Securing Every Identity in the Age of AI
Securing every identity in the age of AI is foundational. Discover how Palo Alto Networks and CyberArk redefine identity security for the modern enterprise.
Financial
19 articles
UNC1069 Targets Cryptocurrency Sector with New Tooling and AI-Enabled Social Engineering
Written by: Ross Inman, Adrian Hernandez Introduction North Korean threat actors continue to evolve their tradecraft to target the cryptocurrency and decentr...
Rublevka Team: Anatomy of a Russian Crypto Drainer Operation
Rublevka Team exemplifies the industrialization of crypto scams. Learn how traffer teams and wallet drainers enable high-volume theft.
Celebrating our 2025 open-source contributions
Last year, our engineers submitted over 375 pull requests that were merged into non–Trail of Bits repositories, touching more than 90 projects from cryptogra...
Building cryptographic agility into Sigstore
Software signatures carry an invisible expiration date. The container image or firmware you sign today might be deployed for 20 years, but the cryptographic ...
New Android Theft Protection Feature Updates: Smarter, Stronger
Posted by Nataliya Stanetsky, Fabricio Ferracioli, Elliot Sisteron, Irene Ang of the Android Security Team Phone theft is more than just losing a device; it'...
Diverse Threat Actors Exploiting Critical WinRAR Vulnerability CVE-2025-8088
Introduction The Google Threat Intelligence Group (GTIG) has identified widespread, active exploitation of the critical vulnerability CVE-2025-8088 in WinRAR...
Practitioners Reveal What Makes Threat Intelligence Programs Mature
Threat intelligence practitioners from Global Payments, Adobe, and Superhuman reveal how mature CTI programs transform data overload into strategic business ...
Android expands pilot for in-call scam protection for financial apps
Posted by Aden Haussmann, Associate Product Manager and Sumeet Sharma, Play Partnerships Trust & Safety Lead Android uses the best of Google AI and our advan...
MuddyWater: Snakes by the riverbank
MuddyWater targets critical infrastructure in Israel and Egypt, relying on custom malware, improved tactics, and a predictable playbook
Sharing is scaring: The WhatsApp scam you didn’t see coming
How a fast-growing scam is tricking WhatsApp users into revealing their most sensitive financial and other data
Help Wanted: Vietnamese Actors Using Fake Job Posting Campaigns to Deliver Malware and Steal Credentials
Google Threat Intelligence Group (GTIG) is tracking a cluster of financially motivated threat actors operating from Vietnam that leverages fake job postings ...
To Be (A Robot) or Not to Be: New Malware Attributed to Russia State-Sponsored COLDRIVER
Written by: Wesley Shields Introduction COLDRIVER, a Russian state-sponsored threat group known for targeting high profile individuals in NGOs, policy adviso...
DPRK Adopts EtherHiding: Nation-State Malware Hiding on Blockchains
Written by: Blas Kojusner, Robert Wallace, Joseph Dobson Google Threat Intelligence Group (GTIG) has observed the North Korea (DPRK) threat actor UNC5342 usi...
New Group on the Block: UNC5142 Leverages EtherHiding to Distribute Malware
Written by: Mark Magee, Jose Hernandez, Bavi Sadayappan, Jessa Valdez Since late 2023, Mandiant Threat Defense and Google Threat Intelligence Group (GTIG) ha...
DeceptiveDevelopment: From primitive crypto theft to sophisticated AI-based deception
Malware operators collaborate with covert North Korean IT workers, posing a threat to both headhunters and job seekers
From Help Desk to Hypervisor: Defending Your VMware vSphere Estate from UNC3944
Introduction In mid 2025, Google Threat Intelligence Group (GTIG) identified a sophisticated and aggressive cyber campaign targeting multiple industries, inc...
Introducing OSS Rebuild: Open Source, Rebuilt to Last
Posted by Matthew Suozzo, Google Open Source Security Team (GOSST) Today we're excited to announce OSS Rebuild, a new project to strengthen trust in open sou...
Ongoing SonicWall Secure Mobile Access (SMA) Exploitation Campaign using the OVERSTEP Backdoor
Written by: Josh Goddard, Zander Work, Dimiter Andonov UPDATE (Sep 16): Clarified hunting guidance specifics surrounding ld.so.