RESEARCH 125
- Pondering my ORB - A look at PolarEdge Adjacent Infrastructure
- Microsoft Unveils Storm-0501’s Advanced Cloud Ransomware Attack Tactics
- Credential harvesting campaign targets ScreenConnect cloud administrators
- Malicious Go Module Poses as SSH Brute-Force Tool, Steals Credentials via Telegram Bot
- Attackers Abuse Virtual Private Servers to Compromise SaaS Accounts
- Someone's poking the bear with infostealers targeting Russian crypto developers
- EncryptHub Abuses Brave Support in new Campaign Exploiting- MSC Eviltwin Flaw
- Smart Contract Scams | Ethereum Drainers Pose as Trading Bots to Steal Crypto
- Rapid Breach Social Engineering to Remote Access in 300 Seconds
- GenAI Used For Phishing Websites Impersonating Brazil’s Government
- From Bing Search to Ransomware Bumblebee and AdaptixC2 Deliver Akira
- Tracking Updates to Raspberry Robin
- Perplexity is using stealth, undeclared crawlers to evade website no-crawl directives
- Fingerprinting Malware C2s with Tags
- Hackers Regularly Exploit Vulnerabilities Before Public Disclosure, Study Finds
- Arctic Wolf Observes July 2025 Uptick in Akira Ransomware Activity Targeting SonicWall SSL VPN
- Unmasking Interlock Group's Evolving Malware Arsenal
- The Commented Kill Chain Why Old Ransomware Playbooks Never Die
- Ransomware in Q2 2025 AI Joins the Crew, Cartels Rise, and Payment Rates Collapse
- Microsoft OAuth App Impersonation Campaign Leads to MFA Phishing
- Scammers Unleash Flood of Slick Online Gaming Sites
- Qwins Ltd Bulletproof Hosting Provider Powering Global Malware Campaigns
- Cobalt Strike Beacon delivered via GitHub and social media
- Deepfakes and Unkept Promises lead to Financial Fraud on Social Media, targeting the General Public
- Auto-Color Backdoor How Darktrace Thwarted a Stealthy Linux Intrusion
- Attacking GenAI applications and LLMs – Sometimes all it takes is to ask nicely!
- Cybersecurity Scams Targeting Fans and Teams at the 2025 Belgian Grand Prix
- Researchers Expose Massive Online Fake Currency Operation in India
- ToolShell, SharePoint, and the Death of the Patch Window
- DNS Packet Inspection for Network Threat Hunters
- A Spike in the Desert How GreyNoise Uncovered a Global Pattern of VOIP-Based Telnet Attacks
- Signed, Sealed, Altered? Deepdive into PDF Tempering
- Operation CargoTalon UNG0901 Targets Russian Aerospace & Defense Sector using EAGLET implant.
- A Special Mission to Nowhere, Exploiting the Middle East crisis with a charter jet scam
- Ransomware Group Uses AI Chatbot to Intensify Pressure on Victims
- How DEF CON hacking villages help to save the planet
- Clickfix on macOS AppleScript Malware Campaign Uses Terminal Prompts to Steal Data
- BIDI Swap Unmasking the Art of URL Misleading with Bidirectional Text Tricks
- NET RFQ Request for Quote Scammers Casting Wide Net to Steal Real Goods
- How China’s Patriotic ‘Honkers’ Became the Nation’s Elite Cyberspies
- Greedy Sponge Targets Mexico with AllaKore RAT and SystemBC
- MaaS operation using Emmenhtal and Amadey linked to threats against Ukrainian entities
- Fake Receipts Generators the rising threat to major retail brands
- CryptoJacking is dead, long live CryptoJacking
- On the Move Fast Flux in the Modern Threat Landscape
- GLOBAL GROUP Emerging Ransomware-as-a-Service, Supporting AI Driven Negotiation and Mobile Control Panel for Their Affiliates
- DOGE Denizen Marko Elez Leaked API Key for xAI
- Behind the Clouds Attackers Targeting Governments in Southeast Asia Implement Novel Covert C2 Communication
- Chasing Ghosts Over RDP Lateral Movement in Tiny Bitmaps
- Where Everybody Knows Your Name Observing Malice-Complicit Nameservers
- Rendershock Weaponizing Trust in File Rendering Pipelines
- Code highlighting with Cursor AI for $500,000
- At last, a use case for AI agents with sky-high ROI Stealing crypto
- Risky Bulletin Browser extensions hijacked for web scraping botnet
- Researchers Reveal 18 Malicious Chrome and Edge Extensions Disguised as Everyday Tools
- RDAP and BGP in Investigative Journalism
- Combolists and ULP Files on the Dark Web A Secondary and Unreliable Source of Information about Compromises
- Deploying NetSupport RAT via WordPress & ClickFix
- BERT Ransomware Group Targets Asia and Europe on Multiple Platforms
- Unmasking Insecure HTTP Data Leaks in Popular Chrome Extensions
- When Installers Turn Evil The Pascal Script Behind Inno Setup Malware Campaign
- Silent Push Uncovers Chinese Fake Marketplace e-Commerce Phishing Campaign
- Exposed JDWP Exploited in the Wild What Happens When Debug Ports Are Left Open
- Uncovering DPRK Remote Workers Detecting Hidden Threats Through Internet Telemetry
- Large Language Models (LLMs) Are Falling for Phishing Scams What Happens When AI Gives You the Wrong URL?
