A phishing campaign using Interpol impersonation, formal wording, and legal references shows how trust itself becomes the delivery mechanism for malicious attachments.
A renewed ValleyRAT wave uses installer lures and Japanese-language email bait to turn ordinary Windows trust decisions into remote-control risk.
A phishing run aimed at hotels in Europe and Asia is using photo-themed ZIP attachments and a Node.js implant, turning ordinary front-desk inboxes into potential entry points.
Tax-branded phishing emails are being used to deliver in-memory malware on Windows, a tactic that shifts detection away from saved files and toward what happens after a user opens the attachment.
A phishing wave used recruiter-style and code-review lures to steer targets toward attacker-controlled repositories, showing how familiar developer workflows can become a malware delivery path.
The campaign tied to Czech Republic and Taiwan targets is a reminder that spear-phishing has not gone away - it has become a delivery system for staged access and commercially available operator tooling.
A phishing email, a TXZ attachment, and a JavaScript file form the observed path to a loader linked with the PureLogs infostealer.
A new multi-stage malware campaign leverages JavaScript, PowerShell, and process hollowing to evade detection and establish covert control.