Security researchers have uncovered a sophisticated supply chain attack where threat actors, identified as TeamPCP, successfully backdoored the popular Telnyx Python SDK. This malicious code, introduced onto the Python Package Index (PyPI), aimed to steal sensitive credentials from developers across Windows, macOS, and Linux operating systems. The compromising versions, 4.87.1…

A well-known information-stealing malware named XLoader has recently upgraded its obfuscation tactics and methods for hiding command-and-control (C2) traffic behind decoy servers. This advanced evolution makes the malware significantly harder for cybersecurity professionals and automated tools to detect and analyze. Originally a variant of a malware family first identified in…

A new malicious software, dubbed ResokerRAT (Remote Access Trojan), has emerged, leveraging Telegram’s bot API to discreetly control and monitor infected Windows systems. This stealthy approach bypasses traditional command-and-control servers by utilizing the popular messaging platform, making it significantly harder for conventional network security tools to detect. The malware’s primary…

Hackers are increasingly weaponizing legitimate Windows tools to disable antivirus defenses, creating a critical vulnerability before launching devastating ransomware attacks. This insidious trend significantly elevates the risk and complexity of modern cyber threats. Recent research highlights that a range of commonly used Windows utilities, such as Process Hacker, IOBit Unlocker,…

A sophisticated new malware dubbed DeepLoad is posing a significant threat to enterprise networks, capable of achieving persistent access and stealing credentials through a multi-stage attack that evades common security measures. Discovered by ReliaQuest researchers, the DeepLoad campaign significantly raises the bar for cyber defenses by leveraging a deceptive user…

Cybercriminals are escalating their tax season attacks in 2026, leveraging IRS and tax filing lures to deploy malware and steal credentials. This year has seen a significant increase in organized campaigns impersonating tax authorities and company HR departments, aiming to trick individuals into compromising their digital security. The sophisticated nature…

A novel piece of malware, dubbed RoadK1ll, has emerged, transforming compromised computers into controllable network relay points for attackers. This sophisticated tool bypasses traditional security measures by establishing silent, outbound WebSocket connections, effectively turning infected hosts into pivot points for deeper network infiltration. Security researchers discovered RoadK1ll during an active…

A sophisticated threat actor, identified as TA446, has been observed deploying a newly discovered exploit kit, dubbed DarkSword, in targeted attacks against iOS users. This marks a significant and concerning evolution in TA446’s operational tactics, as prior intelligence had not indicated the group’s use of exploit kits. The campaign, detected…

A sophisticated new variant of the ClickFix attack is actively targeting Windows users, employing a novel combination of rundll32.exe and WebDAV to bypass prevalent PowerShell detection methods. This evolving threat landscape demands increased vigilance as attackers leverage built-in Windows functionalities to execute malicious payloads with reduced visibility. The ClickFix technique,…

A sophisticated new Remote Access Trojan (RAT) dubbed CrySome RAT has emerged, posing a significant threat to Windows users. Written in C#, this advanced .NET malware offers attackers comprehensive control over compromised machines, featuring potent capabilities like an AV killer and Hidden Virtual Network Computing (HVNC) for stealthy operations. Its…

A suspected North Korean operative attempted to infiltrate a cybersecurity firm by using a stolen identity and an AI-generated resume in a sophisticated remote job application scam. This incident, uncovered in June 2025, highlights the increasing complexity of state-sponsored IT worker schemes and the challenges organizations face in identifying such…

A misconfigured server hosted on a Russian bulletproof hosting provider has exposed the complete operational toolkit of a TheGentlemen ransomware affiliate, including harvested victim credentials and plaintext authentication tokens. This significant data leak offers an unprecedented look into the techniques used by this Ransomware-as-a-Service (RaaS) group, which has been actively…