GOLD SALEM tradecraft for deploying Warlock ransomware
In mid-August 2025, Counter Threat Unit™ (CTU) researchers identified the use of the legitimate Velociraptor digital forensics and incident response...
legitimate
Russian hackers, likely linked to Sandworm, exploit legitimate tools against Ukrainian targets
Russian hackers, likely linked to Sandworm, exploit legitimate tools against Ukrainian targets Pierluigi Paganini October 29, 2025 Russian actors, likely...
EvilAI Malware Masquerades as AI Tools to Infiltrate Global Organizations
Threat actors have been observed using seemingly legitimate artificial intelligence (AI) tools and software to sneakily slip malware for future...
Chinese-Made Villager AI Pentest Tool Raises Cobalt Strike-Like Concerns
Villager is being pitched as a legitimate AI-powered pentest tool for red teams, but the platform, made by Chinese company...
Swiping user login details using evilginx
Evilginx, a tool based on the authentic (and widely utilized) open-source nginx web server, can be utilized to grab usernames,...
150,000 Websites Breached due to JavaScript Insertion Advancing Chinese Betting Platforms
A continuous effort infiltrating authentic websites via harmful JavaScript injections to promote Chinese online betting platforms has now affected around...
Earth Preta Blends Genuine and Harmful Components to Circumvent Detection
Earth Preta Blends Genuine and Harmful Components to Circumvent Detection | Trend Micro (US) Content has been added to your...
Cyber offenders Employ Go Resty and Node Fetch in 13 Million Password Spraying Efforts
In the realm of cybersecurity, wrongdoers are progressively utilizing valid HTTP client utilities to enable account usurpation (ATO) assaults on...
UAC-0063 Broadens Cyber Offensives on European Diplomatic Missions Through Pilfered Records
The sophisticated continuous threat (SCT) faction recognized as UAC-0063 has been identified utilizing authorized paperwork acquired through breaching one target...
Many People Installing Fake npm Packages Pretending to be Authentic Tools
Malicious individuals have been seen uploading deceptive alternatives of legitimate npm bundles like eslint-typescript and @types/node that have accumulated a...
Rogue RDP Servers and PyRDP: Preferred Tools of APT29 in Targeting High-Profile Victims
APT29, a threat actor associated with Russia, has recently been identified utilizing an unconventional strategy in cyber operations against valuable...
Detected Necro Android Malware in Popular Camera and Browser Applications on Play Store
Sep 24, 2024Ravie LakshmananMobile Security / Malware Adjusted versions of authentic Android applications related to Spotify, WhatsApp, and Minecraft have...
Unauthorized Access to Genuine Packer Software Used to Disseminate Malware Secretively
Jun 06, 2024NewsroomEndpoint Security / Malware Threat actors are progressively misusing genuine and commercially accessible packer software such as BoxedApp...
