GoFlateLoader Hides Infostealers in Massive PE Overlay
GoFlateLoader, a widespread Golang loader that has become a go-to delivery mechanism for multiple infostealers including Lumma, Vidar, StealC, Amatera and Re...
20 articles
GoFlateLoader, a widespread Golang loader that has become a go-to delivery mechanism for multiple infostealers including Lumma, Vidar, StealC, Amatera and Re...
A PowerShell script included in patch files appears to be triggering false positives by multiple security engines. The post Siemens Says Desigo CC Files Flag...
A recent surge in macOS-targeted campaigns shows threat actors favoring weaponized disk images (.dmg) as the primary delivery mechanism for infostealer malware.
A new Golang-based backdoor dubbed BLUERABBIT has been observed performing combined data theft, file encryption and destructive disk wiping against Windows h...
The impact of residential proxies across our customer base by compiling billions of DNS resolutions and the associated network telemetry. The Kimwolf Botnet ...
JDY botnet scans SOHO/IoT devices globally to map services and targets, especially US military networks. Lumen’s Black Lotus Labs reported the resurgence of ...
Two closely related espionage campaigns targeting Cambodian government organizations that abuse a legitimate VMware-signed binary to sideload a custom loader...
A backdoor sat on PyPI for three hours in March 2026. Nearly 47,000 downloads occurred during the window.
Initially flagged as part of the KV-botnet, JDY has evolved into an independent reconnaissance capability following the U.S.
This new attack method involves creating seemingly helpful tutorial videos that promise free access to premium applications such as Spotify Premium or Micros...
Researchers at the University of Toronto have built a worm that thinks for itself. Using free off-the-shelf AI models it works out how to break into each new...
Cybersecurity researchers have warned of a "resurgence and expansion" of JDY, a covert network associated with China-nexus state-sponsored threat actors.
MaaS trojan SilabRAT uses HVNC and browser cloning to hijack sessions and steal crypto
The JDY botnet, a malware network previously associated with Chinese threat actors like Volt Typhoon, has significantly expanded its targeting scope and reco...
A study by the University of Toronto shows how artificial intelligence can power autonomous worms capable of tailoring attacks against Windows, Linux and IoT...
Companies that build AI systems wrap them in guardrails meant to block harmful output, including deepfakes, malware, and instructions for making biological w...
The Miasma worm compromised 73 Microsoft GitHub repos, spreading via AI coding tools and stealing cloud credentials from developers and CI/CD systems. A self...
Microsoft removed 73 repositories across its Azure, microsoft, Azure-Samples, and MicrosoftDocs organizations on GitHub, disrupting continuous integration pi...
Android.MagicAd, a stealthy Android trojan family that circumvents operating-system safeguards to push intrusive ads from the background.
University of Toronto researchers have built and tested a proof-of-concept AI-driven computer worm that uses a locally hosted open-weight large language mode...