Malware

Delphi PatoRAT Backdoor Hijacks LogMeIn Resolve and PDQ Connect RMM Tools for Full System Takeover

• Malware

Delphi PatoRAT Backdoor Hijacks LogMeIn Resolve and PDQ Connect RMM Tools for Full System Takeover

Do Son November 13, 2025 0

Researchers from the AhnLab Security Intelligence Center (ASEC) have uncovered a new malware campaign exploiting Remote Monitoring...

Read More Read more about Delphi PatoRAT Backdoor Hijacks LogMeIn Resolve and PDQ Connect RMM Tools for Full System Takeover

North Korea’s KONNI APT Hijacks Google Find Hub to Remotely Wipe and Track South Korean Android Devices

• Cyber Security
• Malware

North Korea’s KONNI APT Hijacks Google Find Hub to Remotely Wipe and Track South Korean Android Devices

Do Son November 11, 2025 0

The Genians Security Center (GSC) has uncovered a new phase in the KONNI APT campaign, revealing a...

Read More Read more about North Korea’s KONNI APT Hijacks Google Find Hub to Remotely Wipe and Track South Korean Android Devices

Lazarus Group Attacks Aerospace/Defense with New ChaCha20-Encrypted Comebacker Backdoor

• Cyber Security
• Malware

Lazarus Group Attacks Aerospace/Defense with New ChaCha20-Encrypted Comebacker Backdoor

Do Son November 11, 2025 0

Cybersecurity researchers at ENKI have identified a new variant of the Comebacker backdoor, attributed to the North...

Read More Read more about Lazarus Group Attacks Aerospace/Defense with New ChaCha20-Encrypted Comebacker Backdoor

DragonForce Ransomware Evolves with BYOVD to Kill EDR and Fixes Encryption Flaws in Conti V3 Codebase

• Malware

DragonForce Ransomware Evolves with BYOVD to Kill EDR and Fixes Encryption Flaws in Conti V3 Codebase

Do Son November 11, 2025 0

The Acronis Threat Research Unit (TRU) has identified a new DragonForce ransomware variant that showcases a dramatic...

Read More Read more about DragonForce Ransomware Evolves with BYOVD to Kill EDR and Fixes Encryption Flaws in Conti V3 Codebase

Zero-Click Samsung Zero-Day (CVE-2025-21042) Delivered LANDFALL Spyware Via Malicious DNG Images

• Malware
• Vulnerability Report

Zero-Click Samsung Zero-Day (CVE-2025-21042) Delivered LANDFALL Spyware Via Malicious DNG Images

Do Son November 10, 2025 0

Researchers from Unit 42, the threat intelligence team at Palo Alto Networks, have discovered a previously unknown...

Read More Read more about Zero-Click Samsung Zero-Day (CVE-2025-21042) Delivered LANDFALL Spyware Via Malicious DNG Images

Fantasy Hub RAT MaaS Uncovered: Russian Spyware Uses Telegram Bot and WebRTC to Hijack Android Devices

• Malware

Fantasy Hub RAT MaaS Uncovered: Russian Spyware Uses Telegram Bot and WebRTC to Hijack Android Devices

Do Son November 10, 2025 0

Researchers at zLabs have uncovered a sophisticated Android Remote Access Trojan (RAT) known as Fantasy Hub, being...

Read More Read more about Fantasy Hub RAT MaaS Uncovered: Russian Spyware Uses Telegram Bot and WebRTC to Hijack Android Devices

NuGet Sabotage: Time-Delayed Logic in 9 Packages Risks Total App Destruction on Hardcoded Dates

• Malware

NuGet Sabotage: Time-Delayed Logic in 9 Packages Risks Total App Destruction on Hardcoded Dates

Do Son November 10, 2025 0

A sophisticated supply-chain attack has been uncovered in the NuGet package registry, where nine packages published under...

Read More Read more about NuGet Sabotage: Time-Delayed Logic in 9 Packages Risks Total App Destruction on Hardcoded Dates

GlassWorm Worm Resurfaces: Invisible Unicode Malware Re-Infects VS Code Extensions, Spreads to GitHub

• Malware

GlassWorm Worm Resurfaces: Invisible Unicode Malware Re-Infects VS Code Extensions, Spreads to GitHub

Do Son November 10, 2025 0

A sophisticated, self-propagating malware campaign known as GlassWorm has re-emerged, infecting three new VS Code extensions and...

Read More Read more about GlassWorm Worm Resurfaces: Invisible Unicode Malware Re-Infects VS Code Extensions, Spreads to GitHub

Vidar Infostealer Hits npm for the First Time via 17 Typosquatted Packages and Postinstall Scripts

• Malware

Vidar Infostealer Hits npm for the First Time via 17 Typosquatted Packages and Postinstall Scripts

Do Son November 10, 2025 0

Researchers at Datadog Security Research have uncovered a major supply-chain compromise in the npm ecosystem involving 17...

Read More Read more about Vidar Infostealer Hits npm for the First Time via 17 Typosquatted Packages and Postinstall Scripts

Kimsuky APT Uses JavaScript Loader and Certutil to Achieve Minute-by-Minute Persistence via Windows Scheduled Task

• Malware

Kimsuky APT Uses JavaScript Loader and Certutil to Achieve Minute-by-Minute Persistence via Windows Scheduled Task

Do Son November 10, 2025 0

The North Korean advanced persistent threat (APT) group Kimsuky has once again emerged with a new, JavaScript-driven...

