NetSupport RAT Archives • Daily CyberSecurity

ClickFix: The High-ROI “Living-off-the-Land” Trap Sweeping Windows and macOS ClickFix Social Engineering Living-off-the-Land (LotL) Attacks

ClickFix: The High-ROI “Living-off-the-Land” Trap Sweeping Windows and macOS

Do Son March 30, 2026

A sophisticated social engineering technique known as ClickFix has transitioned from a niche tactic into a standardized,...

The ‘ClickFix’ Trap: GrayCharlie Hijacks US Law Firms to Deploy NetSupport RAT GrayCharlie Malware ClickFix Attack

The ‘ClickFix’ Trap: GrayCharlie Hijacks US Law Firms to Deploy NetSupport RAT

Do Son February 23, 2026

A highly active cybercriminal group is turning legitimate websites into traps, deploying a potent mix of fake...

Stan Ghouls Target Uzbekistan and Russia with NetSupport RAT Stan Ghouls (Bloody Wolf) NetSupport RAT

Stan Ghouls Target Uzbekistan and Russia with NetSupport RAT

Do Son February 9, 2026

A cybercriminal group with a taste for local languages and a toolkit of “legitimate” software has launched...

The “IClickFix” Trap: 3,800+ WordPress Sites Poisoned by Fake CAPTCHAs IClickFix Framework WordPress Watering Hole

The “IClickFix” Trap: 3,800+ WordPress Sites Poisoned by Fake CAPTCHAs

Do Son February 3, 2026

A massive wave of “watering hole” attacks has turned thousands of legitimate WordPress websites into traps for...

“ClickFix” Trap: Fake Human Verification Leads to Qilin Ransomware Infection Iranian Cyber Espionage Void Manticore

“ClickFix” Trap: Fake Human Verification Leads to Qilin Ransomware Infection

Do Son December 22, 2025

A deceptive social engineering tactic known as “ClickFix” has evolved into a gateway for major ransomware attacks,...

JS#SMUGGLER Malware Evades EDR Using “Junk Code” JavaScript and Fileless PowerShell to Deploy NetSupport RAT JS#SMUGGLER, Junk Code Obfuscation

JS#SMUGGLER Malware Evades EDR Using “Junk Code” JavaScript and Fileless PowerShell to Deploy NetSupport RAT

Do Son December 9, 2025

A sophisticated new malware campaign has been uncovered targeting enterprise users through compromised websites, employing a complex...

Bloody Wolf APT Expands to Central Asia, Deploys NetSupport RAT via Custom Java Droppers and Geo-Fencing Harvester APT Linux Backdoor OT Cyberattack Iranian APT Operation Olalampo MuddyWater APT Prince of Persia APT, Tonnerre v50 Patchwork APT, DLL Sideloading Subtle Snail, cyber espionage ShadowSilk, cyber espionage Volt Typhoon APT Group - Chinese Cybersecurity Firm

Harvester APT Linux Backdoor OT Cyberattack Iranian APT Operation Olalampo MuddyWater APT Prince of Persia APT, Tonnerre v50 Patchwork APT, DLL Sideloading Subtle Snail, cyber espionage ShadowSilk, cyber espionage Volt Typhoon APT Group - Chinese Cybersecurity Firm

Bloody Wolf APT Expands to Central Asia, Deploys NetSupport RAT via Custom Java Droppers and Geo-Fencing

Do Son December 1, 2025

A shapeshifting advanced persistent threat (APT) group known as Bloody Wolf has expanded its hunting grounds. Following...

Amatera Stealer Campaign Uses ClickFix to Deploy Malware, Bypassing EDR by Patching AMSI in Memory Amatera ClickFix, AMSI Bypass

Amatera Stealer Campaign Uses ClickFix to Deploy Malware, Bypassing EDR by Patching AMSI in Memory

Do Son November 18, 2025

eSentire’s Threat Response Unit (TRU) has uncovered a widespread malware operation leveraging a deceptive social-engineering technique known...

NetSupport RAT Campaign Abuses ClickFix to Infect Hosts; 3 Threat Clusters Use RMM for Covert Access TAG-150 CastleLoader, ClickFix MaaS NetSupport RAT ClickFix, Multi-Cluster RMM

TAG-150 CastleLoader, ClickFix MaaS NetSupport RAT ClickFix, Multi-Cluster RMM

NetSupport RAT Campaign Abuses ClickFix to Infect Hosts; 3 Threat Clusters Use RMM for Covert Access

Do Son October 27, 2025

eSentire’s Threat Response Unit (TRU) has exposed a major wave of malicious campaigns abusing the NetSupport Manager...

GrayAlpha’s Expanding Arsenal: FIN7-Aligned Threat Actor Deploys Custom Loaders to Spread NetSupport RAT

Do Son June 17, 2025

A newly uncovered campaign by threat actor GrayAlpha, which overlaps with the infamous FIN7 cybercrime syndicate, reveals...

Alert: Fake DocuSign & Gitcodes Pages Install NetSupport RAT Malware! NetSupport RAT, Phishing Campaign

Alert: Fake DocuSign & Gitcodes Pages Install NetSupport RAT Malware!

