Security News

The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of cyber attacks targeting defense forces in the country with a malware called SPECTR as part of an espionage campaign dubbed...

Threat actors are increasingly abusing legitimate and commercially available packer software such as BoxedApp to evade detection and distribute malware such as remote access trojans and...

Sophos released its report, "Operation Crimson Palace: Threat Hunting Unveils Multiple Clusters of Chinese State-Sponsored Activity Targeting Southeast Asia," which details a highly sophisticated, nearly two-year long espionage campaign against a high-level government target. During Sophos X-Ops' investigation, which began in 2023, the managed detection and response team found three distinct clusters of activity targeting the same organization, two of which included tactics, techniques and procedures that overlap with well-known, Chinese nation-state groups: BackdoorDiplomacy, APT15 and the APT41 subgroup Earth Longzhi.

A new report from Cisco Talos exposed the activities of a threat actor known as LilacSquid, or UAT-4820. The threat actor exploits vulnerable web applications or uses compromised Remote Desktop Protection credentials to successfully compromise systems by infecting them with custom PurpleInk malware.

A new sophisticated cyber attack has been observed targeting endpoints geolocated to Ukraine with an aim to deploy Cobalt Strike and seize control of the compromised hosts. The attack chain, per...

Cyber attacks involving the DarkGate malware-as-a-service (MaaS) operation have shifted away from AutoIt scripts to an AutoHotkey mechanism to deliver the last stages, underscoring continued...

The North Korea-linked threat actor known as Andariel has been observed using a new Golang-based backdoor called Dora RAT in its attacks targeting educational institutes, manufacturing firms, and...

Fake web browser updates are being used to deliver remote access trojans (RATs) and information stealer malware such as BitRAT and Lumma Stealer (aka LummaC2). "Fake browser updates have been...

An international coalition of police organized by the European Union's justice and police agencies has revealed an ongoing operation against malware droppers that Europol calls the "Largest ever operation" of its kind. Called "Operation Endgame," the ongoing initiative targets malware delivery "Droppers" and "Loaders," and is an attempt to disrupt large-scale malware deployments.

Operation Endgame, announced by Europol yesterday, led to the seizure of 100 servers used in multiple malware operations, including IcedID, Pikabot, Trickbot, Bumblebee, Smokeloader, and SystemBC. The law enforcement crackdown also involved four arrests, one in Armenia and three in Ukraine. Yesterday, the Federal Criminal Police Office of Germany revealed the identities of eight cybercriminals of Russian descent, who are thought to have held central roles in the Smokeloader and Trickbot malware operations.