Iranian state-sponsored threat actor MuddyWater has launched a sophisticated espionage campaign targeting government and telecom sectors across nine countries using DLL side-loading techniques. The operation leverages legitimate applications to execute malicious payloads while evading detection, dem
Threat actors are distributing the Deno-based remote access trojan (RAT) through fake software repositories on GitHub and SourceForge. These malicious packages masquerade as legitimate development tools and productivity software, targeting developers and tech-savvy users. The Deno RAT provides attac
A severe vulnerability in 7-Zip, one of the world’s most popular file compression utilities, allows attackers to execute arbitrary code on victim systems through specially crafted archive files. The flaw affects multiple versions of the software and poses significant risks to organizations and indiv
InvisibleFerret malware has evolved its evasion tactics by abandoning traditional Python scripts in favor of compiled Python (.pyd) and shared object (.so) files. This strategic shift allows the malware to bypass signature-based detection systems that primarily focus on script-based threats. The upd
Threat actors are employing sophisticated social engineering tactics by disguising malicious Linux payloads as legitimate SSH-related files during software package installations. The attack leverages user trust in familiar system utilities, hiding malware within files named to resemble standard Open
A clothing merchandise website associated with FBI Director Kash Patel was compromised by threat actors deploying ClickFix malware, a sophisticated social engineering attack that tricks victims into executing malicious PowerShell commands. The attack leveraged fake CAPTCHA verification prompts to di
A sophisticated supply chain attack orchestrated by the threat group TeamPCP has successfully infiltrated GitHub and Microsoft infrastructure, with malicious activity detected through May 24, 2026. The campaign leverages compromised developer accounts and poisoned packages to distribute malware acro
A critical zero-click vulnerability affecting WhatsApp on iOS 16 devices allows attackers to silently hijack accounts without any user interaction. The exploit bypasses WhatsApp’s linked device notifications, leaving victims completely unaware their accounts have been compromised. Security researche
Iranian state-sponsored threat actors are leveraging Microsoft Azure cloud infrastructure to host command-and-control (C2) domains for their custom MiniUpdate remote access trojan (RAT). This sophisticated espionage campaign exploits the trust associated with legitimate cloud services to evade detec
A critical SQL injection vulnerability in Ghost CMS is being actively exploited in a widespread ClickFix social engineering campaign. Attackers are compromising Ghost-powered websites to inject malicious scripts that display fake error messages, tricking users into executing PowerShell commands that