Threat Research

Last 100 Threat Research

• Shifting the sands of RansomHub’s EDRKillShifterMarch 27, 2025
• CoffeeLoader: A Brew of Stealthy TechniquesMarch 27, 2025
• Unsecured Loans: How Hidden Flaws in Digital Lending Platforms Could Cripple Your Fintech BusinessMarch 27, 2025
• New Phishing Campaign Uses Browser-in-the-Browser Attacks to Target Video Gamers/Counter-Strike 2 PlayersMarch 27, 2025
• Malware found on npm infecting local package with reverse shellMarch 27, 2025
• Consequences of INPS-themed Smishing: Stolen Documents for Sale OnlineMarch 26, 2025
• Arkana Ransomware Group Hacks WideOpenWest Using Data from an Infostealer InfectionMarch 26, 2025
• Beyond the Scanner: How Phishers Outsmart Traditional Detection MechanismsMarch 26, 2025
• SnakeKeylogger: A Multistage Info Stealer Malware CampaignMarch 26, 2025
• Inside Kimsuky’s Latest Cyberattack: Analyzing Malicious Scripts and PayloadsMarch 26, 2025
• Detecting and Mitigating IngressNightmare – CVE-2025-1974March 26, 2025
• Operation ForumTroll: APT attack with Google Chrome zero-day exploit chainMarch 26, 2025
• New Malicious Wave via PEC: MintsLoader Now Distributes AsyncRatMarch 26, 2025
• YouTube Creators Under Siege Again: Clickflix Technique Fuels Malware AttacksMarch 26, 2025
• The Curious Case of PlayBoy LockerMarch 26, 2025
• Raspberry Robin: Copy Shop USB Worm Evolves to Initial Access Broker Enabling Other Threat Actor AttacksMarch 26, 2025
• CVE-2025-26633: How Water Gamayun Weaponizes MUIPath using MSC EvilTwinMarch 26, 2025
• GorillaBot: Technical Analysis and Code Similarities with MiraiMarch 26, 2025
• New Android Malware Campaigns Evading Detection Using Cross-Platform Framework .NET MAUI  | McAfee BlogMarch 25, 2025
• Active Lumma Stealer Campaign Impacting U.S. SLTTsMarch 25, 2025
• RaaS Evolved: LockBit 3.0 vs LockBit 4.0March 25, 2025
• Tempted to Classifying APT Actors: Practical Challenges of Attribution in the Case of Lazarus’s SubgroupMarch 25, 2025
• FizzBuzz to FogDoor: Targeted Malware Campaign Exploits Job-Seeking DevelopersMarch 25, 2025
• Warning Against Phishing Emails Distributing GuLoader Malware by Impersonating a Famous International Shipping CompanyMarch 25, 2025
• Shedding Light on the ABYSSWORKER Driver – Elastic Security LabsMarch 25, 2025
• Threat Intelligence Report Mar 18th,– Mar 24th, 2025March 25, 2025
• Part 2: Validating the Breach Oracle Cloud Denied – CloudSEK’s Follow-Up AnalysisMarch 24, 2025
• How a Fake Meta Email Leads to Password PlunderMarch 24, 2025
• Detailed Analysis of DocSwap Malware Disguised as Security Document ViewerMarch 24, 2025
• Technical Advisory: Mass Exploitation of CVE-2024-4577March 24, 2025
• The New Face of PowerShell: Ransomware Powered by PowerShell-Based AttacksMarch 24, 2025
• VanHelsing, new RaaS in TownMarch 24, 2025
• South Korean Organizations Targeted by Cobalt Strike Cat Delivered by a Rust BeaconMarch 22, 2025
• New Ransomware Operator Exploits Fortinet Vulnerability DuoMarch 22, 2025
• Malicious Ads Targeting Advertisers in the DNS SpotlightMarch 22, 2025
• Rapid7 MDR Supports AWS GuardDuty’s New Attack Sequence AlertsMarch 22, 2025
• The Biggest Supply Chain Hack Of 2025: 6M Records For Sale Exfiltrated from Oracle Cloud Affecting over 140k TenantsMarch 22, 2025
• Operation FishMedleyMarch 22, 2025
• Not Lost in Translation: Rosetta 2 Artifacts in macOS IntrusionsMarch 21, 2025
• GoStringUngarbler: Deobfuscating Strings in Garbled BinariesMarch 21, 2025
• Albabat Ransomware Group Potentially Expands Targets to Multiple OS, Uses GitHub to Streamline OperationsMarch 21, 2025
• RansomHub: Attackers Leverage New Custom BackdoorMarch 21, 2025
• Squid Werewolf Cyber Spies Masquerade as RecruitersMarch 21, 2025
• VanHelsing RansomwareMarch 20, 2025
• Dark Web Profile: FSociety (Flocker) RansomwareMarch 20, 2025
• Black Basta’s Dependency Confusion Ambitions and Ransomware in Open Source EcosystemsMarch 20, 2025
• SideWinder Threat Group: Maritime and Nuclear Sectors at Risk with Updated ToolsetMarch 20, 2025
• The Art of Evasion: How Attackers Use VBScript and PowerShell in the Obfuscation GameMarch 20, 2025
• North Korea Kimsuky Malicious Backdoor VBS Script-vbs.html (2025.3.16)March 20, 2025
• Resurgence of a Fake Captcha Malware CampaignMarch 20, 2025
• A Deep Dive into Strela Stealer and How It Targets European CountriesMarch 20, 2025
• GrassCall Campaign: The Hackers Behind Job Recruitment Cyber ScamsMarch 20, 2025
• Fake Cloudflare Verification Results in LummaStealer Trojan InfectionsMarch 20, 2025
• SQLi, XSS, and SSRF: Breaking Down Zimbra’s Latest Security ThreatsMarch 20, 2025
• Emulating the Sophisticated Chinese Adversary Salt TyphoonMarch 20, 2025
