steganography Archives • Daily CyberSecurity

PixyNetLoader Malware Analysis: How APT28 Hides Payloads Inside PNG Files

PixyNetLoader malware analysis APT28 steganography attack

PixyNetLoader Malware Analysis: How APT28 Hides Payloads Inside PNG Files

Do Son June 8, 2026

A detailed PixyNetLoader malware analysis published by threat intelligence firm Exatrack reveals how a sophisticated loader linked to APT28...

Valve Platform Exploited to Distribute WordPress Web Shells Steam profile malware campaign invisible Unicode steganography

Valve Platform Exploited to Distribute WordPress Web Shells

Do Son June 4, 2026

An Unconventional Command Network Emerges Cybersecurity defenders recently uncovered a highly unusual cyber espionage operation targeting website...

PureRAT Unmasked: The Stealthy, Multi-Stage “Dynamic Loader” Targeting Windows PureRAT Malware Steganography Evasion

PureRAT Unmasked: The Stealthy, Multi-Stage “Dynamic Loader” Targeting Windows

Do Son April 23, 2026

The Trellix Advanced Research Center has released an in-depth analysis of PureRAT, an advanced remote access trojan...

Steganography & Sabotage: Inside Pawn Storm’s PRISMEX Offensive Against NATO Logistics Zyxel security - Mitel MiCollab Vulnerability

Steganography & Sabotage: Inside Pawn Storm’s PRISMEX Offensive Against NATO Logistics

Do Son April 1, 2026

The notorious Russia-aligned threat actor known as Pawn Storm (also recognized as APT28, Fancy Bear, and Forest...

The Resume Trap: How ‘BlackSanta’ Malware Uses Fake CVs to Blind EDRs and Hijack HR Systems Kali365 phishing platform EmEditor Supply Chain Attack, WALSHAM INVESTMENTS LIMITED EggStreme, fileless malware North Korea Cybercrime, Remote IT Job Fraud RedDelta APT

Kali365 phishing platform EmEditor Supply Chain Attack, WALSHAM INVESTMENTS LIMITED EggStreme, fileless malware North Korea Cybercrime, Remote IT Job Fraud RedDelta APT

The Resume Trap: How ‘BlackSanta’ Malware Uses Fake CVs to Blind EDRs and Hijack HR Systems

Do Son March 18, 2026

Aryaka Threat Labs has unmasked a sophisticated malware operation dubbed BlackSanta. This Russian-speaking threat actor has spent...

BadPaw and MeowMeow: Russian Cyber Offensive Targets Ukraine with Novel Malware Duo BadPaw Malware MeowMeow Backdoor

BadPaw and MeowMeow: Russian Cyber Offensive Targets Ukraine with Novel Malware Duo

Do Son March 5, 2026

Cybersecurity investigators at ClearSky Team have uncovered a targeted Russian cyber campaign against Ukraine utilizing two novel...

North Korean “StegaBin” Campaign Targets Developers with Steganographic Malware North Korean Laptop Farm DPRK Insider Threat North Korea WMD Cyber Funding, Australia Sanctions Insider threat, North Korean hackers Kimsuky, cyber-espionage NPM Malware, North Korea Cyber-espionage North Korea, Remote IT Job Scam Laptop Farm - DriverEasy - Kimsuky Watering Hole Attack

North Korean Laptop Farm DPRK Insider Threat North Korea WMD Cyber Funding, Australia Sanctions Insider threat, North Korean hackers Kimsuky, cyber-espionage NPM Malware, North Korea Cyber-espionage North Korea, Remote IT Job Scam Laptop Farm - DriverEasy - Kimsuky Watering Hole Attack

North Korean “StegaBin” Campaign Targets Developers with Steganographic Malware

Do Son March 3, 2026

Cybersecurity researchers at Socket have uncovered a sophisticated multi-stage malware operation, dubbed “StegaBin,” specifically designed to harvest...

OysterLoader: Multi-Stage Loader Evolves to Evade Detection and Deliver Ransomware INC Ransom Pacific Cyber Threats OysterLoader Malware Rhysida Ransomware Black Basta Ransomware BYOVD Technique Velociraptor Abuse, Storm-2603 Ransomware Crypto24, Ransomware Ransomware Payments, UK Legislation ZACROS data breach

INC Ransom Pacific Cyber Threats OysterLoader Malware Rhysida Ransomware Black Basta Ransomware BYOVD Technique Velociraptor Abuse, Storm-2603 Ransomware Crypto24, Ransomware Ransomware Payments, UK Legislation ZACROS data breach

OysterLoader: Multi-Stage Loader Evolves to Evade Detection and Deliver Ransomware

Do Son February 16, 2026

A detailed analysis by the Sekoia TDR team has shed new light on OysterLoader, a sophisticated malware...

Excel Trap: New Phishing Campaign Deploys Fileless XWorm RAT XWorm RAT Excel Phishing

Excel Trap: New Phishing Campaign Deploys Fileless XWorm RAT

Do Son February 12, 2026

A new phishing campaign is exploiting an old vulnerability, using malicious Excel files to deploy the potent...

