Malware

Multi Stage VOID#GEIST Malware Deploys XWorm, AsyncRAT, and XenoRAT

Cybersecurity researchers have uncovered a sophisticated multi-stage malware campaign, codenamed VOID#GEIST, which leverages batch scripts to deliver encrypted remote access trojans (RATs) including XWorm, AsyncRAT, and Xeno RAT. The research was published by Securonix Threat Research. At a technical level, the attack uses an obfuscated batch script to deploy a secondary batch, stage a legitimate embedded […]

Multi Stage VOID#GEIST Malware Deploys XWorm, AsyncRAT, and XenoRAT Read More »

Iran Linked MuddyWater Hackers Target U.S. Networks with New Dindoor Backdoor

New research from Broadcom’s Symantec and Carbon Black Threat Hunter Team reveals that an Iranian state-sponsored hacking group has infiltrated multiple U.S. organizations, including banks, airports, a non-profit, and the Israeli division of a software company. The group, known as MuddyWater (also Seedworm), operates under the Iranian Ministry of Intelligence and Security (MOIS). Analysts believe

Iran Linked MuddyWater Hackers Target U.S. Networks with New Dindoor Backdoor Read More »

Word

China Linked Hackers Deploy TernDoor, PeerTime, and BruteEntry in Attacks on South American Telecom Networks

A cyber espionage campaign linked to China has been targeting telecommunications infrastructure across South America since 2024. The attackers are focusing on Windows servers, Linux systems, and network edge devices, deploying multiple sophisticated malware implants to maintain long term access. Security researchers from Cisco Talos are monitoring this activity under the name UAT-9244, a threat cluster

China Linked Hackers Deploy TernDoor, PeerTime, and BruteEntry in Attacks on South American Telecom Networks Read More »

Microsoft-Reveals-ClickFix

Microsoft Uncovers ClickFix Campaign Leveraging Windows Terminal to Deploy Lumma Stealer

Microsoft security researchers have revealed a large scale ClickFix social engineering campaign that abuses the Windows Terminal application to execute malicious commands and ultimately deploy the Lumma Stealer malware. The campaign, detected in February 2026, introduces a new technique where attackers persuade victims to run commands inside Windows Terminal (wt.exe) instead of the commonly abused Windows Run dialog. Social Engineering Through Trusted Tools

Microsoft Uncovers ClickFix Campaign Leveraging Windows Terminal to Deploy Lumma Stealer Read More »

GHOSTFORM-Malware

Dust Specter Targets Iraqi Officials Using New SPLITDROP and GHOSTFORM Malware

Cybersecurity researchers have disclosed a campaign attributed to a suspected Iran-linked threat actor targeting Iraqi government officials. The attackers impersonated Iraq’s Ministry of Foreign Affairs to deliver previously unknown malware families, including SPLITDROP, TWINTASK, TWINTALK, and GHOSTFORM. Observed by Zscaler ThreatLabz in January 2026, the campaign employs two distinct infection chains that ultimately deploy these malicious tools. A

Dust Specter Targets Iraqi Officials Using New SPLITDROP and GHOSTFORM Malware Read More »

Ukraine-attack

APT28 Associated Campaign Uses BadPaw Loader and MeowMeow Backdoor Against Ukraine

Cybersecurity researchers have revealed a new Russian cyber campaign targeting Ukrainian organizations using two previously unknown malware families, BadPaw and MeowMeow. According to a report by ClearSky, the attack begins with a phishing email containing a link to a ZIP archive. Once extracted, an HTA file opens a decoy document in Ukrainian concerning border crossing appeals, designed to

APT28 Associated Campaign Uses BadPaw Loader and MeowMeow Backdoor Against Ukraine Read More »

Malicious Laravel Packages on Packagist Deliver RAT Across Windows, macOS, and Linux

Cybersecurity researchers have uncovered malicious PHP packages on Packagist that impersonate legitimate Laravel utilities while secretly deploying a cross platform remote access trojan capable of running on Windows, macOS, and Linux systems. The packages, published under the vendor namespace nhattuanbl, include: According to findings from Socket, the lara-swagger package does not directly contain malicious code. Instead,

Malicious Laravel Packages on Packagist Deliver RAT Across Windows, macOS, and Linux Read More »

APT41 Connected Silver Dragon Targets Governments with Cobalt Strike and Google Drive C2

Cybersecurity researchers have uncovered fresh details about an advanced persistent threat group known as Silver Dragon, which has been targeting government entities across Europe and Southeast Asia since at least mid 2024. According to a technical analysis published by Check Point, the group employs a mix of server exploitation and phishing attacks to gain initial access,

APT41 Connected Silver Dragon Targets Governments with Cobalt Strike and Google Drive C2 Read More »

Microsoft Alerts on OAuth Redirect Abuse Used to Deliver Malware to Government Targets

Microsoft has issued a security warning about ongoing phishing campaigns that misuse OAuth URL redirection mechanisms to bypass traditional email and browser based phishing defenses. According to the Microsoft Defender Security Research Team, the attacks primarily target government and public sector organizations. Instead of stealing authentication tokens or exploiting software vulnerabilities, the campaigns manipulate legitimate

Microsoft Alerts on OAuth Redirect Abuse Used to Deliver Malware to Government Targets Read More »

SloppyLemming Targets Government Entities in Pakistan and Bangladesh with Dual Malware Chains

The cyber threat cluster identified as SloppyLemming has been linked to a new wave of targeted attacks against government institutions and critical infrastructure organizations in Pakistan and Bangladesh, according to fresh research from Arctic Wolf. The activity reportedly occurred between January 2025 and January 2026 and involved two separate malware delivery chains. These attack paths

SloppyLemming Targets Government Entities in Pakistan and Bangladesh with Dual Malware Chains Read More »