Woodgnat, an IAB for Qilin, Interlock, Rhysida, Akira, 8Base, and Black Basta ransomware, is using Mistic RAT in new attacks.
JFrog found malicious npm packages that deploy a Windows RAT to steal Chrome credentials, run commands, and transfer files.
Kaspersky says the attacks use phishing, GitHub-hosted payloads, CVE-2025-9491 LNK abuse, and Go2Tunnel-based tunneling.
Armored Likho BusySnake Stealer, a Python-based infostealer first disclosed by Kaspersky, is actively targeting government ...
Separate but similar campaigns described by Microsoft and Trend Micro use malicious zip files to spread malware via social ...
On June 24, 2026, Microsoft’s Digital Crimes Unit (DCU) facilitated the takedown, suspension, and blocking of domains that ...
The malware program has been deployed across multiple sectors since April, helping to provide initial access sold to ransomware gangs.
A wave of phishing emails sent to Booking.com partner accommodations in Japan in May led to blockchain-hosted malware ...
Armored Likho, a new APT group using AI-generated malware and the BusySnake Stealer to target government agencies and power ...
Mapping detections and controls to MITRE ATT&CK: a practical guide for technical teams MITRE ATT&CK is useful because it gives technical teams a common language for describing adversary behaviour. For ...
ShadowPad, once linked mainly to APT41, is now being used by multiple China-linked threat groups, expanding its role in cyber ...
Opera has rolled out Paste Protect, a built-in browser defence designed to stop malicious clipboard commands before users can paste them into terminals, run boxes or other command-line tools. The ...