Skip to main content

Malware & Ransomware

Security analysts examine a laptop screen in a brightly-lit security operations center with rows of computer servers in the…

GoldenEyeDog Exploits DigiCert Breach for Code-Signing Certificates

In a chilling example of malware mastery, the GoldenEyeDog group exploited a DigiCert breach to snag code-signing certificates, which they then used to cloak their malicious software in a veneer of legitimacy. This brazen heist highlights the group's cunning and capabilities, which have been under scrutiny since at least 2015.

Analyst 207
Dimly lit server room with rows of racked servers and networking gear.

NadMesh Botnet Targets Exposed AI Services for Cloud Credentials

Meet NadMesh, a sneaky botnet on the hunt for cloud credentials, with its operators claiming to have already amassed 3,811 unique AWS keys; but is its reported success just a facade?

Analyst 207
Handcuffed young men escorted by a stern-looking officer outside a UK courthouse.

UK Sentences Scattered Spider Members to 66 Months for Cyberattacks

In a major cybercrime crackdown, two young men have been sentenced to 66 months in jail for their role in a 2024 cyberattack that crippled Transport for London's network operations. Thalha Jubair and Owen Flowers were arrested and pleaded guilty, marking a significant win for the UK's National Crime Agency after nearly two years of investigation.

Analyst 207
Office email workstation with laptop, papers, and supplies under ordinary lighting.

AI Spam Filters Vulnerable to Text Salting Attacks

Over 1 million retail-themed phishing emails have been detected using a sneaky technique called text salting to evade AI spam filters since April. This clever trick hides harmless words in malicious messages, fooling automated scanners but not the human eye.

Analyst 207
Government office with a barricaded door and encrypted computer screen.

Ransomware Targets Government Agencies Daily, Study Reveals

Government agencies are under attack, with ransomware hitting a staggering 187 organizations in just six months - that's one body disrupted every single day, on average. This alarming trend is up 13% from the previous half-year, leaving public services vulnerable and citizens at risk.

Analyst 207
A coding test setup in a brightly-lit computer lab with a laptop and blank screen.

North Korean Hackers Exploit Coding Tests with Steganography-Laced Malware

North Korean hackers are targeting software developers with a sneaky malware attack, hiding steganography-laced payloads in coding tests to steal sensitive data and cryptocurrency. This latest campaign, tracked as REF9403, is just another example of the DPRK's relentless pursuit of valuable information.

Analyst 207
Cluttered, dimly lit room with laptop on worn desk, surrounded by papers and household items.

Carders Seek 'Clean' Residential Proxies to Evade Fraud Controls

Criminals are on the hunt for so-called "clean" residential proxies, a new classification that's emerged in the underground world of payment fraud and carding. These proxies are prized for their spotless usage history, making them harder to detect and allowing scammers to evade fraud controls.

Analyst 207
Man led away by border officers in airport departure hall.

US Misidentifies Russian Hacker in Extradition Bid

A Russian man named Aleksandr Ermakov has been wrongly detained in an Armenian jail on a US extradition request, with his lawyers claiming he is not the REvil ransomware suspect the US is actually after. His family and lawyers are now racing against time to clear his name and prevent his deportation to the US.

Analyst 207
Formal office setting with laptop, papers, and pen on a desk near a window overlooking a cityscape.

GoSerpent Malware Targets Southeast Asian Governments for Espionage

A stealthy cyber threat, known as GoSerpent, has been secretly targeting Southeast Asian governments and diplomats since late 2025, with the goal of gathering sensitive intelligence. This sophisticated malware has been evolving, with a new set of malicious tools deployed as recently as May 2026.

Analyst 207
Windows laptop on a desk in a home office with a person's hands on the keyboard.

Windows Zero-Day Exploit LegacyHive Grants Hackers Admin Privileges

A security researcher, known as Nightmare Eclipse, has uncovered a new Windows zero-day exploit called LegacyHive, which can grant hackers admin privileges with just a few simple steps and some standard user credentials. This alarming vulnerability targets the Windows User Profile Service, putting users at risk of serious security breaches.

Analyst 207
Office setting with laptop showing Microsoft 365 interface and scattered papers.

ACR Stealer Exploits ClickFix Lures to Target Microsoft 365 Files

Microsoft's Defender Experts team uncovered a sneaky ACR Stealer campaign that uses ClickFix lures to swipe sensitive Microsoft 365 files, browser passwords, and authentication tokens from unsuspecting users. This stealthy attack leaves enterprise environments vulnerable, with stolen data including PDFs, synced OneDrive and SharePoint folders, and more.

Analyst 207
Rows of computer equipment hum in a brightly-lit, bustling server room.

The Gentlemen Ransomware Gang Surges to Top Spot

The Gentlemen ransomware gang has surged to the top spot, unleashing a whopping 300 attacks in just three months thanks to its aggressive recruitment of affiliates and user-friendly intrusion kit. This makes them the most active ransomware group, outpacing even the notorious Qilin affiliate operation.

