MIMICRAT: ClickFix Campaign Delivers Custom RAT via Compromised Legitimate Websites
Elastic Security Labs uncovered a ClickFix campaign using compromised legitimate sites to deliver a five-stage chain ending in MIMICRAT, a custom native C RA...
TTPs
20 articles
Remcos RAT Expands Real-Time Surveillance Capabilities
New Remcos RAT variant enhances real-time surveillance and evasion techniques to compromise Windows
Cryptojacking Campaign Exploits Driver to Boost Monero Mining
Cryptojacking campaign used pirated software to deploy a persistent XMRig miner with stealth tactics
AI Assistants Used as Covert Command-and-Control Relays
AIs like Grok and Microsoft Copilot can be exploited as covert C2 channels for malware communication
AI in the Middle: Turning Web-Based AI Services into C2 Proxies & The Future Of AI Driven Attacks
Key Points Introduction AI is rapidly becoming embedded in day-to-day enterprise workflows, inside browsers, collaboration suites, and developer tooling. As ...
Low-Skilled Cybercriminals Use AI to Perform "Vibe Extortion" Attacks
Unit 42 researchers observed a low-skilled threat actor using an LLM to script a professional extortion strategy, complete with deadlines and pressure tactics
OysterLoader Evolves With New C2 Infrastructure and Obfuscation
OysterLoader malware evolves into 2026, refining C2 infrastructure, obfuscation & infection stages
BADIIS to the Bone: New Insights to a Global SEO Poisoning Campaign
In November 2025, Elastic Security Labs observed an intrusion affecting a multinational organization based in Southeast Asia. During the analysis of this act...
VoidLink Malware Exhibits Multi-Cloud Capabilities and AI Code
VoidLink, a Linux-based C2 framework, facilitates credential theft, data exfiltration across clouds
Top 10 web hacking techniques of 2025
Welcome to the Top 10 Web Hacking Techniques of 2025, the 19th edition of our annual community-powered effort to identify the most innovative must-read web s...
Vishing for Access: Tracking the Expansion of ShinyHunters-Branded SaaS Data Theft
Introduction Mandiant has identified an expansion in threat activity that uses tactics, techniques, and procedures (TTPs) consistent with prior ShinyHunters-...
Love? Actually: Fake dating app used as lure in targeted spyware campaign in Pakistan
ESET researchers discover an Android spyware campaign targeting users in Pakistan via romance scam tactics, revealing links to a broader spy operation
Researchers Uncover PDFSIDER Malware Built for Long-Term, Covert System Access
New malware PDFSIDER enables covert, long-term access to compromised systems via advanced techniques
Top 10 web hacking techniques of 2025: call for nominations
Update: nominations are now closed, and voting is live!
BlueDelta’s Persistent Campaign Against UKR.NET
Discover how Russia’s BlueDelta targets UKR.NET users with advanced credential-harvesting campaigns, evolving tradecraft, and multi-stage phishing techniques.
Welcome to the new Project Zero Blog
While on Project Zero, we aim for our research to be leading-edge, our blog design was … not so much. We welcome readers to our shiny new blog!
Palestine Action: Operations and Global Network
Explores Palestine Action’s post-designation global network, tactics, and targets, and evaluates key physical risks and mitigations for organizations.
Seeking symmetry during ATT&CK® season: How to harness today’s diverse analyst and tester landscape to paint a security masterpiece
Interpreting the vast cybersecurity vendor landscape through the lens of industry analysts and testing authorities can immensely enhance your cyber-resilience.
MuddyWater: Snakes by the riverbank
MuddyWater targets critical infrastructure in Israel and Egypt, relying on custom malware, improved tactics, and a predictable playbook
Using AI to stop tech support scams in Chrome
Posted by Jasika Bawa, Andy Lim, and Xinghui Lu, Google Chrome Security Tech support scams are an increasingly prevalent form of cybercrime, characterized by...