In a campaign targeting hundreds of organizations worldwide, cyber criminals are exploiting Microsoft Visio files (.vsdx) and SharePoint to execute two-step phishing attacks.

Styx Stealer is based on the Phemedrone Stealer and is available for purchase online. It has the ability to steal passwords, cookies, crypto wallet data, and messenger sessions, as well as gather system information.

Server-Side Template Injection (SSTI) vulnerabilities are a growing concern in web applications, allowing attackers to inject malicious code into templates and gain control over servers.

Process Injection is a vital technique used by attackers to evade detection and escalate privileges. Thread Name-Calling has emerged as a new injection technique that abuses Windows APIs for thread descriptions to bypass endpoint protection products.

Research conducted by Check Point has revealed how fraudsters are exploiting legitimate blockchain protocols to carry out sophisticated scams. The Uniswap Protocol and Safe.global are among the platforms targeted by these attackers.

The deployment of BugSleep is a significant development in MuddyWater's tactics, targeting various sectors with phishing emails leading to the distribution of Remote Management Tools and the BugSleep malware.

Compiled V8 JavaScript in Google's engine converts JavaScript into low-level bytecode, making analysis and detection difficult. Attacks using this bytecode ensure compatibility with the V8 engine for successful execution.

Check Point Research has identified multiple threat actors using Rafel RAT, including an espionage group. The tool's features, such as remote access and surveillance, make it effective for covert operations and infiltrating high-value targets.

BoxedApp products have been commercially available for some time, but in the past year, there has been a notable increase in their abuse to deploy malware, particularly related to RATs and stealers.

Researchers analyzed a widespread malicious packer family based on the Nullsoft Scriptable Install System (NSIS) that is used to protect various types of malware, including loaders, stealers, and Remote Access Trojans (RATs).