PureRAT Campaign Targets Job Seekers, Abuses Foxit PDF Reader for DLL Side-loading

Job seekers looking out for opportunities might instead find their personal devices compromised, as a PureRAT campaign propagated through email leverages Foxit PDF Reader for concealment and DLL side-loading for initial entry...

Hackers Used Snappybee Malware and Citrix Flaw to Breach European Telecom Network

A European telecommunications organization is said to have been targeted by a threat actor that aligns with a China-nexus cyber espionage group known as Salt Typhoon. The organization, per Darktrace, was targeted in the first week of July 2025, with the attackers exploiting a Citrix NetScaler...

From HealthKick to GOVERSHELL: The Evolution of UTA0388's Espionage Malware

A China-aligned threat actor codenamed UTA0388 has been attributed to a series of spear-phishing campaigns targeting North America, Asia, and Europe that are designed to deliver a Go-based implant known as GOVERSHELL. "The initially observed campaigns were tailored to the targets, and the message...

EUVD-2020-28387

Malware in sbrugna...

EUVD-2019-4729

Malware in sbrugna...

EUVD-2021-13356

Malware in sbrugna...

EUVD-2018-18408

Malware in sbrugna...

EUVD-2019-18866

Malware in sbrugna...

EUVD-2021-13355

Malware in sbrugna...

EUVD-2024-54431

Malicious code in bioql PyPI...

EUVD-2024-32583

Malicious code in bioql PyPI...

EUVD-2023-26861

Malicious code in bioql PyPI...

Confucius Hackers Hit Pakistan With New WooperStealer and Anondoor Malware

The threat actor known as Confucius has been attributed to a new phishing campaign that has targeted Pakistan with malware families like WooperStealer and Anondoor. "Over the past decade, Confucius has repeatedly targeted government agencies, military organizations, defense contractors, and...

Vietnamese Hackers Use Fake Copyright Notices to Spread Lone None Stealer

New Lone None Stealer uses Telegram C2 and DLL side-loading to grab passwords, credit cards, and crypto. Find out how to spot this highly evasive phishing scam...

Russian APT28 Deploys "NotDoor" Outlook Backdoor Against Companies in NATO Countries

The Russian state-sponsored hacking group tracked as APT28 has been attributed to a new Microsoft Outlook backdoor called NotDoor in attacks targeting multiple companies from different sectors in NATO member countries. NotDoor "is a VBA macro for Outlook designed to monitor incoming emails for a...

Hackers Using New QuirkyLoader Malware to Spread Agent Tesla, AsyncRAT and Snake Keylogger

Cybersecurity researchers have disclosed details of a new malware loader called QuirkyLoader that's being used to deliver via email spam campaigns an array of next-stage payloads ranging from information stealers to remote access trojans since November 2024. Some of the notable malware families...

Malicious PyPI and npm Packages Discovered Exploiting Dependencies in Supply Chain Attacks

Cybersecurity researchers have discovered a malicious package in the Python Package Index PyPI repository that introduces malicious behavior through a dependency that allows it to establish persistence and achieve code execution. The package, named termncolor , realizes its nefarious functionalit...

Charon Ransomware Hits Middle East Sectors Using APT-Level Evasion Tactics

Cybersecurity researchers have discovered a new campaign that employs a previously undocumented ransomware family called Charon to target the Middle East's public sector and aviation industry. The threat actor behind the activity, according to Trend Micro, exhibited tactics mirroring those of...

Under the Hood of BlotchyQuasar: DLL-Based RAT Campaigns against Latin America

A sophisticated malspam campaign was recently uncovered targeting Latin American countries, with a particular focus on Brazil. This operation utilizes a highly deceptive phishing email to trick users into executing a malicious MSI file, initiating a multi-stage infection. The core of the attack...

Apache Tomcat 9.0.0-M1 < 9.0.106 Multiple Vulnerabilities

The version of Apache Tomcat installed on the remote host is 9.0.0-M1 prior to 9.0.106, 10.1.0-M1 prior to 10.1.42 or 11.0.0-M1 prior to 11.0.8. It is, therefore, affected by multiple vulnerabilities : - A race condition on connection close could trigger a JVM crash when using the APR/Native...