Malware analysis, reverse engineering findings, and detection guidance.
8 items
Over 100 GitHub repositories are distributing BoryptGrab Stealer, a malware targeting browser and cryptocurrency wallet data, posing significant risks to users.
Ransomware operators are using a combination of legitimate Windows tools and the ClickFix technique to deploy DonutLoader malware and CastleRAT backdoors, posing a significant threat to systems.
The QuickLens Chrome extension was removed after being compromised to push malware aimed at stealing cryptocurrency from users. The attack highlights vulnerabilities in third-party browser extensions and the risks of crypto-related phishing.
North Korean hackers, APT37, are using newly discovered malware to breach air-gapped networks by leveraging removable drives and conducting covert surveillance.
UK retailer Co-op shut down parts of its IT infrastructure after detecting unauthorized access, becoming the second major British retailer hit by cyberattack in weeks following Marks & Spencer.
UK retail giant Marks & Spencer suffered a significant cyberattack that disrupted contactless payments, click-and-collect services, and online ordering, attributed to the DragonForce ransomware operation working with Scattered Spider affiliates.
FBI, CISA, and MS-ISAC warn that the Medusa ransomware-as-a-service operation has impacted over 300 organizations across critical infrastructure sectors since 2021.
A joint advisory warns that the Ghost (Cring) ransomware group, operating from China, has compromised organizations across 70 countries by exploiting known vulnerabilities in internet-facing services.