On July 28, KittenSec claimed in a Telegram post to have hacked multiple Romanian government systems and posted a file containing roughly 36 gigabytes of data, including emails, documents, contracts, and healthcare-related data.

The Lazarus group was associated with a new campaign against healthcare entities in Europe and the U.S. In this campaign, the attackers exploited a ManageEngine ServiceDesk vulnerability (CVE-2022-47966) to distribute the QuiteRAT malware. The malware …

The Antibot web traffic filtering service, originally a GitHub project, has evolved into a commercial platform for malicious actors, offering features like cloaking to evade analysis and prolong phishing and malware campaigns.

QuiteRAT is clearly an evolution of MagicRAT. While MagicRAT is a bigger, bulkier malware family averaging around 18MB in size, QuiteRAT is a much much smaller implementation, averaging around 4 to 5MB in size.

The APT group starts by sending a spear-phishing email, which consists of a DOC file embedded with a URL for a ZIP file download. Once the ZIP file gets downloaded, it contains an EXE file and a DLL file which are executed to infect malware.

A fresh player in the realm of cyber threats has emerged under the moniker EVLF DEV, operating as a Malware-as-a-Service (MaaS) provider. Hailing from Syria and active for over eight years, this actor has developed the CypherRAT and CraxsRAT malware st…

The group appears to be skilled and patient, selectively pushing payloads to specific victims. The use of signed malware and supply chain attacks makes it difficult for security software to detect.

The Play ransomware group is targeting managed security service providers (MSSPs) to gain initial access and use up to a half-decade-old vulnerabilities in security appliances, warn security researchers with Adlumin.

One of the PDFs delivered a variant of Duke, malware that has been linked to Russian state-sponsored cyber-espionage activities of APT29, also known as Nobelium, Cozy Bear, and The Dukes.

“Hackers around the world infect computers opportunistically by promoting results for fake software or through YouTube tutorials directing victims to download infected software,” Hudson Rock CTO Alon Gal told The Hacker News.