threat actor Archives • Daily CyberSecurity

LockBit 5.0 Ransomware: Cross-Platform Evolution Targets Windows, Linux, and ESXi LockBit 5.0, Cross-Platform Ransomware

LockBit 5.0 Ransomware: Cross-Platform Evolution Targets Windows, Linux, and ESXi

Do Son September 27, 2025

Trend Research has released an in-depth analysis of LockBit 5.0, the latest evolution of one of the...

APT28’s BeardShell Campaign: Steganography, Cloud Abuse, and Persistent Espionage Labkotec LID-3300IP CVE-2026-1775 ASUSTOR ADM Vulnerability CVE-2026-3179 Russian Cyberattacks - Security Operations Center

Labkotec LID-3300IP CVE-2026-1775 ASUSTOR ADM Vulnerability CVE-2026-3179 Russian Cyberattacks - Security Operations Center

APT28’s BeardShell Campaign: Steganography, Cloud Abuse, and Persistent Espionage

Do Son September 17, 2025

The Russian-linked threat actor APT28, also known as Sofacy, Fancy Bear, Forest Blizzard, and TAG-110, has unveiled...

From CastleLoader to CastleRAT: TAG-150’s Multi-Tiered Cyber Arsenal Expands AccountDumpling Phishing Google AppSheet Abuse AI-Generated Malware PureRAT Campaign RondoDoX Botnet, Next.js React2Shell EchoGather, Paper Werewolf Salt Typhoon, Telecom Espionage BreachForums, Conor Fitzpatrick Ransomware Negotiation, DOJ Investigation MirrorFace group - Earth Kasha Emperor Dragonfly

AccountDumpling Phishing Google AppSheet Abuse AI-Generated Malware PureRAT Campaign RondoDoX Botnet, Next.js React2Shell EchoGather, Paper Werewolf Salt Typhoon, Telecom Espionage BreachForums, Conor Fitzpatrick Ransomware Negotiation, DOJ Investigation MirrorFace group - Earth Kasha Emperor Dragonfly

From CastleLoader to CastleRAT: TAG-150’s Multi-Tiered Cyber Arsenal Expands

Do Son September 9, 2025

Security researchers at Insikt Group have uncovered a major advancement in the operations of a newly designated...

UAC-0057 Targets Ukraine and Poland with Weaponized Archives and Evolving Implants BlueNoroff macOS Attack GhostCall Campaign Carding Underground Bulletproof Hosting DPRK Contagious Interview, npm Flood Stonefly group -HiatusRAT Actors

BlueNoroff macOS Attack GhostCall Campaign Carding Underground Bulletproof Hosting DPRK Contagious Interview, npm Flood Stonefly group -HiatusRAT Actors

UAC-0057 Targets Ukraine and Poland with Weaponized Archives and Evolving Implants

Do Son August 22, 2025

In a newly released report, French cybersecurity firm HarfangLab has revealed details of two interconnected cyber espionage...

LockBit Ransomware Evolves: New Stealthy Tactics Use DLL Sideloading & Masquerading to Bypass Defenses LockBit Ransomware, DLL Sideloading

LockBit Ransomware Evolves: New Stealthy Tactics Use DLL Sideloading & Masquerading to Bypass Defenses

Do Son August 1, 2025

LockBit isn’t just another ransomware group—it’s an evolving threat that continues to adapt its tactics to evade...

GOLD BLADE Unleashes RedLoader with Novel Attack Chain: LNK Files + WebDAV + DLL Sideloading Evades Detection RedLoader, DLL Sideloading

GOLD BLADE Unleashes RedLoader with Novel Attack Chain: LNK Files + WebDAV + DLL Sideloading Evades Detection

Do Son July 31, 2025

Sophos analysts have uncovered a newly combined infection technique used by the GOLD BLADE cybercriminal group to...

BlackSuit: New Royal/Conti Rebrand Hits With Speed, Stealth, & Data Exfiltration

Do Son July 15, 2025

A recent Cybereason investigation has shed light on a highly coordinated and destructive ransomware campaign carried out...

