Cybersecurity experts at eSentire’s Threat Response Unit (TRU) uncovered a sophisticated malware campaign leveraging KoiLoader, a malicious loader designed to deploy information-stealing payloads. This campaign utilized PowerShell scripts and obf…
APT34, also known as OilRig or Helix Kitten, has intensified its cyber-espionage campaigns, deploying custom malware to target entities within the finance and telecommunications sectors. The group, active since 2012, is a well-documented advanced persi…
HijackLoader, a malware loader first identified in 2023, has undergone significant evolution with the addition of new modules designed to enhance its stealth capabilities and evade malware analysis environments. Recent research by Zscaler ThreatLabz re…
A vishing scam via Microsoft Teams led to attackers misusing TeamViewer to drop malware and stay hidden using simple but effective techniques.
Sucuri researchers spotted threat actors deploying WordPress malware in the mu-plugins directory to evade security checks. In February, Sucuri warned of threat actors exploiting WordPress mu-plugins, which auto-load without activation, to maintain persistence and evade detection by hiding backdoors in the plugin directory. “Unlike regular plugins, must-use plugins are automatically loaded on every page load, […]
In a recent revelation by SEQRITE Labs, a highly sophisticated cyber-espionage campaign, dubbed Operation HollowQuill, has been uncovered. The operation targets academic, governmental, and defense-related networks in Russia using weaponized decoy PDFs …
A new wave of cyberattacks orchestrated by the advanced persistent threat (APT) group Earth Alux has been uncovered, revealing the use of sophisticated malware, including the VARGEIT backdoor, to infiltrate critical industries. Linked to China, Earth A…
DarkCloud, a highly advanced stealer malware, has emerged as a significant threat to Windows systems since its debut in 2022. Initially gaining traction through underground forums, the malware is now widely sold on Telegram, making it accessible to cyb…
Russian-aligned cyber threat groups, UAC-0050 and UAC-0006, have significantly escalated their operations in 2025, targeting entities worldwide with a focus on Ukraine. These groups employ bulletproof hosting services to mask their network infrastructu…
Security researchers have uncovered a new wave of cyberattacks targeting WordPress websites through the exploitation of the “mu-plugins” (Must-Use plugins) directory. This directory, designed to load plugins automatically without requiring …