Malware
General malware taxonomy: ransomware, trojans, information stealers, and modular payloads used in targeted and commodity campaigns.
-
Hijack Loader Delivers PureHVNC in Latin America; Insider Sells Exploits
Hijack Loader used malicious SVGs to deliver PureHVNC in Latin America; a separate DOJ case details an insider selling exploit tooling for cryptocurrency.
-
What is Operation Endgame?
Operation Endgame is a major international law enforcement initiative aimed at disrupting and dismantling significant cybercrime infrastructure globally, targeting widespread malware families, botnets, and other illicit tools.
-
GlassWorm Malware Resurfaces, Infecting VS Code Extensions with Stealthy Unicode Attack
The GlassWorm malware campaign has re-emerged, targeting the Visual Studio Code (VS Code) ecosystem with a new set of malicious extensions, signaling a persistent threat to developers. This sophisticated, self-propagating worm aims to compromise credentials and cryptocurrency assets using invisible Unicode characters to embed malicious code.
-
SleepyDuck Malware Evolves with Ethereum C2 Resilience
A new sophisticated remote access trojan, dubbed “SleepyDuck,” has been discovered in the Open VSX registry, a marketplace for IDE extensions. Initially published as a benign extension on October 31, 2025, it was updated on November 1, 2025, to include malicious capabilities and has since garnered over 14,000 downloads.
-
NFC Relay Malware Exploits Android Tap-to-Pay for Fraudulent Transactions
Zimperium zLabs has discovered hundreds of malicious Android apps using NFC relay and Host Card Emulation to steal payment data from tap-to-pay transactions, turning infected phones into tools for payment fraud.
-
What Is a Remote Code Execution (RCE) Vulnerability?
Remote Code Execution (RCE) vulnerabilities allow attackers to run arbitrary code on remote systems—often leading to full compromise. Learn how RCE works and how to mitigate it.
-
What Is Bring Your Own Vulnerable Driver (BYOVD)?
Bring Your Own Vulnerable Driver (BYOVD) is a technique that leverages signed but vulnerable drivers to gain kernel-level access and evade security controls.
-
CVE-2025-59287: Actively Exploited WSUS Remote Code Execution Vulnerability Triggers Emergency Patching
CISA and security researchers warn of active exploitation of CVE-2025-59287, a critical WSUS RCE vulnerability prompting emergency patching across enterprise systems.
-
Unit 42 Links Smishing Triad to 194 000 Malicious Domains in Global Phishing Operation
Unit 42 research links Smishing Triad to 194 000 malicious domains; Fortra warns of brokerage phishing expansion and PhaaS industrialization.