New MODBEACON RAT Uses gRPC Streaming for Encrypted C2 Traffic
The China-linked cybercrime group known as Silver Fox has been attributed to a new Rust-based remote access trojan (RAR) called MODBEACON.
Commercial penetration testing tool widely abused by threat actors as a C2 framework for lateral movement and post-exploitation.
Also known as: cobalt strike, cobaltstrike, beacon
The China-linked cybercrime group known as Silver Fox has been attributed to a new Rust-based remote access trojan (RAR) called MODBEACON.
SharkLoader, used by an intrusion cluster tracked as StrikeShark to deliver Cobalt Strike Beacon entirely in memory across a wide international footprint.
The StrikeShark campaign exhibits a broad geographic reach, targeting a diplomatic organization in Indonesia, government entities in Taiwan, software develop...
A newly discovered cyber attack campaign has been observed delivering a previously undocumented malware family called SharkLoader that acts as a loader for d...
During a recent investigation into activity affecting a diplomatic mission in Indonesia, researchers uncovered a previously undocumented loader family they n...
Kaspersky researchers analyze a new global campaign dubbed StrikeShark that delivers Cobalt Strike Beacon via custom SharkLoader malware.
AI coding agents such as Claude Code, Codex CLI, Cursor, and Claude Cowork run on developer laptops, CI jobs, cloud environments, where they edit files, run ...
HazyBeacon is a stealthy cloud-native malware campaign identified as CL-STA-1020. It is exploiting Amazon Web Services (AWS) Lambda Function URLs to create c...
The toolkit, discovered by Sophos, includes features such as Cobalt Strike profiles to disguise beacon traffic, a Telegram bot API for command and control, P...
A newly documented cyber espionage operation known as HazyBeacon, tracked as CL-STA-1020, is leveraging Amazon Web Services (AWS) to build stealthy command-a...
Key Takeaways The Rise of Cloud-Native Command and Control (C2) Command and control (C2) infrastructure traditionally lived outside the victim environment. M...
The vulnerability, CVE-2026-5426, stems from the use of hard-coded ASP.NET machine keys within the LMS.
A newly uncovered cyber campaign dubbed “Operation Dragon Whistle” is targeting China’s education sector with highly tailored spear-phishing attacks that dep...
A now-patched high-severity security flaw affecting Digital Knowledge KnowledgeDeliver, a Learning Management System (LMS) popular in Japan, was exploited as...
Ghostwriter targeted Ukrainian government agencies with phishing emails delivering malware and Cobalt Strike payloads. The Belarus-nexus APT group Ghostwrite...
The Belarus-aligned threat group known as Ghostwriter has been attributed to a fresh set of attacks targeting governmental organizations in Ukraine. Active s...