Topic: command and control
-
eScan AV Users Hit by Malicious Update Attack
Unknown attackers compromised eScan's update server, weaponizing it to deploy a malicious downloader that disabled the antivirus and blocked future security updates. The breach, detected in January 2026, forced the vendor to take its global update system offline and required many users to manuall...
Read More » -
Stealthy Fileless Malware Spreads RAT via Legitimate Tools
A fileless malware campaign uses trusted tools like ScreenConnect and PowerShell to deploy a remote access Trojan, leaving minimal forensic traces and evading detection. The attack loads payloads directly into memory via reflection, employs a .NET launcher to establish persistence and disable sec...
Read More » -
Active Attacks Target Unpatched SolarWinds WHD Systems
Attackers are exploiting unpatched SolarWinds Web Help Desk systems to gain network access, using "living-off-the-land" techniques like legitimate remote access tools to avoid detection. Once inside, they deploy a weaponized version of the Velociraptor forensics tool for command-and-control, enab...
Read More » -
EDR Exploited for Stealthy Ransomware Attacks
Attackers are exploiting trusted security tools like EDR software and Windows utilities to deploy malware with stealth and persistence, shifting from mass phishing to more sophisticated methods. A specific attack involved social engineering to execute malicious commands, sideloading a rogue DLL v...
Read More » -
Russian Hackers Hide Malware in CAPTCHA Tests
Star Blizzard, a Russian state-sponsored hacking group, has escalated cyber-espionage by hiding malware like NoRobot, YesRobot, and MaybeRobot within fake CAPTCHA pages, using social engineering tactics to trick targets into executing harmful code. The group rapidly abandoned its previous LostKey...
Read More » -
AI-Powered Malware Targets Iranian Protesters
A sophisticated cyber campaign named **RedKitten** is targeting individuals and organizations in Iran, particularly human rights and political dissent groups, using AI-generated content and emotionally manipulative lures to deploy spyware. The operation employs a malicious implant called **Sloppy...
Read More » -
'BRICKSTORM' Backdoor: Chinese Hackers Target US Firms
A sophisticated cyber espionage campaign using the BRICKSTORM backdoor is targeting U.S. companies, particularly in legal, tech, and SaaS sectors, and is attributed to Chinese-aligned hackers with goals beyond intelligence gathering. The threat actors, known as UNC5221, employ a complex, multi-st...
Read More » -
Russian Hackers Attack Using New Microsoft Office Bug
Russian state-backed hackers (APT28/Fancy Bear) are actively exploiting a patched Microsoft Office vulnerability (CVE-2026-21509) in targeted attacks against Ukrainian and EU entities, using phishing emails with malicious documents. The attack delivers sophisticated malware via a complex WebDAV c...
Read More »