Critical Alert 1 Active Exploit Detected Today

CVE-2026-20253 — Splunk Enterprise Missing Authentication for Critical Function Vulnerability →

Powered by CVE Watchtower

×

threat intelligence

Beyond Windows: Pakistan’s APT36 Group Is Now Attacking Linux Systems with Stealthy Malware AccountDumpling Phishing Google AppSheet Abuse AI-Generated Malware PureRAT Campaign RondoDoX Botnet, Next.js React2Shell EchoGather, Paper Werewolf Salt Typhoon, Telecom Espionage BreachForums, Conor Fitzpatrick Ransomware Negotiation, DOJ Investigation MirrorFace group - Earth Kasha Emperor Dragonfly

AccountDumpling Phishing Google AppSheet Abuse AI-Generated Malware PureRAT Campaign RondoDoX Botnet, Next.js React2Shell EchoGather, Paper Werewolf Salt Typhoon, Telecom Espionage BreachForums, Conor Fitzpatrick Ransomware Negotiation, DOJ Investigation MirrorFace group - Earth Kasha Emperor Dragonfly

Beyond Windows: Pakistan’s APT36 Group Is Now Attacking Linux Systems with Stealthy Malware

Do Son August 26, 2025

The Pakistan-linked threat group APT36—also known as Transparent Tribe, Mythic Leopard, Earth Karkaddan, or Operation C-Major—has re-emerged...

Spur Links North Korean APT Infrastructure to Commercial Proxy Service WgetCloud proxy

proxy

Spur Links North Korean APT Infrastructure to Commercial Proxy Service WgetCloud

Do Son August 26, 2025

Last week, the leak site DDoSecrets.com published a data dump allegedly from a workstation of a threat...

Linux Under Attack: APT36 Launches New Cyber-Espionage Campaign on Indian Govt APT36

APT36

Linux Under Attack: APT36 Launches New Cyber-Espionage Campaign on Indian Govt

Do Son August 25, 2025

The threat landscape in South Asia has taken a new turn with the resurgence of APT36 (Transparent...

Anatsa Android Trojan Expands Its Global Reach and Targets 831 Financial Apps Android malware, Anatsa

Android malware, Anatsa

Anatsa Android Trojan Expands Its Global Reach and Targets 831 Financial Apps

Do Son August 25, 2025

The Android ecosystem continues to face persistent threats from sophisticated banking trojans. The Zscaler ThreatLabz team, which...

Gayfemboy Botnet Resurfaces with Advanced Evasion and New Targets ahost.exe DLL Sideloading Signed Application Abuse PS1Bot, malware ransomware attacks bill

ahost.exe DLL Sideloading Signed Application Abuse PS1Bot, malware ransomware attacks bill

Gayfemboy Botnet Resurfaces with Advanced Evasion and New Targets

Do Son August 25, 2025

FortiGuard Labs has been closely tracking a stealthy new malware strain known as Gayfemboy. Initially disclosed by...

BQTLock: A New Ransomware-as-a-Service Operation Blending Marketing and Malware Ransomware-as-a-Service, BQTLock

Ransomware-as-a-Service, BQTLock

BQTLock: A New Ransomware-as-a-Service Operation Blending Marketing and Malware

Do Son August 25, 2025

A new ransomware strain has entered the cybercrime marketplace, blending technical sophistication with aggressive marketing. Researchers at...

Malicious Go Package Steals Your SSH Credentials in a “Brute-Force” Scam Go module, SSH brute-force scam

Go module, SSH brute-force scam

Malicious Go Package Steals Your SSH Credentials in a “Brute-Force” Scam

Do Son August 23, 2025

The open-source ecosystem has once again been exploited to distribute malicious software. Socket’s Threat Research Team has...

ClickFix and CORNFLAKE.V3: Mandiant Uncovers a New Wave of Access-as-a-Service Campaigns ClickFix, UNC5518

ClickFix, UNC5518

ClickFix and CORNFLAKE.V3: Mandiant Uncovers a New Wave of Access-as-a-Service Campaigns

Do Son August 22, 2025

Mandiant researchers have uncovered a sophisticated cybercrime operation where compromised websites are weaponized with fake CAPTCHA pages...

Spear-Phishing Campaign Targets CFOs with Sophisticated Multi-Stage Intrusion Spear-phishing, MuddyWater

Spear-phishing, MuddyWater

Spear-Phishing Campaign Targets CFOs with Sophisticated Multi-Stage Intrusion

Do Son August 22, 2025

A new report from Hunt Intelligence reveals a highly targeted spear-phishing campaign that has been systematically preying...

Warlock Ransomware: How a New Group Is Weaponizing Unpatched SharePoint Servers

Warlock Ransomware

Warlock Ransomware: How a New Group Is Weaponizing Unpatched SharePoint Servers

Do Son August 21, 2025

A newly detailed report from Trend Micro has revealed how the Warlock ransomware group is weaponizing vulnerable...

