Experts at Kaspersky Lab have uncovered a new remote access trojan, GodRAT, which is being distributed through .scr files disguised as financial documents. Until March 2025, attackers relied on Skype to deliver the malware,...
Experts at Red Canary have uncovered an unusual campaign leveraging a newly identified strain of malware, DripDropper, specifically targeting cloud-based Linux servers. The attackers gained initial access through CVE-2023-46604 in Apache ActiveMQ, after which...
The Noodlophile malware campaign has entered a new phase, steadily expanding its reach across more countries. Morphisec researcher Shmuel Uzan has reported that attackers have shifted to using phishing emails disguised as copyright infringement...
At the beginning of 2025, Trellix specialists uncovered a sweeping cyber-espionage campaign targeting diplomatic missions in Seoul. Between March and July, at least nineteen phishing attacks were recorded, in which North Korean–linked actors impersonated...
In the latest issue of the hacker magazine Phrack, a vast archive has been published detailing the operations of North Korean cybercriminal groups. The leak includes exploitation techniques, information on compromised systems, and a...
Researchers at Hunt.io have published an in-depth analysis of the Android banking trojan ERMAC 3.0, uncovering not only its enhanced capabilities but also severe flaws within its infrastructure. This iteration expands upon the functionality...
Experts at Censys have released their State of the Internet 2025 report, focusing on the infrastructure of cybercriminals—specifically Command-and-Control (C2) servers and other tools used to coordinate attacks and maintain access to compromised systems....
A new Android malware campaign has emerged, targeting banking customers in Brazil, India, and Southeast Asia, combining contactless fraud via NFC, call interception, and the exploitation of device vulnerabilities. Researchers at ThreatFabric have identified...
Japan has been struck by a new wave of cyberattacks involving CrossC2, a tool that extends the capabilities of Cobalt Strike to Linux and macOS platforms. According to the JPCERT/CC Coordination Center, these attacks...
The Trustwave SpiderLabs research team has documented a fresh wave of EncryptHub attacks, in which the human element and the exploitation of a Microsoft Management Console (MMC) vulnerability converge into a single, cohesive campaign....
U.S. authorities have disclosed the details of a July operation against the BlackSuit ransomware syndicate, a coordinated strike that dismantled the group’s infrastructure and seized its digital assets. On July 24, in an internationally...
Analysts from FortiMail Workspace Security have uncovered a targeted campaign against Israeli companies and organizations within critical infrastructure sectors. The attackers exploited a compromised internal email system to send highly convincing messages to regional...
Researchers at Forcepoint X-Labs have identified a new malware campaign targeting macOS users. The attack employs an enhanced ClickFix technique—combining phishing with social engineering—to steal data from cryptocurrency wallets, browser accounts, and confidential files....
The group behind the SocGholish malware has intensified its use of the Parrot TDS and Keitaro TDS traffic distribution systems to filter visitors and redirect them to malicious destinations. According to Silent Push, the...
U.S. law enforcement has revealed details of an international operation that dismantled the core infrastructure of the BlackSuit ransomware gang, notorious for a series of devastating cyberattacks. Nearly two weeks ago, the group’s dark...
A new tool for disabling EDR systems has emerged in the cybercriminal underground, which Sophos researchers regard as an evolution of the EDRKillShifter utility. Its use has already been documented in attacks by eight...
