threat intelligence Archives • Page 11 of 13 • Daily CyberSecurity

SonicWall SMA Devices Under Attack: UNC6148 Deploys OVERSTEP Rootkit for Persistent Access SonicWall Hack, Rootkit

SonicWall SMA Devices Under Attack: UNC6148 Deploys OVERSTEP Rootkit for Persistent Access

Do Son July 17, 2025

Google’s Threat Intelligence Group (GTIG) uncovers a stealthy, sophisticated campaign led by a financially motivated actor tracked...

Stealthy SquidLoader Malware Targets Hong Kong Financial Firms with Evasive Cobalt Strike Attacks

Do Son July 17, 2025

Trellix’s threat intelligence team has uncovered a stealthy malware campaign aimed squarely at financial services institutions in...

New PhantomRemote Backdoor Targets Russian Healthcare & IT, Linked to Rainbow Hyena Attacks PhantomRemote Backdoor, Rainbow Hyena

New PhantomRemote Backdoor Targets Russian Healthcare & IT, Linked to Rainbow Hyena Attacks

Do Son July 16, 2025

A new wave of phishing attacks has been observed sweeping across Russia’s healthcare and IT sectors, attributed...

SLOW#TEMPEST: Advanced Obfuscation Evades Static Analysis With CFG & Indirect Calls SLOW#TEMPEST, Malware Obfuscation

SLOW#TEMPEST: Advanced Obfuscation Evades Static Analysis With CFG & Indirect Calls

Do Son July 14, 2025

In late 2024, security researchers from Unit 42 uncovered a sophisticated new variant of the malware associated...

From Stealer to Spy: AMOS Malware Evolves into Full-Fledged Backdoor Threat for macOS AMOS, macOS backdoor

From Stealer to Spy: AMOS Malware Evolves into Full-Fledged Backdoor Threat for macOS

Do Son July 10, 2025

In a disturbing evolution of macOS malware, Moonlock Lab has discovered that Atomic macOS Stealer (AMOS)—already notorious...

Malicious Firefox Extensions Unmasked: Fake Games, VPNs, & Calendar Tools Hijack Traffic, Steal Crypto & OAuth Tokens Firefox Extensions, Malware Campaign

Malicious Firefox Extensions Unmasked: Fake Games, VPNs, & Calendar Tools Hijack Traffic, Steal Crypto & OAuth Tokens

Do Son July 7, 2025

A new report by the Socket Threat Research Team has uncovered a sprawling network of malicious Firefox...

Proofpoint Exposes TA829 & UNK_GreenSec’s Dual-Nature Campaigns TA829

Proofpoint Exposes TA829 & UNK_GreenSec’s Dual-Nature Campaigns

Do Son July 1, 2025

Proofpoint’s latest research exposes a pair of closely related threat actor clusters—TA829 and UNK_GreenSec. Described as “a...

Snake Keylogger Exploits Geopolitical Tensions with Oil-Themed Spearphishing Campaign

Do Son June 30, 2025

The S2 Group’s intelligence team has uncovered a new and sophisticated phishing campaign deploying Snake Keylogger, a...

GIFTEDCROOK Evolves: Arctic Wolf Labs Exposes Threat Group UAC-0226’s Espionage on Ukraine

Do Son June 27, 2025

In a major revelation, Arctic Wolf Labs has exposed a series of escalating cyber-espionage campaigns launched by...

China-Aligned Hive0154 APT Strikes Tibetan Community: Pubload Backdoor Delivered via Phishing Lures Artivion cybersecurity - Zero-Day Attacks

Artivion cybersecurity - Zero-Day Attacks

China-Aligned Hive0154 APT Strikes Tibetan Community: Pubload Backdoor Delivered via Phishing Lures

Do Son June 27, 2025

In a politically charged cyber-espionage campaign, IBM X-Force has identified the resurgence of the China-aligned threat group...

Iranian APT “Educated Manticore” Unleashes AI-Powered Phishing & Keylogging Against Critics

Do Son June 27, 2025

Check Point Research has uncovered a new wave of targeted cyber-espionage activity linked to Educated Manticore, an...

