XWorm

Multi-Stage PyInstaller Loader Weaponizes AMSI Patching to Deploy XWorm RAT NATS-as-C2 Sysdig CVE-2026-33017 Langflow RCE Microsoft Phone Link Hijack CloudZ Pheno Plugin Insider Threat BlackCat (ALPHV) OFAC Sanctions DPRK IT Workers Transparent Tribe APT36 React2Shell, EtherRAT SideWinder Espionage, Netlify Phishing DDNS Abuse, C2 Infrastructure Hacking Health Club

NATS-as-C2 Sysdig CVE-2026-33017 Langflow RCE Microsoft Phone Link Hijack CloudZ Pheno Plugin Insider Threat BlackCat (ALPHV) OFAC Sanctions DPRK IT Workers Transparent Tribe APT36 React2Shell, EtherRAT SideWinder Espionage, Netlify Phishing DDNS Abuse, C2 Infrastructure Hacking Health Club

Multi-Stage PyInstaller Loader Weaponizes AMSI Patching to Deploy XWorm RAT

Do Son May 20, 2026

A comprehensive deep dive by the research team at Point Wild has laid bare the internal mechanics...

Unmasking the PhantomVAI Framework’s Fileless Assault on Corporate Defenses SonicWall Reconnaissance Akira Ransomware residential proxy malware TraderTraitor BreachForums Honeypot, French Interior Ministry Leak

SonicWall Reconnaissance Akira Ransomware residential proxy malware TraderTraitor BreachForums Honeypot, French Interior Ministry Leak

Unmasking the PhantomVAI Framework’s Fileless Assault on Corporate Defenses

Do Son March 30, 2026

Security researchers at LevelBlue SpiderLabs have recently dismantled a sophisticated, multi-stage malware delivery campaign that proves even...

The Explorer Trap: How Hackers Turn Windows File Explorer into a Silent Portal for Remote Access Trojans Seedworm Espionage Campaign 2026 ChromElevator Stealer DLL Sideloading SIM Swapping Crypto Theft Lazarus Comebacker, Aerospace Espionage Delete PlugX Malware

Seedworm Espionage Campaign 2026 ChromElevator Stealer DLL Sideloading SIM Swapping Crypto Theft Lazarus Comebacker, Aerospace Espionage Delete PlugX Malware

The Explorer Trap: How Hackers Turn Windows File Explorer into a Silent Portal for Remote Access Trojans

Do Son February 27, 2026

Security researchers at Cofense Intelligence have uncovered a stealthy and growing malware delivery campaign that bypasses traditional...

Excel Trap: New Phishing Campaign Deploys Fileless XWorm RAT XWorm RAT Excel Phishing

XWorm RAT Excel Phishing

Excel Trap: New Phishing Campaign Deploys Fileless XWorm RAT

Do Son February 12, 2026

A new phishing campaign is exploiting an old vulnerability, using malicious Excel files to deploy the potent...

XWorm V6.0 Resurfaces: Modular RAT Returns with Ransomware Plugin and Advanced Evasion AccountDumpling Phishing Google AppSheet Abuse AI-Generated Malware PureRAT Campaign RondoDoX Botnet, Next.js React2Shell EchoGather, Paper Werewolf Salt Typhoon, Telecom Espionage BreachForums, Conor Fitzpatrick Ransomware Negotiation, DOJ Investigation MirrorFace group - Earth Kasha Emperor Dragonfly

AccountDumpling Phishing Google AppSheet Abuse AI-Generated Malware PureRAT Campaign RondoDoX Botnet, Next.js React2Shell EchoGather, Paper Werewolf Salt Typhoon, Telecom Espionage BreachForums, Conor Fitzpatrick Ransomware Negotiation, DOJ Investigation MirrorFace group - Earth Kasha Emperor Dragonfly

XWorm V6.0 Resurfaces: Modular RAT Returns with Ransomware Plugin and Advanced Evasion

Do Son October 4, 2025

The latest analysis from Trellix ARC reveals the unexpected return of XWorm, a notorious Remote Access Trojan...

Beyond Simple Scripts: A New XWorm Campaign Uses Multi-Stage Stealth Caminho LSB Steganography, Loader-as-a-Service 2023 Threat Report

Caminho LSB Steganography, Loader-as-a-Service 2023 Threat Report

Beyond Simple Scripts: A New XWorm Campaign Uses Multi-Stage Stealth

Do Son September 5, 2025

Researchers at the Trellix Advanced Research Center have identified a sophisticated new campaign leveraging the XWorm backdoor,...

XWorm 6.0: New Variant Uses AMSI Bypass & Critical Process Trick to Evade Detection and Crash Systems

XWorm 6.0: New Variant Uses AMSI Bypass & Critical Process Trick to Evade Detection and Crash Systems

Do Son July 29, 2025

According to the latest report from Netskope Threat Labs, a new version of the XWorm malware—XWorm 6.0—has...

XWorm’s Shape-Shifting Arsenal: RAT Evolves to Deliver LockBit Ransomware, Evades Detection GuLoader Malware CloudEye Obfuscation npm, malware Ethereum, npm supply chain OAST techniques StilachiRAT macOS Malware PasivRobber

GuLoader Malware CloudEye Obfuscation npm, malware Ethereum, npm supply chain OAST techniques StilachiRAT macOS Malware PasivRobber

XWorm’s Shape-Shifting Arsenal: RAT Evolves to Deliver LockBit Ransomware, Evades Detection

Do Son July 7, 2025

XWorm, a name increasingly familiar in threat intelligence circles, has once again proven its status as a...

