threat intelligence Archives • Page 9 of 13 • Daily CyberSecurity

Popular Chinese Utility Hijacked to Deploy Browser Malware Grafana Exploitation, Coordinated Scanning Arcserve UDP Vulnerabilities

Popular Chinese Utility Hijacked to Deploy Browser Malware

Do Son January 7, 2026

The RedDrip Team at QiAnXin Technology’s Threat Intelligence Center has uncovered a widespread malware campaign hiding inside...

“Silver Fox” Unmasked: Chinese APT Group Impersonates Indian Tax Officials in Targeted Cyber Campaign Silver Fox APT, Valley RAT

“Silver Fox” Unmasked: Chinese APT Group Impersonates Indian Tax Officials in Targeted Cyber Campaign

Do Son December 26, 2025

As tax season approaches, a sophisticated cyber-espionage campaign is targeting Indian organizations with highly convincing phishing lures....

The Ghost in the Market: Unmasking “Fly,” the Secret Architect of the Infamous Russian Market CRussian Market, "Fly" (Flyded) hange Healthcare Cyberattack - CVE-2024-50603 Exploit

CRussian Market, "Fly" (Flyded) hange Healthcare Cyberattack - CVE-2024-50603 Exploit

The Ghost in the Market: Unmasking “Fly,” the Secret Architect of the Infamous Russian Market

Do Son December 25, 2025

For over a decade, Russian Market has stood as a pillar of the cybercrime underground, a sprawling...

Shadows of the North: Unmasking the Sprawling Cyber Infrastructure of the DPRK DPRK Cyber Ecosystem, Unified Hacking Infrastructure

Shadows of the North: Unmasking the Sprawling Cyber Infrastructure of the DPRK

Do Son December 22, 2025

A new collaborative investigation has exposed the intricate and overlapping infrastructure powering North Korea’s most notorious cyber...

The BOSS Breach: APT36 Pivots to Linux Espionage with “Silent” Shortcuts Mercenary Akula European Financial Targeting AI-Generated Malware React2Shell Exploit UAT-8837 Critical Infrastructure Attack APT36, BOSS Linux BRICKSTORM Malware, China Espionage Curly COMrades, MucorAgent Chinese APT - HTTP Client Tools Shuckworm Cyber Espionage

Mercenary Akula European Financial Targeting AI-Generated Malware React2Shell Exploit UAT-8837 Critical Infrastructure Attack APT36, BOSS Linux BRICKSTORM Malware, China Espionage Curly COMrades, MucorAgent Chinese APT - HTTP Client Tools Shuckworm Cyber Espionage

The BOSS Breach: APT36 Pivots to Linux Espionage with “Silent” Shortcuts

Do Son December 2, 2025

A prominent state-aligned threat actor has significantly evolved its arsenal, launching a sophisticated campaign targeting the Linux-based...

Rent-a-Domain: Report Details How APTs and Cybercriminals Abuse DDNS Services for Malicious Infrastructure NATS-as-C2 Sysdig CVE-2026-33017 Langflow RCE Microsoft Phone Link Hijack CloudZ Pheno Plugin Insider Threat BlackCat (ALPHV) OFAC Sanctions DPRK IT Workers Transparent Tribe APT36 React2Shell, EtherRAT SideWinder Espionage, Netlify Phishing DDNS Abuse, C2 Infrastructure Hacking Health Club

NATS-as-C2 Sysdig CVE-2026-33017 Langflow RCE Microsoft Phone Link Hijack CloudZ Pheno Plugin Insider Threat BlackCat (ALPHV) OFAC Sanctions DPRK IT Workers Transparent Tribe APT36 React2Shell, EtherRAT SideWinder Espionage, Netlify Phishing DDNS Abuse, C2 Infrastructure Hacking Health Club

Rent-a-Domain: Report Details How APTs and Cybercriminals Abuse DDNS Services for Malicious Infrastructure

Do Son September 30, 2025

A new analysis from Silent Push Threat Analysts highlights the growing misuse of publicly rentable subdomain providers,...

MuddyWater APT Shifts Tactics to Custom Malware MuddyWater APT ANY.RUN security incident

MuddyWater APT Shifts Tactics to Custom Malware

Do Son September 19, 2025

Group-IB analysts have released new intelligence on MuddyWater, the Iranian state-sponsored APT linked to Tehran’s Ministry of...

XillenStealer: New Open-Source Malware Lowers Cybercrime Barrier XillenStealer, open-source malware

XillenStealer: New Open-Source Malware Lowers Cybercrime Barrier

Do Son September 19, 2025

CYFIRMA has released a detailed threat intelligence assessment of XillenStealer, an emerging open-source, Python-based malware family that...

