Malware Analysis Archives • Daily CyberSecurity

PixyNetLoader Malware Analysis: How APT28 Hides Payloads Inside PNG Files

PixyNetLoader malware analysis APT28 steganography attack

PixyNetLoader Malware Analysis: How APT28 Hides Payloads Inside PNG Files

Do Son June 8, 2026

A detailed PixyNetLoader malware analysis published by threat intelligence firm Exatrack reveals how a sophisticated loader linked to APT28...

Stealthy New Remcos RAT Variant Evades Detection Using Innovative Staging Layers new Remcos RAT variant DonutLoader shellcode

Stealthy New Remcos RAT Variant Evades Detection Using Innovative Staging Layers

Do Son June 5, 2026

Advanced Phishing Campaigns Exploit Windows Administrative Tools Security researchers recently uncovered a highly sophisticated software compromise spreading...

The Massive Gentlemen Ransomware Threat Sweeping Global Networks

Do Son June 3, 2026

Microsoft Threat Intelligence recently uncovered a dangerous global cyber security operation. Specifically, security researchers are tracking the...

New Operation Dragon Whistle Phishing Campaign Targets Universities

Do Son May 26, 2026

Security researchers have discovered a highly sophisticated cyber threat targeting academic institutions. Specifically, Seqrite Labs recently uncovered...

Velvet Chollima Leaves Backend Keys Inside Critical GitLab Dead-Drop Malware Velvet Chollima GitLab Malware Tralert FX EV Certificate

Velvet Chollima Leaves Backend Keys Inside Critical GitLab Dead-Drop Malware

Do Son May 20, 2026

A routine investigation into a low-detection installer has blown the doors off a highly organized, financially motivated...

Multi-Stage PyInstaller Loader Weaponizes AMSI Patching to Deploy XWorm RAT NATS-as-C2 Sysdig CVE-2026-33017 Langflow RCE Microsoft Phone Link Hijack CloudZ Pheno Plugin Insider Threat BlackCat (ALPHV) OFAC Sanctions DPRK IT Workers Transparent Tribe APT36 React2Shell, EtherRAT SideWinder Espionage, Netlify Phishing DDNS Abuse, C2 Infrastructure Hacking Health Club

NATS-as-C2 Sysdig CVE-2026-33017 Langflow RCE Microsoft Phone Link Hijack CloudZ Pheno Plugin Insider Threat BlackCat (ALPHV) OFAC Sanctions DPRK IT Workers Transparent Tribe APT36 React2Shell, EtherRAT SideWinder Espionage, Netlify Phishing DDNS Abuse, C2 Infrastructure Hacking Health Club

Multi-Stage PyInstaller Loader Weaponizes AMSI Patching to Deploy XWorm RAT

Do Son May 20, 2026

A comprehensive deep dive by the research team at Point Wild has laid bare the internal mechanics...

New “TencShell” Malware Weaponizes Open-Source Rshell via Third-Party Access TencShell Malware Rshell C2 Framework

New “TencShell” Malware Weaponizes Open-Source Rshell via Third-Party Access

Do Son May 18, 2026

Security researchers have exposed a highly stealthy attempted intrusion that weaponized an open-source framework into a potent...

Agentic AI is Automating Live Intrusions in Latin America Agentic AI Cyber Attacks SHADOW-AETHER Threat Groups

Agentic AI is Automating Live Intrusions in Latin America

Do Son May 13, 2026

In a discovery that underscores the rapid evolution of the threat landscape, TrendAI Research has identified two...

JDownloader Site Breach Installs Rootkits that Kill Your Antivirus Kali365 phishing platform EmEditor Supply Chain Attack, WALSHAM INVESTMENTS LIMITED EggStreme, fileless malware North Korea Cybercrime, Remote IT Job Fraud RedDelta APT

Kali365 phishing platform EmEditor Supply Chain Attack, WALSHAM INVESTMENTS LIMITED EggStreme, fileless malware North Korea Cybercrime, Remote IT Job Fraud RedDelta APT

JDownloader Site Breach Installs Rootkits that Kill Your Antivirus

Do Son May 13, 2026

In a sophisticated supply-chain attack, attackers compromised the official JDownloader website between May 6 and May 7,...