Read More Read more about Kimsuky APT Uses JavaScript Loader and Certutil to Achieve Minute-by-Minute Persistence via Windows Scheduled Task

DragonForce Ransomware Strikes Manufacturing Sector with Brute-Force, Exfiltrating Data Over SSH to Russian Host

• Malware

DragonForce Ransomware Strikes Manufacturing Sector with Brute-Force, Exfiltrating Data Over SSH to Russian Host

Do Son November 7, 2025 0

Cybersecurity firm Darktrace has published a detailed investigation into a DragonForce-affiliated ransomware attack that targeted a manufacturing...

Read More Read more about DragonForce Ransomware Strikes Manufacturing Sector with Brute-Force, Exfiltrating Data Over SSH to Russian Host

Next-Gen Threat: Google Exposes AI-Enabled Malware That Rewrites Its Own Code with Gemini LLM

• Malware

Next-Gen Threat: Google Exposes AI-Enabled Malware That Rewrites Its Own Code with Gemini LLM

Do Son November 6, 2025 0

The Google Threat Intelligence Group (GTIG) has released a report revealing that threat actors have moved beyond...

Read More Read more about Next-Gen Threat: Google Exposes AI-Enabled Malware That Rewrites Its Own Code with Gemini LLM

Curly COMrades APT Bypasses EDR by Hiding Linux Backdoor Inside Covert Hyper-V VM

• Cyber Security
• Malware

Curly COMrades APT Bypasses EDR by Hiding Linux Backdoor Inside Covert Hyper-V VM

Do Son November 6, 2025 0

In collaboration with the Georgian CERT, researchers from Bitdefender have uncovered a new wave of cyber-espionage activity...

Read More Read more about Curly COMrades APT Bypasses EDR by Hiding Linux Backdoor Inside Covert Hyper-V VM

APT-C-60 Targets Japan: New SpyGlace Malware Uses VHDX LNK and GitHub Tasking for Persistent Espionage

• Cyber Security
• Malware

APT-C-60 Targets Japan: New SpyGlace Malware Uses VHDX LNK and GitHub Tasking for Persistent Espionage

Do Son November 6, 2025 0

The JPCERT/CC Incident Response Group, led by malware analyst Yuma, has published a detailed report on a...

Read More Read more about APT-C-60 Targets Japan: New SpyGlace Malware Uses VHDX LNK and GitHub Tasking for Persistent Espionage

NGate NFC Malware Steals Cash from ATMs by Relaying EMV Data and PINs from Victim’s Phone

• Malware

NGate NFC Malware Steals Cash from ATMs by Relaying EMV Data and PINs from Victim’s Phone

Do Son November 5, 2025 0

The national incident response team CERT Polska has uncovered a new strain of Android-based NFC relay malware,...

Read More Read more about NGate NFC Malware Steals Cash from ATMs by Relaying EMV Data and PINs from Victim’s Phone

SesameOp Backdoor Hijacks OpenAI Assistants API for Covert C2 and Espionage

• Malware

SesameOp Backdoor Hijacks OpenAI Assistants API for Covert C2 and Espionage

Do Son November 4, 2025 0

In an example of how threat actors are adapting to modern AI ecosystems, Microsoft’s Incident Response –...

Read More Read more about SesameOp Backdoor Hijacks OpenAI Assistants API for Covert C2 and Espionage

Generative AI Accelerates Malware Reverse Engineering: ChatGPT Breaks XLoader’s Multiple RC4 Encryption Layers in Hours

• Malware

Generative AI Accelerates Malware Reverse Engineering: ChatGPT Breaks XLoader’s Multiple RC4 Encryption Layers in Hours

Do Son November 4, 2025 0

Check Point Research (CPR) has unveiled research showcasing how Generative AI tools—specifically ChatGPT—can accelerate malware reverse engineering,...

Read More Read more about Generative AI Accelerates Malware Reverse Engineering: ChatGPT Breaks XLoader’s Multiple RC4 Encryption Layers in Hours

Operation Peek-A-Baku: Silent Lynx APT Exploits LNK Flaws to Deploy Reverse Shells via GitHub Against Central Asian Diplomacy

• Cyber Security
• Malware

Operation Peek-A-Baku: Silent Lynx APT Exploits LNK Flaws to Deploy Reverse Shells via GitHub Against Central Asian Diplomacy

Do Son November 4, 2025 0

Seqrite Labs’ APT Team has released a detailed report exposing the latest espionage operations conducted by the...

Read More Read more about Operation Peek-A-Baku: Silent Lynx APT Exploits LNK Flaws to Deploy Reverse Shells via GitHub Against Central Asian Diplomacy

Rhysida Ransomware Abuses Microsoft Trusted Signing to Deploy OysterLoader Via Teams Malvertising

• Malware

Rhysida Ransomware Abuses Microsoft Trusted Signing to Deploy OysterLoader Via Teams Malvertising

Do Son November 4, 2025 0

The Rhysida ransomware gang, previously known as Vice Society, has launched an aggressive malvertising campaign leveraging Microsoft’s...

Read More Read more about Rhysida Ransomware Abuses Microsoft Trusted Signing to Deploy OysterLoader Via Teams Malvertising

North Korean APTs Upgrade Arsenal: Kimsuky Uses Stealthy HttpTroy, Lazarus Deploys New BLINDINGCAN RAT

• Cyber Security
• Malware

North Korean APTs Upgrade Arsenal: Kimsuky Uses Stealthy HttpTroy, Lazarus Deploys New BLINDINGCAN RAT

Do Son November 3, 2025 0

Researchers at Gen Threat Labs have identified two new toolsets in active use by North Korean state-sponsored...

Read More Read more about North Korean APTs Upgrade Arsenal: Kimsuky Uses Stealthy HttpTroy, Lazarus Deploys New BLINDINGCAN RAT