Security Boulevard

Emulating the Mutative BlackByte Ransomware

BlackByte is a ransomware strain operated under the Ransomware-as-a-Service (RaaS) model that emerged in July 2021. Early versions of the ransomware were developed in C#, while later iterations were ...
LinkedIn

LATAM Businesses Hit by XWorm via Fake Financial Receipts: Full Campaign Analysis

Malware campaigns targeting Latin America (LATAM) are evolving. While the final payloads, often commodity RATs like XWorm, remain consistent, delivery mechanisms are becoming increasingly ...
Security Boulevard

APT Attacks Target Indian Government Using SHEETCREEP, FIREPOWER, and MAILCREEP | Part 2

This is Part 2 of our two-part technical analysis on the Gopher Strike and Sheet Attack campaigns. For details on the Gopher Strike campaign, go to Part 1.IntroductionIn September 2025, Zscaler ...
TechSpot

Microsoft will soon deprecate the insecure RC4 encryption algorithm

About time: Microsoft introduced support for the RC4 stream cipher in Windows 2000 as the default authentication algorithm for the Active Directory services. The system has been insecure for even ...
Microsoft

Beyond RC4 for Windows authentication

Update as of 2/4/2026: Details on the Windows Update rollout strategy added. As organizations face an evolving threat landscape, strengthening Windows authentication is more critical than ever. The ...
WeLiveSecurity

MuddyWater: Snakes by the riverbank

ESET researchers have identified new MuddyWater activity primarily targeting organizations in Israel, with one confirmed target in Egypt. MuddyWater, also referred to as Mango Sandstorm or TA450, is ...
GitHub

GoExec - Remote Execution Multitool

GoExec is a new take on some of the methods used to gain remote execution on Windows devices. GoExec implements a number of largely unrealized execution methods and provides significant OPSEC ...
Bitdefender

Curly COMrades: A New Threat Actor Targeting Geopolitical Hotbeds

This research from Bitdefender Labs details a cluster of malicious activity we've been tracking since mid-2024. It uncovers a new threat actor group we’ve named Curly COMrades, operating to support ...
WeLiveSecurity

BladedFeline: Whispering in the dark

In 2024, ESET researchers discovered several malicious tools in the systems used by Kurdish and Iraqi government officials. The APT group behind the attacks is BladedFeline, an Iranian threat actor ...
The Hacker News

ClearFake Infects 9,300 Sites, Uses Fake reCAPTCHA and Turnstile to Spread Info-Stealers

The threat actors behind the ClearFake campaign are using fake reCAPTCHA or Cloudflare Turnstile verifications as lures to trick users into downloading malware such as Lumma Stealer and Vidar Stealer.
Bleeping Computer

ViperSoftX malware covertly runs PowerShell using AutoIT scripting

The latest variants of the ViperSoftX info-stealing malware use the common language runtime (CLR) to load and execute PowerShell commands within AutoIt scripts to evade detection. CLR is a key ...