A new cybersecurity analysis has revealed that dozens of endpoint detection and response (EDR) killer tools are actively exploiting trusted system components to disable security protections. Researchers have identified 54 such tools leveraging the Bring Your Own Vulnerable Driver (BYOVD) technique by abusing at least 35 signed but vulnerable drivers. According to ESET, these tools […]
Cybersecurity researchers have identified a new Android malware strain called Perseus, which is actively being deployed to perform device takeover (DTO) and financial fraud. The malware is designed to compromise Android devices, steal sensitive information, and enable attackers to control infected systems remotely. According to ThreatFabric, Perseus builds upon earlier malware families like Cerberus and
New Perseus Android Banking Malware Monitors Notes Apps to Steal Sensitive Data Read More »
Cybersecurity researchers have identified a new attack technique used by the ransomware group LeakNet that combines social engineering with a memory based malware loader. The group is now leveraging the ClickFix tactic through compromised websites to gain initial access to victim systems. According to analysis published by ReliaQuest, the campaign represents a strategic change in
LeakNet Ransomware Uses ClickFix on Hacked Sites to Deploy Deno In Memory Loader Read More »
Cybersecurity researchers have identified a new cyber espionage campaign carried out by the North Korean threat group Konni. The attackers are using phishing emails to compromise victims and then leveraging the popular messaging platform KakaoTalk to distribute malware to additional targets. The activity was analyzed by South Korean cybersecurity company Genians, whose researchers observed a multi stage attack designed
Konni Spreads EndRAT via Phishing and Uses KakaoTalk to Distribute Malware Read More »
Security researchers have uncovered a new phase of the GlassWorm malware campaign, where attackers are abusing stolen GitHub tokens to inject malicious code into hundreds of Python repositories. The attack targets widely used Python projects and can infect developers who download or execute code from compromised repositories. According to research from supply chain security firm StepSecurity,
GlassWorm Attack Uses Stolen GitHub Tokens to Inject Malware Into Python Repositories Read More »
Cybersecurity researchers have identified multiple ClickFix malware campaigns distributing a macOS information stealing malware known as MacSync. The campaigns rely heavily on social engineering techniques that trick users into manually executing malicious commands in the macOS Terminal. Security experts from Sophos explained that the attacks differ from traditional exploit driven campaigns. Instead of exploiting software
ClickFix Campaigns Distribute MacSync macOS Infostealer Through Fake AI Tool Installers Read More »
Cybersecurity researchers have uncovered a new cyber espionage campaign targeting organizations in Ukraine. The activity is believed to be linked to threat actors associated with Russia, according to a report from the LAB52 threat intelligence team at the Spanish security firm S2 Grupo. The operation was detected in February 2026 and appears to share similarities
DRILLAPP Backdoor Targets Ukraine Using Microsoft Edge Debugging for Stealth Espionage Read More »
Cybersecurity researchers have uncovered a significant escalation in the GlassWorm malware campaign, which now leverages Open VSX extensions to compromise developer environments. The campaign abuses extension relationships to turn initially benign-looking packages into malicious delivery vehicles, targeting developers across multiple platforms. How GlassWorm Works Instead of embedding malicious code directly in every extension, the threat actor now uses extensionPack and extensionDependencies to trigger
GlassWorm Supply Chain Attack Exploits 72 Open VSX Extensions to Target Developers Read More »
A suspected China-based cyber espionage campaign has been targeting Southeast Asian military organizations since at least 2020, according to Palo Alto Networks Unit 42. The operation, tracked under the codename CL-STA-1087, appears to be state-backed and highly strategic. Targeted Intelligence Gathering Security researchers Lior Rochberger and Yoav Zemah report that the threat actors focused on highly specific military files rather than bulk data theft.
Chinese Hackers Attack Southeast Asian Militaries Using AppleChris and MemFun Malware Read More »
Security researchers have uncovered a new cyber campaign in which threat actors distribute trojanized VPN clients using search engine manipulation techniques to steal login credentials from unsuspecting users. According to findings published by Microsoft, the operation uses search engine optimization (SEO) poisoning to redirect users searching for legitimate enterprise software to malicious websites that deliver
Storm-2561 Distributes Trojanized VPN Clients Through SEO Poisoning to Steal Credentials Read More »