Tag: XDR

Offensive Development Practitioner Course Preview
This article provides a first-hand account of the White Knight Labs’ Offensive Development Practitioner Certification course focused on malware development. The author shares personal experiences with burnout in the cybersecurity field before deciding to enroll in this course. The review highlights the quality of content, lab deployment, and the importance of OPSEC in training.…
Read More
Movie Security Stories: Understanding Cyber Threats and the Need for Integrated Security Through Film
The article discusses the evolution of cyber threats in the modern digital era, comparing real-world scenarios to movie plots, such as “Die Hard 4.0” and “Skyfall.” It highlights the increasing complexity of ransomware attacks, supply chain hacks, and insider threats, stressing the need for comprehensive security strategies that incorporate automation and real-time intelligence.…
Read More
Threat actors leverage tax season to deploy tax-themed phishing campaigns
As the tax season approaches in the U.S., Microsoft has noted an increase in phishing campaigns using tax-related themes to steal sensitive information and deploy malware. These campaigns exploit various techniques, including URL shorteners, QR codes, and legitimate file-hosting services to evade detection. The reported threats include credential theft linked to platforms like RaccoonO365 and various malware types such as Remcos and Latrodectus.…
Read More
RedCurl’s Ransomware Debut: A Technical Deep Dive
This research by Bitdefender Labs introduces the QWCrypt ransomware campaign, linked to the RedCurl group, marking a significant shift in their tactics from data exfiltration to ransomware. RedCurl has been operating since 2018 but has historically utilized Living-off-the-Land techniques for corporate espionage. Their targeting of specific infrastructures and the use of hypervisor encryption underscores a sophisticated evolution in their operational strategy, raising questions regarding their motivations and business model.…
Read More
We Smell a (DC)Rat: Revealing a Sophisticated Malware Delivery Chain
Summary: The Acronis Threat Research Unit (TRU) analyzed a complex malware delivery chain demonstrating the use of multiple scripting languages and obfuscation techniques, leading to the deployment of high-profile malware such as DCRat. The infection starts with a deceptive email attachment, escalating through a multi-stage process involving Visual Basic Script, batch files, and PowerShell.…
Read More
From Espionage to PsyOps: Tracking Operations and Bulletproof Providers of UACs in 2025
This report details the activities of Russia-aligned intrusion sets UAC-0050 and UAC-0006, which have been engaged in financially and espionage-motivated spam campaigns targeting various entities globally, particularly in Ukraine. They employ psychological operations, utilize malware for financial theft, and rely on bulletproof hosting providers to obfuscate their infrastructure.…
Read More
I Am Not A Robot
Recent social engineering tactics have evolved to include a variant of the SectopRAT malware, which is disguised as a Cloudflare verification challenge. This Remote Access Trojan employs extensive techniques for data exfiltration and uses various evasion methods to avoid detection. Affected: Users, Browsers, Cryptocurrency Holders

Keypoints :

ClickFix-style social engineering techniques are becoming more prevalent among threat groups.…
Read More
Silk Typhoon Targeting IT Supply Chain
Microsoft Threat Intelligence has revealed that the Chinese espionage group Silk Typhoon is shifting tactics to exploit IT solutions and cloud applications for gaining access to organizations. Despite not directly targeting Microsoft services, they utilize unpatched applications for malicious activities once inside a victim’s network. The article emphasizes the need for awareness and suggests mitigation strategies to defend against this growing threat.…
Read More
Malvertising Campaign Leads to Info Stealers Hosted on GitHub
In December 2024, a widespread malvertising campaign was discovered that affected nearly a million devices globally, originating from illegal streaming websites embedded with malicious advertisements. The attack involved a series of redirections leading to GitHub, Dropbox, and Discord, where malware was hosted. This campaign targeted various sectors indiscriminately, highlighting the need for enhanced security measures across devices and networks.…
Read More
Phishing campaign impersonates Booking dot com delivers a suite of credential stealing malware
A phishing campaign impersonating Booking.com has been identified targeting organizations within the hospitality sector, particularly in relation to travel. Using the ClickFix social engineering technique, this campaign seeks to steal credentials and engage in financial fraud, affecting various regions including North America and Europe. Affected: hospitality industry, Booking.com…
Read More
New XCSSET Malware Adds New Obfuscation and Persistence Techniques to Infect Xcode Projects | Microsoft Security Blog
A new variant of XCSSET malware has been discovered, which is specifically designed to infect macOS Xcode projects. This sophisticated malware utilizes advanced obfuscation, updated persistence techniques, and novel infection strategies to exfiltrate sensitive information, including digital wallet data. It operates in a stealthy manner, often remaining fileless, which complicates detection and removal efforts.…
Read More
StilachiRAT analysis: From system reconnaissance to cryptocurrency theft | Microsoft Security Blog
In November 2024, Microsoft Incident Response uncovered StilachiRAT, a remote access trojan that employs sophisticated evasion techniques and data exfiltration capabilities, targeting sensitive information such as credentials, digital wallet data, and clipboard contents. StilachiRAT establishes command-and-control connectivity with remote servers, and Microsoft has issued guidance to bolster defenses against this growing threat.…
Read More
Off the Beaten Path: Recent Unusual Malware
This article discusses three unique malware samples discovered recently: a C++/CLI IIS backdoor, a bootkit that installs a GRUB 2 bootloader, and a post-exploitation framework known as ProjectGeass. Each sample demonstrates unconventional techniques and complexities, highlighting the evolving threat landscape. Affected: IIS, Windows, system environments

Keypoints :

Three unique malware samples discovered exhibiting novel characteristics.…
Read More
Phishing campaign impersonates Booking dot com delivers a suite of credential stealing malware
A phishing campaign identified by Microsoft Threat Intelligence targets the hospitality industry, impersonating Booking.com and utilizing the ClickFix social engineering technique to deliver credential-stealing malware. The campaign, ongoing since December 2024, aims at financial fraud by tricking users into executing malicious commands. Affected: hospitality organizations, Booking.com…
Read More
SocGholish’s Intrusion Techniques Facilitate Distribution of RansomHub Ransomware
Trend Research’s analysis of SocGholish’s MaaS framework highlights its critical role in delivering RansomHub ransomware via compromised websites. Utilizing highly obfuscated JavaScript loaders, SocGholish evades detection and successfully executes malicious tasks. Notably, the framework propels initial access for ransomware attacks, mainly affecting government entities in the United States.…
Read More
Cybersecurity News Review, — Week 10 (2025)
The latest cybersecurity newsletter highlights vulnerabilities and attacks involving multiple platforms including VMware, Microsoft, Google, and more. Key updates include the patching of critical zero-day vulnerabilities, ransomware attacks, and the rise of sophisticated malware targeting various industries. The report emphasizes the importance of cybersecurity measures to protect sensitive data and infrastructure.…
Read More