20 articles
A multi-stage attack on Linux devices began with an exposed F5 BIG-IP edge appliance and pivoted to an internal Confluence server for credential theft and id...
Open-source framework ROADtools is being misused by threat actors for cloud intrusions. Learn how to identify its malicious use.
The experienced Cloud Atlas group remains active, continuing to target government sectors and diplomatic entities in Russia and Belarus, employing both new a...
Hunt.io mapped 1,350+ C2 servers across the Middle East, revealing how a small group of providers quietly supports major malware activity.
A recent phishing campaign dubbed “Operation Dragon Whistle” highlights an evolving trend in cyberattacks: threat actors abusing legitimate developer tools a...
Hackers are increasingly adopting stealthy delivery techniques, and a newly uncovered spear-phishing campaign shows how nested macOS-like folder structures c...
Hackers are actively distributing a sophisticated ValleyRAT malware variant through fake Microsoft Teams download pages, leveraging social engineering and mu...
Adversarial probing of LLMs has piled up a sprawling toolkit over the past three years. Attack techniques with names like Tree of Attacks with Pruning, Cresc...
The rapid growth of AI has created an explosion of APIs that will require new techniques to manage.
Storm-2949 initiates attacks by targeting users with privileged roles, such as IT personnel or senior leadership, using social engineering tactics to obtain ...
The C2 ISAC, founded by AT&T, Charter, Comcast, Cox, Lumen, T-Mobile, Verizon, and Zayo, aims to foster more candid information exchange than previously ...
The cyberattacks did not compromise Signal's encryption but instead relied on social engineering and account takeover tactics.
Cybersecurity researchers have flagged fresh activity from a China-aligned threat actor known as Webworm in 2025, deploying custom backdoors that employ Disc...
A newly identified variant of the Gremlin stealer malware is leveraging advanced obfuscation techniques to conceal its command-and-control (C2) infrastructur...
A new activity from Webworm, a China-aligned advanced persistent threat (APT) group, revealing a significant evolution in its cyber espionage toolkit during ...
China-linked Webworm APT expands beyond Asia, targeting European government organizations and refining its cyber espionage tactics, according to ESET research
ESET researchers describe new tools and techniques that the Webworm APT group recently added to its arsenal
A newly identified botnet, named Void, is leveraging Ethereum smart contracts to build a resilient, hard-to-disrupt command-and-control (C2) infrastructure, ...
A large-scale Android ad fraud campaign named “Trapdoor,” exposing a sophisticated ecosystem built on 455 malicious apps and 183 command-and-control (C2) dom...
A large-scale supply chain attack targeting the npm ecosystem has resurfaced with a new variant of the Mini Shai-Hulud malware, compromising more than 600 pa...