New BERT Ransomware Unleashed: Multi-Threaded Attacks Hit Windows, Linux & ESXi with REvil Links

Do Son July 8, 2025

Security analysts at Trend Micro observed the rise of a previously unknown ransomware group now tracked as...

Linux Servers Hijacked: Attackers Install Legitimate Proxy Software for Covert Operations Linux Proxy Malware, Legitimate Tool Abuse

Linux Servers Hijacked: Attackers Install Legitimate Proxy Software for Covert Operations

Do Son July 3, 2025

The AhnLab SEcurity intelligence Center (ASEC) has uncovered a series of attacks on poorly secured Linux servers,...

Microsoft 365 “Direct Send” Abused: Phishing Campaign Spoofs Internal Users, Bypasses Security

Do Son June 28, 2025

Varonis’ Managed Data Detection and Response (MDDR) Forensics team has uncovered a stealthy and widespread phishing campaign...

African Financial Institutions Targeted: “CL-CRI-1014” IAB Uses Open-Source Tools & Forged Signatures for Covert Access

Do Son June 26, 2025

Cybersecurity researchers from Palo Alto Networks’ Unit 42 have uncovered an extensive and methodical attack campaign targeting...

Tor Meets Docker: Sophisticated Crypto-Mining Campaign Hijacks Misconfigured APIs

Do Son June 19, 2025

Trend Micro researchers have uncovered a stealthy new attack method that fuses misconfigured Docker remote APIs with...

Water Curse: GitHub Supply Chain Attack Spreads Malware via Fake Tools, Targets Devs & Gamers

Do Son June 17, 2025

In a sweeping campaign that blends social engineering with software subversion, a newly identified threat actor dubbed...

Sophos Unmasks Sakura RAT: Hackers Hacking Hackers with Backdoored Malware! Sakura RAT, Hacker Malware

Sophos Unmasks Sakura RAT: Hackers Hacking Hackers with Backdoored Malware!

Do Son June 5, 2025

In a recent deep dive, Sophos X-Ops uncovered a sophisticated campaign that’s not targeting enterprises or governments,...

Gh0st in the Machine: ASEC Uncovers Cryptomining Campaign Exploiting Korean Internet Cafés Gh0st RAT, CoinMiner

Gh0st in the Machine: ASEC Uncovers Cryptomining Campaign Exploiting Korean Internet Cafés

Do Son June 3, 2025

In a revealing analysis, the AhnLab Security Intelligence Center (ASEC) has uncovered a sophisticated, ongoing malware campaign...

Russian GRU’s APT28 Targets Global Logistics Supporting Ukraine Defense APT28 cyber-espionage, GRU cyberattack

Russian GRU’s APT28 Targets Global Logistics Supporting Ukraine Defense

Do Son May 21, 2025

A new Joint Cybersecurity Advisory issued in May 2025 by a coalition of cybersecurity and intelligence agencies...

Hazy Hawk: Stealthy Threat Actor Hijacks High-Profile Subdomains

Do Son May 21, 2025

Infoblox researchers have uncovered a sophisticated and stealthy threat actor dubbed Hazy Hawk, a group exploiting DNS...

TA406 Cyber Campaign: North Korea’s Focus on Ukraine Intelligence

Do Son May 14, 2025

In a recently disclosed campaign, TA406, a North Korean state-aligned threat actor, has expanded its cyber-espionage efforts...

Swan Vector Espionage Targets Japan & Taiwan with Advanced Malware

Do Son May 14, 2025

The Seqrite Labs APT-Team has uncovered a complex cyber-espionage operation dubbed Swan Vector, targeting educational institutions and...

Agenda Ransomware Evolves with NETXLOADER and SmokeLoader in Global Campaigns Agenda ransomware, NETXLOADER

Agenda Ransomware Evolves with NETXLOADER and SmokeLoader in Global Campaigns

Do Son May 8, 2025

Agenda ransomware, also known as Qilin, has returned. In a recent exposé by Trend Micro, researchers have...

Critical Alert 1 Active Exploit Detected Today