LOTUSLITE Backdoor Targets U.S. Policy Entities Using Venezuela-Themed Spear Phishing
Security experts have disclosed details of a new campaign that has targeted U.S. government and policy entities using politically themed lures to deliver a backdoor known as LOTUSLITE. The targeted malware campaign leverages decoys related to the recent geopolitical developments
GootLoader Malware Uses 500–1,000 Concatenated ZIP Archives to Evade Detection
The JavaScript (aka JScript) malware loader called GootLoader has been observed using a malformed ZIP archive that's designed to sidestep detection efforts by concatenating anywhere from 500 to 1,000 archives. "The actor creates a malformed archive as an anti-analysis technique,"
Black Basta Ransomware Leader Added to EU Most Wanted and INTERPOL Red Notice
Ukrainian and German law enforcement authorities have identified two Ukrainians suspected of working for the Russia-linked ransomware-as-a-service (RaaS) group Black Basta. In addition, the group's alleged leader, a 35-year-old Russian national named Oleg Evgenievich Nefedov (Неф
Security Bug in StealC Malware Panel Let Researchers Spy on Threat Actor Operations
Cybersecurity researchers have disclosed a cross-site scripting (XSS) vulnerability in the web-based control panel used by operators of the StealC information stealer, allowing them to gather crucial insights on one of the threat actors using the malware in their operations. "By
Evelyn Stealer Malware Abuses VS Code Extensions to Steal Developer Credentials and Crypto
Cybersecurity researchers have disclosed details of a malware campaign that's targeting software developers with a new information stealer called Evelyn Stealer by weaponizing the Microsoft Visual Studio Code (VS Code) extension ecosystem. "The malware is designed to exfiltrate s
Hackers Use LinkedIn Messages to Spread RAT Malware Through DLL Sideloading
Cybersecurity researchers have uncovered a new phishing campaign that exploits social media private messages to propagate malicious payloads, likely with the intent to deploy a remote access trojan (RAT). The activity delivers "weaponized files via Dynamic Link Library (DLL) side
Frogblight threatens you with a court case: a new Android banker targets Turkish users
Kaspersky researchers have discovered a new Android banking Trojan targeting Turkish users and posing as an app for accessing court case files via an official government webpage. The malware is being actively developed and may become MaaS in the future.
From cheats to exploits: Webrat spreading via GitHub
We dissect the new Webrat campaign where the Trojan spreads via GitHub repositories, masquerading as critical vulnerability exploits to target cybersecurity researchers.
Threat landscape for industrial automation systems in Q3 2025
The report contains statistics on various threats detected and blocked on ICS computers in Q3 2025, including miners, ransomware, spyware, etc.
"Shai-Hulud" Worm Compromises npm Ecosystem in Supply Chain Attack (Updated November 26)
Self-replicating worm “Shai-Hulud” has compromised hundreds of software packages in a supply chain attack targeting the npm ecosystem. We discuss scope and more. The post "Shai-Hulud" Worm Compromises npm Ecosystem in Supply Chain Attack (Updated November 26) appeared first on Un
01flip: Multi-Platform Ransomware Written in Rust
01flip is a new ransomware family fully written in Rust. Activity linked to 01flip points to alleged dark web data leaks. The post 01flip: Multi-Platform Ransomware Written in Rust appeared first on Unit 42.
Hamas-Affiliated Ashen Lepus Targets Middle Eastern Diplomatic Entities With New AshTag Malware Suite
Hamas-affiliated threat actor Ashen Lepus (aka WIRTE) is conducting espionage with its new AshTag malware suite against Middle Eastern government entities. The post Hamas-Affiliated Ashen Lepus Targets Middle Eastern Diplomatic Entities With New AshTag Malware Suite appeared fir