DLL Sideloading Archives • Page 2 of 4 • Daily CyberSecurity

Trusted Tool Turned Traitor: Signed ‘ahost.exe’ Weaponized to Sideload Malware ahost.exe DLL Sideloading Signed Application Abuse PS1Bot, malware ransomware attacks bill

ahost.exe DLL Sideloading Signed Application Abuse PS1Bot, malware ransomware attacks bill

Trusted Tool Turned Traitor: Signed ‘ahost.exe’ Weaponized to Sideload Malware

Do Son January 16, 2026

A routine utility often bundled with developer tools has been weaponized by cybercriminals to bypass security scanners...

Evasive Panda APT Hijacks Dictionary.com and App Updates in Two-Year Spree Evasive Panda, AitM

Evasive Panda APT Hijacks Dictionary.com and App Updates in Two-Year Spree

Do Son December 25, 2025

A notorious cyber-espionage group has spent the last two years conducting a highly targeted surveillance campaign, hijacking...

Storm-0249 Abuses EDR Process via DLL Sideloading to Cloak Ransomware Access Storm-0249 EDR Abuse, DLL Sideloading

Storm-0249 Abuses EDR Process via DLL Sideloading to Cloak Ransomware Access

Do Son December 15, 2025

A notorious initial access broker (IAB) known as “Storm-0249” has radically shifted its tactics, moving from broad...

ValleyRAT Targets English Job Seekers by Trojanizing Foxit PDF Reader with DLL Sideloading Kali365 phishing platform EmEditor Supply Chain Attack, WALSHAM INVESTMENTS LIMITED EggStreme, fileless malware North Korea Cybercrime, Remote IT Job Fraud RedDelta APT

Kali365 phishing platform EmEditor Supply Chain Attack, WALSHAM INVESTMENTS LIMITED EggStreme, fileless malware North Korea Cybercrime, Remote IT Job Fraud RedDelta APT

ValleyRAT Targets English Job Seekers by Trojanizing Foxit PDF Reader with DLL Sideloading

Do Son December 8, 2025

A sophisticated malware campaign traditionally focused on Chinese-speaking targets has expanded its scope, now aggressively targeting English-speaking...

Matanbuchus 3.0 Downloader Pivots to Ransomware, Using Protobufs and QuickAssist for Stealth Access

Do Son December 4, 2025

A sophisticated C++ downloader known as Matanbuchus has resurfaced with a major technical overhaul, signaling a dangerous...

Operation Hanoi Thief: Hackers Use ‘Pseudo-Polyglot’ LNK/Image to Deploy LOTUSHARVEST Stealer via DLL Sideloading LOTUSHARVEST Stealer, Pseudo-Polyglot LNK

LOTUSHARVEST Stealer, Pseudo-Polyglot LNK

Operation Hanoi Thief: Hackers Use ‘Pseudo-Polyglot’ LNK/Image to Deploy LOTUSHARVEST Stealer via DLL Sideloading

Do Son December 1, 2025

A sophisticated new cyber-espionage campaign is sweeping through Vietnam’s technology and recruitment sectors, weaponizing the hiring process...

North Korea’s Operation DreamJob Hits Europe: WhatsApp Job Lure Delivers Evolved MISTPEN/BURNBOOK Backdoors TanStack Typosquatting npm Supply Chain Attack Axios Supply Chain Attack npm Poisoning eScan Supply Chain Attack Antivirus Compromise APT-36, NCERT WhatsApp Advisory FBI alert, Salesforce Salt Typhoon, APT group ConnectWise ScreenConnect hack Nation-state cyberattack FortiGate Leak - zkLend vulnerability - TRIPLESTRENGTH Threat Actor Group Dark Storm

TanStack Typosquatting npm Supply Chain Attack Axios Supply Chain Attack npm Poisoning eScan Supply Chain Attack Antivirus Compromise APT-36, NCERT WhatsApp Advisory FBI alert, Salesforce Salt Typhoon, APT group ConnectWise ScreenConnect hack Nation-state cyberattack FortiGate Leak - zkLend vulnerability - TRIPLESTRENGTH Threat Actor Group Dark Storm

North Korea’s Operation DreamJob Hits Europe: WhatsApp Job Lure Delivers Evolved MISTPEN/BURNBOOK Backdoors

Do Son November 25, 2025

Orange Cyberdefense’s CyberSOC and CSIRT teams have uncovered a new wave of Operation DreamJob attacks, revealing updated...

China-Nexus Autumn Dragon APT Exploits WinRAR Flaw to Deploy Telegram C2 Backdoor Autumn Dragon Espionage, DLL Sideloading Moldova disinformation AcidPour Wiper Malware

Autumn Dragon Espionage, DLL Sideloading Moldova disinformation AcidPour Wiper Malware

China-Nexus Autumn Dragon APT Exploits WinRAR Flaw to Deploy Telegram C2 Backdoor

Do Son November 25, 2025

A newly published report from CyberArmor has uncovered a months-long espionage campaign targeting government and media organizations...

