Remcos Archives • Daily CyberSecurity

Trusted Tool Turned Traitor: Signed ‘ahost.exe’ Weaponized to Sideload Malware ahost.exe DLL Sideloading Signed Application Abuse PS1Bot, malware ransomware attacks bill

ahost.exe DLL Sideloading Signed Application Abuse PS1Bot, malware ransomware attacks bill

Trusted Tool Turned Traitor: Signed ‘ahost.exe’ Weaponized to Sideload Malware

Do Son January 16, 2026

A routine utility often bundled with developer tools has been weaponized by cybercriminals to bypass security scanners...

Stealthy REMCOS Backdoor Delivered by LNK Files: Bypasses Antivirus with Multi-Stage PowerShell Attack

Do Son July 29, 2025

Cybercriminals continue to find clever ways to bypass antivirus solutions and endpoint defenses. A recent Point Wild...

Blind Eagle (APT-C-36): Financially Motivated Cybercrime Meets Open-Access Infrastructure in LATAM

Do Son June 30, 2025

Trustwave SpiderLabs has uncovered new insights into the operations of Blind Eagle (APT-C-36), a Latin America-focused threat...

SERPENTINE#CLOUD: Stealthy Malware Campaign Leverages Cloudflare Tunnels for In-Memory RAT Delivery TanStack Typosquatting npm Supply Chain Attack Axios Supply Chain Attack npm Poisoning eScan Supply Chain Attack Antivirus Compromise APT-36, NCERT WhatsApp Advisory FBI alert, Salesforce Salt Typhoon, APT group ConnectWise ScreenConnect hack Nation-state cyberattack FortiGate Leak - zkLend vulnerability - TRIPLESTRENGTH Threat Actor Group Dark Storm

TanStack Typosquatting npm Supply Chain Attack Axios Supply Chain Attack npm Poisoning eScan Supply Chain Attack Antivirus Compromise APT-36, NCERT WhatsApp Advisory FBI alert, Salesforce Salt Typhoon, APT group ConnectWise ScreenConnect hack Nation-state cyberattack FortiGate Leak - zkLend vulnerability - TRIPLESTRENGTH Threat Actor Group Dark Storm

SERPENTINE#CLOUD: Stealthy Malware Campaign Leverages Cloudflare Tunnels for In-Memory RAT Delivery

Do Son June 20, 2025

A newly uncovered malicious campaign, dubbed SERPENTINE#CLOUD, leverages Cloudflare Tunnel subdomains to deliver payloads via phishing email...

Obscure VBScript “sostener.vbs” Unmasked: Fuels Multi-Stage RAT Delivery, Linked to Blind Eagle APT

Do Son June 16, 2025

In a deeply revealing investigation, Censys researchers have uncovered a web of malicious infrastructure revolving around a...

Bulletproof Hosting Fuels Russia-Linked Intrusion Sets’ Global Cyber Campaign UAC-0006 Espionage

Bulletproof Hosting Fuels Russia-Linked Intrusion Sets’ Global Cyber Campaign

Do Son April 1, 2025

A recent report by Intrinsec has uncovered the activities of Russia-aligned intrusion sets, UAC-0050 and UAC-0006, which...

Steganographic Campaign Distributes Multiple Malware Variants, Including Remcos and AsyncRAT

Do Son March 19, 2025

A new report by Seqrite has uncovered an ongoing steganographic campaign that is being used to distribute...

HeartCrypt: A Packer-as-a-Service Fueling Malware Campaigns Operation IconCat, UNG0801 AFP cyberattack -NetWalker Ransomware VShell RAT

HeartCrypt: A Packer-as-a-Service Fueling Malware Campaigns

Do Son December 16, 2024

Unit 42 has uncovered HeartCrypt, a Packer-as-a-Service (PaaS) designed to protect malware from detection. Since its launch...

GuLoader Campaign Targets European Industrial Sector with Evolving Evasion Techniques matrix-434033_1280

GuLoader Campaign Targets European Industrial Sector with Evolving Evasion Techniques

Do Son November 11, 2024

Cado Security Labs has uncovered a targeted GuLoader malware campaign aimed at European industrial and engineering companies....

South Asian Cyber Threat Persists: APT-Q-36 Upgrades Spyder Loader, Targets Remcos Delivery

Do Son November 29, 2023

The Qi’anxin Threat Intelligence Center cybersecurity expert has recently identified new activities by the APT-Q-36 group, also known...

Remcos RAT: Hackers Target Ukrainian Government with Surveillance Tool

Do Son November 20, 2023

A novel cyberattack on Ukrainian government institutions was executed using Remcos, a remote access tool painfully familiar...

Critical Alert 1 Active Exploit Detected Today