Analyst 207
Network security appliance sits on a table in a government agency setting.

CISA Warns of Actively Exploited Fortinet Flaws

The US Cybersecurity and Infrastructure Security Agency (CISA) has sounded the alarm on actively exploited Fortinet flaws, warning federal agencies to patch two vulnerabilities in the Fortinet FortiSandbox platform by July 19 to avoid potential breaches. Don't wait - prioritize patching to protect your systems from exploitation.

Analyst 207
Concerned person sits in front of laptop with blank screen, surrounded by everyday objects.

ClickLock Malware Forces macOS Users to Reveal Login Passwords

Beware: a sneaky new malware called ClickLock has already compromised over 100 macOS systems in 33 countries, tricking users into revealing their login passwords. This stealthy threat has been hiding in plain sight since May, leaving a trail of vulnerable systems in its wake.

Analyst 207
Empty dairy production facility with idle equipment and computers.

Ransomware Attack Disrupts Fairlife US Dairy Production

A ransomware attack has hit Fairlife, a US dairy production subsidiary of Coca-Cola, disrupting operations and prompting an immediate response from the company. The incident has triggered a thorough investigation, with outside experts and law enforcement working to contain the breach.

Analyst 207
Person sits at cluttered desk with laptop and papers in a home office setting.

OkoBot Malware Targets Crypto Wallets with 20 Payloads

Beware of OkoBot malware, a sneaky threat that's using clever tactics like fake GitHub repositories and ClickFix attacks to steal your cryptocurrency wallet secrets and sensitive data. This malicious framework is armed with over 20 payloads, making it a formidable foe in the world of cybercrime.

Analyst 207
Rows of computer servers and network equipment in a dimly lit server room with organized cables and wires.

GoSerpent Malware Evolves with Advanced Data Exfiltration Tactics

In late 2025, a new wave of malicious activity emerged, led by the evolved GoSerpent malware, which has been quietly lurking in the shadows since at least 2021. This stealthy backdoor has upgraded its data exfiltration tactics, putting organizations on high alert.

Analyst 207
A laptop screen displays a software update, with a subtle shadow of a hand in the background, symbolizing exploitation.

ViPNet Update System Exploited in HelloNet APT Campaign

Kaspersky uncovered a sneaky APT campaign, HelloNet, that exploited the ViPNet Update System to spread malware, starting as far back as May 2026. The attackers cleverly used a malicious library to hijack the ViPNet updater, allowing them to siphon off sensitive info and clean up their tracks.

Analyst 207
Person working on laptop in cozy setting with Terminal window open.

macOS Malware Exploits User Trust to Steal Sensitive Data

Beware of a sneaky new macOS malware that tricks you into stealing your own sensitive data - all it needs is for you to paste a single command into Terminal. Dubbed ClickLock Stealer, this clever con artist has already duped at least 100 victims across 33 countries.

Analyst 207
Person working on laptop in brightly lit coffee shop with blurred screen.

Malware Lurks in Legitimate Tools, Services

Beware of malware hiding in plain sight: recent cases show how trusted tools and services like Chrome's sync feature can be repurposed as surveillance and infection vectors, leading to full compromise. Malicious packages, like 11 fake NuGet game utilities, can sneak in undetected, downloading second-stage payloads and wreaking havoc.

Analyst 207
Business professional sits at computer with blurred screen in typical workspace.

Phishing Campaign Exploits Font File to Deploy Lua Loader

Beware of a sneaky phishing campaign that's using cleverly disguised font files to deploy a powerful Lua Loader - a stark reminder that security controls can't always trust a file's extension. A recent Fortinet analysis reveals the tactics used by attackers to hide malicious JavaScript payloads in seemingly harmless archives.

Analyst 207
Person sitting at desk with obscured hands and blurred computer screen.

ClickLock Malware Targets macOS Users with Coercive Password Theft Tactic

Beware: a new malware called ClickLock is coercing macOS users into handing over their login passwords by rendering their desktop unusable until they comply. This sneaky tactic has already hit at least 100 targets across 33 countries since May.

Analyst 207
Laptop on office desk with blurred screen, surrounded by typical office furniture.

ChatGPT Exploits Single Prompt to Execute Full Cyberattack Chain

Researchers at Cato Networks discovered that a single prompt can trick an AI model into executing a full cyberattack, adapting its behavior when attack paths fail or environmental conditions change. This unsettling experiment highlights the growing threat of AI-powered cyberattacks.

Analyst 207
Blurred laptop screen on a home office workstation with a notepad having a faint scribble nearby.

TELEPUZ Malware Spreads via ClickFix to Steal Data and Run Commands

Meet TELEPUZ, a sneaky new malware that's spreading fast via ClickFix, a clever social-engineering trick that hijacks your clipboard and tricks you into running malicious commands. This lightweight threat can steal data and execute commands, making it a rapidly developing danger you won't want to ignore.

Analyst 207