ecrime
Three financially motivated clusters—UNC3944 (“Scattered Spider”), UNC6040, and UNC6395—are driving a surge in SaaS and cloud data theft via social engineering, OAuth abuse, and supply-chain attacks. Their evolving TTPs and anti-forensics are raising the stakes for defenders..
shamos
Shamos, a new Atomic macOS Stealer (AMOS) variant attributed to COOKIE SPIDER, is targeting U.S. tech and education sectors via malvertising and fake support sites.
heartcrypt
In the last 90 days, HeartCrypt-packed ransomware has evaded initial SOC detection in up to 40% of targeted incidents. Attackers no longer waste time building stealth — they rent it. HeartCrypt’s PaaS delivers EDR-kill tools, sandbox evasion, and polymorphic payloads at industrial scale.
unc3944
Ransomware groups—including BlackCat/ALPHV, Black Basta, RansomHub, and Dark Angels—are increasingly targeting VMware ESXi and similar virtualization platforms using advanced hypervisor-level attack techniques. The exploitation of CVE-2024-37085..
dark-partners
Dark Partners is a financially motivated cybercrime group active since at least May 2025, orchestrating large-scale cryptocurrency theft campaigns through a sophisticated infrastructure of fake websites mimicking AI tools, VPN services, crypto wallets, and widely used software brands.
venomrat
VenomRAT, first observed in 2020 as a fork of Quasar RAT, has evolved into a modular, service-based remote access trojan with advanced keylogging, stealth, and evasion capabilities. It is distributed primarily through phishing campaigns and fake antivirus websites (notably Bitdefender clones)...
venom-spider
Venom Spider (TA4557) is a financially motivated cybercriminal group specializing in spear-phishing campaigns against HR professionals, primarily in the U.S., U.K., Canada, Australia, and Germany. Their attacks exploit the HR function’s need to process external attachments..
dragonforce
DragonForce has rapidly evolved into a major RaaS operation, distinguished by its sophisticated use of BYOVD techniques to bypass EDR and escalate privileges. The group’s modular ransomware builder allows affiliates to select vulnerable drivers (notably TrueSight.sys, RentDrv.sys) for process ter...
phishing
CryptoChameleon is an advanced phishing kit distributed via phishing-as-a-service platforms, enabling rapid, scalable attacks against cryptocurrency users, financial institutions, and related sectors...
phishing
The Smishing Triad, a cybercriminal group, is leveraging advanced smishing techniques to deceive victims by impersonating legitimate organizations. They exploit platforms like iMessage using compromised Apple iCloud accounts to send spam messages that bypass traditional filters..
socgholish
The detection of SocGholish malware has advanced through techniques like behavioral analysis, signature-based detection, and anomaly detection. These methods are crucial due to the malware's ability to change its code and employ unique delivery methods.
ransomware
The threat actors "Lynx" and "Cicada3301" have been active in recent cyber campaigns, employing sophisticated tactics, techniques, and procedures (TTPs) to target various sectors. Lynx, a rebranding of the INC ransomware, has been particularly active in ..