RESEARCH 84
- MaaS operation using Emmenhtal and Amadey linked to threats against Ukrainian entities
- Fake Receipts Generators the rising threat to major retail brands
- CryptoJacking is dead, long live CryptoJacking
- On the Move Fast Flux in the Modern Threat Landscape
- GLOBAL GROUP Emerging Ransomware-as-a-Service, Supporting AI Driven Negotiation and Mobile Control Panel for Their Affiliates
- DOGE Denizen Marko Elez Leaked API Key for xAI
- Behind the Clouds Attackers Targeting Governments in Southeast Asia Implement Novel Covert C2 Communication
- Chasing Ghosts Over RDP Lateral Movement in Tiny Bitmaps
- Where Everybody Knows Your Name Observing Malice-Complicit Nameservers
- Rendershock Weaponizing Trust in File Rendering Pipelines
- Code highlighting with Cursor AI for $500,000
- At last, a use case for AI agents with sky-high ROI Stealing crypto
- Risky Bulletin Browser extensions hijacked for web scraping botnet
- Researchers Reveal 18 Malicious Chrome and Edge Extensions Disguised as Everyday Tools
- RDAP and BGP in Investigative Journalism
- Combolists and ULP Files on the Dark Web A Secondary and Unreliable Source of Information about Compromises
- Deploying NetSupport RAT via WordPress & ClickFix
- BERT Ransomware Group Targets Asia and Europe on Multiple Platforms
- Unmasking Insecure HTTP Data Leaks in Popular Chrome Extensions
- When Installers Turn Evil The Pascal Script Behind Inno Setup Malware Campaign
- Silent Push Uncovers Chinese Fake Marketplace e-Commerce Phishing Campaign
- Exposed JDWP Exploited in the Wild What Happens When Debug Ports Are Left Open
- Uncovering DPRK Remote Workers Detecting Hidden Threats Through Internet Telemetry
- Large Language Models (LLMs) Are Falling for Phishing Scams What Happens When AI Gives You the Wrong URL?
- Houken seeking a path by living on the edge with zero-days
- Can You Trust that Verified Symbol? Exploiting IDE Extensions is Easier Than it Should Be
- Using AI to identify cybercrime masterminds
- Sinaloa drug cartel hired a cybersnoop to identify and kill FBI informants
- NSFOCUS APT Monthly Briefing – May 2025
- Extracting Lines of Interest From Zeek Logs
- The Case of Hidden Spam Pages
- Surge in MOVEit Transfer Scanning Could Signal Emerging Threat Activity
- Cybercriminal abuse of large language models
- Cybercrime is surging across Africa
- Crash (exploit) and burn Securing the offensive cyber supply chain to counter China in cyberspace
- Why a Classic MCP Server Vulnerability Can Undermine Your Entire AI Agent
- Cryptominers’ Anatomy Shutting Down Mining Botnets
- Another Wave North Korean Contagious Interview Campaign Drops 35 New Malicious npm Packages
- Trix Shots Remote Code Execution on Aviatrix Controller
- ConnectUnwise Threat actors abuse ConnectWise as builder for signed malware
- What’s in an ASP? Creative Phishing Attack on Prominent Academics and Critics of Russia
- Ransomware Gangs Collapse as Qilin Seizes Control
- Fault Injection – Follow the White Rabbit
- Is b For Backdoor? Pre-Auth RCE Chain In Sitecore Experience Platform
- How Fraudsters Are Poisoning Search Results to Promote Phishing Sites
- Critical Langflow Vulnerability (CVE-2025-3248) Actively Exploited to Deliver Flodrix Botnet
- Report Links Los Pollos and RichAds to Malware Traffic Operations
- PyPI, npm, and AI Tools Exploited in Malware Surge Targeting DevOps and Cloud Environments
- Is your AI safe? Threat analysis of MCP (Model Context Protocol)
- CYFIRMA INDUSTRY REPORT – HEALTHCARE
- Inside a Dark Adtech Empire Fed by Fake CAPTCHAs
- Graphite Caught, First Forensic Confirmation of Paragon’s iOS Mercenary Spyware Finds Journalists Targeted
- GitHub Device Code Phishing
- From Trust to Threat Hijacked Discord Invites Used for Multi-Stage Malware Delivery
- Global analysis of Adversary-in-the-Middle phishing threats
- Unmasking the Infrastructure of a Spearphishing Campaign
- GhostVendors Exposed Silent Push Uncovers Massive Network of 4000+ Fraudulent Domains Masquerading as Major Brands
- DanaBleed DanaBot C2 Server Memory Leak Bug
- Mapping Hidden Alliances in Russian-Affiliated Ransomware
- What Really Happened in the Aftermath of the Lizard Squad Hacks
- Proxy Services Feast on Ukraine’s IP Address Exodus
- Operation Endgame Disrupts AvCheck, Forces Threat Actors to Seek Alternatives
- Abusing Paste.ee to Deploy XWorm and AsyncRAT Across Global C2 Infrastructure
- The strange tale of ischhfd83 When cybercriminals eat their own
- Same Automated Impersonation for All
- Global Conflicts in the Digital Age – How Geopolitics Influence Cyber Operations
- The Rising Tide Understanding the Surge in Cyber Attacks in India
- The Hidden Cost of Trust New Data Reveals Alarming Employee Engagement with Vendor Email Compromise
- Illicit crypto-miners pouncing on lazy DevOps configs that leave clouds vulnerable
- How Threat Actors Exploit Human Trust A Breakdown of the 'Prove You Are Human' Malware Scheme
- Malicious Ruby Gems Exfiltrate Telegram Tokens and Messages Following Vietnam Ban
- Hackers Weaponize Free SSH Client PuTTY to Deliver Malware on Windows
- Backdoors in Python and NPM Packages Target Windows and Linux
- When Samsung's Magic Turns Tragic A Tale of Unauthorized Mining
- Threat Hunting C2 over HTTPS Connections Using the TLS Certificate
- Monkey-Patched PyPI Packages Use Transitive Dependencies to Steal Solana Private Keys
- Haozi’s Plug-and-Play Phishing-as-a-Service Has Facilitated $280,000 of Criminal Transactions Over Past Five Months
- Restless Guests The True Entra B2B Guest Threat Model
- The Sharp Taste of Mimo’lette Analyzing Mimo’s Latest Campaign targeting Craft CMS
- Text-to-Malware How Cybercriminals Weaponize Fake AI-Themed Websites
- Employees Searching Payroll Portals on Google Tricked Into Sending Paychecks to Hackers
- Crypto & Investment scams exploiting the Tesla brand
- Coordinated Cloud-Based Scanning Operation Targets 75 Known Exposure Points in One Day
- Eye of the Storm Dissecting the Playbook of Cyber Toufan