A deceptive social engineering tactic known as “ClickFix” has evolved into a gateway for major ransomware attacks, with researchers uncovering a direct link between these fake verification prompts and the notorious Qilin ransomware group.

Activity dating back to 2023 reveals malicious actors have impersonated senior U.S. state government, White House, and Cabinet level officials, as well as members of Congress to target individuals.

CISA, National Security Agency, and Canadian Centre for Cyber Security have released an update to the Malware Analysis Report BRICKSTORM Backdoor with indicators of compromise (IOCs) and detection signatures for additional BRICKSTORM samples.

A sophisticated phishing campaign has been identified, utilizing weaponized PDF documents to steal corporate credentials. The phishing emails contain a PDF attachment named "NEW Purchase Order # 52177236.pdf.

A China-aligned advanced persistent threat group, LongNosedGoblin, has been identified targeting government institutions in Southeast Asia and Japan. The group exploits Windows Group Policy to deploy malware and conduct long-term surveillance.

This advisory provides an overview of phishing email trends observed in November 2025, highlighting the tactics, techniques, and procedures (TTPs) employed by threat actors.

A sophisticated cryptocurrency mining campaign has been identified targeting AWS customers. The attackers leverage compromised IAM credentials to deploy crypto miners, using advanced persistence techniques to evade detection and maintain operations.

Hackers are exploiting vulnerabilities in the emergency data request (EDR) process by impersonating law enforcement officers to obtain private user data from major tech companies.

This advisory explores three distinct techniques of browser hijacking, focusing on the manipulation of browser preference files, the use of a Browser Remote Access Tool (BRAT), and the exploitation of registry entries and scheduled tasks.

Initial Access Brokers have become pivotal in the cybercrime ecosystem, facilitating the outsourcing of intrusion tasks to advanced adversaries. This commoditization of access to critical systems allows IABs to sell access to the highest bidder.