164 article(s)
North Korean-linked hackers are leveraging Windows shortcuts and GitHub to launch a stealthy multi-stage malware campaign against South Korea, blending into normal traffic and evading traditional security measures.
TA416, a China-linked threat group, is back with advanced PlugX malware and OAuth-based phishing, targeting European and Middle Eastern governments in a new wave of cyber-espionage.
Kimsuky’s new attack chain breaks malware delivery into modular stages, abusing Windows shortcuts, cloud storage, and Python to slip past security. Learn how the North Korean threat group’s evolving tactics challenge defenders.
A dramatic shift in cyber-espionage: TA446 launches DarkSword, a sophisticated exploit kit targeting iOS devices through deceptive phishing and advanced technical exploits. Our investigation reveals the methods, implications, and what’s next for mobile security.
Iran’s 30-day cyberwar saw near-total internet blackout at home but unleashed thousands of attacks abroad, targeting critical infrastructure and exposing new global vulnerabilities. The campaign’s blend of physical and digital assaults has redrawn the rules of cyber conflict.
Iran-linked hacktivist group Handala breached the personal Gmail of FBI Director Kash Patel, leaking private emails and photos in a symbolic act of cyberwar. The attack, retaliation for FBI actions against Handala, highlights the personal vulnerabilities of high-profile officials and the evolving tactics of Iranian cyber operations.
Lockheed Martin suffered a dramatic two-stage attack by Iranian-linked hackers in March 2026. Beyond alleged data theft, engineers were doxxed and threatened, marking a dangerous new phase in hybrid cyberwarfare.
APT-Q-27 is targeting Web3 support staff with deceptive screenshot links that unleash a sophisticated multi-stage malware chain, culminating in a stealthy memory-resident backdoor. Discover how the attack works and what defenders need to know.
Sandworm (APT44) is hijacking RDP servers with advanced malware, using forged certificates and encrypted tunnels to maintain stealthy, long-term access to high-value networks. Here’s how the campaign works—and what defenders need to know.
TeamPCP’s CanisterWorm launches targeted destruction against Iranian Kubernetes clusters and persistent backdoors elsewhere. Learn how this sophisticated malware campaign exploits cloud environments and what security teams must do to defend.