Trellix Archives • Daily CyberSecurity

PureRAT Unmasked: The Stealthy, Multi-Stage “Dynamic Loader” Targeting Windows PureRAT Malware Steganography Evasion

PureRAT Unmasked: The Stealthy, Multi-Stage “Dynamic Loader” Targeting Windows

Do Son April 23, 2026

The Trellix Advanced Research Center has released an in-depth analysis of PureRAT, an advanced remote access trojan...

The End of the Static Era: Trellix Uncovers Fully Fileless Remcos RAT Campaign Remcos RAT Fileless Malware

The End of the Static Era: Trellix Uncovers Fully Fileless Remcos RAT Campaign

Do Son March 16, 2026

In the ever-evolving arms race between hackers and defenders, the “static” era is officially over. A new...

APT28 Weaponizes Office Flaw to Spy on NATO & Military NATS-as-C2 Sysdig CVE-2026-33017 Langflow RCE Microsoft Phone Link Hijack CloudZ Pheno Plugin Insider Threat BlackCat (ALPHV) OFAC Sanctions DPRK IT Workers Transparent Tribe APT36 React2Shell, EtherRAT SideWinder Espionage, Netlify Phishing DDNS Abuse, C2 Infrastructure Hacking Health Club

NATS-as-C2 Sysdig CVE-2026-33017 Langflow RCE Microsoft Phone Link Hijack CloudZ Pheno Plugin Insider Threat BlackCat (ALPHV) OFAC Sanctions DPRK IT Workers Transparent Tribe APT36 React2Shell, EtherRAT SideWinder Espionage, Netlify Phishing DDNS Abuse, C2 Infrastructure Hacking Health Club

APT28 Weaponizes Office Flaw to Spy on NATO & Military

Do Son February 9, 2026

The notorious Russian state-sponsored group APT28 (also known as Fancy Bear) has launched a sophisticated new espionage...

Trusted Tool Turned Traitor: Signed ‘ahost.exe’ Weaponized to Sideload Malware ahost.exe DLL Sideloading Signed Application Abuse PS1Bot, malware ransomware attacks bill

ahost.exe DLL Sideloading Signed Application Abuse PS1Bot, malware ransomware attacks bill

Trusted Tool Turned Traitor: Signed ‘ahost.exe’ Weaponized to Sideload Malware

Do Son January 16, 2026

A routine utility often bundled with developer tools has been weaponized by cybercriminals to bypass security scanners...

“Browser-in-the-Browser” Attack Escalates: Trellix Reports Surge in Sophisticated Facebook Phishing

Do Son January 15, 2026

The era of easily spotting phishing emails by checking the URL bar may be coming to an...

CrazyHunter: The “Ruthless” Ransomware Stalking Healthcare CrazyHunter Ransomware Healthcare Cyberattacks

CrazyHunter: The “Ruthless” Ransomware Stalking Healthcare

Do Son January 8, 2026

A new, highly aggressive ransomware strain is cutting a swath through the healthcare sector, leaving hospitals and...

XWorm V6.0 Resurfaces: Modular RAT Returns with Ransomware Plugin and Advanced Evasion AccountDumpling Phishing Google AppSheet Abuse AI-Generated Malware PureRAT Campaign RondoDoX Botnet, Next.js React2Shell EchoGather, Paper Werewolf Salt Typhoon, Telecom Espionage BreachForums, Conor Fitzpatrick Ransomware Negotiation, DOJ Investigation MirrorFace group - Earth Kasha Emperor Dragonfly

AccountDumpling Phishing Google AppSheet Abuse AI-Generated Malware PureRAT Campaign RondoDoX Botnet, Next.js React2Shell EchoGather, Paper Werewolf Salt Typhoon, Telecom Espionage BreachForums, Conor Fitzpatrick Ransomware Negotiation, DOJ Investigation MirrorFace group - Earth Kasha Emperor Dragonfly

XWorm V6.0 Resurfaces: Modular RAT Returns with Ransomware Plugin and Advanced Evasion

Do Son October 4, 2025

The latest analysis from Trellix ARC reveals the unexpected return of XWorm, a notorious Remote Access Trojan...

