Topic: detection evasion
-
Google: AI-Powered Malware Is Now in Active Use
Google has identified new AI-driven malware families like PromptFlux and PromptSteal that use large language models to dynamically generate malicious scripts, enabling them to evade detection and operate more flexibly. These malware variants employ AI for various malicious purposes, including sel...
Read More » -
2025 Phishing Trends: Protect Your Security Strategy Now
Phishing in 2025 became more sophisticated and identity-focused, with attacks increasingly occurring outside of email through channels like LinkedIn and manipulated search results to bypass traditional security filters. The rise of Phishing-as-a-Service kits enables real-time attacks that can byp...
Read More » -
Stealthy Fileless Malware Spreads RAT via Legitimate Tools
A fileless malware campaign uses trusted tools like ScreenConnect and PowerShell to deploy a remote access Trojan, leaving minimal forensic traces and evading detection. The attack loads payloads directly into memory via reflection, employs a .NET launcher to establish persistence and disable sec...
Read More » -
Malicious npm Packages Target Ethereum Smart Contracts
A new wave of malicious npm packages uses Ethereum smart contracts to hide command-and-control infrastructure, making detection more difficult. Attackers also created fake GitHub repositories with artificially inflated metrics to appear legitimate and target cryptocurrency developers. This campai...
Read More » -
Beyond Email: The New Frontier of Phishing Attacks
Phishing attacks are increasingly moving beyond email to exploit social media, messaging apps, and malicious ads, challenging traditional email-focused security defenses. These multi-channel attacks use sophisticated obfuscation techniques to evade detection and often target core identity platfor...
Read More » -
Google: BrickStorm Malware Stole U.S. Data for a Year
A sophisticated cyber espionage campaign using BrickStorm malware successfully stole sensitive data from American technology, legal, SaaS, and BPO companies for over a year before being detected. The malware, attributed to China-linked group UNC5221, is a versatile backdoor that operates stealthi...
Read More » -
Stealth Malware Campaign Infects Thousands via DNS TXT Abuse
The Detour Dog malware campaign has infected over 30,000 websites, using DNS TXT records for server-side attacks that remain hidden from most users, selectively targeting specific visitors for redirection or malware downloads. This attack operates by having compromised servers send DNS queries wi...
Read More » -
Beware: Fake Windows Update Screens Spread ClickFix Malware
A deceptive malware campaign uses a fake Windows Update screen to trick users into manually executing malicious commands, leading to the installation of information-stealing software. The attack employs advanced techniques like steganography to hide malicious code in PNG images and operates in me...
Read More » -
Tycoon 2FA Phishing Platform Exposes Legacy MFA Flaws
The Tycoon 2FA phishing kit enables attackers to easily bypass multi-factor authentication by using automated tools and fake login portals, primarily targeting Microsoft 365 and Gmail credentials. It intercepts user credentials and session cookies in real-time while mimicking legitimate login exp...
Read More » -
Security Can't Keep Up with Modern Attackers
Cyber threats are evolving faster than defenses, with attackers constantly refining their tactics, techniques, and procedures (TTPs), creating a widening gap between their innovation and traditional security coverage. Zero-day exploits are now widely used by criminal groups, not just nation-state...
Read More » -
SonicWall VPN Attacks Intensify, MFA Bypassed
A ransomware group named Akira is exploiting SonicWall SSL VPN appliances, primarily through a known vulnerability (CVE-2024-40766), to bypass multi-factor authentication and gain unauthorized access. The attacks are highly automated and rapid, with intruders moving quickly to scan networks and d...
Read More » -
Gootloader Evades Detection With 1,000-Part ZIP Archives
Gootloader malware now uses massively concatenated ZIP archives, a technique designed to crash common analysis tools and evade detection by exploiting parser vulnerabilities. The attack employs multiple evasion layers, including corrupted archive structures and unique file generation per download...
Read More » -
'BRICKSTORM' Backdoor: Chinese Hackers Target US Firms
A sophisticated cyber espionage campaign using the BRICKSTORM backdoor is targeting U.S. companies, particularly in legal, tech, and SaaS sectors, and is attributed to Chinese-aligned hackers with goals beyond intelligence gathering. The threat actors, known as UNC5221, employ a complex, multi-st...
Read More » -
Why Attackers Are Phishing on LinkedIn
Phishing attacks have expanded beyond email, with 34% now occurring on platforms like LinkedIn, targeting executives in finance and tech sectors, but are severely underreported due to reliance on email-focused security metrics. LinkedIn phishing evades conventional defenses by bypassing email sec...
Read More »