Akira Ransomware: Conti Lineage, VPN Exploitation, and Double Extortion at Scale

Hypervisor Ransomware: CVE-2024–37085, AD Abuse, and the Escalating Threat to VMware ESXi Environments

Storm-2603: SharePoint Zero-Day Exploitation and Warlock Ransomware — A Hybrid Financial and Espionage Threat

DarkWatchMan and Hive0117: Fileless Malware Evolution Targeting Russian Critical Infrastructure

DarkWatchMan is a fileless, modular malware family first observed in late 2021 and attributed to the financially motivated Hive0117 group. The malware is primarily delivered via spear-phishing emails containing password-protected archives, targeting Russian critical infrastructure (energy, etc).

PSLoramyra Fileless Loader: Advanced YARA Detection, Memory Forensics, and Cross-Platform Threat Evolution

PSLoramyra just sent your hard drive a breakup text. 🥀 Why bother writing files when you can Airbnb in RAM and ghost EDR?

Dark Partners: Multi-Platform Crypto Theft via Fake AI, VPN, and Software Sites

Think your AI download is legit? Dark Partners turned 250+ spoofed sites into a crypto vacuum—dropping Poseidon (macOS) & PayDay (Windows) right past your AV with stolen certs

Vishing Meets Cloud: UNC6040’s Abuse of Salesforce Connected Apps for Stealthy Data Exfiltration

🎧☁️ When the “help desk” helps itself. UNC6040’s phone-phishing swarm hijacks Salesforce via a doctored Data Loader — Google fingers 20+ victims (and counting).

Newer Older