Malware

Silver Fox Expands Asia-Focused Cyber Campaign Using AtlasCross RAT and Fake Domains

A sophisticated cybercrime group known as Silver Fox, also tracked as SwimSnake, Valley Thief, UTG-Q-1000, and Void Arachne, has escalated its operations in Asia using a previously undocumented remote access trojan (RAT) named AtlasCross RAT. The campaign specifically targets Chinese-speaking users by leveraging typosquatted domains impersonating trusted software brands. Attack Vectors and Targeted Applications The group is […]

Silver Fox Expands Asia-Focused Cyber Campaign Using AtlasCross RAT and Fake Domains Read More »

Axios Supply Chain Attack Delivers Cross-Platform RAT Through Compromised npm Account

A major supply chain security incident has impacted Axios, one of the most widely used HTTP clients in the JavaScript ecosystem. Attackers successfully introduced malicious code into the npm package by compromising a maintainer account, enabling the distribution of a cross-platform remote access trojan (RAT). Compromised npm Account Used to Publish Malicious Versions Security researchers revealed

Axios Supply Chain Attack Delivers Cross-Platform RAT Through Compromised npm Account Read More »

DeepLoad Malware

DeepLoad Malware Leverages ClickFix and WMI Persistence to Steal Browser Credentials

Cybersecurity researchers have identified a newly emerging malware campaign distributing a previously undocumented loader called DeepLoad, leveraging ClickFix social engineering techniques to infect systems and steal sensitive data. ClickFix Lure Initiates the Attack Chain The infection begins with a deceptive ClickFix prompt that convinces users to execute a PowerShell command manually. Victims are instructed to

DeepLoad Malware Leverages ClickFix and WMI Persistence to Steal Browser Credentials Read More »

Russian CTRL Toolkit Uses Malicious LNK Files to Hijack RDP Through FRP Tunnels

Cybersecurity researchers have uncovered a sophisticated Russian-origin remote access toolkit called CTRL, which is distributed through malicious Windows shortcut (LNK) files disguised as private key folders. The toolkit enables credential theft, keylogging, and RDP session hijacking, while using Fast Reverse Proxy (FRP) tunnels to maintain stealthy command and control (C2). Multi-Stage Deployment According to Censys Censys, the

Russian CTRL Toolkit Uses Malicious LNK Files to Hijack RDP Through FRP Tunnels Read More »

Three China-Linked Threat Clusters Launch Coordinated Cyber Campaign Against Southeast Asian Government in 2025

A coordinated cyber espionage campaign involving three China-aligned threat clusters has targeted a Southeast Asian government organization throughout 2025, deploying sophisticated malware and backdoor tools. Multiple Threat Clusters Identified The activity has been traced to the following clusters: Palo Alto Networks Unit 42 researchers Palo Alto Networks Unit 42 noted, “The overlapping tactics, techniques, and procedures suggest

Three China-Linked Threat Clusters Launch Coordinated Cyber Campaign Against Southeast Asian Government in 2025 Read More »

Iran-Linked Hackers Compromise FBI Director’s Personal Email, Launch Wiper Attack on Stryker

A cyber espionage campaign linked to Iran has compromised the personal email account of Kash Patel, while also targeting major U.S. healthcare firm Stryker in a destructive cyberattack. FBI Director’s Personal Emails Leaked Online The breach was claimed by the hacktivist group Handala Hack, which published a collection of emails, photos, and documents allegedly belonging to the FBI

Iran-Linked Hackers Compromise FBI Director’s Personal Email, Launch Wiper Attack on Stryker Read More »

TeamPCP Distributes Malicious Telnyx Packages on PyPI, Conceals Data Stealer Inside WAV Files

A new software supply chain attack has been uncovered involving TeamPCP, the same threat group previously linked to compromises of Trivy, KICS, and litellm. This time, the attackers targeted the widely used Telnyx Python package by uploading malicious versions to the Python Package Index (PyPI). Malicious Versions Disguised as Legitimate Updates Security researchers revealed that

TeamPCP Distributes Malicious Telnyx Packages on PyPI, Conceals Data Stealer Inside WAV Files Read More »

Bearlyfy Targets Russian Firms with Custom GenieLocker Ransomware

A pro-Ukraine hacking group has intensified its cyber operations against Russian businesses, deploying a newly developed ransomware strain to maximize disruption and financial gain. The group, known as Bearlyfy, has rapidly evolved into a serious threat actor since emerging in early 2025. Rapid Rise of a Dual-Purpose Threat Actor Since its appearance, Bearlyfy has been linked

Bearlyfy Targets Russian Firms with Custom GenieLocker Ransomware Read More »

China Linked Red Menshen Uses Stealthy BPFDoor Implants to Spy Through Telecom Networks

A highly sophisticated cyber espionage campaign linked to a China-associated threat group has been uncovered, targeting telecommunications infrastructure to infiltrate sensitive government networks. The operation reflects a long-term strategy focused on stealth, persistence, and deep network access, raising serious concerns for global cybersecurity. Silent Infiltration of Telecom Networks The threat group known as Red Menshen,

China Linked Red Menshen Uses Stealthy BPFDoor Implants to Spy Through Telecom Networks Read More »

GlassWorm Malware Exploits Solana Dead Drops to Deliver RAT and Steal Browser and Crypto Data

Cybersecurity researchers have uncovered a sophisticated malware campaign dubbed GlassWorm, which delivers a multi-stage attack framework designed to steal credentials, exfiltrate cryptocurrency data, and install a remote access trojan (RAT) disguised as a Google Docs Offline extension. Multi-Stage Attack Mechanism According to Aikido Security, GlassWorm begins by infiltrating systems through compromised packages across npm, PyPI,

GlassWorm Malware Exploits Solana Dead Drops to Deliver RAT and Steal Browser and Crypto Data Read More »