APT Archives • Page 3 of 7 • Daily CyberSecurity

FortiGuard Tracks HoldingHands Malware Shift: Cross-Regional APT Uses Task Scheduler Hijack to Evade Detection HoldingHands Rootkit, Cross-Regional APT

HoldingHands Rootkit, Cross-Regional APT

FortiGuard Tracks HoldingHands Malware Shift: Cross-Regional APT Uses Task Scheduler Hijack to Evade Detection

Ddos October 20, 2025

Mysterious Elephant APT Campaign Targets South Asian Diplomacy, Steals WhatsApp Data with New MemLoader Backdoor Mysterious Elephant APT, WhatsApp Data Theft

Mysterious Elephant APT, WhatsApp Data Theft

Mysterious Elephant APT Campaign Targets South Asian Diplomacy, Steals WhatsApp Data with New MemLoader Backdoor

Ddos October 16, 2025

China-Backed Flax Typhoon APT Maintained Year-Long Access by Turning ArcGIS SOE into Web Shell Backdoor Flax Typhoon ArcGIS Backdoor, SOE Web Shell

Flax Typhoon ArcGIS Backdoor, SOE Web Shell

China-Backed Flax Typhoon APT Maintained Year-Long Access by Turning ArcGIS SOE into Web Shell Backdoor

Ddos October 16, 2025

North Korean APT “Contagious Interview” Floods npm Registry with 338 Malicious Packages to Steal Crypto North Korean Laptop Farm DPRK Insider Threat North Korea WMD Cyber Funding, Australia Sanctions Insider threat, North Korean hackers Kimsuky, cyber-espionage NPM Malware, North Korea Cyber-espionage North Korea, Remote IT Job Scam Laptop Farm - DriverEasy - Kimsuky Watering Hole Attack

North Korean Laptop Farm DPRK Insider Threat North Korea WMD Cyber Funding, Australia Sanctions Insider threat, North Korean hackers Kimsuky, cyber-espionage NPM Malware, North Korea Cyber-espionage North Korea, Remote IT Job Scam Laptop Farm - DriverEasy - Kimsuky Watering Hole Attack

North Korean APT “Contagious Interview” Floods npm Registry with 338 Malicious Packages to Steal Crypto

Ddos October 11, 2025

Microsoft Warns: Threat Actors Turn Microsoft Teams into a Weapon for Ransomware, Espionage, and Social Engineering Teams Attack Vector, Entra ID Abuse

Microsoft Warns: Threat Actors Turn Microsoft Teams into a Weapon for Ransomware, Espionage, and Social Engineering

Ddos October 9, 2025

Mustang Panda APT Uses Hidden DLL and EnumFontsW to Launch Stealthy Tibet-Themed Campaign axios Supply Chain Attack WAVESHAPER.V2 SnappyBee Malware Salt Typhoon Stately Taurus ScoringMathTea RAT, Lazarus Reflective DLL

axios Supply Chain Attack WAVESHAPER.V2 SnappyBee Malware Salt Typhoon Stately Taurus ScoringMathTea RAT, Lazarus Reflective DLL

Mustang Panda APT Uses Hidden DLL and EnumFontsW to Launch Stealthy Tibet-Themed Campaign

Ddos October 8, 2025

SideWinder APT Launches Operation SouthNet, Weaponizing Netlify and Pages.dev for Espionage NATS-as-C2 Sysdig CVE-2026-33017 Langflow RCE Microsoft Phone Link Hijack CloudZ Pheno Plugin Insider Threat BlackCat (ALPHV) OFAC Sanctions DPRK IT Workers Transparent Tribe APT36 React2Shell, EtherRAT SideWinder Espionage, Netlify Phishing DDNS Abuse, C2 Infrastructure Hacking Health Club

NATS-as-C2 Sysdig CVE-2026-33017 Langflow RCE Microsoft Phone Link Hijack CloudZ Pheno Plugin Insider Threat BlackCat (ALPHV) OFAC Sanctions DPRK IT Workers Transparent Tribe APT36 React2Shell, EtherRAT SideWinder Espionage, Netlify Phishing DDNS Abuse, C2 Infrastructure Hacking Health Club

SideWinder APT Launches Operation SouthNet, Weaponizing Netlify and Pages.dev for Espionage

Ddos October 7, 2025

Cavalry Werewolf APT Targets Russian Agencies with FoalShell and Telegram C2 FBI email system hack

Cavalry Werewolf APT Targets Russian Agencies with FoalShell and Telegram C2

Ddos October 3, 2025

Confucius APT Evolves: Espionage Group Shifts from WooperStealer to Advanced Python Backdoor AnonDoor Salt Typhoon Teleco Hack, Cisco Academy Link CVE-2025-0282 PoC exploit

