Using tradecraft focused on stealth and OPSEC, WARP PANDA leverages TTPs that include log clearing and file timestomping, as well as creating malicious VMs — unregistered in the vCenter server — an...
The “Intellexa Leaks”, a new investigation published jointly by Inside Story, Haaretz and WAV Research Collective, presents troubling revelations about the surveillance company Intellexa and its si...
In this article, we’ll uncover an entire North Korean infiltration operation aimed at deploying remote IT workers across different companies in the American financial and crypto/Web3 sectors, with ...
A North Korean state-sponsored threat actor got infected by the same kind of malware typically used against others, exposing rare insights into their operations and direct ties to one of the larges...
State-sponsored hackers and other Windows attackers have long been delivering malware using bloated link (LNK) files, disguised as legitimate files, but containing malicious shell scripts or entire...
The University of Pennsylvania and the University of Phoenix confirmed on Tuesday that they are among the many victims of the recent cybercrime campaign targeting customers of Oracle’s E-Business S...
Hackers are exploiting a critical vulnerability, tracked as CVE-2025-8489 (CVSS score of 9.8), in the WordPress plugin King Addons for Elementor that allows unauthenticated users to create admin ac...
A new 29.7 Tbps distributed denial-of-service (DDoS) blast from the Aisuru botnet has set a new world record for attack volume, underscoring how fragile core internet infrastructure remains under e...
On November 30, 2025, Check Point Research detected a critical exploit targeting Yearn Finance’s yETH pool on Ethereum. Within hours, approximately a million was stolen from the protocol. The attac...
A collaborative investigation by BCA LTD, NorthScan, and ANY.RUN has exposed a persistent infiltration scheme operated by North Korea’s Lazarus Group, specifically its Famous Chollima division. For...
The amount of identity telemetry that originates from datacenter infrastructure is mind-boggling. What do the 10 million authentication events look like when grouped by AS? There’s a power law dist...
ESET researchers have identified new MuddyWater activity primarily targeting organizations in Israel, with one confirmed target in Egypt. MuddyWater, also referred to as Mango Sandstorm or TA450, i...
On September 4th 2023, the user “ipmakers” posted a thread on the Proxies for Sale section of BlackHatWorld. This thread promoted the launch of ipcola[.]com, a new proxy service claiming to have mi...
Google has released the December 2025 Android security bulletin, addressing 107 vulnerabilities, including two flaws actively exploited in targeted attacks. The two high-severity vulnerabilities a...
The Everest ransomware group has announced a claimed compromise of ASUS, a major global hardware and electronics manufacturer. According to a post on the group’s dark web leak site, they assert pos...
The personal data of more than 33 million customers was leaked in a breach believed to have started on June 24 through overseas servers, though the company did not learn of the problem until Novemb...
Law enforcement officers from Switzerland and Germany have taken down the Cryptomixer cryptocurrency-mixing service, believed to have helped cybercriminals launder over €1.3 billion in Bitcoin sinc...
Today we’re taking a look at several malware samples from the advanced persistent threat group “Primitive Bear” aka “Gamaredon”. Primitive Bear is a Russian state-sponsored Advanced Persistent Thr...
The Glassworm malware campaign, initially identified in October, has resurfaced for a third time, introducing 24 new malicious packages to the OpenVSX and Microsoft Visual Studio marketplaces. Thes...
Recent analysis has exposed two Chinese technology companies, BIETA and CIII, that allegedly provide sophisticated steganography solutions to support advanced persistent threat campaigns.\n\nAnalys...