Click-to-Compromise: PowerShell-Only RAT Campaign Targets Israeli Organizations PowerShell Phishing

PowerShell Phishing

Click-to-Compromise: PowerShell-Only RAT Campaign Targets Israeli Organizations

Do Son August 13, 2025

The FortiMail Workspace Security team has uncovered a targeted intrusion campaign against multiple Israeli organizations, exploiting compromised...

Mustang Panda Backdoor Exposed: New ToneShell Malware Masquerades as Chrome to Spy on Gov’t & Military Mercenary Akula European Financial Targeting AI-Generated Malware React2Shell Exploit UAT-8837 Critical Infrastructure Attack APT36, BOSS Linux BRICKSTORM Malware, China Espionage Curly COMrades, MucorAgent Chinese APT - HTTP Client Tools Shuckworm Cyber Espionage

Mercenary Akula European Financial Targeting AI-Generated Malware React2Shell Exploit UAT-8837 Critical Infrastructure Attack APT36, BOSS Linux BRICKSTORM Malware, China Espionage Curly COMrades, MucorAgent Chinese APT - HTTP Client Tools Shuckworm Cyber Espionage

Mustang Panda Backdoor Exposed: New ToneShell Malware Masquerades as Chrome to Spy on Gov’t & Military

Do Son August 6, 2025

A new threat analysis by Kyaw Pyiyt Htet, a CREST-certified Threat Intelligence Analyst, has revealed the inner...

APT37 Escalates Cyber-Espionage on South Korea: New RoKRAT Backdoor Uses Stealthy LNK Files & Steganography APT37, RoKRAT Malware

APT37, RoKRAT Malware

APT37 Escalates Cyber-Espionage on South Korea: New RoKRAT Backdoor Uses Stealthy LNK Files & Steganography

Do Son August 4, 2025

The North Korea-linked threat actor APT37, known for its persistent cyberespionage campaigns in South Korea and beyond,...

APT36 Escalates Cyber-Espionage on India: Poseidon Backdoor Targets Railways, Oil & Government APT36, Poseidon Backdoor

APT36, Poseidon Backdoor

APT36 Escalates Cyber-Espionage on India: Poseidon Backdoor Targets Railways, Oil & Government

Do Son August 4, 2025

APT36—also known as Transparent Tribe—has long been linked to Pakistan-backed cyber-espionage operations. But as uncovered in a...

Cisco Talos Q2 Report: Phishing & Ransomware Dominate, with Qilin Using Deprecated PowerShell 1.0 Qilin Ransomware, Phishing & Ransomware

Qilin Ransomware, Phishing & Ransomware

Cisco Talos Q2 Report: Phishing & Ransomware Dominate, with Qilin Using Deprecated PowerShell 1.0

Do Son August 1, 2025

Cisco Talos has released its latest Threat Intelligence Report for Q2 2025, revealing a threat landscape increasingly...

Gunra Ransomware Expands to Linux: New Variant Unleashes 100-Thread Encryption & Stealthy Tactics Gunra Ransomware, Linux Ransomware

Gunra Ransomware, Linux Ransomware

Gunra Ransomware Expands to Linux: New Variant Unleashes 100-Thread Encryption & Stealthy Tactics

Do Son July 30, 2025

Trend Micro has issued a spotlight on the evolving Gunra ransomware, which has extended its reach to...

QWINS LTD, The Suspected Bulletproof Hosting Provider Fueling Global Malware Campaigns Bulletproof Hosting, Malware Infrastructure

Bulletproof Hosting, Malware Infrastructure

QWINS LTD, The Suspected Bulletproof Hosting Provider Fueling Global Malware Campaigns

Do Son July 29, 2025

In a deep-dive into the infrastructure powering some of today’s most prevalent malware campaigns, security researcher Vasilis...

Koske Malware: AI-Generated Cryptojacker Hides in Panda Images to Infect Linux Servers Firefox Security, Crypto Wallets skidmap trojan

Firefox Security, Crypto Wallets skidmap trojan

Koske Malware: AI-Generated Cryptojacker Hides in Panda Images to Infect Linux Servers

Do Son July 27, 2025

Aqua Security’s Nautilus research team has uncovered a malware campaign. Dubbed Koske, this advanced Linux malware shows...

Lumma Stealer Resurfaces After Takedown: New Stealth Tactics Target Users via Fake Cracks, CAPTCHAs & GitHub Lumma Stealer, Malware Resurgence

Lumma Stealer, Malware Resurgence

Lumma Stealer Resurfaces After Takedown: New Stealth Tactics Target Users via Fake Cracks, CAPTCHAs & GitHub

Do Son July 23, 2025

The Lumma Stealer malware suffered a massive takedown in May 2025, with over 2,300 malicious domains seized....

GhostContainer: Kaspersky Uncovers Stealthy Backdoor Infiltrating Government & High-Tech Exchange Servers Exchange Backdoor, GhostContainer

Exchange Backdoor, GhostContainer

GhostContainer: Kaspersky Uncovers Stealthy Backdoor Infiltrating Government & High-Tech Exchange Servers

Do Son July 18, 2025

In a recent incident response operation, Kaspersky Labs uncovered a highly sophisticated backdoor named GhostContainer, designed to...