GoDaddy found malware on 1,980 WordPress sites using Steam as C2 infrastructure
Malware on approximately 2,000 WordPress sites hid C2 instructions in Steam profile comments using invisible Unicode. GoDaddy researchers spotted a command-a...
TTPs
20 articles
Nimbus Manticore APT Uses Fake Jobs to Deliver Custom Malware
A newly observed cyber campaign linked to the Iran-aligned threat group Nimbus Manticore (also tracked as UNC1549 and Smoke Sandstorm) is targeting aerospace...
Why you need BAS and autonomous pentesting together
Most security teams know the drill: A new autonomous penetration testing tool gets deployed, and the first run is genuinely impressive. The dashboard surface...
Hackers hijack thousands of sites for ClickFix and FakeUpdate attacks
A threat actor tracked as DriveSurge has been operating large-scale malware distribution campaigns using ClickFix and FakeUpdates techniques on compromised s...
Miasma Supply Chain Attack Compromises Red Hat npm Packages with Credential-Stealing Worm
A new Mini Shai-Hulud supply chain attack campaign, codenamed Miasma, has compromised @redhat-cloud-services packages to steal credentials and secrets from d...
WordPress malware campaign hides payloads in Steam profiles
Nearly 2,000 WordPress websites were infected with malware that relies on Steam Community profile comments to hide command-and-control (C2) data. [.
CrowdStrike, Google, and Shadowserver Foundation disrupt Glassworm botnet
CrowdStrike has shared details of a coordinated operation used to disable the Glassworm botnet, which targets software developers and leverages open-source e...
Websites can spy on user activity by analyzing SSD behavior
Websites have spent years collecting information about visitors through browser fingerprinting, tracking scripts, and other techniques designed to identify d...
Cybersecurity trends in SEC filings
In 2023, the Securities and Exchange Commission (SEC) required public companies to include a new section in their 10-K annual filings that is devoted to cybe...
Kimsuky Deploys HTTPSpy, Expands Arsenal with HelloDoor and VS Code Tunnels
The North Korean state-sponsored threat actor known as Kimsuky (aka Velvet Chollima) has been attributed to a fresh set of cyber attacks targeting South Kore...
Malicious RVTools Installer Uses Sectigo Cert to Evade SmartScreen
A malicious fake RVTools installer is abusing a legitimately issued Sectigo code‑signing certificate to slip past Microsoft Defender SmartScreen and many end...
ClearFake Abuses BSC Testnet Contracts for Resilient C2 Operations
Threat actors behind the ClearFake campaign have adopted a novel and highly resilient command-and-control (C2) architecture by leveraging BNB Smart Chain (BS...
JINX-0164 Targets Cryptocurrency Firms with Fake Recruiter Lures and macOS Malware
A new campaign orchestrated by a previously undocumented threat actor has targeted cryptocurrency organizations with an aim to facilitate digital asset theft...
XM Cyber enhances identity risk visibility with continuous exposure management capabilities
XM Cyber has announced platform enhancements aimed at helping organizations reduce identity risk, compounded by AI-enabled attackers. According to Gartner, “...
New PureLogs Variant Abuses MSBuild to Evade Detection
A new phishing-driven malware campaign distributing a stealthy PureLogs variant that leverages advanced evasion techniques, including process hollowing via M...
Hackers are knocking on office doors pretending to be IT staff
The Silent Ransom Group (SRG) is targeting law firms using social engineering techniques and an unusual tactic for cybercriminals: showing up at victims’ off...
Glassworm botnet disrupted after resilient C2 infrastructure takedown
The Glassworm botnet targeting developers in software supply-chain attacks has been disrupted after researchers took down its resilient command-and-control i...
GlassWorm Malware Takedown Disrupts Developer Supply Chain Attack Infrastructure
CrowdStrike, in partnership with Google and the Shadowserver Foundation, has announced the simultaneous disruption of all command-and-control (C2) channels a...
How cybersecurity firms took down Glassworm botnet in one shot
Glassworm infected developers through poisoned tools and packages until a coordinated takedown killed all four of its C2 channels at once. On May 26, 2026, a...
Quasar RAT Hits Developers With Fileless Linux Attacks
Quasar Linux (QLNX) is a new, stealthy Linux Remote Access Trojan that quietly turns developer and DevOps workstations into high‑value beachheads for softwar...