We’ve partnered with Arctic Wolf 🐺 Arctic Wolf - They extend their detection coverage with Nextron’s curated Sigma rule feed: 700+ high-quality rules - Most of our rules are generic, technique-focused, and designed to detect unknown threats - not just IOCs - We get structured

Thrilled to team up with Florian Roth ⚡️ & the talented Nextron Systems crew to bring curated #Sigma rules into Arctic Wolf. Big step forward in advancing threat detection together! 🚀 👉 nextron-systems.com/2025/08/28/adv…

New post alert! We work with Dmitry Bestuzhev to analyze trends in #LatinAmerica : 🔒 Ransomware ↑ 259% 🐺 New players like Golden Mexican Wolf emerge 💰 Banking Trojans like Mispadu still thriving 🌍 APTs expand influence across the region Link here ➡: shorturl.at/hhVQa

The #GPUGate malware, distributed via GitHub and Google Ads, uses GPU encryption. Targets users in Western Europe. #GPUGate Arctic Wolf arcticwolf.com/resources/blog…

🚨 "GPUGate" Malware Abuses Google Ads and GitHub to Deliver Advanced Malware Payload Read more: cybersecuritynews.com/gpugate-abuses… ➡️ A sophisticated malware campaign, dubbed "GPUGate," abuses Google Ads and GitHub's repository structure to trick users into downloading malicious

the malware said "no scrubs."

Dmitry Melikov thank you for sharing this article 🫶 macOS-related IoCs mentioned: hxxps://gitpage[.]app/git/mac virustotal.com/gui/file/b13d2…

Some extras: lofiufueyer\.blog github-desktop\.com oqiwquwqey\.xyz

🚫 These threat actors tried to hide their code behind the GPU. We caught them anyways. 🐺 Our Arctic Wolf Labs team uncovered a threat actor abusing GitHub’s repository structure and Google Ads to redirect users to a malicious download, while a GPU-gated decryption routine kept

Arctic Wolf | #GPUGate Malware: Malicious GitHub Desktop Implants Use Hardware-Specific Decryption, Abuse Google Ads to Target Western Europe bit.ly/46cmLYO

Brazilian #Caminho Loader Employs LSB #Steganography and #Fileless Execution to Deliver Multiple Malware Families Across South America, Africa, and Eastern Europe. arcticwolf.com/resources/blog…

Our team at Arctic Wolf has identified and analyzed a new malware loader we’re calling #Caminho, a Brazilian-origin Loader-as-a-Service op employing LSB #steganography to conceal .NET payloads within image files hosted on legitimate platforms. Full analysis, IOCs, and

🚨 New Brazilian Malware Uses Hidden Messages in Images to Stay Under the Radar "#Caminho" - a steganography malware loader originating from Brazil. It uses #LSB (Least Significant Bit) steganography to hide malicious .NET payloads inside innocent-looking image files. To the

#UNC6384 weaponizes .lnk to deliver PlugX — incidents observed against diplomatic missions in Hungary and Belgium (Sep–Oct 2025). #cybersecurity #apt arcticwolf.com/resources/blog…

From LNK to PlugX: Tracking UNC6384’s Zero-Day Abuse Chain arcticwolf.com/resources/blog… Chinese threat actor UNC6384 is actively exploiting a newly disclosed Windows LNK zero-day vulnerability (ZDI-CAN-25373) to target European diplomats with PlugX malware via Canon DLL sideloading,

Arctic Wolf | UNC6384 Weaponizes ZDI-CAN-25373 Vulnerability to Deploy PlugX Against Hungarian and Belgian Diplomatic Entities arcticwolf.com/resources/blog…

Arctic Wolf Labs reports that the China-linked threat actor UNC6384 targeted European diplomatic entities in Hungary and Belgium during September and October 2025, exploiting ZDI-CAN-25373 and deploying PlugX RAT malware. arcticwolf.com/resources/blog…

We just published new research on a #RomCom intrusion where we observed the actor leveraging SocGholish (FakeUpdate) to deliver a Mythic Agent payload against a U.S. organization that appears to be affiliated with Ukraine. Full write-up here: 🔗 arcticwolf.com/resources/blog…