GemStuffer RubyGems Campaign RubyGems Data Exfiltration TanStack npm Compromise Supply Chain Attack DNS Hijacking APT28 (Fancy Bear) OpenVSX Supply Chain Attack Checkmarx Plugin Breach Stryker Cyberattack CISA Alert Trans-Regional Cyber Conflict Operation Epic Fury Cyber Operation MacroMaze APT28 Cyber Espionage Notepad++ Supply Chain Attack Lotus Blossom Group Defense Industrial Base Threats GTIG Report APT28 Operation Neusploit CVE-2026-21509 Bookworm Malware

GemStuffer: Attackers Weaponize RubyGems as a Covert Data Drop for UK Gov Scraping

Do Son May 13, 2026

Security researchers are sounding the alarm on a highly resourceful new campaign dubbed “GemStuffer.” Uncovered by Socket’s...

TrickMo’s Stealthy Upgrade: Android Banking Malware is Pivoting to The Open Network TrickMo banking trojan TON network malware

TrickMo’s Stealthy Upgrade: Android Banking Malware is Pivoting to The Open Network

Do Son May 12, 2026

Modern Android banking malware is undergoing a quiet, dangerous revolution. Rather than flashing new user-facing tricks, threat...

PamDOORa Backdoor Targets Linux PAM Stack to Steal Passwords and Wipe Logs PamDOORa Linux Backdoor PAM Stack Credential Harvesting

PamDOORa Backdoor Targets Linux PAM Stack to Steal Passwords and Wipe Logs

Do Son May 12, 2026

In the enterprise world, Linux servers are the bedrock of cloud environments and critical infrastructure. To protect...

APT37’s New “Python-in-a-Cat” Malware Uses Environment Variable Obfuscation APT37 Phishing Campaign Python Malware Obfuscation

APT37’s New “Python-in-a-Cat” Malware Uses Environment Variable Obfuscation

Do Son May 12, 2026

In the world of cyberespionage, familiarity can be a fatal mistake for defenders. Just as security teams...

Vidar Stealer Weaponizes AutoIt and Masqueraded Scripts Vidar Stealer AutoIt File Extension Masquerading

Vidar Stealer Weaponizes AutoIt and Masqueraded Scripts

Do Son May 12, 2026

Threat actors are increasingly abandoning loud, easily identifiable malware in favor of subtle, script-based deceptions. A new...

Supply Chain Siege: 84 TanStack Packages Compromised to Steal GitHub Secrets

Do Son May 12, 2026

The software supply chain has just weathered another high-impact assault. The Socket Threat Research team has uncovered...

Self-Spreading TCLBANKER Trojan Hijacks WhatsApp to Drain Accounts TCLBANKER Trojan REF3076 Malware

Self-Spreading TCLBANKER Trojan Hijacks WhatsApp to Drain Accounts

Do Son May 8, 2026

Elastic Security Labs has uncovered a highly sophisticated Brazilian banking trojan dubbed TCLBANKER, tracked under the campaign...

The Self-Parsing Ghost: Inside Deep#Door’s Stealthy Python Backdoor Deep#Door Backdoor Python RAT Framework

The Self-Parsing Ghost: Inside Deep#Door’s Stealthy Python Backdoor

Do Son May 4, 2026

Securonix Threat Research has detailed a sophisticated new Python-based backdoor framework dubbed Deep#Door. This high-tech implant exemplifies...

Tax Audit Trap: Silver Fox Unleashes “ABCDoor” via Modified Rust Loaders ABCDoor Malware Silver Fox Phishing

Tax Audit Trap: Silver Fox Unleashes “ABCDoor” via Modified Rust Loaders

Do Son May 4, 2026

Security researchers at Kaspersky Labs have uncovered a sophisticated, multi-stage phishing campaign orchestrated by the Silver Fox...

Minirat’s Stealth Supply Chain Attack Targets macOS Developers Minirat macOS Malware Go-based RAT

Minirat’s Stealth Supply Chain Attack Targets macOS Developers

Do Son May 1, 2026

Security researchers at Iru have detailed a sophisticated new threat targeting macOS users through the software supply...

The Sleeper in Your IDE: Unmasking the 73-Extension “GlassWorm” Espionage Campaign GlassWorm Campaign Sleeper Extensions

The Sleeper in Your IDE: Unmasking the 73-Extension “GlassWorm” Espionage Campaign

Do Son April 30, 2026

A sophisticated cyber-espionage operation, dubbed the GlassWorm campaign, is rapidly expanding its footprint within the open-source community....

Critical Alert