Telegram C2 Archives • Daily CyberSecurity

Inside the Stealthy Evolution of Vidar Infostealer Vidar Infostealer Stealth Attack Framework

Inside the Stealthy Evolution of Vidar Infostealer

Do Son April 28, 2026

Vidar, once a straightforward credential stealer, has officially completed its transformation into a “multi-stage, stealth-driven attack framework”....

The Python Predator: PXA Stealer Surges 10% as it Targets Global Finance and Crypto in 2026 PXA Stealer Surge Q1 2026 Malware Trends

The Python Predator: PXA Stealer Surges 10% as it Targets Global Finance and Crypto in 2026

Do Son April 6, 2026

Following the high-profile takedowns of major players like Lumma and RedLine in 2025, CyberProof MDR analysts have...

Inside the Rapid Evolution of the BlankGrabber Stealer BlankGrabber Stealer Python Malware Analysis

Inside the Rapid Evolution of the BlankGrabber Stealer

Do Son April 3, 2026

A deep-dive analysis by the Splunk Threat Research Team (STRT) has shed light on BlankGrabber, a Python-based...

Weaponizing Trust: FBI Warns Iran’s MOIS is Using Telegram as a Malware C2 Hub Telegram C2 Iran MOIS

Weaponizing Trust: FBI Warns Iran’s MOIS is Using Telegram as a Malware C2 Hub

Do Son March 22, 2026

The Federal Bureau of Investigation (FBI) has issued a high-priority “FLASH” alert detailing a sophisticated cyber-intelligence operation...

The New Face of Phishing: Hackers Weaponize Browser Prompts to Steal Biometric Data Biometric Phishing Browser Permission Hijacking

The New Face of Phishing: Hackers Weaponize Browser Prompts to Steal Biometric Data

Do Son March 19, 2026

A highly active social engineering campaign is rewriting the phishing playbook by shifting its focus from simple...

Operation Olalampo: MuddyWater Unleashes AI-Assisted Rust Malware and Telegram C2 in MENA Espionage Surge Harvester APT Linux Backdoor OT Cyberattack Iranian APT Operation Olalampo MuddyWater APT Prince of Persia APT, Tonnerre v50 Patchwork APT, DLL Sideloading Subtle Snail, cyber espionage ShadowSilk, cyber espionage Volt Typhoon APT Group - Chinese Cybersecurity Firm

Harvester APT Linux Backdoor OT Cyberattack Iranian APT Operation Olalampo MuddyWater APT Prince of Persia APT, Tonnerre v50 Patchwork APT, DLL Sideloading Subtle Snail, cyber espionage ShadowSilk, cyber espionage Volt Typhoon APT Group - Chinese Cybersecurity Firm

Operation Olalampo: MuddyWater Unleashes AI-Assisted Rust Malware and Telegram C2 in MENA Espionage Surge

Do Son February 24, 2026

A new wave of targeted cyber-espionage is sweeping across the Middle East and North Africa (MENA) region....

TAMECAT Exposed: APT42’s Fileless Backdoor Targets Defense Chiefs AI Fraud Schemes TAMECAT Malware APT42 Espionage

TAMECAT Exposed: APT42’s Fileless Backdoor Targets Defense Chiefs

Do Son February 4, 2026

A sophisticated espionage campaign targeting senior defense and government officials has been linked to APT42, an Iranian...

AI-Coded Oppression: “RedKitten” Malware Targets Iranian Protesters Vulnerability Digest Zero-Day Exploits Seedworm APT Dindoor Backdoor RedKitten Campaign AI-Generated Malware WSUS RCE ShadowPad CVE-2025-59287

Vulnerability Digest Zero-Day Exploits Seedworm APT Dindoor Backdoor RedKitten Campaign AI-Generated Malware WSUS RCE ShadowPad CVE-2025-59287

AI-Coded Oppression: “RedKitten” Malware Targets Iranian Protesters

Do Son February 3, 2026

In a disturbing fusion of human rights abuses and artificial intelligence, researchers at HarfangLab have uncovered a...

Iranian “Prince of Persia” APT Resurfaces with Telegram-Controlled Stealth Malware Harvester APT Linux Backdoor OT Cyberattack Iranian APT Operation Olalampo MuddyWater APT Prince of Persia APT, Tonnerre v50 Patchwork APT, DLL Sideloading Subtle Snail, cyber espionage ShadowSilk, cyber espionage Volt Typhoon APT Group - Chinese Cybersecurity Firm

Iranian “Prince of Persia” APT Resurfaces with Telegram-Controlled Stealth Malware

Do Son December 23, 2025

After years of radio silence that led many to believe they had disbanded, one of Iran’s most...

China-Nexus Autumn Dragon APT Exploits WinRAR Flaw to Deploy Telegram C2 Backdoor Autumn Dragon Espionage, DLL Sideloading Moldova disinformation AcidPour Wiper Malware

Autumn Dragon Espionage, DLL Sideloading Moldova disinformation AcidPour Wiper Malware

China-Nexus Autumn Dragon APT Exploits WinRAR Flaw to Deploy Telegram C2 Backdoor

Do Son November 25, 2025

A newly published report from CyberArmor has uncovered a months-long espionage campaign targeting government and media organizations...

Phishing-as-a-Service Uncovered: Automated Kit Impersonates Aruba S.p.A. to Steal Credentials and Credit Cards Layoff Phishing Scam Remcos RAT Malware Aruba Phishing, Phishing-as-a-Service PyPI, phishing CVE-2024-25608 PyPI Phishing, Credential Theft

Layoff Phishing Scam Remcos RAT Malware Aruba Phishing, Phishing-as-a-Service PyPI, phishing CVE-2024-25608 PyPI Phishing, Credential Theft

Phishing-as-a-Service Uncovered: Automated Kit Impersonates Aruba S.p.A. to Steal Credentials and Credit Cards

Do Son November 17, 2025

A new report from Group-IB exposes a highly automated phishing framework engineered to impersonate Italian IT and...

