Malware
General malware taxonomy: ransomware, trojans, information stealers, and modular payloads used in targeted and commodity campaigns.
-
UAT-10027 Targets U.S. Healthcare with Dohdoor Malware Using DoH C2
Researchers have uncovered a previously undocumented cyber campaign tracked as UAT-10027 targeting U.S. healthcare and education organizations with a new backdoor called Dohdoor that uses DNS-over-HTTPS to evade detection and deploy Cobalt Strike beacons.
-
AI Weaponization: State Hackers Using Google Gemini for Espionage and Malware Generation
What Happened Google’s Threat Intelligence Group (GTIG) has confirmed that multiple state-sponsored hacking groups are actively using its Gemini large language model (LLM) to enhance their cyber espionage and attack capabilities. The activity spans reconnaissance, social engineering, vulnerability analysis, and the dynamic generation of malicious code. North Korean (UNC2970/Lazarus Group), Chinese (Mustang Panda, APT31, APT41),…
-
Hijack Loader Delivers PureHVNC in Latin America; Insider Sells Exploits
Hijack Loader used malicious SVGs to deliver PureHVNC in Latin America; a separate DOJ case details an insider selling exploit tooling for cryptocurrency.
-
What is Operation Endgame?
Operation Endgame is a major international law enforcement initiative aimed at disrupting and dismantling significant cybercrime infrastructure globally, targeting widespread malware families, botnets, and other illicit tools.
-
GlassWorm Malware Resurfaces, Infecting VS Code Extensions with Stealthy Unicode Attack
The GlassWorm malware campaign has re-emerged, targeting the Visual Studio Code (VS Code) ecosystem with a new set of malicious extensions, signaling a persistent threat to developers. This sophisticated, self-propagating worm aims to compromise credentials and cryptocurrency assets using invisible Unicode characters to embed malicious code.
-
SleepyDuck Malware Evolves with Ethereum C2 Resilience
A new sophisticated remote access trojan, dubbed “SleepyDuck,” has been discovered in the Open VSX registry, a marketplace for IDE extensions. Initially published as a benign extension on October 31, 2025, it was updated on November 1, 2025, to include malicious capabilities and has since garnered over 14,000 downloads.
-
NFC Relay Malware Exploits Android Tap-to-Pay for Fraudulent Transactions
Zimperium zLabs has discovered hundreds of malicious Android apps using NFC relay and Host Card Emulation to steal payment data from tap-to-pay transactions, turning infected phones into tools for payment fraud.
-
What Is a Remote Code Execution (RCE) Vulnerability?
Remote Code Execution (RCE) vulnerabilities allow attackers to run arbitrary code on remote systems—often leading to full compromise. Learn how RCE works and how to mitigate it.
-
What Is Bring Your Own Vulnerable Driver (BYOVD)?
Bring Your Own Vulnerable Driver (BYOVD) is a technique that leverages signed but vulnerable drivers to gain kernel-level access and evade security controls.
-
CVE-2025-59287: Actively Exploited WSUS Remote Code Execution Vulnerability Triggers Emergency Patching
CISA and security researchers warn of active exploitation of CVE-2025-59287, a critical WSUS RCE vulnerability prompting emergency patching across enterprise systems.