A look back at the Emotet malware intrusion from May 2022 and the post-exploitation framework used by threat actors to launch a Cobalt...

Cisco Talos has discovered a new remote access trojan (RAT), which we are calling "MagicRAT," that we are attributing with moderate to...

Active since at least 2015, APT42 is characterized by highly targeted spear phishing and surveillance operations against individuals and...

Unit 42 researchers have identified vulnerabilities in older D-Link routers and other devices that could be used to spread malware and...

Vice Society is an intrusion, exfiltration, and extortion hacking group that first appeared in summer 2021. Vice Society actors do not...

Raspberry Robin, also known as the QNAP worm, is typically delivered by a USB device, which contains a malicious Microsoft shortcut...

Resecurity has identified a new underground service that allows cybercriminals to bypass 2FA authentication (MFA) authentication...

ocused mostly on Asia, this new cyberespionage group uses undocumented tools, including steganographically extracting PowerShell payloads...

A previously undiscovered remote access trojan (RAT) is being used to target Farsi-speaking code developers in Iran. Dubbed CodeRAT, the...

JuiceLedger operators have actively targeted PyPi package contributors in a phishing campaign, successfully poisoning at least two...

Bitdefender analyzed a recent industrial espionage operation targeting a small (under 200 employees) technology company based in the...

Cisco Talos recently observed three separate, but related, campaigns between March and June 2022 delivering a variety of threats,...

The Securonix Threat research team has recently identified a unique sample of a persistent Golang-based attack campaign tracked by...

A threat actor has released the source code of Parrot Stealer, which is suspected to be the predecessor to MiniStealer, which can easily...

Proofpoint and PwC Threat Intelligence have jointly identified a cyber espionage campaign, active since April 2022 through June,...

Active since 2019, Nitrokod is a Turkish-speaking software developer that claims to offer free and safe software. Most of the programs...

Remcos is a remote access trojan – a malware used to take remote control over infected PCs.This trojan is created and sold to clients by...

PureCrypter is a MaaS typeloader saw some time ago, which has been very active this year, and has promoted more than 10 other families,...

Microsoft Threat Intelligence Center (MSTIC) and Microsoft 365 Defender Research Team detected Iran-based threat actor MERCURY leveraging...

BlueSky ransomware is an emerging threat that researchers have been paying increasing attention to since its initial discovery in late...