Social Engineering

Silver Fox Distributes ValleyRAT in China Through Fake Microsoft Teams Installer

A new campaign linked to the threat actor Silver Fox is targeting Chinese speaking users through a deceptive installer that pretends to be Microsoft Teams. The operation appears to be a false flag attempt designed to resemble activity from a Russian group, although the final payload is ValleyRAT, a malware family associated with Chinese cybercrime […]

Silver Fox Distributes ValleyRAT in China Through Fake Microsoft Teams Installer Read More »

RomCom deploys Mythic Agent malware via SocGholish fake update attacks

Cybersecurity researchers have discovered that the Russia-linked threat actor RomCom attempted to compromise a U.S.-based civil engineering company using a JavaScript loader known as SocGholish, delivering the sophisticated Mythic Agent malware. According to Arctic Wolf Labs researcher Jacob Faires, this marks the first observed instance of a RomCom payload being distributed via SocGholish. The campaign

RomCom deploys Mythic Agent malware via SocGholish fake update attacks Read More »

Matrix Push C2 Uses Browser Notifications for Fileless and Cross Platform Phishing Attacks

Cybersecurity analysts have identified a new trend in phishing operations, where browser notifications are being misused to push malicious links through a command and control platform known as Matrix Push C2. According to a recent report from BlackFog researcher Brenda Robb, the framework operates entirely within the browser environment, using push alerts, fake system style

Matrix Push C2 Uses Browser Notifications for Fileless and Cross Platform Phishing Attacks Read More »

Sneaky 2FA Phishing Kit Adds BitB Style Pop ups That Closely Imitate the Browser Address Bar

A new phishing campaign is leveraging advanced techniques to steal credentials from unsuspecting users. The Phishing-as-a-Service (PhaaS) kit called Sneaky 2FA has integrated Browser-in-the-Browser (BitB) functionality, making it easier for less experienced attackers to perform large-scale credential theft operations. How BitB Works Security researchers at Push Security reported that the technique is being used to

Sneaky 2FA Phishing Kit Adds BitB Style Pop ups That Closely Imitate the Browser Address Bar Read More »

Hackers Deliver SSH-Tor Backdoor Through Weaponized Military Documents in ZIP Files

In a highly targeted cyber espionage campaign uncovered in October 2025, threat actors have been deploying a sophisticated SSH-Tor backdoor by disguising it within weaponized military documents. The attack, aimed at defense personnel, demonstrates a significant evolution in combining social engineering with advanced technical stealth to maintain persistent access to compromised systems. The Lure: A

Hackers Deliver SSH-Tor Backdoor Through Weaponized Military Documents in ZIP Files Read More »

HttpTroy Backdoor Poses as VPN Invoice to Infiltrate South Korean Targets

The North Korea-aligned advanced persistent threat (APT) group Kimsuky has been discovered using a previously unknown backdoor, codenamed HttpTroy, in a highly targeted spear-phishing campaign. The attack, aimed at a single victim in South Korea, employed a sophisticated multi-stage infection chain disguised as a legitimate VPN invoice. The Deceptive Lure and Initial Compromise The attack began

HttpTroy Backdoor Poses as VPN Invoice to Infiltrate South Korean Targets Read More »

SideWinder APT Uses ClickOnce Based Attack Chain to Target South Asian Diplomats

A new cyber espionage campaign has been uncovered, showing the continuous evolution of the SideWinder advanced persistent threat (APT) group. The operation, which took place in September 2025, targeted a European embassy in New Delhi and multiple organizations across Sri Lanka, Pakistan, and Bangladesh. Researchers from Trellix, Ernesto Fernández Provecho and Pham Duy Phuc, have

SideWinder APT Uses ClickOnce Based Attack Chain to Target South Asian Diplomats Read More »

North Korean Hackers Use Fake Job Offers to Lure Defense Engineers and Steal Drone Secrets

A persistent North Korean cyber campaign, known as Operation Dream Job, has resurfaced with a focused wave of attacks against European companies in the defense and aerospace sectors. ESET researchers Peter Kálnai and Alexis Rapin report the activity appears aimed at harvesting proprietary data and manufacturing know-how, especially tied to unmanned aerial vehicle, UAV, development.

North Korean Hackers Use Fake Job Offers to Lure Defense Engineers and Steal Drone Secrets Read More »

Meta Introduces New Security Tools to Protect WhatsApp and Messenger Users from Scams

Meta has announced a new set of security tools aimed at strengthening protection for WhatsApp and Messenger users against online scams. According to Meta, these new updates are designed to help users identify and prevent fraudulent attempts that target personal data, financial information, and digital identities. Screen-Sharing Warnings on WhatsApp WhatsApp is rolling out new

Meta Introduces New Security Tools to Protect WhatsApp and Messenger Users from Scams Read More »

Hackers Abuse CSS Properties, Use Hidden-Text Salting to Inject Malicious Code

A rising email evasion technique, called hidden-text salting, is becoming a serious problem for email security, enabling attackers to hide large amounts of irrelevant or misleading content inside otherwise malicious messages. By abusing CSS properties and HTML structure, adversaries keep this content invisible to human recipients while confusing automated detection engines, including signature-based systems and

Hackers Abuse CSS Properties, Use Hidden-Text Salting to Inject Malicious Code Read More »