Beyond Simple Scripts: A New XWorm Campaign Uses Multi-Stage Stealth Caminho LSB Steganography, Loader-as-a-Service 2023 Threat Report

Beyond Simple Scripts: A New XWorm Campaign Uses Multi-Stage Stealth

Do Son September 5, 2025

Researchers at the Trellix Advanced Research Center have identified a sophisticated new campaign leveraging the XWorm backdoor,...

A New Linux Malware Hides in Plain Sight by Weaponizing File Names Linux-filenames

A New Linux Malware Hides in Plain Sight by Weaponizing File Names

Do Son August 25, 2025

Linux has long been considered a fortress of security—a preferred platform for developers, system administrators, and security...

Spies in Plain Sight: How North Korean Hackers Used GitHub to Attack Embassies North Korean Laptop Farm DPRK Insider Threat North Korea WMD Cyber Funding, Australia Sanctions Insider threat, North Korean hackers Kimsuky, cyber-espionage NPM Malware, North Korea Cyber-espionage North Korea, Remote IT Job Scam Laptop Farm - DriverEasy - Kimsuky Watering Hole Attack

North Korean Laptop Farm DPRK Insider Threat North Korea WMD Cyber Funding, Australia Sanctions Insider threat, North Korean hackers Kimsuky, cyber-espionage NPM Malware, North Korea Cyber-espionage North Korea, Remote IT Job Scam Laptop Farm - DriverEasy - Kimsuky Watering Hole Attack

Spies in Plain Sight: How North Korean Hackers Used GitHub to Attack Embassies

Do Son August 20, 2025

The Trellix Advanced Research Center has uncovered a wide-reaching espionage operation targeting diplomatic missions in South Korea,...

0bj3ctivityStealer: Stealthy Info-Stealer Uses Steganography & PowerShell to Evade Detection

Do Son July 30, 2025

A recent analysis from the Trellix Advanced Research Center (ARC) has unveiled a sophisticated and stealthy info-stealer...

Stealthy SquidLoader Malware Targets Hong Kong Financial Firms with Evasive Cobalt Strike Attacks

Do Son July 17, 2025

Trellix’s threat intelligence team has uncovered a stealthy malware campaign aimed squarely at financial services institutions in...

DoNot APT Expands to Europe: Targets Foreign Ministry with LoptikMod Malware via Google Drive Phishing DoNot APT, European Cyberespionage

DoNot APT Expands to Europe: Targets Foreign Ministry with LoptikMod Malware via Google Drive Phishing

Do Son July 11, 2025

In a newly uncovered campaign, the DoNot APT group—also tracked as APT-C-35, Mint Tempest, Origami Elephant, and...

OneClik” APT Unmasked: China-Linked Campaign Abuses Microsoft ClickOnce & AWS Cloud to Target Energy Sector CloudComputating - QSC framework

OneClik” APT Unmasked: China-Linked Campaign Abuses Microsoft ClickOnce & AWS Cloud to Target Energy Sector

Do Son June 26, 2025

The Trellix Advanced Research Center has unveiled a covert and highly sophisticated APT malware campaign dubbed OneClik,...

Lumma Stealer: Advanced Obfuscation and Evasion Techniques Analysis Lumma Stealer InfoStealer

Lumma Stealer: Advanced Obfuscation and Evasion Techniques Analysis

Do Son April 25, 2025

Lumma Stealer, a prevalent threat since its emergence in 2022, continues to evolve its tactics to evade...

Trellix Enterprise Security Manager Patches Critical Flaws, Including CVE-2024-11482 (CVSS 9.8) CVE-2024-11481 & CVE-2024-11482

Trellix Enterprise Security Manager Patches Critical Flaws, Including CVE-2024-11482 (CVSS 9.8)

Do Son December 1, 2024

Trellix has released an update to its Enterprise Security Manager (ESM) addressing two critical vulnerabilities that could...

CVE-2024-5671 (CVSS 9.8) Exposes Trellix Intrusion Prevention System to Remote Attacks CVE-2024-5671 and CVE-2024-5731

CVE-2024-5671 (CVSS 9.8) Exposes Trellix Intrusion Prevention System to Remote Attacks

Do Son June 18, 2024

Trellix, a prominent cybersecurity provider, has issued urgent patches for two critical vulnerabilities discovered in its Intrusion...

Critical Alert 1 Active Exploit Detected Today