Salt Typhoon Teleco Hack, Cisco Academy Link CVE-2025-0282 PoC exploit

Confucius APT Evolves: Espionage Group Shifts from WooperStealer to Advanced Python Backdoor AnonDoor

Ddos October 3, 2025

Rent-a-Domain: Report Details How APTs and Cybercriminals Abuse DDNS Services for Malicious Infrastructure NATS-as-C2 Sysdig CVE-2026-33017 Langflow RCE Microsoft Phone Link Hijack CloudZ Pheno Plugin Insider Threat BlackCat (ALPHV) OFAC Sanctions DPRK IT Workers Transparent Tribe APT36 React2Shell, EtherRAT SideWinder Espionage, Netlify Phishing DDNS Abuse, C2 Infrastructure Hacking Health Club

Rent-a-Domain: Report Details How APTs and Cybercriminals Abuse DDNS Services for Malicious Infrastructure

Ddos September 30, 2025

Trinity of Chaos: How LAPSUS$, Scattered Spider, and ShinyHunters Forged a Cybercrime Alliance WhatsApp Worm, Brazilian Banking Trojan LAPSUS$ Alliance, Scattered Spider Ransomware, Cybercrime RedCurl APT group Russian Cyberespionage, ApolloShadow Malware

WhatsApp Worm, Brazilian Banking Trojan LAPSUS$ Alliance, Scattered Spider Ransomware, Cybercrime RedCurl APT group Russian Cyberespionage, ApolloShadow Malware

Trinity of Chaos: How LAPSUS$, Scattered Spider, and ShinyHunters Forged a Cybercrime Alliance

Ddos September 29, 2025

RedNovember: Chinese APT Expands Global Espionage to U.S. Defense, Aerospace, and Tech Firms axios Supply Chain Attack WAVESHAPER.V2 SnappyBee Malware Salt Typhoon Stately Taurus ScoringMathTea RAT, Lazarus Reflective DLL

RedNovember: Chinese APT Expands Global Espionage to U.S. Defense, Aerospace, and Tech Firms

Ddos September 29, 2025

Russia-Linked COLDRIVER Group Expands Toolset, Using New Malware in ClickFix Espionage Campaign ThinkPHP Vulnerabilities

Russia-Linked COLDRIVER Group Expands Toolset, Using New Malware in ClickFix Espionage Campaign

Ddos September 29, 2025

Cisco Uncovers New PlugX Backdoor Linked to Chinese APTs CVE-2024-41988 & CVE-2024-41987

Cisco Uncovers New PlugX Backdoor Linked to Chinese APTs

Ddos September 24, 2025

Iranian APT “Nimbus Manticore” Intensifies Cyber Espionage in Europe Zyxel security - Mitel MiCollab Vulnerability

Iranian APT “Nimbus Manticore” Intensifies Cyber Espionage in Europe

Ddos September 24, 2025

MuddyWater APT Shifts Tactics to Custom Malware MuddyWater APT ANY.RUN security incident

MuddyWater APT Shifts Tactics to Custom Malware

Ddos September 19, 2025

ChillyHell: A New macOS Backdoor Bypassed Apple Notarization for Years OSX/Amos Stealer Electron ASAR Trojan MioLab Malware macOS Security MacSync Stealer macOS Malware ambar-src npm Malware Supply Chain Typosquatting Matryoshka Mac Malware ClickFix Crypto Scam Infostealer Evolution macOS Malware Predator Spyware Intellexa Anti-Analysis XCSSET macOS Malware, Xcode Supply Chain

OSX/Amos Stealer Electron ASAR Trojan MioLab Malware macOS Security MacSync Stealer macOS Malware ambar-src npm Malware Supply Chain Typosquatting Matryoshka Mac Malware ClickFix Crypto Scam Infostealer Evolution macOS Malware Predator Spyware Intellexa Anti-Analysis XCSSET macOS Malware, Xcode Supply Chain

ChillyHell: A New macOS Backdoor Bypassed Apple Notarization for Years

Ddos September 11, 2025

From CastleLoader to CastleRAT: TAG-150’s Multi-Tiered Cyber Arsenal Expands AccountDumpling Phishing Google AppSheet Abuse AI-Generated Malware PureRAT Campaign RondoDoX Botnet, Next.js React2Shell EchoGather, Paper Werewolf Salt Typhoon, Telecom Espionage BreachForums, Conor Fitzpatrick Ransomware Negotiation, DOJ Investigation MirrorFace group - Earth Kasha Emperor Dragonfly