%term

PureHVNC RAT Using Fake High-level Job Offers from Fashion and Beauty Brands

May 28, 2025 By Leandro Fróes In Netskope

In recent months, the Netskope Threat Labs team has observed several different campaigns delivering the PureHVNC RAT and its plugins. In 2024, the same malware was observed being delivered via a Python chain, and a few days ago, it was also observed using genAI sites to lure victims. In this blog post, we’ll describe an infection chain using different methods to lure the victim and successfully deliver the PureHVNC RAT.

Read Post

Netskope

Read more about PureHVNC RAT Using Fake High-level Job Offers from Fashion and Beauty Brands

What Is a Remote Access Trojan (RAT), and Why Should You Care?

May 28, 2025 By Emma Stevens In BitSight

According to our 2025 State of the Underground report—in which we take a look back at cybercrime on the deep and dark web from the past year—384 unique varieties of malware were sold in 2024, an increase from 349 in 2023. To determine this number, our research team examined malware and hacking tools for sale on the top three criminal forums, and as a result, we found that Remote Access Trojans (RATs) were the second most common form of malware in 2024, just behind stealer malware.

Read Post

BitSight

Read more about What Is a Remote Access Trojan (RAT), and Why Should You Care?

May 27, 2025 Cyber Threat Intelligence Briefing

May 27, 2025 By Kroll In Kroll

This week’s briefing covers: Joint Cybersecurity Advisory released on KTA007 (APT28) A joint advisory has been released warning of Russian-attributed threat actors targeting western logistics entities and technology companies since 2022. Microsoft leads global action to disrupt LUMMASTEALER Microsoft’s Digital Crimes Unit has recently seized and facilitated the takedown, suspension, and blocking of approximately 2,300 malicious domains that formed the backbone of LUMMASTEALER infrastructure.

View Video

Kroll

Read more about May 27, 2025 Cyber Threat Intelligence Briefing

What Is Extortionware? Going Beyond Ransomware

May 27, 2025 By Shaun Quarton In Splunk

Extortionware involves stealing sensitive data from an organization and threatening to leak it. It’s become a core tactic in the modern ransomware playbook, and if your business holds valuable or confidential information, it’s a threat you can’t afford to ignore. Today, we’re taking a closer look at what extortionware is, how it works, and why it’s become one of the most difficult cyber threats to defend against.

Read Post

Splunk

Read more about What Is Extortionware? Going Beyond Ransomware

Why Codefinger represents a new stage in the evolution of ransomware

May 27, 2025 By Justin Giardina, Chief Technology Officer In 11:11 Systems

Forget typical ransomware! Codefinger hijacked cloud keys directly, exposing backup flaws and shared responsibility risks. Time to rethink defence. If you didn't pay much attention to news of the recent Codefinger ransomware attack, it's possibly because ransomware has become so prevalent that major incidents no longer feel notable. But Codefinger is not just another ransomware breach to add to the list of incidents where businesses lost sensitive data to attackers. In key respects, Codefinger represents a substantially new type of ransomware attack.

Read Post

11:11 Systems

Read more about Why Codefinger represents a new stage in the evolution of ransomware

How To Remove Adware From Your Computer

May 25, 2025 By Keeper Security In Keeper

Is your computer slowing down with endless pop-ups? You may have adware! Learn how to remove adware from your computer in three simple steps and how to stop adware from coming back by watching this quick video.

View Video

Keeper

Read more about How To Remove Adware From Your Computer

3AM Ransomware Attackers Pose as IT Support to Compromise Networks

May 23, 2025 By Graham Cluley In Tripwire

Cybercriminals are getting smarter. Not by developing new types of malware or exploiting zero-day vulnerabilities, but by simply pretending to be helpful IT support desk workers. Attackers affiliated with the 3AM ransomware group have combined a variety of different techniques to trick targeted employees into helping them break into networks. It works like this.

Read Post

Tripwire

Read more about 3AM Ransomware Attackers Pose as IT Support to Compromise Networks

The Lumma Stealer InfoStealer: The Details

May 22, 2025 By Coral Tayar In Cyberint

Original Article published Decmber 2023. Update May 22nd 2025: The FBI has seized user panels and other Lumma C2 infrastructure. As of now, we don’t see the Lumma info-stealer disappearing from the arena. Our team is on guard to check and analyze the changes. This case shares similarities with the so called seizure of infrastructure of RedLine and Metta info stealers in October 2024 by the FBI, DOJ, Dutch authorities, etc.

Read Post

Cyberint

Read more about The Lumma Stealer InfoStealer: The Details

CrowdStrike Collaborates with U.S. Department of Justice on DanaBot Takedown

May 22, 2025 By Counter Adversary Operations In CrowdStrike

Effective collaboration is essential when confronting today's sophisticated cyber adversaries, particularly those operating with state tolerance or direction. At CrowdStrike, we routinely work alongside law enforcement agencies and industry partners to identify, monitor, and mitigate cyber threats. Recently, we provided technical assistance to the U.S.

Read Post

CrowdStrike

Read more about CrowdStrike Collaborates with U.S. Department of Justice on DanaBot Takedown

SafeBreach Coverage for US CERT AA25-141B (Sticky Werewolf)

May 22, 2025 By Tova Dvorin In SafeBreach

On May 21, 2025, the FBI and CISA released a joint Cybersecurity Advisory (CSA), designated AA25-141B, warning about the rise in attacks leveraging LummaC2, attributed to a threat group referred to internally as Sticky Werewolf, this cyber espionage campaign has used LummaC2 malware since at least April 2023 to target Russian and Belarusian government agencies, science centers, and aviation manufacturers.

Read Post