GigaWiper is a destructive backdoor that combines multiple wiping and ransomware-like capabilities into a single operational ...
Armored Likho BusySnake Stealer, a Python-based infostealer first disclosed by Kaspersky, is actively targeting government ...
Kaspersky says the attacks use phishing, GitHub-hosted payloads, CVE-2025-9491 LNK abuse, and Go2Tunnel-based tunneling.
The North Korean state-sponsored hacking group known as ScarCruft (aka APT37) has been observed using spear-phishing messages impersonating Microsoft Account security notifications to deliver a new ...
Our tracking of OceanLotus activities from 2024–2026 reveals a shift in operational focus. During this period, the Vietnam-aligned OceanLotus adopted a more selective approach to external operations ...
China’s VerdantBamboo spent 18 months inside a company’s network. The entry point was the managed service provider next door. The incident response started with a suspicious connection from a Linux ...
WithSecure concludes that the Greyvibe group used LLMs to generate custom malware, backend infrastructure and phishing lures in order to target organizations in Ukraine as part of Russian intelligence ...
The Glassworm botnet that weaponised trusted developer tools and turned them on the open source community to poison hundreds of GitHub repositories with malicious code has been knocked out in a ...
An industry effort involving CrowdStrike, Google and the Shadowserver Foundation has led to the disruption of the Glassworm botnet. Working together, the three organizations managed to simultaneously ...
A fake repository mimicking OpenAI’s Privacy Filter on Hugging Face accumulated ~244,000 downloads before being removed. It delivered a multi-stage Rust infostealer ...
CRPx0 is a complex, stealthy malware campaign that targets macOS and Windows systems, and appears to have Linux capabilities in development. The initial social engineering lure is the offer of a free ...