Threat Intelligence

The Sandman group's main malware is among the very few that use the Lua scripting language and its just-in-time compiler.

A financially motivated threat actor uses known vulnerabilities, ordinary TTPs, and off-the-shelf tools to exploit the unprepared, highlighting the fact that many organizations still don't focus on the security basics.

Attackers use convincing fake website interfaces and sophisticated geo-fencing to target users exclusively in Mexico and Brazil with a new variant of the malware.

The intercoms are used in thousands of apartments and offices across the world, and they can be used to spy on targets through the other devices they connect to.

The group's use of malware that forces Windows computers to reboot into Safe Mode before encrypting files is noteworthy, advisory says.

The GitLab code hijacks computer resources to mine Dero cryptocurrency as part of a larger cryptomining operation.

"SprySOCKS" melds features from multiple previously known badware and adds to the threat actor's growing malware arsenal, Trend Micro says.

Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card.

Pakistani threat group Transparent Tribe targets military and diplomatic personnel in India and Pakistan with romance-themed lures in the latest spyware campaign.

The threat cluster hasn't been seen before, but its custom Windows server backdoors have researchers intrigued thanks to their extremely effective stealth mechanisms.

"Silent Skimmer" is a technically complex campaign that has successfully targeted online businesses in the Asia Pacific region for over a year.

The LockBit group is using native IT management software to live off the land, planting and then spreading itself before deploying its ransomware.

Escalating incursions into military base infrastructure, telecom networks, utilities, and more signal that Beijing is laying the groundwork for mass disruption.

The maintainers of the widely used library recently patched multiple memory corruption vulnerabilities that attackers could have abused to, ahem, curse targets with malicious code and escalate privileges.