Researchers link the India-focused operation to ChinaNet infrastructure and tactical overlaps with Silver Fox, but ...
Hackers are impersonating IT staff in Microsoft Teams to trick employees into installing malware, giving attackers stealthy access to corporate networks. Microsoft Teams impersonation and social ...
I'd like to thank my coauthors Adrian Schipor, Victor Vrabie, Marius Baciu, and Martin Zugec for their invaluable contributions to this research. This research provides a direct look at the new ...
IntroductionIn December 2025, Zscaler ThreatLabz discovered a campaign linked to APT37 (also known as ScarCruft, Ruby Sleet, and Velvet Chollima), which is a DPRK-backed threat group. In this campaign ...
A convincing lookalike of the popular Huorong Security antivirus has been used to deliver ValleyRAT, a sophisticated Remote Access Trojan (RAT) built on the Winos4.0 framework, to users who believed ...
Vidar Stealer 2.0 has been released, and the updated infostealer claims to offer improved performance with advanced credential stealing and evasion abilities, features that will necessitate even ...
Security researchers are warning that Vidar Stealer infections are likely to increase after the malware developer released a new major version with upgraded capabilities. According to an announcement ...
Charon uses encrypted payloads and trusted binaries to bypass EDR defenses, marking a shift toward stealthier, more persistent ransomware campaigns. Trend Micro has identified a new ransomware strain, ...
An emerging ransomware actor is using sophisticated techniques in the style of an advanced persistent threat group (APT) to target organizations with customized ransom demands, posing a significant ...
In this blogpost, ESET researchers provide an analysis of Spellbinder, a lateral movement tool for performing adversary-in-the-middle attacks, used by the China-aligned threat actor that we have named ...