Malware

Indian Users Targeted in Tax Phishing Campaign Delivering Blackmoon Malware

Cybersecurity researchers have identified an active phishing campaign targeting users in India as part of a suspected cyber espionage operation. The campaign delivers a multi-stage backdoor designed to provide long-term access, continuous surveillance, and data exfiltration from infected systems. According to the eSentire Threat Response Unit (TRU), the attackers are distributing phishing emails that impersonate […]

Indian Users Targeted in Tax Phishing Campaign Delivering Blackmoon Malware Read More »

New Phishing Attack Abuses Vercel Hosting Platform to Deliver a Remote Access Tool

A newly identified phishing campaign active between November 2025 and January 2026 has been abusing Vercel’s legitimate hosting infrastructure to distribute remote access tools to targeted victims. By combining social engineering with trusted cloud services, the attackers have significantly increased their success rate while evading traditional security defenses. The campaign relies heavily on urgency-based phishing

New Phishing Attack Abuses Vercel Hosting Platform to Deliver a Remote Access Tool Read More »

Konni Hackers Deploy AI Generated PowerShell Backdoor Targeting Blockchain Developers

North Korea-linked threat actor Konni has been observed launching a new cyber campaign that uses an AI-generated PowerShell backdoor to target blockchain developers and engineering teams. The operation highlights an increasing use of artificial intelligence to accelerate malware development while maintaining stealth. According to Check Point Research, the phishing activity has targeted organizations and individuals

Konni Hackers Deploy AI Generated PowerShell Backdoor Targeting Blockchain Developers Read More »

Multi Stage Phishing Campaign Targets Russia Using Amnesia RAT and Ransomware

Cybersecurity researchers have identified a sophisticated multi-stage phishing campaign actively targeting users in Russia, delivering both ransomware and a remote access trojan known as Amnesia RAT. According to a technical analysis published by Fortinet FortiGuard Labs researcher Cara Lin, the attack chain begins with carefully crafted social engineering lures delivered through business-themed documents. These files

Multi Stage Phishing Campaign Targets Russia Using Amnesia RAT and Ransomware Read More »

New Osiris Ransomware Strain Uses POORTRY Driver in BYOVD Attacks

Cybersecurity researchers have uncovered a new ransomware strain called Osiris, which targeted a major food service franchise operator in Southeast Asia in November 2025. The attack demonstrates advanced techniques, including the use of a malicious driver named POORTRY in a bring your own vulnerable driver (BYOVD) attack to disable security software. Osiris: A Brand-New Ransomware Strain Osiris is a completely

New Osiris Ransomware Strain Uses POORTRY Driver in BYOVD Attacks Read More »

VoidLink Linux Malware Framework Created with AI Assistance Hits 88,000 Lines of Code

Cybersecurity researchers have uncovered new details about a highly advanced Linux malware framework known as VoidLink, revealing that the project was likely developed by a single threat actor using artificial intelligence assistance. The findings suggest a major shift in how sophisticated malware can now be created with limited human resources. According to a detailed analysis released

VoidLink Linux Malware Framework Created with AI Assistance Hits 88,000 Lines of Code Read More »

Hackers Use LinkedIn Messages to Spread RAT Malware via DLL Sideloading

Cybersecurity researchers have identified a new phishing operation that weaponizes LinkedIn private messages to deliver malware, highlighting how social media platforms are increasingly being used as initial access vectors in cyberattacks. According to findings shared by ReliaQuest, the campaign relies on direct messages sent to targeted individuals, where attackers gradually build trust before convincing victims

Hackers Use LinkedIn Messages to Spread RAT Malware via DLL Sideloading Read More »

CrashFix Chrome Extension Spreads ModeloRAT Using ClickFix Style Browser Crash Lures

Cybersecurity analysts have uncovered an active malware campaign known as KongTuke, where attackers abuse a malicious Google Chrome extension to deliberately crash browsers and deceive users into executing harmful commands. The operation delivers a newly identified remote access trojan called ModeloRAT using a refined social engineering technique similar to ClickFix, now labeled CrashFix. The findings were disclosed by Huntress,

CrashFix Chrome Extension Spreads ModeloRAT Using ClickFix Style Browser Crash Lures Read More »

Security Flaw in StealC Malware Panel Allows Researchers to Monitor Threat Actor Operations

Cybersecurity researchers have revealed a cross site scripting vulnerability in the web based administration panel used by operators of the StealC information stealing malware, enabling analysts to observe and collect intelligence on one of the threat actors actively running the operation. CyberArk researcher Ari Novick stated that exploitation of the flaw allowed researchers to collect system fingerprints, track

Security Flaw in StealC Malware Panel Allows Researchers to Monitor Threat Actor Operations Read More »

GootLoader Malware Uses 500-1,000 Concatenated ZIP Archives to Evade Detection

Security researchers have identified a new evasion technique used by the GootLoader JavaScript malware, in which attackers rely on malformed ZIP files created by combining hundreds of compressed archives into a single payload to avoid analysis and detection. According to Expel security researcher Aaron Walton, the threat actor deliberately creates corrupted ZIP archives as an anti

GootLoader Malware Uses 500-1,000 Concatenated ZIP Archives to Evade Detection Read More »