DEAD#VAX campaign delivers AsyncRAT via IPFS-hosted VHD phishing files, using fileless memory injection and obfuscated ...

A new malicious campaign mixes the ClickFix method with fake CAPTCHA and a signed Microsoft Application Virtualization (App-V ...

Two malware campaigns weaponize open-source software to target executives and cloud systems, combining social engineering ...

The modular Windows RAT uses in-memory execution and live operator control to maintain persistence and exfiltrate sensitive ...

Virtual Hard Disks masquerading as PDF files are allowing hackers to sneak remote-access software through enterprise defenses.

How modern infostealers target macOS systems, leverage Python‑based stealers, and abuse trusted platforms and utilities to ...

Multiple threat actors, both state-sponsored and financially motivated, are exploiting the CVE-2025-8088 high-severity ...

A security audit found 341 malicious ClawHub skills abusing OpenClaw to spread Atomic Stealer and steal credentials on macOS ...

ESET researchers present technical details on a recent data destruction incident affecting a company in Poland’s energy sector.

A complex phishing campaign uses decentralized fake PDFs that mount virtual drives to silently install the AsyncRAT malware.

Nitrogen ransomware’s ESXi encryptor corrupts its own public key, making file recovery impossible, even if victims pay.

This is Part 2 of our two-part technical analysis on the Gopher Strike and Sheet Attack campaigns. For details on the Gopher Strike campaign, go to Part 1.IntroductionIn September 2025, Zscaler ...