The Trustwave SpiderLabs research team has documented a fresh wave of EncryptHub attacks, in which the human element and the exploitation of a Microsoft Management Console (MMC) vulnerability converge into a single, cohesive campaign....
U.S. authorities have disclosed the details of a July operation against the BlackSuit ransomware syndicate, a coordinated strike that dismantled the group’s infrastructure and seized its digital assets. On July 24, in an internationally...
Analysts from FortiMail Workspace Security have uncovered a targeted campaign against Israeli companies and organizations within critical infrastructure sectors. The attackers exploited a compromised internal email system to send highly convincing messages to regional...
Researchers at Forcepoint X-Labs have identified a new malware campaign targeting macOS users. The attack employs an enhanced ClickFix technique—combining phishing with social engineering—to steal data from cryptocurrency wallets, browser accounts, and confidential files....
The group behind the SocGholish malware has intensified its use of the Parrot TDS and Keitaro TDS traffic distribution systems to filter visitors and redirect them to malicious destinations. According to Silent Push, the...
U.S. law enforcement has revealed details of an international operation that dismantled the core infrastructure of the BlackSuit ransomware gang, notorious for a series of devastating cyberattacks. Nearly two weeks ago, the group’s dark...
A new tool for disabling EDR systems has emerged in the cybercriminal underground, which Sophos researchers regard as an evolution of the EDRKillShifter utility. Its use has already been documented in attacks by eight...
Cybersecurity researchers have uncovered 11 malicious Go packages designed to download additional components from remote servers and execute them on both Windows and Linux systems. According to Socket researcher Olivia Brown, during execution the...
Two malicious packages have been discovered in the NPM ecosystem, disguised as libraries for building bots and automated services using the WhatsApp Business API. Identified by researchers at Socket, these modules mimicked popular WhatsApp...
Akira ransomware attacks are growing ever more sophisticated: threat actors have begun exploiting a legitimate Intel CPU tuning driver to disable Windows’ built-in protections. The driver in question—rwdrv.sys, part of the ThrottleStop utility—is registered...
Although humans have traditionally been regarded as the weakest link in the cybersecurity chain, a new study by Canadian researchers reveals that even untrained individuals can effectively detect malicious software when provided with minimal...
Over the past year, a social engineering technique known as ClickFix has witnessed a meteoric rise, propelled by a fusion of unique delivery methods, persuasive narratives, and sophisticated evasion tactics. According to analysts at...
A large-scale campaign exploiting a chain of vulnerabilities in Microsoft SharePoint continues to escalate—this time with the active involvement of ransomware groups. During an investigation into a series of coordinated attacks, researchers at Palo...
A new large-scale threat has emerged on the Android horizon, dubbed PlayPraetor—a sophisticated piece of malware capable of seizing full control over compromised devices. To date, over 11,000 devices have fallen under its sway,...
For nearly a year, a malicious module known as Plague evaded detection by Linux security solutions, despite its active proliferation and deep entrenchment within one of the system’s most critical components—the authentication stack. Its...
A malicious package discovered in the NPM ecosystem by researchers at Safety turned out to be far more than a simple trojan for cryptocurrency theft—it stood as a striking example of an attack orchestrated...