- Houken seeking a path by living on the edge with zero-days
- Can You Trust that Verified Symbol? Exploiting IDE Extensions is Easier Than it Should Be
- Using AI to identify cybercrime masterminds
- Sinaloa drug cartel hired a cybersnoop to identify and kill FBI informants
- NSFOCUS APT Monthly Briefing – May 2025
- Extracting Lines of Interest From Zeek Logs
- The Case of Hidden Spam Pages
- Surge in MOVEit Transfer Scanning Could Signal Emerging Threat Activity
- Cybercriminal abuse of large language models
- Cybercrime is surging across Africa
- Crash (exploit) and burn Securing the offensive cyber supply chain to counter China in cyberspace
- Why a Classic MCP Server Vulnerability Can Undermine Your Entire AI Agent
- Cryptominers’ Anatomy Shutting Down Mining Botnets
- Another Wave North Korean Contagious Interview Campaign Drops 35 New Malicious npm Packages
- Trix Shots Remote Code Execution on Aviatrix Controller
- ConnectUnwise Threat actors abuse ConnectWise as builder for signed malware
- What’s in an ASP? Creative Phishing Attack on Prominent Academics and Critics of Russia
- Ransomware Gangs Collapse as Qilin Seizes Control
- Fault Injection – Follow the White Rabbit
- Is b For Backdoor? Pre-Auth RCE Chain In Sitecore Experience Platform
- How Fraudsters Are Poisoning Search Results to Promote Phishing Sites
- Critical Langflow Vulnerability (CVE-2025-3248) Actively Exploited to Deliver Flodrix Botnet
- Report Links Los Pollos and RichAds to Malware Traffic Operations
- PyPI, npm, and AI Tools Exploited in Malware Surge Targeting DevOps and Cloud Environments
- Is your AI safe? Threat analysis of MCP (Model Context Protocol)
- CYFIRMA INDUSTRY REPORT – HEALTHCARE
- Inside a Dark Adtech Empire Fed by Fake CAPTCHAs
- Graphite Caught, First Forensic Confirmation of Paragon’s iOS Mercenary Spyware Finds Journalists Targeted
- GitHub Device Code Phishing
- From Trust to Threat Hijacked Discord Invites Used for Multi-Stage Malware Delivery
- Global analysis of Adversary-in-the-Middle phishing threats
- Unmasking the Infrastructure of a Spearphishing Campaign
- GhostVendors Exposed Silent Push Uncovers Massive Network of 4000+ Fraudulent Domains Masquerading as Major Brands
- DanaBleed DanaBot C2 Server Memory Leak Bug
- Mapping Hidden Alliances in Russian-Affiliated Ransomware
- What Really Happened in the Aftermath of the Lizard Squad Hacks
- Proxy Services Feast on Ukraine’s IP Address Exodus
- Operation Endgame Disrupts AvCheck, Forces Threat Actors to Seek Alternatives
- Abusing Paste.ee to Deploy XWorm and AsyncRAT Across Global C2 Infrastructure
- The strange tale of ischhfd83 When cybercriminals eat their own
- Same Automated Impersonation for All
- Global Conflicts in the Digital Age – How Geopolitics Influence Cyber Operations
- The Rising Tide Understanding the Surge in Cyber Attacks in India
- The Hidden Cost of Trust New Data Reveals Alarming Employee Engagement with Vendor Email Compromise
- Illicit crypto-miners pouncing on lazy DevOps configs that leave clouds vulnerable
- How Threat Actors Exploit Human Trust A Breakdown of the 'Prove You Are Human' Malware Scheme
- Malicious Ruby Gems Exfiltrate Telegram Tokens and Messages Following Vietnam Ban
- Hackers Weaponize Free SSH Client PuTTY to Deliver Malware on Windows
- Backdoors in Python and NPM Packages Target Windows and Linux
- When Samsung's Magic Turns Tragic A Tale of Unauthorized Mining
- Threat Hunting C2 over HTTPS Connections Using the TLS Certificate
- Monkey-Patched PyPI Packages Use Transitive Dependencies to Steal Solana Private Keys
- Haozi’s Plug-and-Play Phishing-as-a-Service Has Facilitated $280,000 of Criminal Transactions Over Past Five Months
- Restless Guests The True Entra B2B Guest Threat Model
- The Sharp Taste of Mimo’lette Analyzing Mimo’s Latest Campaign targeting Craft CMS
- Text-to-Malware How Cybercriminals Weaponize Fake AI-Themed Websites
- Employees Searching Payroll Portals on Google Tricked Into Sending Paychecks to Hackers
- Crypto & Investment scams exploiting the Tesla brand
- Coordinated Cloud-Based Scanning Operation Targets 75 Known Exposure Points in One Day
- Eye of the Storm Dissecting the Playbook of Cyber Toufan