SERPENTINE#CLOUD: Stealthy Malware Campaign Leverages Cloudflare Tunnels for In-Memory RAT Delivery TanStack Typosquatting npm Supply Chain Attack Axios Supply Chain Attack npm Poisoning eScan Supply Chain Attack Antivirus Compromise APT-36, NCERT WhatsApp Advisory FBI alert, Salesforce Salt Typhoon, APT group ConnectWise ScreenConnect hack Nation-state cyberattack FortiGate Leak - zkLend vulnerability - TRIPLESTRENGTH Threat Actor Group Dark Storm

TanStack Typosquatting npm Supply Chain Attack Axios Supply Chain Attack npm Poisoning eScan Supply Chain Attack Antivirus Compromise APT-36, NCERT WhatsApp Advisory FBI alert, Salesforce Salt Typhoon, APT group ConnectWise ScreenConnect hack Nation-state cyberattack FortiGate Leak - zkLend vulnerability - TRIPLESTRENGTH Threat Actor Group Dark Storm

SERPENTINE#CLOUD: Stealthy Malware Campaign Leverages Cloudflare Tunnels for In-Memory RAT Delivery

Do Son June 20, 2025

A newly uncovered malicious campaign, dubbed SERPENTINE#CLOUD, leverages Cloudflare Tunnel subdomains to deliver payloads via phishing email...

MySQL Servers Under Attack: Threat Actors Exploiting UDFs to Inject Gh0stRAT, XWorm & Zoho Agents MySQL Attacks, UDF Exploitation pREST, SQL injection

MySQL Attacks, UDF Exploitation pREST, SQL injection

MySQL Servers Under Attack: Threat Actors Exploiting UDFs to Inject Gh0stRAT, XWorm & Zoho Agents

Do Son June 19, 2025

Threat actors are ramping up attacks on poorly managed MySQL servers, particularly those running in Windows environments,...

Booking.com Spoofed in ClickFix Malware Surge Targeting Hotels and Travel Sector ClickFix Phishing, Booking.com Scam

ClickFix Phishing, Booking.com Scam

Booking.com Spoofed in ClickFix Malware Surge Targeting Hotels and Travel Sector

Do Son June 6, 2025

According to Cofense Intelligence, a sophisticated and evolving phishing campaign is using spoofed Booking.com emails and fake...

AI Tools Turn Trojan: Fake Video Platforms Drop Noodlophile Stealer and XWorm Payloads AI-gen

AI-gen

AI Tools Turn Trojan: Fake Video Platforms Drop Noodlophile Stealer and XWorm Payloads

Do Son May 13, 2025

Cybercriminals are now hijacking the hype surrounding AI to deliver sophisticated malware, as revealed in a new...

Booking.com Impersonated in Phishing Campaign Delivering Credential-Stealing Malware Booking Phishing Campaign

Booking Phishing Campaign

Booking.com Impersonated in Phishing Campaign Delivering Credential-Stealing Malware

Do Son March 15, 2025

A sophisticated phishing campaign impersonating Booking.com is targeting organizations in the hospitality industry, using a novel social...

Over 18,000 Devices Compromised in XWorm RAT Builder Campaign XWorm Remote Access Trojan

XWorm Remote Access Trojan

Over 18,000 Devices Compromised in XWorm RAT Builder Campaign

Do Son January 28, 2025

A trojanized version of the XWorm Remote Access Trojan (RAT) builder has been weaponized and is being...

Tax Season Cybersecurity Alert: Report Reveals Surge in Tax-Related Cyberattacks

Tax Season Cybersecurity

Tax Season Cybersecurity Alert: Report Reveals Surge in Tax-Related Cyberattacks

Do Son January 28, 2025

Cybercriminals are capitalizing on the 2025 tax season with a wave of sophisticated phishing and malware campaigns,...

PythonRatLoader: The Malware Loader That’s Turning Phishing Into a Multi-Stage Attack

PythonRatLoader: The Malware Loader That’s Turning Phishing Into a Multi-Stage Attack

Do Son November 1, 2024

A recent report by Adam Martin and Kian Buckley Maher from the Cofense Phishing Defense Center (PDC)...

XWorm Unveils Stealthier Techniques in Latest Malware Evolution XWorm RAT

XWorm RAT

XWorm Unveils Stealthier Techniques in Latest Malware Evolution

Do Son October 1, 2024

In a recent report from Netskope Threat Labs, the ever-evolving malware XWorm has demonstrated new, stealthy techniques...

Government Hit by Multi-Malware Cyberattack via Cloudflare Service Government Cyberattack

Government Cyberattack

Government Hit by Multi-Malware Cyberattack via Cloudflare Service

Do Son August 5, 2024

A sophisticated cyberattack targeting the government sector has been uncovered, utilizing a quartet of malicious software –...

NullBulge: The Cybercriminal Group Targeting AI and Gaming Communities with Ransomware

NullBulge

NullBulge: The Cybercriminal Group Targeting AI and Gaming Communities with Ransomware

Do Son July 17, 2024

A new threat actor group, NullBulge, has emerged with a captivating narrative: hacktivists fighting against AI’s encroachment...

Behind the Mask: Dissecting the Latest VBA Script Cyber Espionage Python Info-stealer

Python Info-stealer

Behind the Mask: Dissecting the Latest VBA Script Cyber Espionage

Do Son February 5, 2024

In January 2024, FortiGuard Labs uncovered a disturbing Excel document that served as the initial gateway to...