MALWARE 99

• ShadowHS - A Fileless Linux Post‑Exploitation Framework Built on a Weaponized hackshell Jan 30, 2026
• GoTo Resolve Tool’s Background Activities Compared to Ransomware Tactics Jan 28, 2026
• Can you use too many LOLBins to drop some RATs? Jan 21, 2026
• Kimwolf Botnet Lurking in Corporate, Govt. Networks Jan 20, 2026
• New PDFSider Windows malware deployed on Fortune 100 firm's network Jan 19, 2026
• From Extension to Infection - An In-Depth Analysis of the Evelyn Stealer Campaign Targeting Software Developers Jan 19, 2026
• Gootloader now uses 1,000-part ZIP archives for stealthy delivery Jan 15, 2026
• Unveiling VoidLink – A Stealthy, Cloud-Native Linux Malware Framework Jan 13, 2026
• Hunting Lazarus - Inside the Contagious Interview C2 Infrastructure Jan 13, 2026
• CastleLoader Analysis - A Deep Dive into Stealthy Loader Targeting Government Sector Jan 13, 2026
• CrazyHunter ransomware escalates with advanced intrusion tactics, six Taiwan healthcare victims confirmed Jan 12, 2026
• Fake WinRAR downloads hide malware behind a real installer Jan 8, 2026
• Inside GoBruteforcer - AI-Generated Server Defaults, Weak Passwords, and Crypto-Focused Campaigns Jan 7, 2026
• Black Cat Behind SEO Poisoning Malware Campaign Targeting Popular Software Searches Jan 7, 2026
• Hospitality Sector Hit By PHALT#BLYX ClickFix Malware Campaign Jan 6, 2026
• Hackers Abuse Popular Monitoring Tool Nezha as a Stealth Trojan Dec 22, 2025
• Cloud Atlas activity in the first half of 2025 what changed Dec 21, 2025
• Rudepanda Owns Iis Servers Like 2003 Dec 18, 2025
• New BeaverTail Malware Variant Linked to Lazarus Group Dec 18, 2025
• ShadyPanda - The Silent Browser Takeover Threat and How Qualys TruRisk Eliminate Helps You Stop It Dec 17, 2025
• New SantaStealer malware steals data from browsers, crypto wallets Dec 15, 2025
• NANOREMOTE, cousin of FINALDRAFT Dec 14, 2025
• New JS#SMUGGLER Campaign Drops NetSupport RAT Through Infected Sites Dec 8, 2025
• ChrimeraWire Trojan Fakes Chrome Activity to Manipulate Search Rankings Dec 8, 2025
• To Catch a Predator Leak exposes the internal operations of Intellexa’s mercenary spyware Dec 4, 2025
• Glassworm malware returns in third wave of malicious VS Code packages Dec 1, 2025
• Shai-hulud 2.0 Campaign Targets Cloud and Developer Ecosystems Nov 27, 2025
• Is Your Android TV Streaming Box Part of a Botnet? Nov 24, 2025
• AI's scary new trick - Conducting cyberattacks instead of just helping out Nov 17, 2025
• Hackers are Weaponizing Invoices to Deliver XWorm That Steals Login Credentials Nov 15, 2025
• Google sounds alarm on self-modifying AI malware Nov 6, 2025
• New "Brash" Exploit Crashes Chromium Browsers Instantly with a Single Malicious URL Nov 1, 2025
• Qilin ransomware escalates rapidly in 2025, targeting critical sectors with 700 attacks amid RansomHub shutdown Oct 27, 2025
• LockBit 5.0 Actively Attacking Windows, Linux, and ESXi Environments Oct 25, 2025
• Agenda Ransomware Deploys Linux Variant on Windows Systems Through Remote Management Tools and BYOVD Techniques Oct 23, 2025
• SocGholish Malware Using Compromised Sites to Deliver Ransomware Oct 22, 2025
• Vidar Stealer 2.0 adds multi-threaded data theft, better evasion Oct 21, 2025
• New .NET CAPI Backdoor Targets Russian Auto and E-Commerce Firms via Phishing ZIPs Oct 18, 2025
• Hacker Group TA585 Emerges With Advanced Attack Infrastructure Oct 14, 2025
• Researchers Warn RondoDox Botnet is Weaponizing Over 50 Flaws Across 30+ Vendors Oct 13, 2025
• Gamaredon X Turla collab Sep 19, 2025
• EvilAI malware campaign exploits AI-generated code to breach global critical sectors Sep 16, 2025
• DNV details ‘SteganoAmor’ malware campaign used against Iranian oil and gas traders, extends to maritime operators Sep 15, 2025
• New Buterat Backdoor Malware Found in Enterprise and Government Networks Sep 10, 2025
• 18 Popular Code Packages Hacked, Rigged to Steal Crypto Sep 8, 2025
• RapperBot Hijacking Devices to Launch DDoS Attack In a Split Second Sep 3, 2025
• New Report on Commercial Spyware Vendors Detailing Their Targets and Infection Chains Sep 2, 2025
