Researchers at Trend Micro have documented a large-scale operation codenamed ZeroDisco, in which attackers weaponized a critical flaw in Cisco’s SNMP implementation (CVE-2025-20352, CVSS 9.0) to implant rootkits and execute arbitrary code on network...
Several extensions for Visual Studio Code, distributed via the open OpenVSX repository, have been found to contain malicious code aimed at cryptocurrency theft and the compromise of developers’ machines. The campaign is attributed to...
McAfee researchers have reported a renewed campaign by the banking trojan Astaroth, which has begun abusing GitHub as a resilient channel for delivering configuration data. By leveraging a legitimate platform in this way, attackers...
Since the beginning of October, GreyNoise analysts have been tracking one of the largest and most coordinated waves of attacks targeting remote access services across the United States. According to their findings, since October...
The notorious Aisuru botnet continues to grow in destructive power — it now commands over 300,000 infected IoT devices, the majority of which are located within networks operated by major U.S. providers such as...
The ClayRat espionage campaign is evolving rapidly and increasingly targeting Android users. According to Zimperium, the malware is spreading actively among Russian users via fake websites and Telegram channels, disguising itself as popular applications...
Attackers have begun abusing the DFIR tool Velociraptor to stage ransomware deployments of LockBit and Babuk. Cisco Talos attributes these campaigns to a cluster known as Storm-2603, believed to operate from China. Analysts report...
Researchers have identified a large-scale wave of attacks orchestrated by the RondoDox botnet, which employs the so-called “exploit shotgun” technique—literally “firing at everything that moves.” This method involves automatically testing dozens of exploits in...
A new wave of phishing attacks has laid bare just how sophisticated social-engineering techniques have become. Researchers have identified an evolved variant of the FileFix attack that exploits a cache-smuggling technique to clandestinely deposit...
The threat actor known as BatShadow, linked to Vietnam, has launched a new malicious campaign targeting job seekers and digital marketing professionals. Posing as recruiters, the attackers distribute forged job descriptions; when victims open...
In a complex attack chain that blends malicious advertising, DNS-based control, and multi-stage delivery schemes, researchers at Infoblox uncovered the operations of a cybercriminal group known by the alias Detour Dog. The group orchestrates...
The group Lunar Spider—also known under the aliases Gold SwathMore and Elara—has ramped up a new malicious campaign that leverages a counterfeit CAPTCHA verification interface to infect victims’ devices. The primary vector is the...
