Ransomware's Worst Halloween Nightmare: The BDRShield Backup
It’s a dark and stormy night in cyberspace. Ransomware monsters lurk in the shadows, ready to encrypt and extort unsuspecting businesses.
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
From Brazil with Love: New Tactics from Lampion
This post will describe a long-running spam campaign from a Brazilian group known for using the Lampion stealer. We’ll detail the latest updates on the infection chain and its components, share previously undescribed indicators, and cover key takeaways, including.
CTI roundup: Famous Chollima, COLDRIVER, Vidar Stealer 2.0
Famous Chollima combines BeaverTail and OtterCookie, COLDRIVER deploys three new malware families, and Vidar Stealer 2.0 demonstrates upgraded capabilities.
Widespread Installation of Calendaromatic Adware Includes Homoglyph Channel
Kroll has recently seen a widespread installation of an application called Calendaromatic, that Kroll Threat Intelligence (TI) is currently classifying as a potentially unwanted program (adware) but displays some functionality that gives it the potential to conduct more malicious behaviors.
Agentic AI Ransomware: What You Need to Know
Brace yourself for agentic AI ransomware. It's a terrifying fusion of cutting-edge tech and malicious intent that's set to redefine cyber threats as we know them. Unlike traditional ransomware, which follows pre-programmed rules, agentic AI ransomware can adapt its behavior in real-time based on its environment and the defenses it encounters.
AI Sidebar Spoofing Attack: SquareX Uncovers Malicious Extensions that Impersonate AI Browser Sidebars
SquareX released critical research exposing a new class of attack targeting AI browsers. The AI Sidebar Spoofing attack leverages malicious browser extensions to impersonate trusted AI sidebar interfaces, which is used to trick users into executing dangerous commands that can lead to credential theft, device hijacking, and password exfiltration.
Dual-Platform Backdoor from a South Asian Threat Group: StealthServer
In my ongoing monitoring of cyber threats in South Asia, I’ve encountered a series of advanced persistent threat (APT) activities. This region has long been a hotspot for sophisticated cyberattacks, with various groups ramping up their operations in terms of frequency and technical complexity. Starting from early July, I’ve captured multiple new malware samples targeting both Windows and Linux platforms.
Why Infostealer Malware Demands a New Defense Strategy
Modern breaches rarely begin with a brute-force attack on a firewall, they now start with a user login. Valid account credentials are now a top initial access vector, responsible for 30% of all intrusions. In this post, we address a common misconception surrounding the inforstealer malware that may be putting you at risk of a data breach.
Minimizing liability is not the same as security: Lessons from Recent Airport Cyber Disruptions
Blog post updated for clarity. In late September 2025, several European airports reported significant delays and flight cancellations due to disruptions with their check-in and passenger systems. As a global leader in aviation technology and the backbone of passenger travel, protection of systems and customer operations is paramount for Collins Aerospace. Nonetheless, the vendor of the vMUSE check-in system had been hit by a ransomware attack.
CTI roundup: Astaroth, TA585, Microsoft tech support scams
Astaroth trojan uses GitHub to host malware configurations, TA585 delivers MonsterV2 malware in phishing campaigns, and threat actors exploit Microsoft’s logo in tech support scams.