• New Phishing Campaign Abuses ConnectWise ScreenConnect to Take Over Devices Aug 27, 2025
• AI-Powered Ransomware Has Arrived With 'PromptLock' Aug 27, 2025
• Fake macOS Help Sites Seek to Spread Infostealer in Targeted Campaign Aug 25, 2025
• ClickFix Attack Tricks AI Summaries Into Pushing Malware Aug 25, 2025
• Hackers Using New QuirkyLoader Malware to Spread Agent Tesla, AsyncRAT and Snake Keylogger Aug 21, 2025
• New Ransomware Charon Uses Earth Baxia APT Techniques to Target Enterprises Aug 12, 2025
• Malvertising campaign leads to PS1Bot, a multi-stage malware framework Aug 12, 2025
• Shared secret EDR killer in the kill chain Aug 6, 2025
• Makop Ransomware Identified in Attacks in South Korea Aug 5, 2025
• New Plague Linux malware stealthily maintains SSH access Aug 4, 2025
• AI-Generated Malicious npm Package Drains Solana Funds from 1,500+ Before Takedown Aug 1, 2025
• RAVEN STEALER UNMASKED Telegram-Based Data Exfiltration Jul 26, 2025
• Surveillance Malware Hidden in npm and PyPI Packages Targets Developers with Keyloggers, Webcam Capture, and Credential Theft Jul 23, 2025
• The Rise of Acreed Infostealer in the Post-LummaC2 Threat Landscape Jul 22, 2025
• Coyote in the Wild First-Ever Malware That Abuses UI Automation Jul 22, 2025
• Back to Business Lumma Stealer Returns with Stealthier Methods Jul 22, 2025
• Malware Identified in Attacks Exploiting Ivanti Connect Secure Vulnerabilities Jul 18, 2025
• Getting to the Crux (Ransomware) of the Matter Jul 18, 2025
• WordPress Redirect Malware Hidden in Google Tag Manager Code Jul 17, 2025
• Threat hunting case study Lumma infostealer Jul 17, 2025
• GhostContainer backdoor malware compromising Exchange servers of high-value organizations in Asia Jul 17, 2025
• Old Miner, New Tricks H2miner Resurfaces with Lcrypt0rx Ransomware Jul 16, 2025
• KongTuke FileFix Leads to New Interlock RAT Variant Jul 14, 2025
• OCTALYN STEALER UNMASKED Jul 12, 2025
• macOS.ZuRu Resurfaces | Modified Khepri C2 Hides Inside Doctored Termius App Jul 10, 2025
• Malware of the Day – Multi-Modal C2 Communication – Numinon C2 Jul 10, 2025
• GreyNoise Identifies New Scraper Botnet Concentrated in Taiwan Jul 9, 2025
• GitHub Abused to Spread Malware Disguised as Free VPN Jul 9, 2025
• NordDragonScan Quiet Data-Harvester on Windows Jul 7, 2025
• Digging Gold with a Spoon – Resurgence of Monero-mining Malware Jul 7, 2025
• June's Dark Gift The Rise of Qwizzserial Jul 2, 2025
• Stealthy WordPress Malware Drops Windows Trojan via PHP Backdoor Jun 27, 2025
• Odyssey Stealer The Rebrand of Poseidon Stealer Jun 26, 2025
• In the Wild Malware Prototype with Embedded Prompt Injection Jun 25, 2025
• Resurgence of the Prometei Botnet Jun 20, 2025
• Part 2 Tracking LummaC2 Infrastructure Jun 19, 2025
• Cobalt Strike Operators Leverage PowerShell Loaders Across Chinese, Russian, and Global Infrastructure Jun 19, 2025
• Fake Minecraft mods distributed by the Stargazers Ghost Network to steal gamers’ data Jun 18, 2025
• JSFireTruck Exploring Malicious JavaScript Using JSF*ck as an Obfuscation Technique Jun 12, 2025
• Fog Ransomware Unusual Toolset Used in Recent Attack Jun 12, 2025
• Toxic trend Another malware threat targets DeepSeek Jun 11, 2025
• The FBI Issued a Warning About This Malware That's Infecting Millions of Devices Jun 6, 2025
• Blitz Malware A Tale of Game Cheats and Code Repositories Jun 6, 2025
• Newly identified wiper malware “PathWiper” targets critical infrastructure in Ukraine Jun 5, 2025
• From open-source to open threat Tracking Chaos RAT’s evolution Jun 4, 2025
• Acreed Emerges as Dominant Infostealer Threat Following Lumma Takedown Jun 2, 2025
• Interlock ransomware what you need to know May 30, 2025
• Tracking LummaC2 Infrastructure with Cats May 29, 2025
• Deep Dive into a Dumped Malware without a PE Header May 29, 2025
• Malware or LLM? Silent Werewolf employs new loaders to attack Russian and Moldovan organizations May 27, 2025
• SilverRAT Source Code Leaked Online Here’s What You Need to Know May 26, 2025
• Reborn in Rust AsyncRAT May 26, 2025