North Korean Hackers Evolve Tactics with New Malware Campaign North Korea malware North Korea, OFAC sanctions DPRK AI hiring, Wagemole campaigns

North Korea malware North Korea, OFAC sanctions DPRK AI hiring, Wagemole campaigns

North Korean Hackers Evolve Tactics with New Malware Campaign

Do Son September 19, 2025

GitLab Threat Intelligence has published a detailed analysis of a new malware campaign linked to North Korean...

SmokeLoader Rises From the Ashes with New, Evasive Variants SmokeLoader, Malware

SmokeLoader Rises From the Ashes with New, Evasive Variants

Do Son September 17, 2025

First emerging in 2011, SmokeLoader (also known as Smoke or Dofoil) has remained one of the most...

HijackLoader: The Stealthy Malware Loader Powering Modern Cyberattacks Kali365 phishing platform EmEditor Supply Chain Attack, WALSHAM INVESTMENTS LIMITED EggStreme, fileless malware North Korea Cybercrime, Remote IT Job Fraud RedDelta APT

Kali365 phishing platform EmEditor Supply Chain Attack, WALSHAM INVESTMENTS LIMITED EggStreme, fileless malware North Korea Cybercrime, Remote IT Job Fraud RedDelta APT

HijackLoader: The Stealthy Malware Loader Powering Modern Cyberattacks

Do Son September 16, 2025

Cybercriminals are increasingly relying on malware loaders to gain initial access, evade defenses, and deliver sophisticated payloads....

Unveiling VoidProxy: The Phishing-as-a-Service That Bypasses MFA VoidProxy Phishing

Unveiling VoidProxy: The Phishing-as-a-Service That Bypasses MFA

Do Son September 12, 2025

Okta Threat Intelligence has published a detailed analysis of VoidProxy, a previously unreported Phishing-as-a-Service (PhaaS) platform that...

Unmasking Salt Typhoon: A Report Exposes 45 New Domains from a Chinese APT Group TanStack Typosquatting npm Supply Chain Attack Axios Supply Chain Attack npm Poisoning eScan Supply Chain Attack Antivirus Compromise APT-36, NCERT WhatsApp Advisory FBI alert, Salesforce Salt Typhoon, APT group ConnectWise ScreenConnect hack Nation-state cyberattack FortiGate Leak - zkLend vulnerability - TRIPLESTRENGTH Threat Actor Group Dark Storm

TanStack Typosquatting npm Supply Chain Attack Axios Supply Chain Attack npm Poisoning eScan Supply Chain Attack Antivirus Compromise APT-36, NCERT WhatsApp Advisory FBI alert, Salesforce Salt Typhoon, APT group ConnectWise ScreenConnect hack Nation-state cyberattack FortiGate Leak - zkLend vulnerability - TRIPLESTRENGTH Threat Actor Group Dark Storm

Unmasking Salt Typhoon: A Report Exposes 45 New Domains from a Chinese APT Group

Do Son September 9, 2025

Threat analysts at Silent Push have identified dozens of previously unreported domains tied to Salt Typhoon, a...

Inf0s3c Stealer: A Stealthy Python Malware Is Abusing Discord to Steal Data Inf0s3c Stealer, Windows malware

Inf0s3c Stealer: A Stealthy Python Malware Is Abusing Discord to Steal Data

Do Son September 3, 2025

Cyfirma’s Threat Intelligence team has released a technical analysis of Inf0s3c Stealer, a Python-based information grabber designed...

TinkyWinkey: A Stealthy New Keylogger Is Hunting for Credentials on Windows TinkyWinkey Keylogger, Windows malware

TinkyWinkey: A Stealthy New Keylogger Is Hunting for Credentials on Windows

Do Son September 2, 2025

Researchers at CYFIRMA have released an in-depth analysis of a newly observed Windows malware family dubbed the...

SpyNote’s New Lure: The Stealthy Campaign Using Fake App Stores Android RAT, SpyNote

SpyNote’s New Lure: The Stealthy Campaign Using Fake App Stores

Do Son August 27, 2025

Researchers at DomainTools have uncovered a persistent SpyNote Android Remote Access Trojan (RAT) campaign, where threat actors...

Cephalus: The New Ransomware That Abuses Legitimate Tools to Bypass Security

Do Son August 27, 2025

Recently, threat hunters at Huntress observed two separate incidents involving a new ransomware variant dubbed Cephalus. The...

CISA Adds Citrix and Git Flaws to Known Exploited Vulnerabilities Catalog n8n RCE Vulnerability CVE-2025-68613 CISA KEV WinRAR Zero-Day, Cloud Files UAF OpenPLC ScadaBR, CVE-2021-26829 CISA KEV, Gladinet LFI RCE XWiki RCE, VMware EoP CISA KEV CISA, Known Exploited Vulnerabilities CVE-2020-2883 CISA, Trend Micro