Websites can spy on user activity by analyzing SSD behavior
Websites have spent years collecting information about visitors through browser fingerprinting, tracking scripts, and other techniques designed to identify d...
TTPs
20 articles
Cybersecurity trends in SEC filings
In 2023, the Securities and Exchange Commission (SEC) required public companies to include a new section in their 10-K annual filings that is devoted to cybe...
Kimsuky Deploys HTTPSpy, Expands Arsenal with HelloDoor and VS Code Tunnels
The North Korean state-sponsored threat actor known as Kimsuky (aka Velvet Chollima) has been attributed to a fresh set of cyber attacks targeting South Kore...
Malicious RVTools Installer Uses Sectigo Cert to Evade SmartScreen
A malicious fake RVTools installer is abusing a legitimately issued Sectigo code‑signing certificate to slip past Microsoft Defender SmartScreen and many end...
ClearFake Abuses BSC Testnet Contracts for Resilient C2 Operations
Threat actors behind the ClearFake campaign have adopted a novel and highly resilient command-and-control (C2) architecture by leveraging BNB Smart Chain (BS...
JINX-0164 Targets Cryptocurrency Firms with Fake Recruiter Lures and macOS Malware
A new campaign orchestrated by a previously undocumented threat actor has targeted cryptocurrency organizations with an aim to facilitate digital asset theft...
XM Cyber enhances identity risk visibility with continuous exposure management capabilities
XM Cyber has announced platform enhancements aimed at helping organizations reduce identity risk, compounded by AI-enabled attackers. According to Gartner, “...
New PureLogs Variant Abuses MSBuild to Evade Detection
A new phishing-driven malware campaign distributing a stealthy PureLogs variant that leverages advanced evasion techniques, including process hollowing via M...
Hackers are knocking on office doors pretending to be IT staff
The Silent Ransom Group (SRG) is targeting law firms using social engineering techniques and an unusual tactic for cybercriminals: showing up at victims’ off...
Glassworm botnet disrupted after resilient C2 infrastructure takedown
The Glassworm botnet targeting developers in software supply-chain attacks has been disrupted after researchers took down its resilient command-and-control i...
GlassWorm Malware Takedown Disrupts Developer Supply Chain Attack Infrastructure
CrowdStrike, in partnership with Google and the Shadowserver Foundation, has announced the simultaneous disruption of all command-and-control (C2) channels a...
How cybersecurity firms took down Glassworm botnet in one shot
Glassworm infected developers through poisoned tools and packages until a coordinated takedown killed all four of its C2 channels at once. On May 26, 2026, a...
Quasar RAT Hits Developers With Fileless Linux Attacks
Quasar Linux (QLNX) is a new, stealthy Linux Remote Access Trojan that quietly turns developer and DevOps workstations into high‑value beachheads for softwar...
Hackers Use SEO Poisoning to Fake Gemini CLI and Claude Code Installers
Hackers are increasingly abusing search engine optimization (SEO) techniques to distribute malware by impersonating popular AI developer tools, including Gem...
Major US telecom providers debut C2 ISAC to counter AI-driven threats
Eight of the leading communications companies in the United States have created a new cybersecurity alliance that aims to improve threat intelligence sharing...
InvisibleFerret Malware Uses .pyd and .so Files to Evade Script Detection
A North Korea-linked threat group, Void Dokkaebi, also known as Famous Chollima, has significantly upgraded its malware delivery techniques by converting its...
Iranian APT Uses SEO Poisoning to Spread Fake SQL Developer Malware
A newly observed cyber campaign linked to the Iranian IRGC-affiliated threat group Nimbus Manticore (also tracked as UNC1549) highlights an evolution in both...
MiniUpdate RAT Abuses Azure C2 for Targeted Espionage
A sophisticated espionage campaign by the Iran-nexus advanced persistent threat group known as Screening Serpens also tracked as UNC1549 and Smoke Sandstorm ...
An Example of Stack String in High Level Language, (Sat, May 23rd)
This week, I'm attending the SEC670[1] training (“Red Teaming Tools - Developing Windows Implants, Shellcode, Command and Controlâ€). From my point of vie...
Middle East malicious infrastructure report highlights concentration of C2 servers
The Hunt.io report identified over 1,350 C2 servers across 98 providers in 14 Middle Eastern countries.