Cyware Social will be sunset on April 15, 2026. The service is being replaced by Cyware’s Daily Threat Intel Briefs,
offering curated security advisories on the latest threats. Enterprise users can contact us here → for more details.

Alerts Events DCR
Filter Alerts by

eSentire

February 18, 2025

EarthKapre Leverages Cloud Infrastructure and DLL Sideloading for Data Exfiltration

This latest attack chain showcases the group’s ability to weaponize legitimate tools, leveraging DLL sideloading techniques and cloud-based infrastructure to stealthily infiltrate networks and exfiltrate sensitive data.
January 21, 2025

MintsLoader Malspam Campaign Leads to StealC and BOINC Delivery

The eSentire Threat Response Unit (TRU) uncovered a new malware campaign leveraging a tool called MintsLoader to deliver second-stage payloads, including the StealC malware and the Berkeley Open Infrastructure for Network Computing (BOINC) client.
October 22, 2024

Bored BeaverTail Yacht Club – A Lazarus Lure

eSentire’s Threat Response Unit (TRU) has uncovered a phishing campaign targeting software developers using a fake NFT project called “Bored BeaverTail Yacht Club” to distribute malware known as BeaverTail.
July 29, 2024

Gh0stGambit Dropper Used to Deploy Gh0st RAT Against Chinese Users

The Gh0st RAT Trojan is being distributed to Chinese Windows users through a fake Chrome website. The malware has been around since 2008 and has evolved over the years, often used by cyberespionage groups in China.
June 11, 2024

More_eggs Activity Persists via Fake Job Applicant Lures

Cybersecurity researchers have discovered a phishing attack that utilizes the More_eggs malware by disguising it as a resume, a tactic that was first detected over two years ago.
June 10, 2024

Malicious AutoIt Script Delivers Vidar Stealer via Drive-by Downloads

The attack utilized Java dependencies and a malicious AutoIt script to disable Windows Defender and decrypt the Vidar payload. The user was lured to a website claiming to offer a Windows activator but was in fact hosting the malware.
June 1, 2024

Fake Browser Updates Delivering BitRAT and Lumma Stealer

The infection chain began with a user visiting an infected webpage, which triggered the download of a ZIP archive containing malicious JavaScript code. This code acted as an initial downloader, retrieving payloads from a known BitRAT C2 address.
May 13, 2024

FIN7 Uses Trusted Brands and Sponsored Google Ads to Distribute MSIX Payloads

The financially motivated group FIN7 has been observed leveraging malicious Google ads that impersonate legitimate brands to deliver NetSupport RAT, highlighting the ongoing threat of malvertising and the abuse of signed MSIX files by cybercriminals.
May 10, 2024

SocGholish Sets Sights on Victim Peers

The SocGholish malware is targeting enterprises through fake browser update prompts, compromising legitimate websites to deliver malicious payloads that steal sensitive data and establish persistence on infected systems.
November 16, 2023

BlackCat Ransomware Gang is Attacking Organizations Using Google Ads Laced with Malware

Russian-speaking affiliates of the ALPHV/BlackCat ransomware gang are using malvertising for popular software to distribute the Nitrogen malware and infect organizations with ransomware.
Load More

Defend Against Threats with Cyber Fusion

Cyware is the leading provider of cyber fusion solutions that power threat intelligence sharing , end-to-end automation and 360-degree threat response.

Learn More

Trending Tags
Popular Topics
See more