threat intelligence

Unmasking Salt Typhoon: A Report Exposes 45 New Domains from a Chinese APT Group TanStack Typosquatting npm Supply Chain Attack Axios Supply Chain Attack npm Poisoning eScan Supply Chain Attack Antivirus Compromise APT-36, NCERT WhatsApp Advisory FBI alert, Salesforce Salt Typhoon, APT group ConnectWise ScreenConnect hack Nation-state cyberattack FortiGate Leak - zkLend vulnerability - TRIPLESTRENGTH Threat Actor Group Dark Storm

TanStack Typosquatting npm Supply Chain Attack Axios Supply Chain Attack npm Poisoning eScan Supply Chain Attack Antivirus Compromise APT-36, NCERT WhatsApp Advisory FBI alert, Salesforce Salt Typhoon, APT group ConnectWise ScreenConnect hack Nation-state cyberattack FortiGate Leak - zkLend vulnerability - TRIPLESTRENGTH Threat Actor Group Dark Storm

Unmasking Salt Typhoon: A Report Exposes 45 New Domains from a Chinese APT Group

Ddos September 9, 2025

Threat analysts at Silent Push have identified dozens of previously unreported domains tied to Salt Typhoon, a...

Inf0s3c Stealer: A Stealthy Python Malware Is Abusing Discord to Steal Data Inf0s3c Stealer, Windows malware

Inf0s3c Stealer, Windows malware

Inf0s3c Stealer: A Stealthy Python Malware Is Abusing Discord to Steal Data

Ddos September 3, 2025

Cyfirma’s Threat Intelligence team has released a technical analysis of Inf0s3c Stealer, a Python-based information grabber designed...

TinkyWinkey: A Stealthy New Keylogger Is Hunting for Credentials on Windows TinkyWinkey Keylogger, Windows malware

TinkyWinkey Keylogger, Windows malware

TinkyWinkey: A Stealthy New Keylogger Is Hunting for Credentials on Windows

Ddos September 2, 2025

Researchers at CYFIRMA have released an in-depth analysis of a newly observed Windows malware family dubbed the...

SpyNote’s New Lure: The Stealthy Campaign Using Fake App Stores Android RAT, SpyNote

Android RAT, SpyNote

SpyNote’s New Lure: The Stealthy Campaign Using Fake App Stores

Ddos August 27, 2025

Researchers at DomainTools have uncovered a persistent SpyNote Android Remote Access Trojan (RAT) campaign, where threat actors...

Cephalus: The New Ransomware That Abuses Legitimate Tools to Bypass Security

Cephalus Ransomware

Cephalus: The New Ransomware That Abuses Legitimate Tools to Bypass Security

Ddos August 27, 2025

Recently, threat hunters at Huntress observed two separate incidents involving a new ransomware variant dubbed Cephalus. The...

CISA Adds Citrix and Git Flaws to Known Exploited Vulnerabilities Catalog n8n RCE Vulnerability CVE-2025-68613 CISA KEV WinRAR Zero-Day, Cloud Files UAF OpenPLC ScadaBR, CVE-2021-26829 CISA KEV, Gladinet LFI RCE XWiki RCE, VMware EoP CISA KEV CISA, Known Exploited Vulnerabilities CVE-2020-2883 CISA, Trend Micro

n8n RCE Vulnerability CVE-2025-68613 CISA KEV WinRAR Zero-Day, Cloud Files UAF OpenPLC ScadaBR, CVE-2021-26829 CISA KEV, Gladinet LFI RCE XWiki RCE, VMware EoP CISA KEV CISA, Known Exploited Vulnerabilities CVE-2020-2883 CISA, Trend Micro

CISA Adds Citrix and Git Flaws to Known Exploited Vulnerabilities Catalog

Ddos August 26, 2025

The Cybersecurity and Infrastructure Security Agency (CISA) has added three new vulnerabilities to its Known Exploited Vulnerabilities...

A Storm Is Coming: A Massive Coordinated Attack Is Probing RDP Connections RDP scanning, Remote Desktop Protocol

RDP scanning, Remote Desktop Protocol

A Storm Is Coming: A Massive Coordinated Attack Is Probing RDP Connections

Ddos August 26, 2025

Security intelligence firm GreyNoise has sounded the alarm over a massive spike in Microsoft Remote Desktop (RDP)...

Beyond Banks: Android Malware Is Getting Smarter to Bypass Google Play Protect CVE-2023-20951 Honor Update

CVE-2023-20951 Honor Update

Beyond Banks: Android Malware Is Getting Smarter to Bypass Google Play Protect

Ddos August 26, 2025

Droppers—seemingly harmless apps that secretly deliver malware—have long been a key part of Android cybercrime. But according...

Beyond Windows: Pakistan’s APT36 Group Is Now Attacking Linux Systems with Stealthy Malware AccountDumpling Phishing Google AppSheet Abuse AI-Generated Malware PureRAT Campaign RondoDoX Botnet, Next.js React2Shell EchoGather, Paper Werewolf Salt Typhoon, Telecom Espionage BreachForums, Conor Fitzpatrick Ransomware Negotiation, DOJ Investigation MirrorFace group - Earth Kasha Emperor Dragonfly

AccountDumpling Phishing Google AppSheet Abuse AI-Generated Malware PureRAT Campaign RondoDoX Botnet, Next.js React2Shell EchoGather, Paper Werewolf Salt Typhoon, Telecom Espionage BreachForums, Conor Fitzpatrick Ransomware Negotiation, DOJ Investigation MirrorFace group - Earth Kasha Emperor Dragonfly

Beyond Windows: Pakistan’s APT36 Group Is Now Attacking Linux Systems with Stealthy Malware

Ddos August 26, 2025

The Pakistan-linked threat group APT36—also known as Transparent Tribe, Mythic Leopard, Earth Karkaddan, or Operation C-Major—has re-emerged...

