In 2024, ESET researchers discovered several malicious tools in the systems used by Kurdish and Iraqi government officials. The APT group behind the attacks is BladedFeline, an Iranian threat actor...

Recently, we came across a detection in our telemetry report named “PM KISAN YOJNA”, masquerading as the official government application that has gained our attention. This latest Android malware i...

While reviewing recent malware submissions from a public repository, we flagged a small JavaScript file packed with unusual Unicode characters and broken syntax. At first glance, it looked like mal...

NEW: CVE vendor-product description metric Referenceurl title GithubURL   CVE-2011-10007 RCLAMP - File::Find::R...

At Sophos X-Ops, we often get queries from our customers asking if they’re protected against certain malware variants. At first glance, a recent question seemed no different. A customer wanted to k...

Google Threat Intelligence Group (GTIG) is tracking UNC6040, a financially motivated threat cluster that specializes in voice phishing (vishing) campaigns specifically designed to compromise organi...

This is a two-part blog series, detailing research undertaken in collaboration with Threatray. Part two of this blog series can be found on their website here.\n\nAnalyst note: Throughout this blog...

A new report from cybersecurity firm StormWall reveals that nearly half of all DDoS attacks in the first quarter of 2025 were aimed at China, India, and the United States. Instead of focusing heavi...

Key Data It happened again: A fancy new AI tool has been used maliciously. This time, it’s a tool that can clone and deploy a copy of your website, including some backend behavior. It can also cha...

A critical flaw, tracked as CVE-2025-49113 (CVSS score of 9.9), has been discovered in the Roundcube webmail software. The vulnerability went unnoticed for over a decade, allowing an attacker to ex...

Introduction While performing research on Infoblox’s NetMRI network automation and configuration management solution, we discovered 6 vulnerabilities in version 7.5.4.104695 of the NetMRI virtual ...

The boundaries between geopolitical issues and cyber operations are becoming increasingly blurred, with various hacktivist, disinformation, and nation-state advanced persistent threat (APT) activit...

Acronis TRU identified new variants of Chaos RAT, a known malware family, in recent real-world Linux and Windows attacks. Chaos RAT is an open-source remote administration tool (RAT) first seen in...

Identifying the malware During a routine malware scan, we noticed a plugin labeled wp-runtime-cache in the wp-content/plugins directory. Seems innocent enough, right? After all, just about every s...

Cryptocurrency exchange Coinbase has stated that an internal data breach affecting nearly 70,000 users involved bribed contractors from India. The initial report from Coinbase said the data breach...

Key findings Our examination of overarching trends revealed: An increase in malware incorporating hidden virtual network computing (HVNC), keylogging, and remote control functionalities. A g...

Over the past year, India witnessed a steep rise in cyberattacks. While news focused on big-ticket data breaches and mainstream ransomware attacks, it ignored how the overall threat landscape has b...

Your workforce is your greatest asset, and your vendors are integral to the success of the enterprise. It’s no surprise, then, that cybercriminals are targeting both, exploiting the trust in these ...

Up to a quarter of all cloud users are at risk of having their computing resources stolen and used to illicitly mine for cryptocurrency, after crims cooked up a campaign that targets publicly acces...

This report details a malicious campaign that uses deceptive websites, including spoofed Gitcodes and fake Docusign verification pages, to trick users into running malicious PowerShell scripts on t...