A campaign by Russian-speaking cyberattackers hijacks workflows to deliver security-busting malware, allowing attackers to steal data without detection.
After several years of using simple implants, the Russia-affiliated actor is back with two new sophisticated malware tools.
Government agencies, emergency clinics, and others in Australia, New Zealand, and Tonga have had serious run-ins with the prolific ransomware outfit.
The latest banking Trojan campaign to hit Brazil combines classic malware with a real-time human operator, waiting for the perfect moment to strike.
Dozens of updated, malicious GlassWorm extensions have infested Open VSX, threatening software development supply chains.
In a recent attack, the group showcased stealthier cross-network activity, thanks to its use of a new BYOVD technique and other tools.
Ransomware actors are ditching Cobalt Strike in favor of native Windows tools, as payment rates hit record lows and data theft surges.
Credential theft soared in the second half of 2025, thanks in part to the industrialization of infostealer malware and AI-enabled social engineering.
In addition to enabling remote access, the malware supports a wide range of capabilities, including data theft and spying.
The ransomware gang, known for double-extortion attacks, had access to a critical Cisco firewall vulnerability weeks before it was publicly disclosed.
Files on a central cloud server used by the ransomware group highlight a systematic, aggressive attack on network backups as a key TTP.
A phishing campaign targeting healthcare, government, hospitality, and education sectors in various countries uses several evasion techniques to avoid detection.