Do Son June 5, 2025

Security researchers at DomainTools have uncovered a highly deceptive malware campaign designed to exploit user trust and...

Booking.com Impersonated in Phishing Campaign Delivering Credential-Stealing Malware Booking Phishing Campaign

Booking.com Impersonated in Phishing Campaign Delivering Credential-Stealing Malware

Do Son March 15, 2025

A sophisticated phishing campaign impersonating Booking.com is targeting organizations in the hospitality industry, using a novel social...

shell-quote command injection AI-Driven Vulnerabilities Q1 2026 Cyber Threats vm2 Sandbox Escape Node.js RCE upKeeper Privilege Escalation CVE-2026-2449 Pharos Controls Vulnerability Root Access Exploit Cybersecurity Vulnerability Roundup CVSS 10.0 Flaws Shadow Archives CVE-2026-0866 MS-Agent Prompt Injection CVE-2026-2256 basic-ftp Path Traversal CVE-2026-27699 telnetd Root Vulnerability CVE-1999-0073 Regression USR-W610 Vulnerabilities End-of-Life IoT Security IceWarp Security Update IceWarp Vulnerabilities Airleader Master Vulnerability CVE-2026-1358 ZLAN5143D Vulnerability CISA ICS Advisory Acronis Cyber Protect Vulnerability CVE-2025-30411 WAGO 852 Vulnerability OT Network Security SandboxJS Vulnerability Sandbox Escape (CVSS 10.0) Kubernetes Local Path Provisioner CVE-2025-62878 CISA Unresponsive Vendors Avation & RISS Vulnerabilities KiloView Vulnerability CVE-2026-1453 OpenClaw RCE vulnerability Johnson Controls Vulnerability CVE-2025-26385 SandboxJS Vulnerability CVE-2026-23830 ibaPDA Vulnerability CVE-2025-14988 Protobuf Vulnerability CVE-2026-0994 AVEVA Process Optimization Vulnerability CVE-2025-61937 ConnectWise PSA Vulnerability CVE-2026-0695 Aruba VIA Vulnerability CVE-2025-37186 aiohttp v3.13.3, Denial of Service (DoS) SmarterMail RCE, CVE-2025-52691 Airoha RACE, Headphone Jacking HPE OneView RCE CVE-2025-37164 FreePBX Auth Bypass, PBX Takeover ScreenConnect Config Flaw, Untrusted Extensions Ruby SAML Auth Bypass, XML Parser Differential Devolutions SQL Injection, Password Manager Flaw Vivotek Unauthenticated RCE, EOL IP Camera Flaw Lynx+ Critical Flaw, Unauthenticated Reset Firebox Default Credentials, CVE-2025-59396 Veeder-Root RCE, Critical ATG Flaw ArcGIS Server SQLi Watchdoc RCE, CVE-2025-58384 Delta DIALink Daikin Security Gateway, authentication bypass Frostbyte10, industrial controller security SunPower, vulnerability Ubiquiti UniFi Connect, EV Station Vulnerabilities Adobe Experience Manager, RCE Vulnerability UniFi Access, Command Injection LDAPNightmare - CVE-2025-1316

Malicious Cisco AnyConnect Ads Target Users with NetSupport RAT

Do Son February 8, 2025

A new malvertising campaign is distributing a fake Cisco AnyConnect installer that delivers the NetSupport RAT Trojan....

SmartApeSG Campaign Uncovered: A Deep Dive into NetSupport RAT Distribution and Suspected Threat Actor Connections CRussian Market, "Fly" (Flyded) hange Healthcare Cyberattack - CVE-2024-50603 Exploit

CRussian Market, "Fly" (Flyded) hange Healthcare Cyberattack - CVE-2024-50603 Exploit

SmartApeSG Campaign Uncovered: A Deep Dive into NetSupport RAT Distribution and Suspected Threat Actor Connections

Do Son February 5, 2025

A recent investigation by Team Cymru has revealed an intricate web of malicious infrastructure linking the SmartApeSG...

Horns&Hooves Campaign Leverages NetSupport and BurnsRAT for Widespread Compromise

Do Son December 2, 2024

In a detailed report by Kaspersky Labs, the Horns&Hooves campaign emerges as a notable example of cybercriminal...

Sophisticated Social Engineering Campaign Linked to Black Basta Ransomware

Do Son May 13, 2024

Rapid7 analysts have uncovered a new, highly targeted social engineering campaign potentially linked to the Black Basta...

PhantomBlu Campaign Unleashes Stealthy Attack – Old RAT, Dangerous New Tricks

Do Son March 20, 2024

A sophisticated new malware campaign dubbed “PhantomBlu” is on the prowl, preying on US-based organizations with a...

NetSupport RAT Wielded in Escalating Cyber Attacks: Educational Institutions, Government Agencies, and Service Businesses at Risk

Do Son November 22, 2023

Experts from VMware Carbon Black are sounding the alarm: there has been a recent uptick in cyber...

Critical Alert 1 Active Exploit Detected Today