A sophisticated malware campaign targeting Chinese-speaking users has revealed a significant evolution in the Silver Fox APT group’s capabilities. According to new research from Cybereason Security Services, the threat actors are deploying fake software installers to deliver ValleyRAT (also known as Winos 4.0) using a rare process injection technique that bypasses most security tools. A…
The SystemBC malware loader has demonstrated remarkable resilience, continuing to operate despite targeted efforts during Europol’s Operation Endgame in May 2024. Cybersecurity firm Silent Push has identified more than 10,000 unique infected IP addresses across a massive botnet infrastructure that shows no signs of slowing down. Key Findings Silent Push researchers deployed a custom-built SystemBC…
A newly identified Windows malware strain called PDFSider has emerged as a dangerous tool in the arsenals of multiple ransomware operators, with at least one confirmed attack targeting a Fortune 100 finance company. Security researchers at Resecurity uncovered the malware during an incident response engagement, describing it as an advanced stealth backdoor designed for long-term…
Cyble Research & Intelligence Labs (CRIL) has uncovered a sophisticated Linux intrusion framework dubbed ShadowHS — a stealthy, fileless post-exploitation tool that executes entirely from memory, leaving virtually no traces on disk. This discovery highlights the growing sophistication of Linux-targeted threats and the challenges they pose for traditional security tools. What Makes ShadowHS Different Unlike…
Threat actors are abusing the Hugging Face AI platform to host Android malware, using server-side polymorphism to generate thousands of RAT variants every 15 minutes.
A malicious VS Code extension impersonating the popular Clawdbot AI assistant has been caught deploying ScreenConnect RAT on Windows machines. The trojanized extension worked as a functional AI coding tool while silently installing remote access software.
Source: Hackread | Author: Deeba Ahmed Poland has narrowly avoided a massive energy crisis following what officials are calling the largest cyberattack on the country in years. Between 29 and 30 December 2025, hackers attempted to break into the nation’s energy infrastructure, specifically targeting two combined heat and power (CHP) plants and systems that manage…
READ ARTICLE Posted: March 22, 2024 by Jérôme Segura Malware loaders (also known as droppers or downloaders) are a popular commodity in the criminal underground. Their primary function is to successfully compromise a machine and deploy one or multiple additional payloads. A good loader avoids detection and identifies victims as legitimate (i.e. not sandboxes) before pushing other…
Read Article On January 3, 2024, Mandiant’s X social media account was taken over and subsequently used to distribute links to a cryptocurrency drainer phishing page. Working with X, we were able to regain control of the account and, based on our investigation over the following days, we found no evidence of malicious activity on,…
