBucket Seeks to Evade Analysis and Detection

Chinese Threat Actors Targeting Europe in SmugX Campaign

Honeypot Recon: Enterprise Applications Honeypot - Unveiling Findings from Six Worldwide Locations

Welcome to New York: TA453's Intriguing Foray into LNKs and Mac Malware

Georgia elections official downplays cybersecurity threats despite report

Newly Uncovered ThirdEye Windows-Based Malware Steals Sensitive Data

Preventing Cyberattacks on Schools Starts With K–12 Cybersecurity Education

Some Lumberton ISD employees' personal data leaked in cybersecurity hack

Vulnerability Hunting: Threat Hunting’s Cybersecurity Cousin

Hackers Use Weaponized PDF Files to Attack Organizations

Kimsuky Distributing CHM Malware Under Various Subjects

Kimsuky Distributing CHM Malware Under Various Subjects

RedEyes Group Wiretapping Individuals (APT37)

Why Malware Crypting Services Deserve More Scrutiny

Android Malware Impersonates ChatGPT-Themed Applications

COSMICENERGY: New OT Malware Possibly Related To Russian Emergency Response Exercises

CVE-2017-9248 Exploitation in U.S. Government IIS Server

MOVEit Cyber Attack

Pirated Windows builds with crypto stealer that penetrates EFI partition

Analysis of the RecordBreaker secret-stealing Trojan spread through video sites

Asylum Ambuscade: crimeware or cyberespionage?

CL0P Ransomware Gang Exploits CVE-2023-34362 MOVEit Vulnerability

DynamicRAT — A full-fledged Java Rat

MOVEit Transfer Exploited to Drop File-Stealing SQL Shell

Analysis of the CloudWizard APT framework

Back in Black: BlackByte Ransomware returns with its New Technology (NT) version

BlackCat Ransomware Deploys New Signed Kernel Driver

Malvertising via brand impersonation is back again

SME Tip 1

SME Tip 2

SME Tip 3

SME Tip 4

SME Tip 5

Volt Typhoon targets US critical infrastructure with living-off-the-land techniques

AndoryuBot’s DDOS Rampage

BianLian Ransomware Group

OilAlpha: A Likely Pro-Houthi Group Targeting Entities Across the Arabian Peninsula

Qakbot C2s

The distinctive rattle of APT SideWinder

AuKill EDR killer malware abuses Process Explorer driver

Fake system update drops Aurora stealer via Invalid Printer loader

SideWinder Uses Server-side Polymorphism to Attack Pakistan Government Officials — and Is Now Targeting Turkey

Sophisticated DarkWatchMan RAT Spreads Through Phishing Sites

Threat Assessment: Royal Ransomware

1877 Team: A Kurdish hacker group on the rise

Atomic Stealer | Threat Actor Spawns Second Variant of macOS Malware Sold on Telegram

BlackBit Ransomware: A Threat from the Shadows of LokiLocker

New KEKW Malware Variant Identified in PyPI Package Distribution

Raspberry Robin: A global USB malware campaign providing access to ransomware operators

FIN7 tradecraft seen in attacks against Veeam backup servers

Magecart threat actor rolls out convincing modal forms

Tonto Team Using Anti-Malware Related Files for DLL Side-Loading

Chinese Alloy Taurus Updates PingPull Malware

RokRAT Malware Distributed Through LNK Files

CrossLock Ransomware Emerges: New GoLang-Based Malware On the Horizon

LockBit for Mac | How Real is the Risk of macOS Ransomware?

Play Ransomware Group Using New Custom Data-Gathering Tools

Tracking MuddyWater’s infrastructure

Threat Actors Rapidly Adopt Web3 IPFS Technology

Bitter Group distributes CHM malware to Chinese institutions

Malware Disguised as Document from Ukraine's Energoatom Delivers Havoc Demon Backdoor

Money Ransomware: The Latest Double Extortion Group

Threat Actor Spotlight: RagnarLocker Ransomware

Transparent Tribe (APT36) | Pakistan-Aligned Threat Actor Expands Interest in Indian Education Sector

CryptoClippy Speaks Portuguese

Mac Malware MacStealer Spreads as Fake P2E Apps

New Indicators of Compromise (IOCs) Discovered for Windows and Linux-based Backdoor Malware KEYPLUG

Spyware vendors use 0-days and n-days against popular platforms

Technical analysis of the Genesis Market and Middot

APT43: North Korean Group Uses Cybercrime to Fund Espionage Operations

CrowdStrike Falcon Platform Detects and Prevents Active Intrusion Campaign Targeting 3CXDesktopApp Customers

DBatLoader Actively Distributing Malwares Targeting Europea

LimeRAT Malware Analysis: Extracting the Configuration

Winter Vivern Uses Known Zimbra Vulnerability to Target Webmail Portals of NATO-Aligned Governments in Europe

A look at a Magecart skimmer using the Hunter obfuscator

Cinoshi Project and the Dark Side of Free MaaS

New Kritec Magecart skimmer found on Magento stores

Operation Tainted Love | Chinese APTs Target Telcos in New Attacks

Session Cookies, Keychains, SSH Keys and More | 7 Kinds of Data Malware Steals from macOS Users

BatLoader Continues to Abuse Google Search Ads

CHM Malware Disguised as North Korea-related Questionnaire (Kimsuky)

Emotet Returns, Now Adopts Binary Padding for Evasion

South Korean Android Banking Menace – FakeCalls

Winter Vivern | Uncovering a Wave of Global Espionage

BlackSnake Ransomware Emerges from Chaos Ransomware’s Shadow

DeepStreamer: Illegal Movie Streaming Platforms Hide Lucrative Ad Fraud Operation

Malvertising In Google Search Results Delivering Stealers

Nevada Ransomware: Yet Another Nokayawa Variant

Prometei botnet improves modules and exhibits new capabilities in recent updates

Redis Miner Leverages Command Line File Hosting Service

Active hoze mining Trojan analysis

Kaiji Botnet Resurfaces, Unmasking Ares Hacking Group?

Lumma Stealer targets YouTubers via Spear-phishing Email

MQsTTang: Mustang Panda’s latest backdoor treads new ground with Qt and MQTT

Beware of macOS cryptojacking malware.

Clasiopa: New Group Targets Materials Research

The Growing Threat of ChatGPT-Based Phishing Attacks

Andoryu Botnet. A New Botnet Based on Socks Protocol

Cyber attack of the group UAC-0050 using the Remcos program.