Attackers accelerate, adapt, and automate: Rapid7’s Q3 2025 Threat Landscape Report

The Q3 2025 Threat Landscape Report, authored by the Rapid7 Labs team, paints a clear picture of an environment where attackers are moving faster, working smarter, and using artificial intelligence to stay ahead of defenders. The findings reveal a threat landscape defined by speed, coordination,...

UNG0002 Group Hits China, Hong Kong, Pakistan Using LNK Files and RATs in Twin Campaigns

Multiple sectors in China, Hong Kong, and Pakistan have become the target of a threat activity cluster tracked as UNG0002 aka Unknown Group 0002 as part of a broader cyber espionage campaign. "This threat entity demonstrates a strong preference for using shortcut files LNK, VBScript, and...

MintsLoader Delivers StealC Malware and BOINC in Targeted Cyber Attacks

Threat hunters have detailed an ongoing campaign that leverages a malware loader called MintsLoader to distribute secondary payloads such as the StealC information stealer and a legitimate open-source network computing platform called BOINC. "MintsLoader is a PowerShell based malware loader that...

Peeling off QR Code Phishing Onion

Peeling off QR Code Phishing Onion: Revealing the Hidden Layers of Deceit By Neel H. Pathak and Pratik Sunil Kadam · October 10, 2023 Introduction: Malicious actors always seek innovative ways to bypass detection. The Trellix Advanced Research Center recently noticed an attack campaign with an...

China's BlackTech Hacking Group Exploited Routers to Target U.S. and Japanese Companies

Cybersecurity agencies from Japan and the U.S. have warned of attacks mounted by a state-backed hacking group from China to stealthily tamper with branch routers and use them as jumping-off points to access the networks of various companies in the two countries. The attacks have been tied to a...

New Ransomware Gang RA Group Hits U.S. and South Korean Organizations

A new ransomware group known as RA Group has become the latest threat actor to leverage the leaked Babuk ransomware source code to spawn its own locker variant. The cybercriminal gang, which is said to have been operating since at least April 22, 2023, is rapidly expanding its operations, accordi...

Breaking the silence - Recent Truebot activity

Since August 2022, we have seen an increase in infections of Truebot aka Silence.Downloader malware. Truebot was first identified in 2017 and researchers have linked it to a threat actor called Silence Group that is responsible for several high-impact attacks on financial institutions in several...

Cyberattacks Rise Targeting Infrastructure and Geo Tensions

Trellix Threat Labs Research Report: Cyberattacks Targeting Critical Infrastructure Rise Along with Geopolitical Tensions By Trellix · April 27, 2022 The release of our Trellix Threat Labs Research Report: April 2022 examines cybercriminal behavior and activity related to cyber threats in the...

Cyberattacks Rise Targeting Infrastructure and Geo Tensions

Trellix Threat Labs Research Report: Cyberattacks Targeting Critical Infrastructure Rise Along with Geopolitical Tensions By Trellix · April 27, 2022 The release of our Trellix Threat Labs Research Report: April 2022 examines cybercriminal behavior and activity related to cyber threats in the...

Weekly Threat Digest: 11 – 17 April 2022

For a detailed threat digest, download the pdf file here Published Vulnerabilities Interesting Vulnerabilities Active Threat Groups Targeted Countries Targeted Industries ATT&CK TTPs 765 14 1 2 6 25 The third week of April 2022 witnessed a huge spike on the discovery of 765 vulnerabilities out of...

Everything You Need to Know About Evolving Threat of Ransomware

The cybersecurity world is constantly evolving to new forms of threats and vulnerabilities. But ransomware proves to be a different animal—most destructive, persistent, notoriously challenging to prevent, and is showing no signs of slowing down. Falling victim to a ransomware attack can cause...