Cobalt Strike

Ryuk Ransomware Operative Extradited: Implications for Cybersecurity

APT-News

Ryuk Ransomware Operative Extradited: Implications for Cybersecurity

A key member of the Ryuk ransomware operation, specializing in initial network access, has been extradited to...

Fog Ransomware’s Unusual Toolset: Legitimate Software and Open-Source Utilities in Attacks

Threat Intelligence

Fog Ransomware’s Unusual Toolset: Legitimate Software and Open-Source Utilities in Attacks

The Fog ransomware group has emerged as a significant threat in 2024-2025, distinguished by its unconventional blend...

Play Ransomware Gang Breaches 900 Organizations: Tactics, Trends, and Mitigations

Threat Intelligence

Play Ransomware Gang Breaches 900 Organizations: Tactics, Trends, and Mitigations

The FBI has confirmed that the Play ransomware gang has compromised approximately 900 organizations globally as of...

Germany Identifies Conti and TrickBot Leader: A Deep Dive into the Cybercrime Operation

APT-News

Germany Identifies Conti and TrickBot Leader: A Deep Dive into the Cybercrime Operation

The Federal Criminal Police Office of Germany (BKA) has publicly identified Vitaly Nikolaevich Kovalev, a 36-year-old Russian...

ConnectWise ScreenConnect Breach: Nation-State Attack Analysis and Mitigation

APT-News

ConnectWise ScreenConnect Breach: Nation-State Attack Analysis and Mitigation

ConnectWise, a leading IT management software provider, confirmed a cyberattack targeting its ScreenConnect remote access tool in...

DragonForce Ransomware Exploits SimpleHelp RMM in MSP Supply Chain Attacks

APT-News

DragonForce Ransomware Exploits SimpleHelp RMM in MSP Supply Chain Attacks

The DragonForce ransomware group has compromised over 120 managed service providers (MSPs) by exploiting vulnerabilities in SimpleHelp’s...

RVTools Supply Chain Attack Delivers Bumblebee Malware Loader

Malware Analysis

RVTools Supply Chain Attack Delivers Bumblebee Malware Loader

The official website for RVTools, a widely used VMware management utility, was compromised in a supply chain...

SuperShell and Cobalt Strike Payloads Found in Open Directories: Analysis and Mitigation

C2-Updates

SuperShell and Cobalt Strike Payloads Found in Open Directories: Analysis and Mitigation

Cybersecurity researchers from Hunt have identified a server hosting advanced malicious tools, including SuperShell command-and-control (C2) payloads...

Hitachi Vantara Disrupts Akira Ransomware Attack Through Server Isolation

Threat Intelligence

Hitachi Vantara Disrupts Akira Ransomware Attack Through Server Isolation

Hitachi Vantara, the data infrastructure subsidiary of Japanese conglomerate Hitachi, executed emergency containment measures on April 26,...

Fog Ransomware Exposes Active Directory Exploitation Toolkit in Open Server

APT-News

Fog Ransomware Exposes Active Directory Exploitation Toolkit in Open Server

Cybersecurity researchers have uncovered a publicly accessible server operated by an affiliate of the Fog ransomware group,...

Federal Charges Filed Against Alleged SmokeLoader Malware Operator in Vermont

Malware Analysis

Federal Charges Filed Against Alleged SmokeLoader Malware Operator in Vermont

An alleged operator of the SmokeLoader malware, identified as Nicholas Moses (alias “scrublord”), is facing federal hacking...

SonicWall SMA VPN Exploitation: Active Attacks Since January 2025

CVE News

SonicWall SMA VPN Exploitation: Active Attacks Since January 2025

Cybersecurity firm Arctic Wolf has confirmed that a remote code execution (RCE) vulnerability in SonicWall Secure Mobile...

SHELBY Malware Campaign: GitHub Abuse for C2 Operations in Iraqi Telecom Attacks

Malware Analysis

SHELBY Malware Campaign: GitHub Abuse for C2 Operations in Iraqi Telecom Attacks

Elastic Security Labs has uncovered a sophisticated malware campaign targeting Iraq’s telecommunications sector, utilizing a new malware...

Hijacked npm Packages Used to Steal API Keys via Obfuscated Scripts

Threat Intelligence

Hijacked npm Packages Used to Steal API Keys via Obfuscated Scripts

Cybersecurity researchers have uncovered a campaign involving hijacked npm packages, some over nine years old, that were...