Telegram-Powered Phishing Campaign Targets European Businesses Using HTML Attachments to Steal Credentials

Do Son November 11, 2025

Researchers from Cyble Research and Intelligence Labs (CRIL) have uncovered a massive, multi-brand phishing campaign that uses...

Tap-and-Steal: Over 760 Android Apps Exploit NFC/HCE for Payment Card Theft in Global Financial Scam Donot APT Group - Android zero-day

Tap-and-Steal: Over 760 Android Apps Exploit NFC/HCE for Payment Card Theft in Global Financial Scam

Do Son November 3, 2025

Researchers from Zimperium zLabs have uncovered a rapidly growing cybercrime trend involving Android applications that abuse NFC...

Python RAT Disguised as Minecraft Client Uses Telegram Bot API for Cross-Platform Command & Control Python RAT Telegram, Minecraft Lure

Python RAT Disguised as Minecraft Client Uses Telegram Bot API for Cross-Platform Command & Control

Do Son October 27, 2025

Researchers from Netskope have uncovered a new cross-platform Python-based Remote Access Trojan (RAT) disguised as a popular...

GhostBat RAT Android Malware Targets Indian Users with Fake RTO Apps and Telegram Bot C2 GhostBat RAT, RTO App Phishing

GhostBat RAT Android Malware Targets Indian Users with Fake RTO Apps and Telegram Bot C2

Do Son October 15, 2025

A new report from Cyble Research and Intelligence Labs (CRIL) has uncovered a sophisticated Android malware campaign...

New Stealit Infostealer Abuses Node.js SEA Feature and Telegram C2 in Malware-as-a-Service Campaign Stealit Node.js SEA, Telegram C2

New Stealit Infostealer Abuses Node.js SEA Feature and Telegram C2 in Malware-as-a-Service Campaign

Do Son October 13, 2025

FortiGuard Labs has identified a new and active Stealit malware campaign that abuses the Node.js Single Executable...

New Shuyal Stealer Malware Targets 19 Browsers, Disables Windows Task Manager for Stealth Shuyal Stealer, Task Manager Evasion

New Shuyal Stealer Malware Targets 19 Browsers, Disables Windows Task Manager for Stealth

Do Son October 8, 2025

Security researchers at Point Wild have uncovered a new information-stealing malware dubbed Shuyal Stealer, which pushes the...

Cavalry Werewolf APT Targets Russian Agencies with FoalShell and Telegram C2 FBI email system hack

Cavalry Werewolf APT Targets Russian Agencies with FoalShell and Telegram C2

Do Son October 3, 2025

The threat actor known as Cavalry Werewolf has been observed ramping up its operations between May and...

New Lone None Stealer Malware Hijacks Crypto Wallets via Fake Copyright Takedown Notices BingX cyberattack FortiGate SSO Attacks Firewall Config Theft

BingX cyberattack FortiGate SSO Attacks Firewall Config Theft

New Lone None Stealer Malware Hijacks Crypto Wallets via Fake Copyright Takedown Notices

Do Son September 26, 2025

Cofense Intelligence has uncovered an evolving phishing campaign that uses copyright takedown notices as its primary lure....

Warning: “Educational” Octalyn Forensic Toolkit is a Dangerous Telegram-Controlled Credential Stealer Credential Stealer, Octalyn Toolkit

Warning: “Educational” Octalyn Forensic Toolkit is a Dangerous Telegram-Controlled Credential Stealer

Do Son July 16, 2025

Researchers at Cyfirma have uncovered a disturbing example of how a so-called “educational” tool can cross the...

Critical Alert 3 Active Exploits Detected Today

Critical Alert

Telegram C2

The Python Predator: PXA Stealer Surges 10% as it Targets Global Finance and Crypto in 2026

Inside the Rapid Evolution of the BlankGrabber Stealer

Weaponizing Trust: FBI Warns Iran’s MOIS is Using Telegram as a Malware C2 Hub

AI-Coded Oppression: “RedKitten” Malware Targets Iranian Protesters

Iranian “Prince of Persia” APT Resurfaces with Telegram-Controlled Stealth Malware

China-Nexus Autumn Dragon APT Exploits WinRAR Flaw to Deploy Telegram C2 Backdoor

Phishing-as-a-Service Uncovered: Automated Kit Impersonates Aruba S.p.A. to Steal Credentials and Credit Cards

Telegram-Powered Phishing Campaign Targets European Businesses Using HTML Attachments to Steal Credentials

Tap-and-Steal: Over 760 Android Apps Exploit NFC/HCE for Payment Card Theft in Global Financial Scam

Python RAT Disguised as Minecraft Client Uses Telegram Bot API for Cross-Platform Command & Control

GhostBat RAT Android Malware Targets Indian Users with Fake RTO Apps and Telegram Bot C2

New Stealit Infostealer Abuses Node.js SEA Feature and Telegram C2 in Malware-as-a-Service Campaign

New Shuyal Stealer Malware Targets 19 Browsers, Disables Windows Task Manager for Stealth

Cavalry Werewolf APT Targets Russian Agencies with FoalShell and Telegram C2

New Lone None Stealer Malware Hijacks Crypto Wallets via Fake Copyright Takedown Notices

Warning: “Educational” Octalyn Forensic Toolkit is a Dangerous Telegram-Controlled Credential Stealer