Tag: DEFENSE EVASION

New Malware Variant Identified: ResolverRAT Enters the Maze
ResolverRAT is a newly discovered remote access trojan (RAT) that utilizes advanced evasion techniques and runtime resource resolution to avoid detection. This malware primarily targets employees in the healthcare and pharmaceutical sectors via localized phishing campaigns, employing significant social engineering tactics. Affected: healthcare sector, pharmaceutical sector

Keypoints :

ResolverRAT employs advanced in-memory execution and dynamic resource handling to evade detection.…
Read More
Securing Software with Chainguard Zero-CVE Base Images against Advanced Persistent Threat Groups
This article discusses Chainguard’s zero-CVE container images, which are designed to eliminate known vulnerabilities and enhance both software supply chain and runtime security against Advanced Persistent Threats (APTs) like Salt Typhoon. The text outlines how these images minimize risks through features such as frequent updates, hardened builds, and transparent components.…
Read More
Rat Race: ValleyRAT Malware Targets Organizations with New Delivery Techniques
Morphisec Threat Labs has identified a multi-stage malware known as ValleyRAT, linked to the Silver Fox APT group. This investigation reveals an evolution in the actor’s TTPs and highlights their focused targeting of high-value roles within organizations. The malware exploits both familiar distribution methods and sophisticated payload injection techniques to compromise systems.…
Read More
Dark Web Profile: Flax Typhoon
Flax Typhoon, a Chinese state-sponsored APT group, has shown a significant evolution in its cyber espionage activities since mid-2021, primarily targeting Taiwanese entities while expanding globally to North America, Africa, and Southeast Asia. The group’s strategic focus aligns with Chinese government objectives, utilizing sophisticated techniques to maintain prolonged access to compromised networks.…
Read More
The Reality of Mobile Endpoint Security in 2025
Mobile devices are becoming increasingly exploited entry points for cyber attacks in enterprises, prompting a shift in attack strategies from traditional methods to mobile vectors. As organizations adopt Bring Your Own Device (BYOD) policies, the need for effective Mobile Threat Defense (MTD) solutions becomes crucial. The rapid rise of sophisticated mobile attacks necessitates a reevaluation of security measures to address the vulnerabilities associated with mobile endpoints.…
Read More
AgeoStealer: How Social Engineering Targets Gamers
Infostealers, including the newly identified AgeoStealer, have become a significant threat, responsible for a large portion of credential theft and data breaches. AgeoStealer employs unique tactics, leveraging gaming platforms for distribution and evading detection through advanced obfuscation techniques. Its ability to extract sensitive information highlights the urgent need for organizations to bolster their defenses against these types of cyber threats.…
Read More
Lumma Stealer – Tracking distribution channels
The article discusses the rise of Lumma Stealer, a sophisticated type of Malware-as-a-Service (MaaS) that has emerged as a major threat to both individuals and organizations. Exploiting various distribution methods, particularly through fake CAPTCHA pages, Lumma Stealer successfully deceives users into executing malicious commands. Its intricate infection methods, including DLL sideloading and payload injection, enhance its ability to evade security detection.…
Read More
In our analysis of FOG ransomware, we discovered nine samples uploaded to VirusTotal, linked to the Department of Government Efficiency (DOGE). These ransomware samples were distributed via email, showcasing the ongoing threat posed by FOG ransomware. The investigation revealed various attack vectors and the involvement of multiple sectors, highlighting the need for proactive cybersecurity measures.…
Read More
Red teaming simulates real-world cyberattacks to evaluate organizational defenses, utilizing several tools such as Cobalt Strike, Caldera, and Infection Monkey. These tools are linked to the MITRE ATT&CK framework, enhancing their effectiveness in identifying vulnerabilities and testing defense mechanisms. Affected: organizations, IT security sector, cybersecurity environment

Keypoints :

Red teaming involves simulating cyberattacks to test defenses.…
Read More
Phishing attempts continue to evolve, with attackers impersonating legitimate entities to deceive victims. This article analyzes a recent phishing email masquerading as communication from Australia’s Centrelink service, using visual deception, urgency tactics, and legitimate-sounding domains to trick users. Effective detection and reporting of such attacks are vital in enhancing cybersecurity measures.…
Read More
The evolution of Dark Caracal tools: analysis of a campaign featuring Poco RAT
Dark Caracal’s latest cyber operation uses Poco RAT, a sophisticated malware targeting Spanish-speaking regions in Latin America, primarily through phishing campaigns. The group employs clever methods to deliver malicious payloads, including trojanized attachments and cloud storage services. Affected: corporate networks, Spanish-speaking users, Latin America

Keypoints :

Dark Caracal has launched a new campaign using the Poco RAT malware.…
Read More
Lazarus_Linked_Malware_Targets_Windows
This article provides an analysis of the malware sample 875b0cbad25e04a255b13f86ba361b58453b6f3c5cc11aca2db573c656e64e24.exe, attributed to the Lazarus Group, a state-sponsored cyber threat actor. Using tools like ANY.RUN and Hybrid Analysis, the analysis reveals the malware’s behavior, including process injection and registry modifications, targeting primarily Windows systems and expanding to Linux and macOS environments.…
Read More
UNC5221 is a suspected China-nexus cyber-espionage group targeting edge network devices through zero-day exploits, particularly Ivanti’s Pulse Connect Secure/Ivanti Connect Secure (ICS) VPN appliances. A critical vulnerability (CVE-2025-22457) has been exploited since March 2025, allowing unauthorized network access and deployment of custom malware. The campaign has affected organizations globally, especially in the U.S.,…
Read More
Advanced macOS Spyware PasivRobber
A suspicious Mach-O file named *wsus* was discovered on VirusTotal, leading researchers to uncover a suite of more than 20 binaries designed to capture data from macOS systems, specifically targeting popular applications among Chinese users. The investigation suggested ties to a Chinese organization involved in surveillance and forensic tools, prompting concerns about the software’s legitimacy and cybersecurity risks.…
Read More
Global_Rise_of_Akira_Ransomware
The Akira ransomware group has been operational since March 2023, employing a “double extortion” strategy that involves data exfiltration before encryption and threats of public exposure if ransoms are not paid. Their attacks have predominantly targeted sectors like Education, Finance, Manufacturing, and Healthcare across North America, Europe, and Australia, leading to significant financial gains exceeding million.…
Read More
Experts Uncover Four New Privilege Escalation Flaws in Windows Task Scheduler
Summary: Cybersecurity researchers have identified four vulnerabilities in the Windows task scheduling service that allow local attackers to gain privilege escalation and erase critical audit logs. These vulnerabilities relate to the “schtasks.exe” binary, which can be exploited through methods like Batch Logon authentication. This can lead to unauthorized access and data theft while enabling attackers to cover their tracks effectively.…
Read More
Byte Bandits: How Fake PDF Converters Are Stealing More Than Just Your Documents
This report details a sophisticated attack using malicious online file converters to distribute malware, particularly Arechclient2, through impersonation of legitimate services. The analysis includes methods used by attackers and offers protection recommendations. Affected: online file converters, users, organizations, digital workflows

Keypoints :

The FBI issued an alert on March 17, 2025, about malicious online file converters.…
Read More
Threat actors misuse Node.js to deliver malware and other malicious payloads
Microsoft Defender Experts have reported malicious campaigns utilizing Node.js to deliver malware and facilitate information theft. This emerging trend shows a shift in threat actor techniques that blend malware with legitimate applications, indicating the growing use of Node.js in cyber threats. Affected: cybersecurity, software development

Keypoints :

Microsoft Defender Experts have observed Node.js…
Read More