Cobalt Strike Archives • Daily CyberSecurity

New Operation Dragon Whistle Phishing Campaign Targets Universities

Do Son May 26, 2026

Security researchers have discovered a highly sophisticated cyber threat targeting academic institutions. Specifically, Seqrite Labs recently uncovered...

The Intel “AppDomain” Hijack: Unmasking a Sophisticated Post-Exploitation Framework

Do Son April 22, 2026

A new and highly advanced threat has emerged in the financial sectors of the Middle East and...

Exploiting the Crisis: Chinese APTs Weaponize Middle East Tensions to Target Qatar with PlugX NATS-as-C2 Sysdig CVE-2026-33017 Langflow RCE Microsoft Phone Link Hijack CloudZ Pheno Plugin Insider Threat BlackCat (ALPHV) OFAC Sanctions DPRK IT Workers Transparent Tribe APT36 React2Shell, EtherRAT SideWinder Espionage, Netlify Phishing DDNS Abuse, C2 Infrastructure Hacking Health Club

NATS-as-C2 Sysdig CVE-2026-33017 Langflow RCE Microsoft Phone Link Hijack CloudZ Pheno Plugin Insider Threat BlackCat (ALPHV) OFAC Sanctions DPRK IT Workers Transparent Tribe APT36 React2Shell, EtherRAT SideWinder Espionage, Netlify Phishing DDNS Abuse, C2 Infrastructure Hacking Health Club

Exploiting the Crisis: Chinese APTs Weaponize Middle East Tensions to Target Qatar with PlugX

Do Son March 10, 2026

Following recent regional escalations, researchers have identified a sharp increase in activity from Chinese-nexus APT (Advanced Persistent...

GemStuffer RubyGems Campaign RubyGems Data Exfiltration TanStack npm Compromise Supply Chain Attack DNS Hijacking APT28 (Fancy Bear) OpenVSX Supply Chain Attack Checkmarx Plugin Breach Stryker Cyberattack CISA Alert Trans-Regional Cyber Conflict Operation Epic Fury Cyber Operation MacroMaze APT28 Cyber Espionage Notepad++ Supply Chain Attack Lotus Blossom Group Defense Industrial Base Threats GTIG Report APT28 Operation Neusploit CVE-2026-21509 Bookworm Malware

Trusted Tool Weaponized: Lotus Blossom Hijacks Notepad++ Updates

Do Son February 16, 2026

A new report from Unit 42 has exposed a highly targeted supply chain attack that turned one...

The Invisible Landlord: ShadowSyndicate Rotates Keys to Hide Infrastructure

Do Son February 6, 2026

The sprawling, murky network known as ShadowSyndicate has evolved. Previously identified by a singular, careless digital fingerprint,...

Phantom in the Machine: Inside Salt Typhoon’s “SnappyBee” Backdoor axios Supply Chain Attack WAVESHAPER.V2 SnappyBee Malware Salt Typhoon Stately Taurus ScoringMathTea RAT, Lazarus Reflective DLL

axios Supply Chain Attack WAVESHAPER.V2 SnappyBee Malware Salt Typhoon Stately Taurus ScoringMathTea RAT, Lazarus Reflective DLL

Phantom in the Machine: Inside Salt Typhoon’s “SnappyBee” Backdoor

Do Son February 6, 2026

A new technical analysis by Darktrace has peeled back the layers of SnappyBee (also known as Deed...

VoidLink: The “Cloud-First” Malware Hunting Your Linux Servers Lotus Wiper Digital Sabotage G_Wagon Malware NPM Supply Chain Attack IMAPLoader malware ResolverRAT Malware Evasion

Lotus Wiper Digital Sabotage G_Wagon Malware NPM Supply Chain Attack IMAPLoader malware ResolverRAT Malware Evasion

VoidLink: The “Cloud-First” Malware Hunting Your Linux Servers

Do Son January 14, 2026

A new, highly sophisticated malware framework has emerged from the shadows, specifically engineered to infest the modern...

FrostBeacon Hits Russian B2B: Cobalt Strike Deployed via LNK and Chained Legacy Exploits Kali365 phishing platform EmEditor Supply Chain Attack, WALSHAM INVESTMENTS LIMITED EggStreme, fileless malware North Korea Cybercrime, Remote IT Job Fraud RedDelta APT

Kali365 phishing platform EmEditor Supply Chain Attack, WALSHAM INVESTMENTS LIMITED EggStreme, fileless malware North Korea Cybercrime, Remote IT Job Fraud RedDelta APT

FrostBeacon Hits Russian B2B: Cobalt Strike Deployed via LNK and Chained Legacy Exploits

Do Son December 10, 2025

A new and sophisticated malware campaign dubbed “Operation FrostBeacon” is systematically targeting business-to-business (B2B) enterprises across the...

Kinsing Cryptominer Exploits Apache ActiveMQ RCE (CVE-2023-46604), Adds Sharpire Backdoor for Multi-Stage Intrusion Kinsing ActiveMQ RCE, Sharpire Backdoor

Kinsing Cryptominer Exploits Apache ActiveMQ RCE (CVE-2023-46604), Adds Sharpire Backdoor for Multi-Stage Intrusion

Do Son November 3, 2025

The AhnLab Security Intelligence Center (ASEC) has confirmed that the Kinsing threat actor — also known as...

