Discovery of New Campaign Cybersecurity experts have identified a fresh phishing operation conducted by the North Korean state-sponsored threat group ScarCruft (APT37). The attackers are using a well-known malware called RokRAT to infiltrate systems and steal sensitive information. Researchers at Seqrite Labs named this campaign Operation HanKook Phantom, noting that the attacks are aimed at […]
In a recent Advanced Continual Threat Hunt (ACTH) operation, Trustwave’s SpiderLabs uncovered a stealthy campaign where cybercriminals weaponized ScreenConnect, a legitimate remote management tool, to deliver the Xworm Remote Access Trojan (RAT) through a layered infection chain. By using fake AI-related content and tampered digital certificates, the attackers managed to bypass many Endpoint Detection and
A new supply-chain attack has compromised the widely used NX build tool, impacting more than 1,400 developers. Security researchers discovered that a malicious post-install script was added, which silently created a GitHub repository named s1ngularity-repository in affected users’ accounts. Inside this repository, attackers stored a base64-encoded dump containing highly sensitive information, including wallet files, API
NX Build Tool Hacked to Steal Wallets and Secrets Read More »
A new and highly coordinated malware campaign has surfaced in Indonesia, specifically preying on senior citizens who depend on the nation’s official pension system. The attackers are exploiting the credibility of PT Dana Tabungan dan Asuransi Pegawai Negeri (TASPEN), the state-owned pension fund that manages more than $15.9 billion in assets for millions of retired
New Malware Exploits TASPEN to Target Indonesian Senior Citizens Read More »
A newly uncovered phishing operation called the ZipLine campaign is actively targeting U.S. manufacturing companies. The attackers disguise themselves as business partners and exploit supply chain importance to deliver a fileless, memory-resident malware known as MixShell. Unconventional Phishing Tactics Unlike traditional phishing methods, ZipLine reverses the workflow. Instead of sending the first email, threat actors
ZipLine Campaign Targets Manufacturing Firms with In-Memory MixShell Malware Read More »
A newly discovered variant of the Hook Android banking trojan has surfaced with extraordinary capabilities, placing it among the most powerful mobile malware strains identified so far. Evolution of Hook Trojan The latest build, called Hook Version 3, marks a major advancement in Android malware technology. It introduces a massive toolkit of 107 remote commands,
Hook Android Banking Malware Adds Advanced Features, Supports 107 Remote Commands Read More »
Cybersecurity experts have uncovered a highly sophisticated social engineering campaign that is deploying MixShell, a stealthy in-memory malware, against key manufacturing companies vital to the global supply chain. This malicious operation, tracked by Check Point Research under the name ZipLine, takes an unusual approach to infiltration. A Shift from Traditional Phishing Instead of relying on
MixShell Malware Uses Contact Forms to Target U.S. Supply Chain Manufacturers Read More »
Large-Scale Attack Campaign A newly identified cyber campaign, codenamed ShadowCaptcha, has compromised more than 100 WordPress websites to redirect visitors toward fake CAPTCHA verification pages. These pages use the ClickFix social engineering technique to deliver information stealers, ransomware, and cryptocurrency miners. The operation, first discovered in August 2025 by the Israel National Digital Agency, highlights
In early 2025, a covert cyber-espionage campaign targeted diplomats and government organizations across Southeast Asia and other regions. At the core of this operation is STATICPLUGIN, a downloader cleverly disguised as a legitimate Adobe plugin update. Malicious Redirect via Captive Portal Victims experienced a captive portal hijack, redirecting browsers to malicious domains. The landing page,
UNC6384 Chinese Hackers Use Valid Code Signing Certificates to Bypass Security Read More »
A newly analyzed malware strain named KorPlug has surfaced as a significant cybersecurity threat. This malware leverages advanced obfuscation techniques that make detection and reverse engineering extremely challenging. Obfuscation and Execution Techniques KorPlug stands out due to its use of O-LLVM-based obfuscation, which transforms normal program structures into complex control flow graphs (CFGs). These techniques
KorPlug Malware Analysis Reveals TTPs, Control Flow, and IOCs Read More »