Next-Gen Stealth: Malware Hides C2 Traffic as Fake LLM API Requests on Tencent Cloud Fake LLM API C2, LLM Evasion

Next-Gen Stealth: Malware Hides C2 Traffic as Fake LLM API Requests on Tencent Cloud

Do Son November 20, 2025

The Akamai Hunt team has uncovered a new malware strain that hides its command-and-control (C2) traffic behind...

Unit 42 Uncovers Two Massive Global Malware Campaigns Delivering Gh0st RAT Through Large-Scale Software Impersonation Gh0st RAT, Chinese Campaign Typosquat

Unit 42 Uncovers Two Massive Global Malware Campaigns Delivering Gh0st RAT Through Large-Scale Software Impersonation

Do Son November 18, 2025

Researchers at Palo Alto Networks Unit 42 have uncovered two expansive and interconnected malware campaigns active throughout...

China APT Infiltrates US Policy Nonprofit in Months-Long Espionage Campaign Using DLL Sideloading China APT Espionage, DLL Sideloading

China APT Infiltrates US Policy Nonprofit in Months-Long Espionage Campaign Using DLL Sideloading

Do Son November 10, 2025

A new investigation by the Broadcom Threat Hunter Team has uncovered a China-linked cyber espionage campaign that...

Operation SkyCloak Targets Russian/Belarusian Military With LNK Exploit and OpenSSH Over Tor Backdoor SkyCloak Tor Espionage, OpenSSH Over Tor

SkyCloak Tor Espionage, OpenSSH Over Tor

Operation SkyCloak Targets Russian/Belarusian Military With LNK Exploit and OpenSSH Over Tor Backdoor

Do Son November 3, 2025

Researchers at SEQRITE Labs have uncovered a stealthy cyber espionage campaign dubbed “Operation SkyCloak”, which has been...

Chinese APT UNC6384 Pivots to Europe, Exploits Windows LNK Flaw to Deploy PlugX via Canon DLL Sideloading UNC6384 PlugX, LNK Exploit

Chinese APT UNC6384 Pivots to Europe, Exploits Windows LNK Flaw to Deploy PlugX via Canon DLL Sideloading

Do Son November 3, 2025

Researchers at Arctic Wolf Labs have uncovered an extensive cyber espionage campaign by UNC6384, a Chinese-affiliated threat...

North Korean APTs Upgrade Arsenal: Kimsuky Uses Stealthy HttpTroy, Lazarus Deploys New BLINDINGCAN RAT Kimsuky HttpTroy, Lazarus BLINDINGCAN RAT

Kimsuky HttpTroy, Lazarus BLINDINGCAN RAT

North Korean APTs Upgrade Arsenal: Kimsuky Uses Stealthy HttpTroy, Lazarus Deploys New BLINDINGCAN RAT

Do Son November 3, 2025

Researchers at Gen Threat Labs have identified two new toolsets in active use by North Korean state-sponsored...

Sandworm APT Attacks Belarus Military With LNK Exploit and OpenSSH Over Tor obfs4 Backdoor ThinkPHP Vulnerabilities

Sandworm APT Attacks Belarus Military With LNK Exploit and OpenSSH Over Tor obfs4 Backdoor

Do Son November 1, 2025

Researchers at Cyble Research and Intelligence Labs (CRIL) have identified a sophisticated malware campaign that leverages weaponized...

Stealthy Dual Malware Loader Uncovered: Executes TorNet & PureHVNC Simultaneously, Cloaked by MurmurHash2 axios Supply Chain Attack WAVESHAPER.V2 SnappyBee Malware Salt Typhoon Stately Taurus ScoringMathTea RAT, Lazarus Reflective DLL

axios Supply Chain Attack WAVESHAPER.V2 SnappyBee Malware Salt Typhoon Stately Taurus ScoringMathTea RAT, Lazarus Reflective DLL

Stealthy Dual Malware Loader Uncovered: Executes TorNet & PureHVNC Simultaneously, Cloaked by MurmurHash2

Do Son October 30, 2025

Researchers from the Internet Initiative Japan (IIJ) have analyzed a previously unknown malware loader that can simultaneously...

