A massive malware distribution campaign has been discovered leveraging more than 100 GitHub repositories to spread the BoryptGrab information stealer. According to Trend Micro research, the campaign targets Windows users through deceptive downloads masquerading as legitimate software tools and gaming cheats. The Attack Chain The threat actors behind this campaign have deployed an extensive network…
Security researchers from ClearSky have uncovered a sophisticated Russian cyber campaign targeting Ukrainian organizations using two previously unknown malware strains with distinctly playful names: BadPaw and MeowMeow. Despite their whimsical naming, these tools represent a serious threat designed for stealth, persistence, and evasion. The Attack Chain: From Phishing to Persistent Backdoor The campaign begins with…
Five-Year Ransomware Affiliate Uses Malvertising and Legitimate Windows Tools in Sophisticated Intrusion Security researchers at MalBeacon have exposed a 12-day intrusion campaign by Velvet Tempest (also tracked as DEV-0504), a prolific ransomware affiliate group now deploying the CastleRAT backdoor through ClickFix social engineering attacks. The campaign demonstrates the continued evolution of ransomware operators toward sophisticated…
Pakistan-aligned threat actor Transparent Tribe (APT36) has embraced AI-assisted malware development to flood Indian government networks with disposable, polyglot implants—a technique security researchers are calling “vibeware” or Distributed Denial of Detection (DDoD). AI-Powered Malware Industrialization According to Bitdefender’s research, APT36 has shifted from sophisticated, handcrafted implants to high-volume, AI-generated malware written in obscure programming languages…
SAP customers are being urged to immediately patch a critical zero-day vulnerability in the Visual Composer component of SAP NetWeaver application server that threat actors are actively exploiting to deploy web shell backdoors. The Vulnerability Tracked as CVE-2025-31324, this unrestricted file upload vulnerability received the maximum severity score of 10 on the CVSS scale. The…
Security researchers at Securonix have uncovered a sophisticated multi-stage malware campaign dubbed VOID#GEIST that delivers three separate remote access trojans (RATs) through an elaborate infection chain designed to evade detection. A Modular Attack Framework Unlike traditional malware that relies on standalone executables, VOID#GEIST employs a modular pipeline comprising batch scripts for orchestration, PowerShell for stealthy…
Google Threat Intelligence Group (GTIG) has disrupted a massive global cyber espionage campaign targeting telecommunications and government organizations across 42 countries. The threat actor, tracked as UNC2814, is a suspected People’s Republic of China (PRC)-nexus cyber espionage group that GTIG has monitored since 2017. The attacker deployed a novel backdoor called GRIDTIDE that abuses Google…
A Pakistan-linked threat group is overwhelming Indian government networks with a new breed of disposable, AI-generated malware in a campaign that marks a concerning shift in the digital conflict between the two nations. According to research from Bitdefender, the threat actor APT36 (also known as Transparent Tribe) has shifted away from sophisticated, carefully crafted tools…
Google Threat Intelligence Group (GTIG) and Mandiant have executed a coordinated takedown of one of the most expansive cyber espionage campaigns in recent memory. The operation targeted UNC2814, a suspected People’s Republic of China (PRC)-nexus threat actor that has operated globally since 2017, compromising telecommunications and government organizations across four continents. Scale of the Compromise…
A powerful iOS exploit kit named “Coruna” has transitioned from elite surveillance operations to financially motivated cryptocurrency theft, signaling a dangerous shift in the mobile threat landscape. From Spyware Vendor to Cybercriminal Hands Google Threat Intelligence Group (GTIG) has disclosed details on a previously undocumented iOS exploit kit containing 23 exploits and five full exploit…
