Cyber espionage actor deploys custom credential theft malware in new campaign targeting the telecoms sector.
SentinelLabs uncover a previously unknown set of espionage campaigns conducted by Winter Vivern advanced persistent threat (APT) group.
New Linux version of the IceFire ransomware have been observed in recent network intrusions of media and entertainment enterprises.
A new threat cluster has been targeting telecommunication providers in the Middle East and abusing Microsoft, Google and Dropbox cloud services.
An in-the-wild ELF variant of Cl0p ransomware shows the gang is looking beyond traditional Windows targets.
.NET malware loaders distributed through malvertising are using obfuscated virtualization for anti-analysis and evasion in an ongoing campaign.
A cluster of attacks SentinelLabs tracks as DragonSpark uses a novel technique, Golang source code interpretation, to avoid detection while also deploying a little-known tool called SparkRAT.
In the name of Russia's war in Ukraine, NoName057(16) abuses GitHub and Telegram in an ongoing campaign to disrupt NATO's critical infrastructure.
WMI-based attacks impact all versions of Windows and can severely impact EDRs. Claudiu Teodorescu explores how they work and how they can be detected.
Paul Rascagneres explores a macOS port of the Windows RokRAT malware and how it bypasses Apple security protections.
The first public discussion of changes in the UEFI firmware security runtime from an offensive security perspective with Alex Matrosov.
