Zanubis is a banking Trojan for Android that emerged in mid-2022. Since its inception, it has targeted banks and financial entities in Peru, before expanding its objectives to virtual cards and cry...

The Entra Access Flaw Hiding in Plain Sight Inviting external guest users is a common and useful practice for collaboration with external partners. These guest accounts are typically assigned limi...

Executive Summary On May 7, 2025, during the active military escalation between Pakistan and India—specifically in the context of India’s military campaign ‘Operation Sindoor’—, EclecticIQ analyst...

University College London Hospitals NHS Foundation Trust and University Hospital Southampton NHS Foundation Trust have been named as those exposed via a recently discovered exploit. NHS England to...

Google Threat Intelligence Group’s (GTIG) mission is to protect Google’s billions of users and Google’s multitude of products and services. In late October 2024, GTIG discovered an exploited govern...

Introduction Once upon a time, in the land of the CMS honeypot, a curious threat named Mimo crept silently through the digital woods. Unlike your typical fairytale villain, Mimo didn’t leave glass ...

Since November 2024, Mandiant Threat Defense has been investigating an UNC6032 campaign that weaponizes the interest around AI tools, particularly those that generate videos based on user prompts. ...

Microsoft Threat Intelligence Center has discovered a cluster of worldwide cloud abuse activity conducted by a threat actor we track as Void Blizzard (LAUNDRY BEAR), who we assess with high confide...

In March 2025, BI.ZONE Threat Intelligence uncovered two new campaigns by Silent Werewolf. The first one focused on Russian organizations exclusively while the second targeted both Moldovan and, pr...

MathWorks, a leading developer of mathematical computing and simulation software, has revealed that a recent ransomware attack is behind an ongoing service outage.\n\nHeadquartered in Natick, Massa...

Threat hunters have exposed a novel campaign that makes use of search engine optimization (SEO) poisoning techniques to target employee mobile devices and facilitate payroll fraud. The activity, f...

Trend Research has identified Earth Lamia as an APT threat actor that exploits vulnerabilities in web applications to gain access to organizations, using various techniques for data exfiltration.\n...

Sophos MDR recently responded to a targeted attack involving a Managed Service Provider (MSP). In this incident, a threat actor gained access to the MSP’s remote monitoring and management (RMM) too...

In recent months, there has been a significant surge in crypto and investment scams exploiting the Tesla brand, particularly targeting cryptocurrency enthusiasts and investors. Scammers are capita...

Key Takeaways 251 malicious IPs, all hosted by Amazon and geolocated in Japan, launched a coordinated one-day scan on May 8. These IPs triggered 75 distinct behaviors, including CVE exploits, mis...

Summary The AIVD and MIVD (‘the Dutch services’) have identified a publicly unknown, highly probably Russian state-supported threat actor named LAUNDRY BEAR. LAUNDRY BEAR is responsible for co...

The full source code of SilverRAT, a notorious remote access trojan (RAT), has been leaked online briefly appearing on GitHub under the repository “SilverRAT-FULL-Source-Code” before being swiftly ...

Rewritten in Rust The family as it is known until now has been written in C#. Interestingly, we encountered a few recent malware samples written in Rust. The configuration options, the CnC communi...

The digital frontlines of the Israel-Gaza conflict have rapidly evolved into an active and persistent cyber battlefield. Over the past year, multiple pro-Palestinian threat groups, including Handal...

Seqrite Labs, India’s largest Malware Analysis lab, has identified multiple cyber events linked to Operation Sindoor, involving state-sponsored APT activity and coordinated hacktivist operations. O...