Malware & Threats Fresh Grandoreiro Banking Trojan Campaigns Target Latin America, Europe The Grandoreiro banking trojan has reemerged in new campaigns targeting users in Latin America and Europe. Ionut ArghireMarch 28, 2025
Malware & Threats Russian Ransomware Gang Exploited Windows Zero-Day Before Patch Exploitation of Windows MMC zero-day is being pinned on a ransomware gang known as EncryptHub (an affiliate of RansomHub) Ryan NaraineMarch 26, 2025
Malware & Threats AMTSO Releases Sandbox Evaluation Framework AMTSO has developed a Sandbox Evaluation Framework to standardize the testing of malware analysis solutions. Eduard KovacsMarch 26, 2025
Malware & Threats macOS Users Warned of New Versions of ReaderUpdate Malware macOS users are targeted with multiple versions of the ReaderUpdate malware written in Crystal, Nim, Rust, and Go programming languages. Ionut ArghireMarch 26, 2025
Malware & Threats Chinese APT Weaver Ant Targeting Telecom Providers in Asia Weaver Ant, a cyberespionage-focused APT operating out of China, is targeting telecom providers for persistent access. Ionut ArghireMarch 25, 2025
Malware & Threats Medusa Ransomware Uses Malicious Driver to Disable Security Tools The Medusa ransomware relies on a malicious Windows driver to disable the security tools running on the infected systems. Ionut ArghireMarch 24, 2025
Malware & Threats 300 Malicious ‘Vapor’ Apps Hosted on Google Play Had 60 Million Downloads Over 300 malicious applications displaying intrusive full-screen interstitial video ads amassed more than 60 million downloads on Google Play. Ionut ArghireMarch 20, 2025
Malware & Threats Chinese Hacking Group MirrorFace Targeting Europe Chinese hacking group MirrorFace has targeted a Central European diplomatic institute with the Anel backdoor and AsyncRAT. Ionut ArghireMarch 19, 2025
Malware & Threats Microsoft Warns of New StilachiRAT Malware Microsoft has shared details on StilachiRAT, an evasive and persistent piece of malware that facilitates sensitive data theft. Eduard KovacsMarch 19, 2025
Malware & Threats 11 State-Sponsored APTs Exploiting LNK Files for Espionage, Data Theft ZDI has uncovered 1,000 malicious .lnk files used by state-sponsored and cybercrime threat actors to execute malicious commands. Eduard KovacsMarch 18, 2025
Malware & Threats Exploit Code for Apache Tomcat RCE Vulnerability Published on Chinese Forum Exploits swirling for remote code execution vulnerability (CVE-2025-24813) in open-source Apache Tomcat web server. Ryan NaraineMarch 17, 2025
Malware & Threats 100 Car Dealerships Hit by Supply Chain Attack The websites of over 100 auto dealerships were found serving malicious ClickFix code in a supply chain compromise. Ionut ArghireMarch 17, 2025