Source: Symantec Excerpt: “Extensions analyzed expose information such as browsing domains, machine IDs, OS details, usage analytics, and more. Many users assume that popular Chrome extensions ad...

Ukraine has seen nearly one-fifth of its Internet space come under Russian control or sold to Internet address brokers since February 2022, a new study finds. The analysis indicates large chunks of...

Law enforcement agencies recently dismantled avcheck[.]net through Operation Endgame, a major international effort targeting cybercrime infrastructure. This platform was known for helping cybercrim...

Cisco Talos observed a destructive attack on a critical infrastructure entity within Ukraine, using a previously unknown wiper we are calling “PathWiper”. The attack was instrumented via a legitim...

ClickFix is not a malware, but a very successful social engineering technique. It primarily relies on MFA verification fatigue and fake CAPTCHA pages to silently install malware. Researchers have ...

Three Key Takeaways: Chinese state-sponsored hackers infiltrated a U.S. telecommunications company as early as the summer of 2023, a full year before previously known breaches. The malware re...

In 2024, ESET researchers discovered several malicious tools in the systems used by Kurdish and Iraqi government officials. The APT group behind the attacks is BladedFeline, an Iranian threat actor...

Recently, we came across a detection in our telemetry report named “PM KISAN YOJNA”, masquerading as the official government application that has gained our attention. This latest Android malware i...

While reviewing recent malware submissions from a public repository, we flagged a small JavaScript file packed with unusual Unicode characters and broken syntax. At first glance, it looked like mal...

NEW: CVE vendor-product description metric Referenceurl title GithubURL   CVE-2011-10007 RCLAMP - File::Find::R...

At Sophos X-Ops, we often get queries from our customers asking if they’re protected against certain malware variants. At first glance, a recent question seemed no different. A customer wanted to k...

Google Threat Intelligence Group (GTIG) is tracking UNC6040, a financially motivated threat cluster that specializes in voice phishing (vishing) campaigns specifically designed to compromise organi...

This is a two-part blog series, detailing research undertaken in collaboration with Threatray. Part two of this blog series can be found on their website here.\n\nAnalyst note: Throughout this blog...

A new report from cybersecurity firm StormWall reveals that nearly half of all DDoS attacks in the first quarter of 2025 were aimed at China, India, and the United States. Instead of focusing heavi...

Key Data It happened again: A fancy new AI tool has been used maliciously. This time, it’s a tool that can clone and deploy a copy of your website, including some backend behavior. It can also cha...

A critical flaw, tracked as CVE-2025-49113 (CVSS score of 9.9), has been discovered in the Roundcube webmail software. The vulnerability went unnoticed for over a decade, allowing an attacker to ex...

Introduction While performing research on Infoblox’s NetMRI network automation and configuration management solution, we discovered 6 vulnerabilities in version 7.5.4.104695 of the NetMRI virtual ...

The boundaries between geopolitical issues and cyber operations are becoming increasingly blurred, with various hacktivist, disinformation, and nation-state advanced persistent threat (APT) activit...

Acronis TRU identified new variants of Chaos RAT, a known malware family, in recent real-world Linux and Windows attacks. Chaos RAT is an open-source remote administration tool (RAT) first seen in...

Identifying the malware During a routine malware scan, we noticed a plugin labeled wp-runtime-cache in the wp-content/plugins directory. Seems innocent enough, right? After all, just about every s...