New Backdoor Auto-color Linux Targets Systems in US and Asia
Auto-color: New Linux backdoor malware targeting the US and Asia. Learn about its advanced evasion, persistence, and detection…
Lotus Blossom Hacker Group Uses Dropbox, Twitter, and Zimbra for C2 Communications
The Lotus Blossom hacker group, also known as Spring Dragon, Billbug, or Thrip, has been identified leveraging legitimate cloud services like Dropbox, Twitter, and Zimbra for command-and-control (C2) communications in their cyber espionage campaigns. C…
Squidoor: Multi-Vector Malware Exploiting Outlook API, DNS & ICMP Tunneling for C2
A newly identified malware, dubbed “Squidoor,” has emerged as a sophisticated threat targeting government, defense, telecommunications, education, and aviation sectors in Southeast Asia and South America. Attributed to a suspected Chinese t…
New Malware Uses Legitimate Antivirus Driver to Bypass All System Protections
In a concerning development, cybersecurity researchers at Trellix have uncovered a sophisticated malware campaign that exploits a legitimate antivirus driver to bypass system protections. The malware, identified as “kill-floor.exe,” leverag…
Hackers Impersonate Taiwan’s Tax Authority to Deploy Winos 4.0 Malware
FortiGuard Labs discovers Winos 4.0 malware targeting Taiwan via phishing. Learn how this advanced threat steals data and…
Criminal group UAC-0173 targets the Notary Office of Ukraine
CERT-UA warns of UAC-0173 using DCRat malware to target Ukrainian notaries in a new attack wave since mid-January 2025. The Computer Emergency Response Team of Ukraine (CERT-UA) warned of a new campaign by criminal group UAC-0173 targeting Ukrainian notaries with a remote access trojan DCRat (aka DarkCrystal RAT). The campaign started in mid-January 2025, the attack […]
RustDoor and Koi Stealer Malware Attack macOS to Steal Login Credentials
A new wave of sophisticated cyberattacks targeting macOS systems has been identified, involving two malware strains, RustDoor and Koi Stealer. These attacks, attributed to North Korea-linked Advanced Persistent Threat (APT) groups, primarily aim at ste…
Angry Likho APT Resurfaces with Lumma Stealer Attacks Against Russia
Angry Likho APT resurfaces, targeting Russian and Belarusian organizations with Lumma Stealer malware via phishing attacks, stealing credentials, banking data, and more.
DragonForce Ransomware group is targeting Saudi Arabia
Resecurity researchers reported that DragonForce ransomware targets Saudi organizations rising cyber threats in the region. DragonForce ransomware has recently been reported to target organizations in the Kingdom of Saudi Arabia (KSA). A significant incident identified by Resecurity involved a data leak from a prominent real estate and construction company in Riyadh, which has projects with […]
New Ghostwriter campaign targets Ukrainian Government and opposition activists in Belarus
A Ghostwriter campaign using a new variant of PicassoLoader targets opposition activists in Belarus, and Ukrainian military and government organizations. SentinelLABS observed a new Ghostwriter campaign targeting Belarusian opposition activists and Ukrainian military and government entities with a new variant of PicassoLoader. The campaign has been active since late 2024, threat actors used weaponized Microsoft […]