Malware & Threats
CISA has published its analysis of Resurge, a SpawnChimera malware variant used in attacks targeting a recent Ivanti Connect Secure zero-day.
Hi, what are you looking for?
Threat actors have abused the TeamFiltration pentesting framework to target over 80,000 Entra ID user accounts.
CISA has published its analysis of Resurge, a SpawnChimera malware variant used in attacks targeting a recent Ivanti Connect Secure zero-day.
Nearly a dozen crypto packages on NPM, including one published 9 years ago, have been hijacked to deliver infostealers.
The Grandoreiro banking trojan has reemerged in new campaigns targeting users in Latin America and Europe.
Exploitation of Windows MMC zero-day is being pinned on a ransomware gang known as EncryptHub (an affiliate of RansomHub)
AMTSO has developed a Sandbox Evaluation Framework to standardize the testing of malware analysis solutions.
macOS users are targeted with multiple versions of the ReaderUpdate malware written in Crystal, Nim, Rust, and Go programming languages.
Weaver Ant, a cyberespionage-focused APT operating out of China, is targeting telecom providers for persistent access.
The Medusa ransomware relies on a malicious Windows driver to disable the security tools running on the infected systems.
Over 300 malicious applications displaying intrusive full-screen interstitial video ads amassed more than 60 million downloads on Google Play.
Chinese hacking group MirrorFace has targeted a Central European diplomatic institute with the Anel backdoor and AsyncRAT.
Microsoft has shared details on StilachiRAT, an evasive and persistent piece of malware that facilitates sensitive data theft.
ZDI has uncovered 1,000 malicious .lnk files used by state-sponsored and cybercrime threat actors to execute malicious commands.
Exploits swirling for remote code execution vulnerability (CVE-2025-24813) in open-source Apache Tomcat web server.
The websites of over 100 auto dealerships were found serving malicious ClickFix code in a supply chain compromise.
Noteworthy stories that might have slipped under the radar: Switzerland requires disclosure of critical infrastructure attacks, ESP32 chips don’t contain a backdoor, MassJacker cryptojacking...
The ClickFix technique has been employed by cybercrime and APT groups for information stealer and other malware deployment.
A recently disclosed Edimax zero-day vulnerability has been exploited in the wild by Mirai botnets for nearly a year.
Meta’s Facebook security team warns of live exploitation of a zero-day vulnerability in the open-source FreeType library.
Threat actors are likely targeting Grafana path traversal bugs for reconnaissance in a SSRF exploitation campaign targeting popular platforms.
Researchers have analyzed the ability of the Chinese gen-AI DeepSeek to create malware such as ransomware and keyloggers.