A highly sophisticated email espionage campaign led by the persistent threat actor ToddyCat has been detected making use of enhanced and stealthy malware methodologies to exfiltrate corporate email data.

A newly emerged malware campaign, dubbed Tsundere Botnet, is actively targeting Windows systems through various sophisticated infection mechanisms. This Node.js-based botnet utilizes Ethereum blockchain smart contracts.

A sophisticated APT campaign, dubbed Operation ForumTroll, has been linked to the use of advanced spyware tools including LeetAgent and Dante, developed by Memento Labs (formerly Hacking Team).

A recent investigation has revealed how the Model Context Protocol (MCP), an open standard for integrating AI assistants with external tools, can be exploited as a supply chain attack vector.

PipeMagic is a backdoor first detected in December 2022 while researchers were investigating a malicious campaign involving RansomExx. The victims were industrial companies in Southeast Asia.

A new malware campaign involving the Efimer Trojan has been observed targeting cryptocurrency users and WordPress site administrators. Efimer is a ClipBanker-type Trojan that steals and replaces cryptocurrency wallet addresses.

A sophisticated cyberattack campaign active from late 2024 to April 2025 targeted Russian IT firms and international entities using Cobalt Strike Beacon. The attackers employed spear phishing, DLL hijacking, and social media-based payload delivery.

A newly discovered backdoor malware dubbed GhostContainer is targeting Microsoft Exchange servers in high-value organizations across Asia. The malware is a .NET-based PE32 executable that leverages open-source tools and exploits CVE-2020-0688.

Zanubis is a sophisticated Android banking Trojan active since 2022, targeting Peruvian financial institutions. It masquerades as legitimate apps to trick users into granting accessibility permissions, enabling full device control.

Outlaw (also known as “Dota”) is a Perl-based crypto mining botnet that typically takes advantage of weak or default SSH credentials for its operations. Telemetry data showed victims across the US, Germany, Italy, Thailand, and more.