• The Things We Think and Do Not Say: The Future of Our Beacon Object Files (BOFs)March 20, 2025
• The Information Heist: Cracking the Code on Infostealers (New Hudson Rock Interview)March 19, 2025
• Securing XIoT in the Era of Convergence and Zero TrustMarch 19, 2025
• ZDI-CAN-25373: Windows Shortcut Exploit Abused as Zero-Day in Widespread APT CampaignsMarch 19, 2025
• Sneaking a Peek into the Inner DNS Workings of Sneaky 2FAMarch 19, 2025
• Threat Assessment: GitHub Actions Supply Chain Attack: The Compromise of tj-actions/changed-filesMarch 19, 2025
• Targeted phishing campaign at UniPd: approximately 200 compromised credentialsMarch 19, 2025
• Securonix Threat Labs Monthly Intelligence Insights – February 2025March 19, 2025
• Hundreds of Malicious Google Play-Hosted Apps Bypassed Android 13 Security With EaseMarch 18, 2025
• ClearFake’s New Widespread Variant: Increased Web3 Exploitation for Malware DeliveryMarch 18, 2025
• Silk Typhoon Targeting IT Supply ChainMarch 18, 2025
• Malvertising Campaign Leads to Info Stealers Hosted on GitHubMarch 18, 2025
• Phishing campaign impersonates Booking dot com delivers a suite of credential stealing malwareMarch 18, 2025
• Operation AkaiRyū: MirrorFace invites Europe to Expo 2025 and revives ANEL backdoorMarch 18, 2025
• Threat Spotlight: Credential Theft vs. Admin Control—Two Devastating Paths to VPN ExploitationMarch 18, 2025
• Ghost in the Router: China-Nexus Espionage Actor UNC3886 Targets Juniper Routers | Google Cloud BlogMarch 18, 2025
• Unraveling Time: A Deep Dive into TTD Instruction Emulation BugsMarch 18, 2025
• BitM Up! Session Stealing in Seconds Using the Browser-in-the-Middle TechniqueMarch 18, 2025
• Capture the Flag: A Cybersecurity Challenge with CadoMarch 18, 2025
• Medusa Ransomware Hits Record Levels, FBI and CISA Provide Key Security InsightsMarch 18, 2025
• New XCSSET Malware Adds New Obfuscation and Persistence Techniques to Infect Xcode Projects | Microsoft Security BlogMarch 18, 2025
• StilachiRAT analysis: From system reconnaissance to cryptocurrency theft | Microsoft Security BlogMarch 18, 2025
• New GitHub Action supply chain attack: reviewdog/action-setupMarch 18, 2025
• Unmasking Hidden Threats: How BeVigil Secures Apache ActiveMQ from Cyber RisksMarch 18, 2025
• Major Cyber Attacks in Review: February 2025March 17, 2025
• Downloader Malware Written in JPHP InterpreterMarch 17, 2025
• Jaguar Land Rover Breached by HELLCAT Ransomware Group Using Its Infostealer Playbook—Then a Second Hacker StrikesMarch 17, 2025
• What Is The New Steganographic Campaign Distributing Multiple MalwareMarch 17, 2025
• Malicious HWP Document Disguised as Reunification Education Support ApplicationMarch 17, 2025
• Decrypting Encrypted files from Akira Ransomware (Linux/ESXI variant 2024) using a bunch of GPUs – Tinyhack.comMarch 16, 2025
• Tick Tock, Your Credentials Are Gone: The Maven Package With a Monthly Theft ScheduleMarch 16, 2025
• Detecting and Mitigating the “tj-actions/changed-files” Supply Chain Attack (CVE-2025-30066)March 16, 2025
• GitHub Action tj-actions/changed-files supply chain attack: everything you need to knowMarch 16, 2025
• Credit Card Skimmer and Backdoor on WordPress E-commerce SiteMarch 16, 2025
• The Art of Deception: A Deep Dive into Advanced Trojan-Dropper Obfuscation and Their True IntentionsMarch 15, 2025
• Unmasking the Threat: Understanding Sophisticated Trojan-Dropper MechanismsMarch 15, 2025
• AsyncRAT in Action: UAC-0173’s Latest Advanced Antivirus Detection and Evasion TechniquesMarch 15, 2025
• Akira Ransomware Expands to Linux: The Attacking Abilities and StrategiesMarch 15, 2025
• Deobfuscating APT28’s HTA Trojan: A Deep Dive into VBE Techniques & Multi-Layer ObfuscationMarch 15, 2025
• Lookout Discovers North Korean APT37 Mobile Spyware | Threat IntelMarch 15, 2025
• Cato CTRL, Threat Research: Ballista – New IoT Botnet Targeting Thousands of TP-Link Archer RoutersMarch 15, 2025
• INDOHAXSEC Indonesian Hacking Collective | Arctic Wolf – Arctic WolfMarch 15, 2025
• Off the Beaten Path: Recent Unusual MalwareMarch 15, 2025
• Microsoft Research Reveals – Phishing Campaign Impersonates Booking(.)com, Delivers a Suite of Credential-Stealing MalwareMarch 14, 2025
• February 2025 Security Issues in Korean & Global Financial SectorMarch 14, 2025

>> Access All Threat Research

Reference for Threat Research

Update January, 2025

“Due to copyright reasons, starting January 2025, this site will no longer display the full content of sourced articles. Only Summaries, Key Points, MITRE Tactics for Threat Research, and selected IoCs will be provided. To read the full article, please click on the ‘source’ link to view it on the original website.”