The Brazilian-origin Caminho Loader uses least significant bit (LSB) steganography to hide .NET payloads inside image files, enabling fileless malware delivery across South America, Africa and Eastern Europe. This advanced threat demands immediate action from security teams.
A sophisticated mobile-fraud campaign dubbed the Smishing Triad is spoofing toll-agency alerts and flooding users with fake unpaid-toll texts. Read on for how the scam works and how to defend your devices.
A major rat campaign disguised as the Minecraft mod “Nursultan Client” is compromising gamers via a Python-based Trojan using Telegram bot infrastructure. This tool steals browser tokens, captures webcams, and uses a gamified lure to breach systems and security teams need to view gaming endpoints as serious risk zones.
Threat actors behind a coordinated network on YouTube have uploaded over 3,000 videos that masquerade as software tutorials and cheat walkthroughs, yet lead to credential‐stealer malware downloads. The operation uses compromised channels, fake engagement and download links to evade detection posing a new category of platform-based threat for security teams.
The state-sponsored Lazarus Group has launched a sophisticated campaign targeting European drone manufacturers under the guise of fake “dream job” offers. As defense firms fall prey to malware disguised in recruitment documents, the threat to aerospace and UAV innovation escalates. This article breaks down how the attack works, what it aims to achieve and how to defend.
Actors on underground forums are now selling a turnkey ransomware toolkit named MonoLock v1.0 designed to target small and medium organisations, disable backups, encrypt data at scale via AES-256/RSA-2048, and demand payment through an automated Tor portal. Security teams must recognise this shift in the ransomware-as-a-service (RaaS) business model and reinforce detection, defence and incident response accordingly.
A sophisticated new espionage campaign, tracked as PassiveNeuron, uses novel malware families Neursite and NeuralExecutor to target government and industrial networks across Latin America and East Asia. This article breaks down the tools, techniques and defensive steps security teams must act on now.
A widespread campaign exploited the Chrome Web Store to distribute 131 rebranded extensions that hijack WhatsApp Web for automated bulk messaging. These add-ons pose a significant risk to organizations and users alike, demanding immediate review of extension governance and messaging platform protections.
GlassWorm is the first known self-propagating worm targeting developer environments by infecting VS Code extensions with hidden Unicode payloads. Once installed, it steals credentials from NPM, GitHub and Git, and upgrades machines into proxy nodes and part of a distributed criminal infrastructure. It uses a blockchain-based command and control mechanism and auto-updates to spread across the developer ecosystem. In this article, we dissect how GlassWorm works, what makes it a paradigm shift in supply-chain attacks, and what organisations must do to detect and contain it before their dev workstations become weaponised.
Hackers breached the official Xubuntu website and replaced legitimate download links with malware-infected files. The incident highlights the growing risk of supply-chain compromises targeting open-source Linux distributions.