New blog is out on #NightshadeC2! Newly discovered botnet with capabilities like reverse shell, password/cookie theft, remote control, and more. Loader relies on UAC Prompt Bombing to force victims into excluding payload in Windows Defender! esentire.com/blog/new-botne…

ESET researchers have identified a new threat actor: GhostRedirector targets Windows servers with a passive C++ backdoor (Rungan) and a malicious IIS module (Gamshen) that manipulates Google search results. welivesecurity.com/en/eset-resear…

The #GPUGate malware, distributed via GitHub and Google Ads, uses GPU encryption. Targets users in Western Europe. #GPUGate Arctic Wolf arcticwolf.com/resources/blog…

Newly discovered Charon ransomware leverages elliptic curve cryptography and a modified ChaCha20 cipher, partially encrypting files for speed. Trend Vision One™ provides detection queries to help teams sweep for IOCs: ⬇️ research.trendmicro.com/47eRoiv

Since April 2025, Gunra ransomware has targeted enterprises across Brazil, Japan, Canada, the United States, and other regions, affecting sectors such as healthcare, manufacturing, transportation, IT, and agriculture. Strengthen defenses with full insights: ⬇️

A new ransomware strain named #Yurei has emerged. It is believed to be a variant of PrincessLocker and is written in Go. sample: virustotal.com/gui/file/49c72… sample: virustotal.com/gui/file/89a54… sample: virustotal.com/gui/file/f5e12… rule: valhalla.nextron-systems.com/info/rule/MAL_…

Did you know? The PrincessLocker ransomware family has spawned multiple variants over time. Here are some of its known offshoots - Banderas - EByte - SatanLock - GoConti - HexaLocker - JustIce - Kalingrad - CrazyHunter - CYB3R-L0CK3R

Insikt Group identifies a new threat actor, TAG-150, active since at least March 2025. Its multi-layered infrastructure is used to deploy likely self-developed malware families, including CastleLoader, CastleBot, and the newly documented CastleRAT. recordedfuture.com/research/from-…

Bitdefender’s Jade Brown profiles SafePay, a non-RaaS ransomware group with hundreds of victims. TTPs include credential compromise, VPN exploitation, IT-staff impersonation, PsExec for lateral movement, and data exfiltration via WinRAR and FileZilla. businessinsights.bitdefender.com/safepay-ransom…

APT37 Targets Windows with Rust Backdoor and Python Loader C2 Server zscaler.com/blogs/security…

Myth Stealer http[://213.136.81.217[:8080 kedi[.mythstealer.win 4c6f0497d3903bb7a51466a78aa288bc564b7403ed2dc0682aee37c4e6648e01 more sample in VT communicating files

Zscaler ThreatLabz identifies a campaign active since early May 2025 targeting Chinese-speaking users that delivers ValleyRAT, FatalRAT, & the newly named kkRAT. The blog details the attack chain and kkRAT’s features, network protocol, commands, & plugins. zscaler.com/blogs/security…

🧪 Under the Pure Curtain: From RAT to Builder to Coder A deep dive into the Pure malware ecosystem — from IR engagement with ClickFix campaign to Rust loader and PureHVNC RAT deployment. research.checkpoint.com/2025/under-the…

Just published a deep dive into APT27 (Emissary Panda/Iron Tiger/Lucky Mouse), a Chinese state-sponsored cyber-espionage group active since 2010, known for spear-phishing, watering-hole attacks and exploitation of internet-facing applications. dexpose.io/threat-actor-p…

#Lazarus BeaverTail variant distributed via malicious repositories and ClickFix lure gitlab-com.gitlab.io/gl-security/se…

🚨Lazarus escalated activities in 2025 with companies already suffering billions in losses. This APT’s attacks are evolving and getting harder to detect. Read actionable report on its current campaigns to be ready for the next attack ⬇️ thn.news/lazarus-threat…

Silly EDR Bypasses and Where To Find Them malwaretech.com/2023/12/silly-…

Elastic Security Labs publishes nightMARE, a Python library (v0.16) for malware analysis and for building configuration extractors. elastic.co/security-labs/…

New blog from WKL: WinDbg Time Travel Debugging vs. Intel Processor Trace CPU instruction tracing is insanely powerful for RE + threat hunting but still underused. Alan Sguigna breaks down the tradeoffs, strengths, and when to use each. whiteknightlabs.com/2025/10/14/mic…

#Lazarus Operation DreamJob targets the UAV sector DroneEXEHijackingLoader.dll /ScoringMathTea RAT welivesecurity.com/en/eset-resear…