A critical vulnerability within Apache ActiveMQ (CVE-2023-46604) has been actively exploited by threat actors, leading to a full ransomware deployment by the LockBit group across an enterprise network. The attackers utilized this remote code execution flaw to gain initial access to a Windows server and subsequently encrypt systems via Remote…

In 2025, threat actors significantly increased their use of artificial intelligence tools to launch rapid and precise network intrusions, a trend detailed in CrowdStrike’s 2026 Global Threat Report. The report indicates an 89% year-over-year surge in attacks by AI-enabled adversaries, who leveraged automation and machine-generated scripts to reduce the time…

Hackers are employing a sophisticated stealth tactic, embedding malware within seemingly harmless PNG images to bypass security defenses. A recently discovered malicious NPM package, dubbed `buildrunner-dev`, has been found to conceal .NET malware inside these images, utilizing steganography to evade antivirus scans and ultimately deploy a Remote Access Trojan (RAT)…

Atomic macOS Stealer (AMOS), a notorious data-theft malware previously distributed through cracked software, has adopted a new and concerning delivery method: malicious OpenClaw skills. This shift repurposes extensions for AI agent platforms into a vector for infecting macOS users. AMOS is a malware-as-a-service (MaaS) tool designed to pilfer sensitive information…

A sophisticated supply chain attack is targeting ASP.NET developers, with four malicious NuGet packages designed to steal sensitive login credentials and establish persistent backdoors within web applications. These nefarious packages, identified by security researchers, have already garnered significant downloads, raising alarms about the security of the software development ecosystem. The…

A sophisticated Russian-linked cybercrime group, known as Diesel Vortex, has been identified as the perpetrator behind a widespread phishing campaign targeting the global logistics sector. The operation, active from September 2025 to February 2026, successfully pilfered over 1,600 login credentials from professionals in the freight and trucking industries across the…

A sophisticated cyberattack campaign is leveraging a convincing fake version of the popular Huorong Security antivirus website to distribute a dangerous Remote Access Trojan (RAT) known as ValleyRAT. Threat intelligence indicates this operation is tied to the Silver Fox APT group, a Chinese-speaking entity notorious for compromising legitimate software. The…

A new malware campaign, dubbed ClickFix, is emerging in early 2026, employing sophisticated social engineering tactics that utilize fake CAPTCHA verification pages to trick users into executing malicious commands. This campaign exhibits significant behavioral similarities to a previously observed ClickFix campaign targeting restaurant reservation systems in July 2025, indicating a…

Cybersecurity researchers are tracking a threat activity cluster, dubbed UnsolicitedBooker, that has been observed targeting telecommunications companies in Kyrgyzstan and Tajikistan. This marks a notable shift from previous attacks attributed to the group, which were primarily aimed at Saudi Arabian entities. The UnsolicitedBooker group is employing two distinct backdoors, codenamed…

Cyberattackers demonstrated unprecedented speed and diversity of tactics last year, according to CrowdStrike’s latest global threat report. The cybersecurity firm found that threat groups are increasingly relying on exploiting trusted systems and predictable methodologies to achieve rapid network access and evade detection. This acceleration means organizations must adapt to faster-moving…

In early February 2026, threat actors were discovered to be leveraging Large Language Models (LLMs) like DeepSeek and Claude in sophisticated active intrusion campaigns targeting FortiGate SSL VPN appliances globally. This alarming development signals a significant evolution in cybercrime, where advanced AI tools are integrated directly into the attack lifecycle…

A sophisticated threat actor, identified as GrayCharlie, has been actively compromising WordPress websites since mid-2023, subtly injecting malicious JavaScript to distribute malware to unsuspecting visitors. This group, which shows overlap with the previously tracked SmartApeSG cluster (also known as ZPHP or HANEMONEY), primarily leverages the NetSupport RAT, a potent remote…