The malware program has been deployed across multiple sectors since April, helping to provide initial access sold to ransomware gangs.

On June 24, 2026, Microsoft’s Digital Crimes Unit (DCU) facilitated the takedown, suspension, and blocking of domains that ...

A new backdoor dubbed Mistic has been observed in financially motivated attacks targeting organizations in the insurance, ...

I'd like to thank my co-author, Martin Zugec, for his valuable contributions to this report. This intrusion adds three dimensions to the public understanding of Chinese APT activity in contested ...

Some weeks are loud. This one was quieter but not in a good way. Long-running operations are finally hitting courtrooms, old attack methods are showing up in new places, and research that stopped ...

The compromised packages, linked to the Trivy breach, executed a three‑stage payload targeting AWS, GCP, Azure, Kubernetes configs, SSH keys, and automation pipelines before being removed. PyPI is ...

The report confirms that the system is based on the Raspberry Pi Compute Module 5 Rev 1.0, running Debian GNU/Linux 12 (bookworm) with a 6.12.34+rpt-rpi-2712 kernel on a 64-bit ARM (aarch64) ...

The goal of this project is to provide simple, portable and compatible code (data encrypted in Python can be decrypted in PHP, and so on). The encryption algorithm used is AES in CBC and CFB mode.

IntroductionZscaler ThreatLabz has identified a new malware loader that we have named TransferLoader, which has been active since at least February 2025. ThreatLabz has identified three different ...

Tenable Research examines DeepSeek R1 and its capability to develop malware, such as a keylogger and ransomware. We found it provides a useful starting point, but ...