Cyware Social will be sunset on April 15, 2026. The service is being replaced by Cyware's Daily Threat Intel Briefs,
offering curated security advisories on the latest threats. Enterprise users can contact us here → for more details.

Alerts Events DCR
Filter Alerts by

zscaler

March 9, 2026

Middle East Conflict Fuels Cyber Attacks

The ongoing Middle East conflict has led to a surge in opportunistic cyber attacks. Threat actors are exploiting the situation through phishing, malware distribution, and scams, with notable malware including LOTUSLITE and StealC.
February 26, 2026

APT37 Adds New Tools For Air-Gapped Networks

ThreatLabz details the Ruby Jumper campaign in the following sections, focusing on the specific malware employed, the deployment methods, and how the final payload is delivered to achieve the ultimate objective.
February 6, 2026

Technical Analysis of Marco Stealer

Marco Stealer is a sophisticated information stealer targeting browser data, cryptocurrency wallets, and sensitive files. It employs advanced anti-analysis techniques and uses AES-256 encryption for secure C2 communication.
January 8, 2026

Malicious NPM Packages Deliver NodeCordRAT

Zscaler ThreatLabz identified three malicious npm packages in November 2025—bitcoin-main-lib, bitcoin-lib-js, and bip40—that deliver NodeCordRAT, a remote access trojan (RAT) with data-stealing capabilities.
December 23, 2025

Zscaler Threat Hunting Catches Evasive SideWinder APT Campaign

A sophisticated espionage campaign by the SideWinder APT group targets Indian entities by impersonating the Income Tax Department of India. The campaign uses advanced techniques such as DLL side-loading with legitimate Microsoft Defender binaries.
December 17, 2025

BlindEagle Deploys Caminho and DCRAT

BlindEagle, a threat actor operating in South America, has launched a sophisticated spear phishing campaign targeting a Colombian government agency under the Ministry of Commerce, Industry and Tourism (MCIT).
October 15, 2025

SEO Poisoning Targets Ivanti VPN: Credential Theft Alert

A new SEO poisoning campaign is targeting users searching for Ivanti Pulse Secure VPN software, redirecting them to attacker-controlled sites hosting a trojanized installer. The malware steals VPN credentials and exfiltrates them to a C2 server.
September 24, 2025

YiBackdoor: Linked to IcedID and Latrodectus

A new malware family named YiBackdoor has been identified, exhibiting strong code overlaps with IcedID and Latrodectus. YiBackdoor can execute arbitrary commands, collecting system information, capturing screenshots, and deploying encrypted plugins.
June 25, 2025

Black Hat SEO Poisoning Search Engine Results For AI

Threat actors are exploiting the popularity of AI tools by using Black Hat SEO to poison search engine results and Vidar Stealer, Lumma Stealer, and Legion Loader through complex redirection chains and obfuscated JavaScript.
May 15, 2025

TransferLoader Malware Loader Deploys Morpheus Ransomware Using Obfuscated Backdoor and IPFS-Based C2

TransferLoader is a newly identified malware loader active since at least February 2025. It comprises three main components—a downloader, a backdoor loader, and a backdoor—each employing advanced anti-analysis and obfuscation techniques.
Load More

Defend Against Threats with Cyber Fusion

Cyware is the leading provider of cyber fusion solutions that power threat intelligence sharing , end-to-end automation and 360-degree threat response.

Learn More

Trending Tags
Popular Topics
See more