Fired employee sought AI help to hide deletion of hosting firm’s customer data
The apparent revenge deletion of US federal databases after the dismissal of twin brothers from an online hosting company is another reminder to IT and HR le...
TTPs
20 articles
ClickFix finds a backup plan in PySoxy proxy chains
ClickFix, a one-shot social engineering technique that tricks victims into executing malicious workflows disguised as fixes to technical issues in their syst...
New TrickMo Variant Uses TON C2 and SOCKS5 to Create Android Network Pivots
Cybersecurity researchers have flagged a new version of the TrickMo Android banking trojan that uses The Open Network (TON) for command-and-control (C2). The...
Vidar Stealer Campaign Evades EDR to Steal Credentials
A new Vidar Stealer campaign is abusing trusted tools, multi‑stage loaders, and heavy obfuscation to bypass EDR visibility and steal credentials from infecte...
North Korea Hackers Abuse Git Hooks to Deploy Cross-Platform Malware
North Korean threat actors have introduced a stealthy new delivery mechanism in their ongoing “Contagious Interview” campaign, shifting tactics to abuse Git ...
Android banking Trojan TrickMo evolves using TON network for C2
ThreatFabric found a new TrickMo Android trojan focused on stealth and persistence, moving its command-and-control traffic to the TON network.
Inside AD CS Escalation: Unpacking Advanced Misuse Techniques and Tools
Unit 42 analyzes AD CS exploitation through template misconfigurations and shadow credential misuse while offering behavioral detection for defenders. The po...
TrickMo Variant Routes Android Trojan Traffic Through TON
ThreatFabric finds new TrickMo Android banking trojan variant routing C2 through The Open Network
New Quasar Linux implant targets developers with rootkit and backdoor capabilities
QLNX is designed for stealth and long-term persistence, operating in-memory and employing multiple techniques to evade detection, including log wiping, proce...
ZiChatBot Malware Abuses Zulip APIs for Stealthy C2 Operations
A new cross‑platform malware family, dubbed ZiChatBot, that abuses the trusted Python Package Index (PyPI) ecosystem and the Zulip team chat platform to run ...
NWHStealer Campaign Deploys Bun Loader, Anti-VM Evasion, and Encrypted C2
A new distribution method for the NWHStealer infostealer that leverages the Bun JavaScript runtime, marking a significant evolution in the malware’s delivery...
Fake Claude AI Installers Used to Spread Malware in New Cyber Scam
Hackers are abusing fake Claude AI installer pages promoted through Google Ads to trick users into running malware in a campaign. The operation combines high...
From Android TVs to routers: the xlabs_v1 Mirai-based botnet built for DDoS attacks
A new Mirai‑based botnet, xlabs_v1, hijacks ADB‑exposed IoT devices for powerful DDoS attacks, with 21 flooding methods and DDoS‑for‑hire use. A new Mirai‑de...
Exploits and vulnerabilities in Q1 2026
This report provides statistical data on published vulnerabilities and exploits we researched during Q1 2026. It also includes summary data on the use of C2 ...
Facial recognition arrives at the gates of Disney’s magic kingdom
Disney has equipped select entrance lanes at Disneyland Park and Disney California Adventure Park with facial recognition technology, saying the system is in...
Salat Malware Abuses QUIC and WebSockets for Stealthy C2 Control
A powerful new Windows malware family dubbed Salat Stealer, a Go-based Remote Access Trojan (RAT) that blends classic infostealing with a stealthy QUIC/WebSo...
Supply-chain attacks take aim at your AI coding agents
Attackers too are looking to cash in on the AI coding craze, adapting their supply-chain techniques to target coding agents themselves. Many AI agents autono...
Email threat landscape: Q1 2026 trends and insights
In early 2026, email threats increased with a rise in credential phishing, QR code phishing, and CAPTCHA-gated campaigns, highlighted by Microsoft’s disrupti...
ThreatsDay Bulletin: SMS Blaster Busts, OpenEMR Flaws, 600K Roblox Hacks and 25 More Stories
The internet is noisy this week. We are seeing some wild new tactics, like people using fake cell towers to send scam texts, while some developers are accide...
Webinar: How to Automate Exposure Validation to Match the Speed of AI Attacks
In February 2026, researchers uncovered a shift that completely changed the game: threat actors are now using custom AI setups to automate attacks directly i...