A recent campaign orchestrated by the EncryptHub threat group combines social engineering tactics with exploitation of CVE-2025-26633 to deliver malicious payloads. Attackers impersonate Brave Support to deceive users.

CVE-2024-7348 is a race condition vulnerability in PostgreSQL's `pg_dump` utility that allows attackers with sufficient privileges to execute arbitrary SQL commands as the user running the dump, often a superuser.

KAWA4096 is a newly identified ransomware strain that surfaced in June 2025. Its name, derived from the Japanese word for "river," reflects a thematic branding. The ransomware adopts stylistic elements from established groups.

Blind Eagle, also known as APT-C-36, is a persistent threat actor that targets organizations across Latin America, with a particular focus on Colombian financial institutions.

A new phishing campaign leveraging the Tycoon2FA Phishing-as-a-Service (PhaaS) platform has been linked to the threat actor Storm-1575, also known for the Dadsec platform.

Trustwave SpiderLabs uncovered a resurgence of malicious campaigns in March 2025 that exploit deceptive CAPTCHA verifications to deploy NodeJS-based backdoors. The campaign is referred to as "Yet Another NodeJS Backdoor (YANB)."

A recent surge in malicious activity has been observed originating from the Proton66 ASN. This activity includes mass scanning, credential brute forcing, and exploitation attempts. The observed activity is targeting organizations worldwide.

The Strela Stealer is an infostealer that exfiltrates email log-in credentials and has been in the wild since late 2022. It is a precisely focused malware, targeting Mozilla Thunderbird and Microsoft Outlook on systems in chosen European countries.

The campaign begins with a phishing email that contains an HTML attachment disguised as a routine document in a ZIP archive. The HTML file uses obfuscation techniques to evade detection and exploit vulnerabilities in Windows system functionalities.

Trustwave SpiderLabs recently discovered a dangerous backdoored DLL module within a fake version of the Advanced IP Scanner installer. The malicious version of the installer contains a DLL named pcre.dll.