Lazarus Group Attacks with DreamLoader Malware, Leveraging DLL Sideloading and Microsoft Graph API for Stealth C2 North Korean Laptop Farm DPRK Insider Threat North Korea WMD Cyber Funding, Australia Sanctions Insider threat, North Korean hackers Kimsuky, cyber-espionage NPM Malware, North Korea Cyber-espionage North Korea, Remote IT Job Scam Laptop Farm - DriverEasy - Kimsuky Watering Hole Attack

North Korean Laptop Farm DPRK Insider Threat North Korea WMD Cyber Funding, Australia Sanctions Insider threat, North Korean hackers Kimsuky, cyber-espionage NPM Malware, North Korea Cyber-espionage North Korea, Remote IT Job Scam Laptop Farm - DriverEasy - Kimsuky Watering Hole Attack

Lazarus Group Attacks with DreamLoader Malware, Leveraging DLL Sideloading and Microsoft Graph API for Stealth C2

Do Son October 28, 2025

Security researchers at Lab52 have uncovered a new campaign by the Lazarus Group, in which threat actors...

SideWinder APT Shifts to PDF/ClickOnce Chain to Target South Asian Diplomacy with StealerBot Kali365 phishing platform EmEditor Supply Chain Attack, WALSHAM INVESTMENTS LIMITED EggStreme, fileless malware North Korea Cybercrime, Remote IT Job Fraud RedDelta APT

SideWinder APT Shifts to PDF/ClickOnce Chain to Target South Asian Diplomacy with StealerBot

Do Son October 28, 2025

Trellix Advanced Research Center (ARC) has exposed a sophisticated espionage campaign conducted by the SideWinder APT group,...

Symantec Exposes Chinese APT Overlap: Zingdoor, ShadowPad, and KrustyLoader Used in Global Espionage Chinese APT Overlap, Zingdoor ShadowPad

Symantec Exposes Chinese APT Overlap: Zingdoor, ShadowPad, and KrustyLoader Used in Global Espionage

Do Son October 23, 2025

Symantec’s investigation uncovered a complex web of interconnected Chinese espionage operations, with infrastructure and tooling overlapping multiple...

FortiGuard Tracks HoldingHands Malware Shift: Cross-Regional APT Uses Task Scheduler Hijack to Evade Detection HoldingHands Rootkit, Cross-Regional APT

HoldingHands Rootkit, Cross-Regional APT

FortiGuard Tracks HoldingHands Malware Shift: Cross-Regional APT Uses Task Scheduler Hijack to Evade Detection

Do Son October 20, 2025

FortiGuard Labs has uncovered a sophisticated cross-regional campaign that has gradually expanded from China to Taiwan, Japan,...

Critical Alert 3 Active Exploits Detected Today

Critical Alert

DLL Sideloading

Trusted Tool Turned Traitor: Signed ‘ahost.exe’ Weaponized to Sideload Malware

Evasive Panda APT Hijacks Dictionary.com and App Updates in Two-Year Spree

Storm-0249 Abuses EDR Process via DLL Sideloading to Cloak Ransomware Access

ValleyRAT Targets English Job Seekers by Trojanizing Foxit PDF Reader with DLL Sideloading

Matanbuchus 3.0 Downloader Pivots to Ransomware, Using Protobufs and QuickAssist for Stealth Access

Operation Hanoi Thief: Hackers Use ‘Pseudo-Polyglot’ LNK/Image to Deploy LOTUSHARVEST Stealer via DLL Sideloading

North Korea’s Operation DreamJob Hits Europe: WhatsApp Job Lure Delivers Evolved MISTPEN/BURNBOOK Backdoors

China-Nexus Autumn Dragon APT Exploits WinRAR Flaw to Deploy Telegram C2 Backdoor

Next-Gen Stealth: Malware Hides C2 Traffic as Fake LLM API Requests on Tencent Cloud

Unit 42 Uncovers Two Massive Global Malware Campaigns Delivering Gh0st RAT Through Large-Scale Software Impersonation

China APT Infiltrates US Policy Nonprofit in Months-Long Espionage Campaign Using DLL Sideloading

Operation SkyCloak Targets Russian/Belarusian Military With LNK Exploit and OpenSSH Over Tor Backdoor

Chinese APT UNC6384 Pivots to Europe, Exploits Windows LNK Flaw to Deploy PlugX via Canon DLL Sideloading

North Korean APTs Upgrade Arsenal: Kimsuky Uses Stealthy HttpTroy, Lazarus Deploys New BLINDINGCAN RAT

Sandworm APT Attacks Belarus Military With LNK Exploit and OpenSSH Over Tor obfs4 Backdoor

Stealthy Dual Malware Loader Uncovered: Executes TorNet & PureHVNC Simultaneously, Cloaked by MurmurHash2

SideWinder APT Shifts to PDF/ClickOnce Chain to Target South Asian Diplomacy with StealerBot

Symantec Exposes Chinese APT Overlap: Zingdoor, ShadowPad, and KrustyLoader Used in Global Espionage

FortiGuard Tracks HoldingHands Malware Shift: Cross-Regional APT Uses Task Scheduler Hijack to Evade Detection