Critical Microsoft Exchange Vulnerability Exploited in Phishing Campaigns Targeting Russian Entities

Threat Intelligence

Critical Microsoft Exchange Vulnerability Exploited in Phishing Campaigns Targeting Russian Entities

Security researchers have identified active exploitation of a high-severity Microsoft Exchange vulnerability (CVE-2023-XXXX) in targeted phishing campaigns...

INTERPOL’s Global Cybercrime Crackdown: 306 Arrested, 1,842 Devices Seized

APT-News

INTERPOL’s Global Cybercrime Crackdown: 306 Arrested, 1,842 Devices Seized

In a coordinated international operation, INTERPOL has arrested 306 suspects and seized 1,842 electronic devices in a...

Trojan.W97M.CVE202140444.A: Analyzing the Microsoft Office Exploit That Enables Remote Code Execution

CVE News

Trojan.W97M.CVE202140444.A: Analyzing the Microsoft Office Exploit That Enables Remote Code Execution

A newly identified threat, Trojan.W97M.CVE202140444.A, exploits a critical Microsoft Office vulnerability (CVE-2021-40444) to execute remote code through...

Ransom.Win64.CONTI.AA: Analyzing the Persistent Conti Ransomware Threat

Malware Analysis

Ransom.Win64.CONTI.AA: Analyzing the Persistent Conti Ransomware Threat

Ransom.Win64.CONTI.AA, a variant of the notorious Conti ransomware family, remains a significant threat to Windows systems despite...

Trojan.W97M.EMOTET.SMI: Analyzing the Persistent Emotet Threat Targeting Windows Systems

Malware Analysis

Trojan.W97M.EMOTET.SMI: Analyzing the Persistent Emotet Threat Targeting Windows Systems

Trojan.W97M.EMOTET.SMI is a variant of the notorious Emotet malware, primarily spread through malicious Microsoft Office documents. Despite...

Chinese APT Earth Baxia Targets APAC with GeoServer Exploits and Sophisticated Malware

APT-News

Chinese APT Earth Baxia Targets APAC with GeoServer Exploits and Sophisticated Malware

A China-linked advanced persistent threat group known as Earth Baxia has been conducting targeted attacks against government...

Posts pagination

1 2 Next

Cobalt Strike

Ryuk Ransomware Operative Extradited: Implications for Cybersecurity

Fog Ransomware’s Unusual Toolset: Legitimate Software and Open-Source Utilities in Attacks

Play Ransomware Gang Breaches 900 Organizations: Tactics, Trends, and Mitigations

Germany Identifies Conti and TrickBot Leader: A Deep Dive into the Cybercrime Operation

ConnectWise ScreenConnect Breach: Nation-State Attack Analysis and Mitigation

DragonForce Ransomware Exploits SimpleHelp RMM in MSP Supply Chain Attacks

RVTools Supply Chain Attack Delivers Bumblebee Malware Loader

SuperShell and Cobalt Strike Payloads Found in Open Directories: Analysis and Mitigation

Hitachi Vantara Disrupts Akira Ransomware Attack Through Server Isolation

Fog Ransomware Exposes Active Directory Exploitation Toolkit in Open Server

Federal Charges Filed Against Alleged SmokeLoader Malware Operator in Vermont

SonicWall SMA VPN Exploitation: Active Attacks Since January 2025

SHELBY Malware Campaign: GitHub Abuse for C2 Operations in Iraqi Telecom Attacks

Hijacked npm Packages Used to Steal API Keys via Obfuscated Scripts

Critical Microsoft Exchange Vulnerability Exploited in Phishing Campaigns Targeting Russian Entities

INTERPOL’s Global Cybercrime Crackdown: 306 Arrested, 1,842 Devices Seized

Trojan.W97M.CVE202140444.A: Analyzing the Microsoft Office Exploit That Enables Remote Code Execution

Ransom.Win64.CONTI.AA: Analyzing the Persistent Conti Ransomware Threat

Trojan.W97M.EMOTET.SMI: Analyzing the Persistent Emotet Threat Targeting Windows Systems

Chinese APT Earth Baxia Targets APAC with GeoServer Exploits and Sophisticated Malware

You may have missed

Russia’s Throttling of Cloudflare: Technical Impact and Security Implications

Livestreamed Child Exploitation: Technical and Legal Implications of a Disturbing Case

UNFI Cyberattack: Supply Chain Disruption and Recovery Analysis

Hawaiian Airlines Cyberattack: IT Systems Compromised, Flight Operations Unaffected