A stealthy Linux backdoor named Plague, hidden as a malicious PAM module, allows attackers to bypass auth and maintain persistent SSH access. Nextron Systems researchers discovered a new stealthy Linux backdoor called Plague, hidden as a malicious PAM (Pluggable Authentication Module) module. It silently bypasses authentication and grants persistent SSH access. A Pluggable Authentication Module […]
Security firm Point Wild has exposed a new malware campaign using malicious LNK files to install the REMCOS backdoor. This report details how attackers disguise files to gain full system control.
Security researchers have discovered a sophisticated Linux backdoor dubbed “Plague” that has remained undetected by all major antivirus engines despite multiple samples being uploaded to VirusTotal over the past year. The malicious software…
AI-generated npm package @kodane/patch-manager drained Solana wallets; 1,500+ downloads before takedown on July 28, 2025. AI-generated npm package @kodane/patch-manager was flagged for hiding malicious software to drain Solana wallets. The package was uploaded on July 28, 2025, and it was downloaded more than 1,500 times before takedown. “The package @kodane/patch-manager, is a sophisticated cryptocurrency wallet […]
Check Point Research (CPR) has delved into the operations of Storm-2603, a recently identified threat actor linked to Chinese advanced persistent threat (APT) groups, amid widespread exploitation of Microsoft SharePoint Server vulnerabilities known as …
Chinese-speaking threat actors have used the PlayPraetor Remote Access Trojan (RAT) to infiltrate more than 11,000 Android devices globally in a sophisticated Malware-as-a-Service (MaaS) operation. This allows for on-device fraud (ODF) by controlling t…
Microsoft Threat Intelligence has exposed a sophisticated cyberespionage operation orchestrated by the Russian state-sponsored actor tracked as Secret Blizzard, which has been actively compromising foreign embassies in Moscow through an adversary-in-th…
CISA releases Thorium, an open-source tool for malware and forensic analysis, now available to analysts in government, public, and private sectors. CISA has released Thorium, a new open-source platform designed to support malware and forensic analysis. The platform was designed in collaboration with Sandia National Laboratories, the US Agency presented it as a scalable, open-source platform […]
The Cybersecurity and Infrastructure Security Agency (CISA) has made a significant contribution to the cybersecurity community by publicly releasing Thorium, a powerful open-source platform designed to revolutionize malware analysis and digital forensi…
Russia-linked Secret Blizzard targets foreign embassies in Moscow via ISP-level AitM attacks, deploying custom ApolloShadow malware. Microsoft researchers uncovered a cyberespionage campaign by the Russia-linked APT group Secret Blizzard (aka Turla, Snake, Uroburos, Waterbug, Venomous Bear and KRYPTON) targeting foreign embassies in Moscow. The threat actor uses an adversary-in-the-middle (AiTM) method at the ISP level to deploy custom malware called ApolloShadow. This […]