Command and Control Archives • Daily CyberSecurity

Beyond the URL: How “Cookie-Gated” Web Shells Hide Silent RCE in Plain Sight Cookie-Gated Web Shell Stealth C2

Beyond the URL: How “Cookie-Gated” Web Shells Hide Silent RCE in Plain Sight

Do Son April 9, 2026

A technical analysis from the Microsoft Defender Security Research Team has revealed that threat actors are increasingly...

Takedown-Proof: Inside the Ethereum-Powered “EtherRAT” and North Korea’s New Blockchain Backdoor

Do Son April 1, 2026

In a sophisticated blend of social engineering and decentralized technology, eSentire’s Threat Response Unit (TRU) recently detected...

Weaponizing Trust: FBI Warns Iran’s MOIS is Using Telegram as a Malware C2 Hub Telegram C2 Iran MOIS

Weaponizing Trust: FBI Warns Iran’s MOIS is Using Telegram as a Malware C2 Hub

Do Son March 22, 2026

The Federal Bureau of Investigation (FBI) has issued a high-priority “FLASH” alert detailing a sophisticated cyber-intelligence operation...

The Dark Side of Telegram: How Cybercriminals Weaponize Bot APIs for Stealthy Data Exfiltration

Do Son March 12, 2026

While millions use Telegram for secure, instant messaging, a darker side of the platform is emerging in...

Google Dismantles UNC2814’s Global Espionage Network Fueled by Google Sheets UNC2814 Espionage GRIDTIDE Backdoor

Google Dismantles UNC2814’s Global Espionage Network Fueled by Google Sheets

Do Son March 2, 2026

A massive, years-long cyber espionage campaign has been successfully dismantled. Recently, a coordinated effort led by the...

New Rust Backdoor ChaosBot Uses Discord as Covert C2 Channel to Target Financial Services ChaosBot Discord C2, Rust Backdoor

New Rust Backdoor ChaosBot Uses Discord as Covert C2 Channel to Target Financial Services

Do Son October 13, 2025

The eSentire Threat Response Unit (TRU) identified a new Rust-based backdoor—dubbed ChaosBot—deployed inside a financial services organization’s...

Detour Dog: Stealthy DNS Malware Uses TXT Records for Command and Control NATS-as-C2 Sysdig CVE-2026-33017 Langflow RCE Microsoft Phone Link Hijack CloudZ Pheno Plugin Insider Threat BlackCat (ALPHV) OFAC Sanctions DPRK IT Workers Transparent Tribe APT36 React2Shell, EtherRAT SideWinder Espionage, Netlify Phishing DDNS Abuse, C2 Infrastructure Hacking Health Club

NATS-as-C2 Sysdig CVE-2026-33017 Langflow RCE Microsoft Phone Link Hijack CloudZ Pheno Plugin Insider Threat BlackCat (ALPHV) OFAC Sanctions DPRK IT Workers Transparent Tribe APT36 React2Shell, EtherRAT SideWinder Espionage, Netlify Phishing DDNS Abuse, C2 Infrastructure Hacking Health Club

Detour Dog: Stealthy DNS Malware Uses TXT Records for Command and Control

Do Son October 2, 2025

The Infoblox Threat Intelligence team has released an in-depth report on a global malware campaign leveraging the...

EdskManager RAT: New Stealthy Malware Leverages HVNC for Covert Remote Access & Evasion EdskManager RAT, HVNC Malware

EdskManager RAT: New Stealthy Malware Leverages HVNC for Covert Remote Access & Evasion

Do Son July 24, 2025

In its latest threat intelligence report, CYFIRMA has detailed the discovery of EdskManager RAT, a sophisticated remote...

SVF Botnet: New Python DDoS Threat Leverages Discord for Stealthy C&C on Linux Servers Linux Botnet Discord C2

SVF Botnet: New Python DDoS Threat Leverages Discord for Stealthy C&C on Linux Servers

Do Son July 22, 2025

In a recent analysis, AhnLab’s Security Intelligence Center (ASEC) has uncovered an emerging threat targeting misconfigured and...

HazyBeacon: Novel Backdoor Uses AWS Lambda for Stealthy C2, Targets Govts

Do Son July 15, 2025

Researchers from Unit 42 at Palo Alto Networks have uncovered a novel backdoor—HazyBeacon—used by a threat cluster...

APT41 Unleashes Stealthy Malware Using Google Calendar for Covert C2!

Do Son June 10, 2025

APT41—also known as BARIUM, Wicked Panda, and Brass Typhoon—is a well-known Chinese state-sponsored APT group notorious for...

ViperSoftX Evolves: New PowerShell Malware Boasts Stealth & Persistence PowerShell Malware, ViperSoftX

ViperSoftX Evolves: New PowerShell Malware Boasts Stealth & Persistence

Do Son June 5, 2025

K7 Labs has unveiled a detailed analysis of a new PowerShell-based malware campaign that builds on 2024’s...

Skitnet Analysis: Nim, Rust, and DNS Abuse in Advanced Malware Campaign

Do Son May 19, 2025

Security researchers at Prodaft have published an in-depth analysis of Skitnet, also known as Bossnet—a highly sophisticated...

Malicious Python Packages Exploited Gmail as Covert Command-and-Control Channels Python malware, Gmail C2

Malicious Python Packages Exploited Gmail as Covert Command-and-Control Channels

Do Son May 2, 2025

In a detailed technical report, Socket’s Threat Research Team uncovered seven malicious Python packages published to the...

Critical Alert 3 Active Exploits Detected Today

Critical Alert

Command and Control

Beyond the URL: How “Cookie-Gated” Web Shells Hide Silent RCE in Plain Sight

Weaponizing Trust: FBI Warns Iran’s MOIS is Using Telegram as a Malware C2 Hub

The Dark Side of Telegram: How Cybercriminals Weaponize Bot APIs for Stealthy Data Exfiltration

Google Dismantles UNC2814’s Global Espionage Network Fueled by Google Sheets

New Rust Backdoor ChaosBot Uses Discord as Covert C2 Channel to Target Financial Services

Detour Dog: Stealthy DNS Malware Uses TXT Records for Command and Control

EdskManager RAT: New Stealthy Malware Leverages HVNC for Covert Remote Access & Evasion

SVF Botnet: New Python DDoS Threat Leverages Discord for Stealthy C&C on Linux Servers

APT41 Unleashes Stealthy Malware Using Google Calendar for Covert C2!

ViperSoftX Evolves: New PowerShell Malware Boasts Stealth & Persistence

Skitnet Analysis: Nim, Rust, and DNS Abuse in Advanced Malware Campaign

Malicious Python Packages Exploited Gmail as Covert Command-and-Control Channels