A year-long malware campaign targets HR departments through weaponized resume files, deploying the previously undocumented BlackSanta EDR killer that disables endpoint security tools at the kernel level.
Iran’s Seedworm APT group (also known as MuddyWater) has established persistent access inside the networks of multiple US organizations since early February 2026, deploying two previously unknown malware implants as geopolitical tensions between the US and Iran escalate. New Backdoor Arsenal: Dindoor and Fakeset Joint research from Symantec and Carbon Black has identified Seedworm activity…
In the largest single-event activation of Iranian-aligned cyber actors ever documented, more than 60 pro-Iranian hacktivist groups became active on Telegram within hours of the February 28 US-Israel military strikes on Iran. Armed with AI tools and targeting over 40,000 internet-exposed control systems in the United States, these groups represent a dangerous new dimension of…
Executive Summary As hostilities between Iran and the U.S./Israeli-led coalition escalate, threat intelligence indicates Iranian-aligned cyber actors pose an elevated near-term risk to organizations across North America and allied nations. These actors have a well-documented history of espionage, credential theft, disruptive attacks, and high-visibility “hacktivist” operations targeting U.S. and allied interests. The Iranian Cyber Threat…
Iranian state-sponsored hackers have maintained persistent access inside multiple US critical infrastructure networks since early February 2026, establishing footholds that security researchers warn could enable devastating attacks amid escalating geopolitical tensions in the Middle East. MuddyWater Returns with New Malware Arsenal Symantec and Carbon Black researchers have attributed the activity to Seedworm (also known as…
Trend Micro researchers have uncovered a large-scale malware distribution campaign using over 100 GitHub repositories to spread BoryptGrab, an information stealer that targets browser credentials, cryptocurrency wallets, and sensitive files while deploying reverse SSH backdoors for persistent access. The campaign leverages the trust users place in GitHub to distribute malware disguised as legitimate software tools,…
A massive malware distribution campaign has been discovered leveraging more than 100 GitHub repositories to spread the BoryptGrab information stealer. According to Trend Micro research, the campaign targets Windows users through deceptive downloads masquerading as legitimate software tools and gaming cheats. The Attack Chain The threat actors behind this campaign have deployed an extensive network…
Security researchers from ClearSky have uncovered a sophisticated Russian cyber campaign targeting Ukrainian organizations using two previously unknown malware strains with distinctly playful names: BadPaw and MeowMeow. Despite their whimsical naming, these tools represent a serious threat designed for stealth, persistence, and evasion. The Attack Chain: From Phishing to Persistent Backdoor The campaign begins with…
Five-Year Ransomware Affiliate Uses Malvertising and Legitimate Windows Tools in Sophisticated Intrusion Security researchers at MalBeacon have exposed a 12-day intrusion campaign by Velvet Tempest (also tracked as DEV-0504), a prolific ransomware affiliate group now deploying the CastleRAT backdoor through ClickFix social engineering attacks. The campaign demonstrates the continued evolution of ransomware operators toward sophisticated…
Pakistan-aligned threat actor Transparent Tribe (APT36) has embraced AI-assisted malware development to flood Indian government networks with disposable, polyglot implants—a technique security researchers are calling “vibeware” or Distributed Denial of Detection (DDoD). AI-Powered Malware Industrialization According to Bitdefender’s research, APT36 has shifted from sophisticated, handcrafted implants to high-volume, AI-generated malware written in obscure programming languages…
