C2 Archives • Daily CyberSecurity

The Stealthy Evolution of the DesckVB RAT Infection Chain DesckVB RAT Fileless Malware

The Stealthy Evolution of the DesckVB RAT Infection Chain

Do Son April 13, 2026

The Lat61 Threat Intelligence Team has pulled back the curtain on DesckVB RAT, a highly active and...

Malicious VeloraDEX SDK Compromises Developer Machines via npm npm Supply Chain Attack @velora-dex/sdk Malware

Malicious VeloraDEX SDK Compromises Developer Machines via npm

Do Son April 8, 2026

Security researchers at StepSecurity have sounded the alarm on a compromised version of the @velora-dex/sdk package. On...

Google Dismantles UNC2814’s Global Espionage Network Fueled by Google Sheets UNC2814 Espionage GRIDTIDE Backdoor

Google Dismantles UNC2814’s Global Espionage Network Fueled by Google Sheets

Do Son March 2, 2026

A massive, years-long cyber espionage campaign has been successfully dismantled. Recently, a coordinated effort led by the...

New NANOREMOTE Backdoor Uses Google Drive API for Covert C2 and Links to FINALDRAFT Espionage Group NANOREMOTE Google Drive C2, FINALDRAFT Link

NANOREMOTE Google Drive C2, FINALDRAFT Link

New NANOREMOTE Backdoor Uses Google Drive API for Covert C2 and Links to FINALDRAFT Espionage Group

Do Son December 15, 2025

Elastic Security Labs has uncovered a sophisticated new Windows backdoor that leverages the trusted infrastructure of Google...

Nation-State Espionage: Airstalk Malware Hijacks VMware AirWatch (MDM) API for Covert C2 Channel

Do Son October 31, 2025

Palo Alto Networks’ Unit 42 Threat Intelligence team has uncovered a sophisticated new malware family dubbed Airstalk,...

UNC5142 Uses EtherHiding to Deploy Malware via BNB Smart Chain Smart Contracts UNC5142 EtherHiding, Resilient C2

UNC5142 Uses EtherHiding to Deploy Malware via BNB Smart Chain Smart Contracts

Do Son October 20, 2025

A new joint analysis by Mandiant Threat Defense and Google Threat Intelligence Group (GTIG) has exposed a...

North Korea’s UNC5342 APT Uses EtherHiding to Store Malware in Blockchain Smart Contracts for Stealthy C2 North Korea EtherHiding, Blockchain C2

North Korea’s UNC5342 APT Uses EtherHiding to Store Malware in Blockchain Smart Contracts for Stealthy C2

Do Son October 20, 2025

Google Threat Intelligence Group (GTIG) has uncovered a new campaign by the North Korean threat actor UNC5342,...

New Rust Backdoor ChaosBot Uses Discord as Covert C2 Channel to Target Financial Services ChaosBot Discord C2, Rust Backdoor

New Rust Backdoor ChaosBot Uses Discord as Covert C2 Channel to Target Financial Services

Do Son October 13, 2025

The eSentire Threat Response Unit (TRU) identified a new Rust-based backdoor—dubbed ChaosBot—deployed inside a financial services organization’s...

WARMCOOKIE Resurfaces After Takedown: New Variant Adds Stealth Handlers, Uses Expired C2 Certificates Kali365 phishing platform EmEditor Supply Chain Attack, WALSHAM INVESTMENTS LIMITED EggStreme, fileless malware North Korea Cybercrime, Remote IT Job Fraud RedDelta APT

Kali365 phishing platform EmEditor Supply Chain Attack, WALSHAM INVESTMENTS LIMITED EggStreme, fileless malware North Korea Cybercrime, Remote IT Job Fraud RedDelta APT

WARMCOOKIE Resurfaces After Takedown: New Variant Adds Stealth Handlers, Uses Expired C2 Certificates

Do Son October 3, 2025

The WARMCOOKIE backdoor has resurfaced with new features, expanded infrastructure, and updated delivery mechanisms, according to a...

Detour Dog: Stealthy DNS Malware Uses TXT Records for Command and Control NATS-as-C2 Sysdig CVE-2026-33017 Langflow RCE Microsoft Phone Link Hijack CloudZ Pheno Plugin Insider Threat BlackCat (ALPHV) OFAC Sanctions DPRK IT Workers Transparent Tribe APT36 React2Shell, EtherRAT SideWinder Espionage, Netlify Phishing DDNS Abuse, C2 Infrastructure Hacking Health Club

NATS-as-C2 Sysdig CVE-2026-33017 Langflow RCE Microsoft Phone Link Hijack CloudZ Pheno Plugin Insider Threat BlackCat (ALPHV) OFAC Sanctions DPRK IT Workers Transparent Tribe APT36 React2Shell, EtherRAT SideWinder Espionage, Netlify Phishing DDNS Abuse, C2 Infrastructure Hacking Health Club

Detour Dog: Stealthy DNS Malware Uses TXT Records for Command and Control

Do Son October 2, 2025

The Infoblox Threat Intelligence team has released an in-depth report on a global malware campaign leveraging the...