The “Fake CAPTCHA” Trap: Malware Hides in Google Calendar & Images CloudComputating - QSC framework

The “Fake CAPTCHA” Trap: Malware Hides in Google Calendar & Images

Do Son January 29, 2026

It starts with a simple, annoying verification box: “I am not a robot.” But a new campaign...

Hidden in Plain Site: PURELOGS Stealer Hides Malware in Archive.org Images PURELOGS Stealer Archive.org Phishing

Hidden in Plain Site: PURELOGS Stealer Hides Malware in Archive.org Images

Do Son January 21, 2026

A seemingly innocuous pharmaceutical invoice in your inbox could be the first step in a sophisticated four-stage...

Invisible Intruder: Fileless Remcos RAT Hides in Shipping Emails Fileless Remcos RAT Phishing Campaign

Invisible Intruder: Fileless Remcos RAT Hides in Shipping Emails

Do Son January 19, 2026

A sophisticated new phishing campaign has been detected in the wild, leveraging a fileless variant of the...

“Purchase Order” Deception: Sophisticated Loader Targets Manufacturing Giants in Italy, Finland, and Saudi Arabia Unified Commodity Loader, Steganographic RAT

Unified Commodity Loader, Steganographic RAT

“Purchase Order” Deception: Sophisticated Loader Targets Manufacturing Giants in Italy, Finland, and Saudi Arabia

Do Son December 23, 2025

A highly sophisticated cyber-espionage campaign is indiscriminately targeting the manufacturing and government sectors across Europe and the...

“Caminho” to Compromise: BlindEagle Hackers Hijack Government Emails in Colombia Iranian Cyber Reconnaissance IP Camera Security NCSC Warning Russian Hacktivists Taiwan Cyberattacks China State-Sponsored Hacking state-sponsored threat actor Ransomware RAT Abuse, AnyDesk

Iranian Cyber Reconnaissance IP Camera Security NCSC Warning Russian Hacktivists Taiwan Cyberattacks China State-Sponsored Hacking state-sponsored threat actor Ransomware RAT Abuse, AnyDesk

“Caminho” to Compromise: BlindEagle Hackers Hijack Government Emails in Colombia

Do Son December 22, 2025

A notorious cyber-espionage group known for terrorizing South American institutions has launched a new campaign against the...

VS Code Supply Chain Attack: 19 Extensions Used Typosquatting & Steganography to Deploy Rust Trojan

Do Son December 15, 2025

A sophisticated malware campaign has been uncovered within the Visual Studio Code (VS Code) Marketplace, exposing a...

Next-Gen Threat: Xillen Stealer v4 Targets 100+ Browsers/70+ Wallets with Polymorphic Evasion and DevOps Theft Xillen Stealer, Polymorphic Evasion

Next-Gen Threat: Xillen Stealer v4 Targets 100+ Browsers/70+ Wallets with Polymorphic Evasion and DevOps Theft

Do Son November 24, 2025

Darktrace analysts are sounding the alarm over a rapidly evolving cross-platform information-stealing malware family known as Xillen...

Extreme Stealth: Python Malware Hides Inside PNG-Disguised RAR, Injects Payload into cvtres.exe Python Malware Obfuscation, Steganographic RAR

Python Malware Obfuscation, Steganographic RAR

Extreme Stealth: Python Malware Hides Inside PNG-Disguised RAR, Injects Payload into cvtres.exe

Do Son November 24, 2025

Researchers at K7 Labs have discovered a highly obfuscated Python-based malware using multi-layer encoding, disguised archive formats,...

Stealth Stealer: New .NET Loader Hides LokiBot Payload in BMP/PNG Images Using Advanced Steganography LokiBot Steganography, .NET Loader PlugX malware YiBackdoor, ransomware

LokiBot Steganography, .NET Loader PlugX malware YiBackdoor, ransomware

Stealth Stealer: New .NET Loader Hides LokiBot Payload in BMP/PNG Images Using Advanced Steganography

Do Son November 19, 2025

The Splunk Threat Research Team (STRT) has uncovered a new variant of a .NET steganographic malware loader...

Magecart SMILODON Skimmer Infiltrates WooCommerce Via Rogue Plugin Hiding Payload in Fake PNG Image WooCommerce Skimmer, Fake PNG Steganography

WooCommerce Skimmer, Fake PNG Steganography

Magecart SMILODON Skimmer Infiltrates WooCommerce Via Rogue Plugin Hiding Payload in Fake PNG Image

Do Son October 31, 2025

The Wordfence Threat Intelligence Team has uncovered a highly sophisticated malware campaign targeting WordPress e-commerce sites using...

Stealth Stealer: PhantomVAI Loader Uses Steganography in Images to Inject Katz Stealer and Evade Sandboxes

Do Son October 16, 2025

Researchers from Palo Alto Networks’ Unit 42 have uncovered a multi-stage phishing campaign delivering a new stealthy...

Critical Alert 1 Active Exploit Detected Today