16 matches found
MAL-2026-2860 Malicious code in mylib-utils (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 8cc746751844570c4d9de0acc1fc4aba45c1316434c664fc70711749720f88f1 During import, a remote executable is automatically started. During analysis, the executable only showed a basic message. It's likely experimenting with...
Dissecting UAT-8099: New persistence mechanisms and regional focus
Cisco Talos has identified a new campaign by UAT-8099, active from late 2025 to early 2026, that is targeting vulnerable Internet Information Services IIS servers across Asia with a specific focus on victims in Thailand and Vietnam. Analysis confirms significant operational overlaps between this...
Put together an IR playbook — for your personal mental health and wellbeing
Welcome to this week's edition of the Threat Source newsletter. This is gonna be a tough read. I'm sorry. Believe it or not, it's even tougher for me to write. I want to talk about what it costs to be in the cybersecurity profession. Not money or time, but potentially your health, both mentally a...
Scammers Exploit JFK Files Release with Malware and Phishing
Veriti Research reported a developing cyber threat campaign centred around the declassification and release of the RFK, MLK…...
GhostSec and Stormous Join Forces for a Ransomware Blitz
Summary: The GhostSec and Stormous ransomware factions have launched a sophisticated campaign. Introducing the GhostLocker 2.0 ransomware and the STMXGhostLocker ransomware-as-a-service RaaS initiative, these groups employ double extortion tactics, posing a significant threat to businesses...
Attacks, Vulnerabilities and Actors 26 June to 2 July 2023
For a detailed threat digest, download the pdf file here Summary HiveForce Labs recently made several significant discoveries related to cybersecurity threats. Over the past week, the fact that there were a total of four attacks executed, taking advantage of three different vulnerabilities in...
Backdoored 3CXDesktopApp Installer Used in Active Threat Campaign
Emergent threats evolve quickly. We will update this blog with new information as it comes to light and we are able to verify it. Erick Galinkin, Ted Samuels, Zach Dayton, Eoin Miller, Caitlin Condon, Stephen Fewer, Spencer McIntyre, and Christiaan Beek all contributed to this blog. On Wednesday,...
Malicious code in selfosintstrpong (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx 4d7878f58080d105e60cb14b75c2666637fe39fb10e7943426e46f2b437a4cba EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...
Malicious code in py-supercandyreplace (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx 6992d79c1415d37f3075f9e953c88b7e91467d09eb5cdbdea5f34e670fed2693 EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...
Malicious code in esqstringgetlgtb (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx 6936ebab3bab22dda3bb9b569526e9c3c337ab35a5433a2f73bd65d7226b47e3 EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...
Malicious code in libgamehacked (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx 18d65d7225a4e6c29ef448d979fa633e56d238394de831ddc8b4a6208bec024a EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...
Threat Spotlight: AsyncRAT campaigns feature new version of 3LOSH crypter
By Edmund Brumaghin, with contributions from Alex Karkins. Ongoing malware distribution campaigns are using ISO disk images to deliver AsyncRAT, LimeRAT and other commodity malware to victims.The infections leverage process injection to evade detection by endpoint security software.These...
Threat Campaign by Molerats uses NimbleMamba Malware to target Middle East
THREAT LEVEL: Red. For a detailed advisory, download the pdf file here An APT group Molerats associated with Gaza has launched a new threat campaign using a malware NimbleMamba aimed at Middle Eastern governments, foreign policy think tanks, and even a state-owned airline. The current attack was...
Water Pamola Attacked Online Shops Via Malicious Orders
Since 2019, we have been tracking a threat campaign we dubbed as “Water Pamola.” The campaign initially compromised e-commerce online shops in Japan, Australia, and European countries via spam emails with malicious attachments...
What’s New in InsightIDR: Q1 2021 in Review
Back at the start of the year, we reflected on some of our 2020 InsightIDR product investments and took a look at what was ahead in 2021 see the blog here. As the first quarter of the year comes to a close, we wanted to offer a closer look at some of the recent updates and releases in InsightIDR,...
Massive Spam Campaign Targets Unpatched Systems
Cybercriminals are leveraging a recently patched critical Adobe Flash Player vulnerability in a massive spam campaign targeting unpatched computers. According to cybersecurity firm Morphisec, cybercriminals are blasting spam messages that urge recipients to click a link to download a Word documen...