Rent-a-Domain: Report Details How APTs and Cybercriminals Abuse DDNS Services for Malicious Infrastructure NATS-as-C2 Sysdig CVE-2026-33017 Langflow RCE Microsoft Phone Link Hijack CloudZ Pheno Plugin Insider Threat BlackCat (ALPHV) OFAC Sanctions DPRK IT Workers Transparent Tribe APT36 React2Shell, EtherRAT SideWinder Espionage, Netlify Phishing DDNS Abuse, C2 Infrastructure Hacking Health Club

Rent-a-Domain: Report Details How APTs and Cybercriminals Abuse DDNS Services for Malicious Infrastructure

Do Son September 30, 2025

A new analysis from Silent Push Threat Analysts highlights the growing misuse of publicly rentable subdomain providers,...

From CastleLoader to CastleRAT: TAG-150’s Multi-Tiered Cyber Arsenal Expands AccountDumpling Phishing Google AppSheet Abuse AI-Generated Malware PureRAT Campaign RondoDoX Botnet, Next.js React2Shell EchoGather, Paper Werewolf Salt Typhoon, Telecom Espionage BreachForums, Conor Fitzpatrick Ransomware Negotiation, DOJ Investigation MirrorFace group - Earth Kasha Emperor Dragonfly

AccountDumpling Phishing Google AppSheet Abuse AI-Generated Malware PureRAT Campaign RondoDoX Botnet, Next.js React2Shell EchoGather, Paper Werewolf Salt Typhoon, Telecom Espionage BreachForums, Conor Fitzpatrick Ransomware Negotiation, DOJ Investigation MirrorFace group - Earth Kasha Emperor Dragonfly

From CastleLoader to CastleRAT: TAG-150’s Multi-Tiered Cyber Arsenal Expands

Do Son September 9, 2025

Security researchers at Insikt Group have uncovered a major advancement in the operations of a newly designated...

The Malicious Go Modules: 11 Malicious Go Packages Found on GitHub Deploying Stealthy Malware Go Malware, Supply Chain Attack

The Malicious Go Modules: 11 Malicious Go Packages Found on GitHub Deploying Stealthy Malware

Do Son August 8, 2025

Socket’s Threat Research Team has uncovered an alarming wave of malicious Go packages—some still live on GitHub—designed...

EdskManager RAT: New Stealthy Malware Leverages HVNC for Covert Remote Access & Evasion EdskManager RAT, HVNC Malware

EdskManager RAT: New Stealthy Malware Leverages HVNC for Covert Remote Access & Evasion

Do Son July 24, 2025

In its latest threat intelligence report, CYFIRMA has detailed the discovery of EdskManager RAT, a sophisticated remote...

SVF Botnet: New Python DDoS Threat Leverages Discord for Stealthy C&C on Linux Servers Linux Botnet Discord C2

SVF Botnet: New Python DDoS Threat Leverages Discord for Stealthy C&C on Linux Servers

Do Son July 22, 2025

In a recent analysis, AhnLab’s Security Intelligence Center (ASEC) has uncovered an emerging threat targeting misconfigured and...

HazyBeacon: Novel Backdoor Uses AWS Lambda for Stealthy C2, Targets Govts

Do Son July 15, 2025

Researchers from Unit 42 at Palo Alto Networks have uncovered a novel backdoor—HazyBeacon—used by a threat cluster...

APT41 Unleashes Stealthy Malware Using Google Calendar for Covert C2!

Do Son June 10, 2025

APT41—also known as BARIUM, Wicked Panda, and Brass Typhoon—is a well-known Chinese state-sponsored APT group notorious for...

APT41 Uses Google Calendar as Covert C2 in Stealthy Cyberespionage Campaign

Do Son May 30, 2025

In an example of cloud service abuse, Google Threat Intelligence Group (GTIG) has uncovered a new APT41...

Beyond Detection: PyBitmessage Protocol Used for Covert Monero Mining Campaign PyBitmessage malware, Monero coinminer

Beyond Detection: PyBitmessage Protocol Used for Covert Monero Mining Campaign

Do Son May 22, 2025

In a new and deeply evasive malware campaign, cybercriminals are leveraging the PyBitmessage protocol to hide a...

Critical Alert 1 Active Exploit Detected Today