ThreatsDay Bulletin: Spyware Alerts and Emerging Global Malware
This week’s ThreatsDay Bulletin highlights rising spyware alerts, global scanning activity, and new Linux backdoor threats essential insight for defenders and SOC teams.
Tag: malware
Read More
ClickFix AI Attack Uses Grok and ChatGPT to Deliver Malware
A new ClickFix-style attack abuses Grok and ChatGPT to deliver malware by convincing users to run malicious commands disguised as troubleshooting advice. This article explains how the attack works and how defenders can detect and prevent it.
EtherRAT: North Korean targeting developers via React2Shell
North Korean–linked attackers exploited a critical React2Shell vulnerability (CVE-2025-55182) to deploy a new smart-contract based RAT named EtherRAT. The malware uses Ethereum smart-contracts for C2 resolution, hides payloads through obfuscation, and employs multiple persistence mechanisms — a serious threat to Web3 and developer environments.
Japan’s Long-Term Struggle Against Persistent Ransomware
Japanese organizations continue facing ransomware incidents that cause months of operational disruption. This investigative analysis explores how long-tail damage unfolds, why attackers target Japan’s supply chain ecosystem, and how companies can strengthen long-term resilience.
CastleLoader Threat Clusters: What Enterprises Must Know Now
GrayBravo’s modular loader, CastleLoader, now powers four distinct threat clusters targeting logistics, travel, and enterprise users a clear sign of rapid MaaS expansion and rising risk for global organizations.
Storm-0249’s Ransomware : What Security Teams Must Know
A chilling evolution: Storm-0249 has shifted from selling access to enabling full-blown ransomware campaigns. Their new combination of ClickFix social-engineering, fileless PowerShell and DLL sideloading dramatically increases stealth and persistence across enterprise environments.
Critical Ivanti Endpoint Code Execution Flaw Exposes Admin
A critical Ivanti Endpoint Manager code execution flaw, tracked as CVE-2025-10573, allows unauthenticated attackers to plant malicious JavaScript in the EPM dashboard and hijack admin sessions. This article explains how the bug works, which versions are affected, and how to patch and harden EPM cores.
JSSmuggler Exposed: Insights Into JavaScript Smuggling Attacks
JSSmuggler uses JavaScript-based smuggling to hide and reassemble Windows malware at runtime, bypassing security tools and enabling advanced payload delivery. This analysis explains how it works and how defenders can counter it.
Mirai Variant Targets Global Maritime Logistics in IoT Botnet
A newly observed Mirai variant, “Broadside,” is exploiting weakly protected IoT systems across global maritime logistics environments. Its rapid spread and operational impact highlight growing risks as critical shipping infrastructure becomes increasingly automated and interconnected.
Massive Apple Cyber-Threat Alert Hits 84 Countries: What It Means
Apple has issued a sweeping new round of cyber-threat notifications to users across 84 countries, signaling a global escalation in targeted spyware operations. This analysis explains what triggered the alerts, how attackers operate, and what high-risk users must do immediately.