Cisco Talos researchers identified a sophisticated Malware-as-a-Service (MaaS) operation in April 2025 that employed the Amadey botnet to distribute various payloads. This operation exploited fake GitHub accounts as open directories for hosting malicio…
Cybersecurity researchers have uncovered a sophisticated technique where threat actors are exploiting DNS infrastructure to covertly store and distribute malware, turning the internet’s domain name system into an unwitting accomplice for maliciou…
FortiGuard Labs researchers have uncovered a sophisticated cryptomining campaign where the H2Miner botnet, active since late 2019, has expanded its operations to target Linux, Windows, and containerized environments simultaneously. The campaign represe…
Hackers abused fake GitHub accounts to spread Emmenhtal, Amadey, Lumma and Redline infoStealers in attacks linked to a phishing campaign targeting Ukraine in early 2025.
In an incident response case in Asia, Kaspersky researchers discovered a new backdoor for Microsoft Exchange servers, based on open-source tools and dubbed “GhostContainer”.
UNC6148 targets SonicWall devices with Overstep malware, using a backdoor and rootkit for data theft, extortion, or ransomware. Google’s Threat Intelligence Group warns that a threat actor tracked as UNC6148 has been targeting SonicWall SMA appliances with new malware dubbed Overstep. Active since at least October 2024, the group uses a backdoor and user-mode rootkit […]
The AhnLab Security Intelligence Center (ASEC) published a thorough analysis in June 2025 that identified infostealer malware masquerading as keygens and cracked software as a primary attack vector. This malware uses advanced search engine optimization…
BADBOX variant BADBOX 2.0 found preinstalled on Android IoT devices in 222 countries, turning them into proxy nodes used in fraud and large-scale malicious activity.
PreCrime Labs at BforeAI discovered a complex cyber threat operation in which hackers have used a vast network of 607 rogue domains to spread fake Telegram Messenger application files (APKs) over the course of the last month. These domains, primarily r…
A fresh variant of SquidLoader malware has surfaced, actively entering Hong Kong institutions with previously unheard-of stealth, which is alarming for the financial industry. This sophisticated loader achieves near-zero detection rates on platforms li…