UAT-8099: Chinese Group Uses BadIIS Malware on Compromised Servers for SEO Fraud and Credential Theft TanStack Typosquatting npm Supply Chain Attack Axios Supply Chain Attack npm Poisoning eScan Supply Chain Attack Antivirus Compromise APT-36, NCERT WhatsApp Advisory FBI alert, Salesforce Salt Typhoon, APT group ConnectWise ScreenConnect hack Nation-state cyberattack FortiGate Leak - zkLend vulnerability - TRIPLESTRENGTH Threat Actor Group Dark Storm

TanStack Typosquatting npm Supply Chain Attack Axios Supply Chain Attack npm Poisoning eScan Supply Chain Attack Antivirus Compromise APT-36, NCERT WhatsApp Advisory FBI alert, Salesforce Salt Typhoon, APT group ConnectWise ScreenConnect hack Nation-state cyberattack FortiGate Leak - zkLend vulnerability - TRIPLESTRENGTH Threat Actor Group Dark Storm

UAT-8099: Chinese Group Uses BadIIS Malware on Compromised Servers for SEO Fraud and Credential Theft

Do Son October 3, 2025

Cisco Talos researchers have detailed the activities of UAT-8099, a Chinese-speaking cybercrime group leveraging compromised Microsoft IIS...

CrossC2 and ReadNimeLoader: Inside the Multi-Stage Intrusions Targeting Linux and Windows Environments Cross-platform attacks, Cobalt Strike

CrossC2 and ReadNimeLoader: Inside the Multi-Stage Intrusions Targeting Linux and Windows Environments

Do Son August 18, 2025

Between September and December 2024, JPCERT/CC uncovered a sophisticated cyber campaign leveraging CrossC2, an extension tool designed...

Kaspersky Uncovers Stealthy Cyberespionage: Russia & Asia Targeted by DLL Hijacking & Social Media C2 Cyberespionage, DLL Hijacking

Kaspersky Uncovers Stealthy Cyberespionage: Russia & Asia Targeted by DLL Hijacking & Social Media C2

Do Son July 31, 2025

Kaspersky Labs has revealed a highly obfuscated cyberespionage campaign targeting Russian IT companies and global businesses, employing...

From MDifyLoader to Fscan: JPCERT Uncovers Deep Exploitation of Ivanti VPN Flaws in Advanced Malware Campaign Ivanti Exploitation, Multi-Malware Campaign

Ivanti Exploitation, Multi-Malware Campaign

From MDifyLoader to Fscan: JPCERT Uncovers Deep Exploitation of Ivanti VPN Flaws in Advanced Malware Campaign

Do Son July 22, 2025

JPCERT/CC has released a detailed technical report shedding light on a sustained and sophisticated malware campaign leveraging...

APT41 Unleashes Full Arsenal in Rare African Cyberespionage Campaign Kali365 phishing platform EmEditor Supply Chain Attack, WALSHAM INVESTMENTS LIMITED EggStreme, fileless malware North Korea Cybercrime, Remote IT Job Fraud RedDelta APT

APT41 Unleashes Full Arsenal in Rare African Cyberespionage Campaign

Do Son July 22, 2025

In a newly published report, Kaspersky’s Managed Detection and Response (MDR) team has unveiled a high-level cyberespionage...

China-Aligned APTs Intensify Cyber Espionage on Taiwan’s Semiconductor Industry China Cyber-espionage, Taiwan Semiconductors

China-Aligned APTs Intensify Cyber Espionage on Taiwan’s Semiconductor Industry

Do Son July 21, 2025

A new report from Proofpoint Threat Research sheds light on a coordinated espionage campaign by multiple China-aligned...

Stealthy SquidLoader Malware Targets Hong Kong Financial Firms with Evasive Cobalt Strike Attacks

Do Son July 17, 2025

Trellix’s threat intelligence team has uncovered a stealthy malware campaign aimed squarely at financial services institutions in...

BlackSuit: New Royal/Conti Rebrand Hits With Speed, Stealth, & Data Exfiltration

Do Son July 15, 2025

A recent Cybereason investigation has shed light on a highly coordinated and destructive ransomware campaign carried out...

Ransomware or Espionage? Fog Ransomware Attack in Asia Raises Suspicion with Rare Toolset Fog Ransomware, Espionage

Ransomware or Espionage? Fog Ransomware Attack in Asia Raises Suspicion with Rare Toolset

Do Son June 14, 2025

In May 2025, a financial institution in Asia was targeted in a highly anomalous ransomware attack that...

Trojanized KeePass Used to Deploy Cobalt Strike and Steal Credentials KeePass trojan Malvertising attack

Trojanized KeePass Used to Deploy Cobalt Strike and Steal Credentials

Do Son May 19, 2025

Recently, WithSecure’s Threat Intelligence team uncovered a sophisticated malware campaign where the open-source password manager KeePass was...

Swan Vector Espionage Targets Japan & Taiwan with Advanced Malware

Do Son May 14, 2025

The Seqrite Labs APT-Team has uncovered a complex cyber-espionage operation dubbed Swan Vector, targeting educational institutions and...

Critical Alert 1 Active Exploit Detected Today