More results...
Everest claims Collins Aerospace hack hitting EU airports, but its leak site vanishes soon after, sparking takedown speculation. Do you remember the Collins Aerospace supply chain attack that disrupted operations at several major European airports, including Heathrow in London, Brussels, and Berlin? In September, a cyberattack on Collins Aerospace disrupted check-in and boarding systems at […]
Attackers are exploiting Google Ads with fake Comet Browser download links to spread malware disguised as Perplexity’s official installer. The campaign, tracked by DataDome, has ties to DarkGate.
Microsoft revoked 200+ certificates used by Vanilla Tempest to sign fake Teams installers spreading Oyster backdoor and Rhysida ransomware. Microsoft revoked over 200 certificates used by the cybercrime group Vanilla Tempest (aka VICE SPIDER and Vice Society) to sign fake Teams installers spreading the Oyster backdoor and Rhysida ransomware. The threat actor has been active […]
Hackers exploit Cisco SNMP flaw CVE-2025-20352 in “Zero Disco” attacks to deploy Linux rootkits on outdated systems, researchers report. Trend Micro researchers disclosed details of a new campaign, tracked as Operation Zero Disco, that exploited a recently disclosed security flaw impacting Cisco IOS Software and IOS XE Software to deploy Linux rootkits on older, unprotected […]
North Korea’s Famous Chollima is back, merging BeaverTail and OtterCookie malware to target job seekers. Cisco Talos details the new threat. Keylogging, screen recording, and cryptocurrency wallet theft detected in an attack.
Resecurity’s new report details how the Qilin RaaS group relies on global bulletproof hosting networks to support its extortion operations. The following new report by Resecurity will explore the Qilin ransomware-as-a-service (RaaS) operation’s reliance on bullet-proof-hosting (BPH) infrastructures, with an emphasis on a network of rogue providers based in different parts of the world. Qilin […]
A malware campaign was recently detected in Brazil, distributing a malicious LNK file using WhatsApp. It delivered a new Maverick banker, which features code overlaps with Coyote malware.
A botnet of 100K+ IPs from multiple countries is attacking U.S. RDP services in a campaign active since October 8. GreyNoise researchers uncovered a large-scale botnet that is targeting Remote Desktop Protocol (RDP) services in the United States starting on October 8. The company discovered the botnet after detecting an unusual spike in Brazilian IP […]
Astaroth banking trojan has evolved to use GitHub and steganography for resilient C2, hiding its vital commands in images. Learn how this sophisticated malware employs fileless techniques to steal banking and crypto credentials from users across Latin …
The Astaroth banking Trojan uses GitHub to host malware configs, evade C2 takedowns and stay active by pulling new settings from the platform. McAfee discovered a new Astaroth campaign using GitHub repositories to host malware configurations. This allows attackers to evade takedowns by pulling fresh configs from GitHub whenever C2 servers are shut down, ensuring […]