COLDRIVER went from LOSTKEYS to a full “ROBOT” chain and ClickFix tricks—then started poking linked-device flows. We put 75% on a truly new family or access vector within 12 months.

TA558’s “SteganoAmor” campaign leverages steganography to deliver commodity malware across oil, gas, maritime, and industrial targets. The group’s use of image-embedded payloads and compromised infrastructure...

Three converging trends—ransomware, volatile regulations, and global instability—are reshaping risk for US tech, finance, and education. The common thread? Disruption spreads faster than most organizations can detect or respond.

DarkWatchMan is a fileless, modular malware family first observed in late 2021 and attributed to the financially motivated Hive0117 group. The malware is primarily delivered via spear-phishing emails containing password-protected archives, targeting Russian critical infrastructure (energy, etc).

Think your AI download is legit? Dark Partners turned 250+ spoofed sites into a crypto vacuum—dropping Poseidon (macOS) & PayDay (Windows) right past your AV with stolen certs