LapDogs: China-Nexus Threat Actors Deploy Covert ORB Network on 1,000+ SOHO Devices Globally LapDogs, China-Nexus ORB

LapDogs: China-Nexus Threat Actors Deploy Covert ORB Network on 1,000+ SOHO Devices Globally

Do Son June 25, 2025

In a new report, SecurityScorecard’s STRIKE threat intelligence team has exposed a covert espionage campaign dubbed “LapDogs”,...

SHOE RACK Malware: NCSC Uncovers Stealthy Reverse SSH & DoH Post-Exploitation Tool Targeting FortiGate Firewalls SHOE RACK Malware, Reverse SSH

SHOE RACK Malware: NCSC Uncovers Stealthy Reverse SSH & DoH Post-Exploitation Tool Targeting FortiGate Firewalls

Do Son June 24, 2025

A new malware tool dubbed SHOE RACK has come under the microscope of the UK’s National Cyber...

Confucius Group Evolves: Researcher Uncovers New Modular Backdoor “Anondoor” in Latest Espionage Campaign Confucius APT, Anondoor Backdoor

Confucius Group Evolves: Researcher Uncovers New Modular Backdoor “Anondoor” in Latest Espionage Campaign

Do Son June 23, 2025

The Confucius APT group—long associated with cyber-espionage operations targeting government and military organizations in South and East...

Prometei Botnet Evolves: Linux Variant Returns With Stealthier Payloads and Monero Mining Focus Prometei Botnet, Linux Malware

Prometei Botnet Evolves: Linux Variant Returns With Stealthier Payloads and Monero Mining Focus

Do Son June 23, 2025

In March 2025, researchers at Palo Alto Networks’ Unit 42 uncovered a resurgence of the Prometei botnet,...

NCSC Uncovers “UMBRELLA STAND” Malware: Stealthy Backdoor Targets Fortinet FortiGate Firewalls Fortinet Malware, Cyber-Espionage

NCSC Uncovers “UMBRELLA STAND” Malware: Stealthy Backdoor Targets Fortinet FortiGate Firewalls

Do Son June 23, 2025

A new malware campaign dubbed UMBRELLA STAND has been uncovered by the UK’s National Cyber Security Centre...

RapperBot Resurfaces: 50,000+ Bots Demand Monero Extortion in New DDoS Campaigns RapperBot Botnet, DDoS Extortion

RapperBot Resurfaces: 50,000+ Bots Demand Monero Extortion in New DDoS Campaigns

Do Son June 23, 2025

A botnet called RapperBot blends technical evolution with internet-era bravado to launch attacks on over 50,000 devices...

Shadow Vector: Malicious SVGs Deliver AsyncRAT & RemcosRAT in Colombian Phishing Campaign! Shadow Vector, RAT Malware

Shadow Vector: Malicious SVGs Deliver AsyncRAT & RemcosRAT in Colombian Phishing Campaign!

Do Son June 23, 2025

The Acronis Threat Research Unit (TRU) has uncovered a stealthy and technically mature malware campaign dubbed Shadow...

Fileless Masslogger Infostealer Spreading via VBScript (.VBE) & Hiding in Your Registry GuLoader Malware CloudEye Obfuscation npm, malware Ethereum, npm supply chain OAST techniques StilachiRAT macOS Malware PasivRobber

GuLoader Malware CloudEye Obfuscation npm, malware Ethereum, npm supply chain OAST techniques StilachiRAT macOS Malware PasivRobber

Fileless Masslogger Infostealer Spreading via VBScript (.VBE) & Hiding in Your Registry

Do Son June 21, 2025

Hackers have once again employed rarely used yet remarkably effective techniques to compromise systems—this time by disguising...

ComfyUI Under Attack: “Pickai” C++ Backdoor Compromises 700+ AI Image Generation Servers Globally

Do Son June 20, 2025

In a concerning development for AI infrastructure security, XLab has uncovered an active exploitation campaign targeting ComfyUI—a...

Critical Alert 1 Active Exploit Detected Today