malware
-
The Invisible Shadow: How Signaling Vulnerabilities Enable Global Mobile Surveillance
A groundbreaking investigation by Citizen Lab has pulled back the curtain on a series of sophisticated, multi-year surveillance campaigns that…
Read More » -
Trigona Affiliates Pivot to Proprietary Data Exfiltration Tooling
In a significant tactical shift, ransomware operators are moving away from “living off the land” with common utilities and toward…
Read More » -
NCSC-UK Warns of China-Linked Covert Networks Using Hijacked IoT Devices
The UK’s National Cyber Security Centre (NCSC), along with international partners, has issued a joint warning about a growing trend…
Read More » -
Context.ai Compromise Exposes Vercel Customers
In a recent disclosure that highlights the growing complexity of modern software supply chains, Vercel has confirmed a sophisticated security…
Read More » -
Harvester APT Deploys Linux Variant of GoGra Backdoor via Microsoft Graph API, Outlook Mailboxes
In a significant pivot for cyber espionage tactics, security researchers have uncovered a Linux-compatible variant of the GoGra backdoor. This…
Read More » -
The Industrialization of Web3 Theft: How HexagonalRodent Leverages AI and Social Engineering to Loot Developers
In a sophisticated evolution of North Korean cyber operations, a threat actor group known as HexagonalRodent is systematically targeting the…
Read More » -
Tropic Trooper Campaign: Leveraging GitHub and VS Code Tunnels for Stealthy C2
A sophisticated new campaign attributed to the threat actor Tropic Trooper (also known as Earth Centaur or Pirate Panda) has…
Read More » -
The Multi-Stage Supply Chain Compromise of Checkmarx KICS
In a sophisticated demonstration of supply chain exploitation, the official Checkmarx KICS (Keeping Infrastructure as Code Secure) ecosystem has fallen…
Read More » -
Critical Supply Chain Compromise: Malicious Infostealer Detected in Xinference Python Package
The software development community is facing a significant security milestone as a sophisticated supply chain attack has successfully targeted Xinference,…
Read More » -
Precision Targeting: Deconstructing the notnullOSX macOS Stealer Campaign
A sophisticated new cyber-threat has emerged in the macOS ecosystem, targeting high-net-worth individuals through a highly curated social engineering campaign.…
Read More » -
Needle Stealer Malware Hijacking Traders via Fake “TradingClaw” AI Agent
Cybersecurity researchers have identified a sophisticated social engineering campaign leveraging a fraudulent “TradingView AI agent” to distribute the Needle Stealer…
Read More » -
Security Advisory: Discovery of “Auraboros,” an Unauthenticated, High-Capability RAT Framework
In a significant finding for the threat intelligence community, a previously undocumented Remote Access Trojan (RAT) framework, dubbed Auraboros, has…
Read More » -
Analyzing DinDoor, the Deno-Powered Backdoor Disguised as Legitimate Tooling
In the evolving landscape of advanced persistent threats (APTs), attackers are increasingly moving away from custom compiled binaries in favor…
Read More » -
LOTUSLITE: How Mustang Panda is Weaponizing Trusted Binaries Against the Banking Sector
In a sophisticated display of “living off the land” tradecraft, threat actors are increasingly leveraging Microsoft-signed developer tools to mask…
Read More »