Spur Links North Korean APT Infrastructure to Commercial Proxy Service WgetCloud proxy

proxy

Spur Links North Korean APT Infrastructure to Commercial Proxy Service WgetCloud

Ddos August 26, 2025

Last week, the leak site DDoSecrets.com published a data dump allegedly from a workstation of a threat...

Linux Under Attack: APT36 Launches New Cyber-Espionage Campaign on Indian Govt APT36

APT36

Linux Under Attack: APT36 Launches New Cyber-Espionage Campaign on Indian Govt

Ddos August 25, 2025

The threat landscape in South Asia has taken a new turn with the resurgence of APT36 (Transparent...

Anatsa Android Trojan Expands Its Global Reach and Targets 831 Financial Apps Android malware, Anatsa

Android malware, Anatsa

Anatsa Android Trojan Expands Its Global Reach and Targets 831 Financial Apps

Ddos August 25, 2025

The Android ecosystem continues to face persistent threats from sophisticated banking trojans. The Zscaler ThreatLabz team, which...

Gayfemboy Botnet Resurfaces with Advanced Evasion and New Targets ahost.exe DLL Sideloading Signed Application Abuse PS1Bot, malware ransomware attacks bill

ahost.exe DLL Sideloading Signed Application Abuse PS1Bot, malware ransomware attacks bill

Gayfemboy Botnet Resurfaces with Advanced Evasion and New Targets

Ddos August 25, 2025

FortiGuard Labs has been closely tracking a stealthy new malware strain known as Gayfemboy. Initially disclosed by...

BQTLock: A New Ransomware-as-a-Service Operation Blending Marketing and Malware Ransomware-as-a-Service, BQTLock

Ransomware-as-a-Service, BQTLock

BQTLock: A New Ransomware-as-a-Service Operation Blending Marketing and Malware

Ddos August 25, 2025

A new ransomware strain has entered the cybercrime marketplace, blending technical sophistication with aggressive marketing. Researchers at...

Malicious Go Package Steals Your SSH Credentials in a “Brute-Force” Scam Go module, SSH brute-force scam

Go module, SSH brute-force scam

Malicious Go Package Steals Your SSH Credentials in a “Brute-Force” Scam

Ddos August 23, 2025

The open-source ecosystem has once again been exploited to distribute malicious software. Socket’s Threat Research Team has...

ClickFix and CORNFLAKE.V3: Mandiant Uncovers a New Wave of Access-as-a-Service Campaigns ClickFix, UNC5518

ClickFix, UNC5518

ClickFix and CORNFLAKE.V3: Mandiant Uncovers a New Wave of Access-as-a-Service Campaigns

Ddos August 22, 2025

Mandiant researchers have uncovered a sophisticated cybercrime operation where compromised websites are weaponized with fake CAPTCHA pages...

Spear-Phishing Campaign Targets CFOs with Sophisticated Multi-Stage Intrusion Spear-phishing, MuddyWater

Spear-phishing, MuddyWater

Spear-Phishing Campaign Targets CFOs with Sophisticated Multi-Stage Intrusion

Ddos August 22, 2025

A new report from Hunt Intelligence reveals a highly targeted spear-phishing campaign that has been systematically preying...

Warlock Ransomware: How a New Group Is Weaponizing Unpatched SharePoint Servers

Warlock Ransomware

Warlock Ransomware: How a New Group Is Weaponizing Unpatched SharePoint Servers

Ddos August 21, 2025

A newly detailed report from Trend Micro has revealed how the Warlock ransomware group is weaponizing vulnerable...

Click-to-Compromise: PowerShell-Only RAT Campaign Targets Israeli Organizations PowerShell Phishing

PowerShell Phishing

Click-to-Compromise: PowerShell-Only RAT Campaign Targets Israeli Organizations

Ddos August 13, 2025

The FortiMail Workspace Security team has uncovered a targeted intrusion campaign against multiple Israeli organizations, exploiting compromised...

Mustang Panda Backdoor Exposed: New ToneShell Malware Masquerades as Chrome to Spy on Gov’t & Military Mercenary Akula European Financial Targeting AI-Generated Malware React2Shell Exploit UAT-8837 Critical Infrastructure Attack APT36, BOSS Linux BRICKSTORM Malware, China Espionage Curly COMrades, MucorAgent Chinese APT - HTTP Client Tools Shuckworm Cyber Espionage

Mercenary Akula European Financial Targeting AI-Generated Malware React2Shell Exploit UAT-8837 Critical Infrastructure Attack APT36, BOSS Linux BRICKSTORM Malware, China Espionage Curly COMrades, MucorAgent Chinese APT - HTTP Client Tools Shuckworm Cyber Espionage

Mustang Panda Backdoor Exposed: New ToneShell Malware Masquerades as Chrome to Spy on Gov’t & Military

Ddos August 6, 2025

A new threat analysis by Kyaw Pyiyt Htet, a CREST-certified Threat Intelligence Analyst, has revealed the inner...