spynote
Mobile Malware Threats: SpyNote, BadBazaar, and MOONSHINE
SpyNote, BadBazaar, and MOONSHINE are prominent mobile malware families primarily targeting Android devices.
2025
phishing
Smishing Triad's Global Impact: New Phishing Kits and Expanding Targets
The Smishing Triad, a cybercriminal group, is leveraging advanced smishing techniques to deceive victims by impersonating legitimate organizations. They exploit platforms like iMessage using compromised Apple iCloud accounts to send spam messages that bypass traditional filters..
m-trends
AI-Driven Cyber Threats, Ransomware Evolution, and Supply Chain Security: We (try to) PREDICT what's coming in Mandiant's 2025 M-Trends Report
I take a SPECULATIVE deep dive into what I think might be in the 2025 Mandiant M-TRENDS report.
apt
Strategic Cyber Threats: Chinese, Russian, and North Korean APTs.. How are they different?
Recent trends indicate a shared interest among these state-sponsored groups in exploiting vulnerabilities and utilizing AI tools like Google's Gemini to improve their cyberattack capabilities.
unc3886
UNC3886: China's Cyber Espionage Tactics Targeting High-Tech Sectors
UNC3886 is a sophisticated China-nexus advanced persistent threat (APT) group focused on cyber espionage against high-tech sectors such as defense, technology, and telecommunications. Active for several years, the group has evolved its tactics to include the use of operational relay boxes (ORBs)...
github
Unveiling Supply Chain Threats: Charming Kitten and Lazarus Group's Tactics
A recent GitHub supply chain attack on March 17, 2025, compromised a GitHub Actions tool, affecting 23,000 organizations. This incident highlights the vulnerability of software development tools, with attackers altering code to leak secrets.
xcsset
XCSSET Malware: Evolving Threats to macOS Development Environments
XCSSET is a sophisticated modular malware strain that primarily targets macOS systems. It was first identified in 2020 and has since evolved, with recent variants incorporating advanced obfuscation and persistence techniques...
ragnar
Ragnar Loader: A Persistent Threat in Ransomware Operations
Ragnar Loader, a sophisticated malware toolkit, is primarily associated with ransomware groups such as FIN7, FIN8, and Ragnar Locker. It has evolved significantly since its emergence in 2020, integrating advanced capabilities to enhance its stealth and operational effectiveness.
vo1d
Vo1d Botnet: Exploiting Android TV Devices for Cybercriminal Gain
The Vo1d botnet is a sophisticated malware campaign that has compromised approximately 1.6 million Android TV devices worldwide. Originating from cybercriminal groups exploiting outdated software and security flaws...
encrypthub
EncryptHub's Global Cyber Assault: Spear-Phishing and Ransomware Tactics Unveiled
EncryptHub, also known as Larva-208, is a sophisticated cybercriminal group that has recently breached 618 organizations worldwide. Their primary method of attack is spear-phishing, utilizing social engineering to deploy infostealers and ransomware.
dprk
Lazarus Group's Cryptocurrency Heists: Bybit, BingX, and Phemex Under Siege
The Lazarus Group has intensified its focus on cryptocurrency exchanges, executing high-profile hacks on Bybit...
socgholish
SocGholish Malware: Advanced Detection and Prevention Strategies
The detection of SocGholish malware has advanced through techniques like behavioral analysis, signature-based detection, and anomaly detection. These methods are crucial due to the malware's ability to change its code and employ unique delivery methods.