NullMixer is a dropper leading to an infection chain of a wide variety of malware families. NullMixer spreads via malicious websites that...

Cluster25 has obtained a sample of Erbium InfoStealer, a new type of malware that can change its features to evade detection and has been...

Researchers from the Cluster25 Threat Intel Team collected and analyzed a lure document used to implant a variant of Graphite malware,...

Metador primarily targets telecommunications, internet service providers, and universities in several countries in the Middle East and...

A detailed analysis of activity linked to the Void Balaur cyber mercenary group has been shared at this year’s LABScon, a conference on...

A new wave of malware that uses non-fungible tokens (NFT) to steal data has been uncovered by Morphisec Labs, a security firm that has...

Spammers are increasingly using techniques similar to targeted attacks, in which they send emails in the name of real companies and send...

Attackers deploying the Noberus (aka BlackCat, ALPHV) ransomware have been using new tactics, tools, and procedures (TTPs) in recent...

In July 2022, Iranian state cyber actors—identifying as “HomeLand Justice”—launched a destructive cyber attack against the Government of...

Cybercriminals compromise domain names to attack the owners or users of the domains directly, or use them for various nefarious...

Cisco Talos discovered Gamaredon APT activity targeting users in Ukraine with malicious LNK files distributed in RAR archives. The...

The Slam Ransomware Builder first appeared in late 2021, with Slam ransomware payloads appearing in the wild shortly after (e.g.,...

MalwareBytes has tracked and observed a malvertising campaign on the Microsoft Edge News Feed used to redirect victims to tech support...

Iranian government-sponsored APT actors are exploiting known Fortinet and Microsoft Exchange vulnerabilities to gain initial access to a...

Symantec, has gained insight into the current activities of a group they call Webworm. The group has developed customized versions of...

We have recently observed malicious actors exploiting both recently disclosed and older Oracle WebLogic Server vulnerabilities to deliver...

On March 4, 2019, one of the most well-known keyloggers used by criminals, called Agent Tesla, closed up shop due to legal troubles. In...

Bumblebee is a replacement for the BazarLoader malware, which acts as a downloader and delivers known attack frameworks and open-source...

The Arctic Wolf Labs team recently investigated a Lorenz ransomware intrusion, which leveraged a Mitel MiVoice VoIP appliance...

A distinct group of espionage attackers who were formerly associated with the ShadowPad remote access Trojan (RAT) has adopted a new,...