%term

New Evasive Campaign Delivers LegionLoader via Fake CAPTCHA & CloudFlare Turnstile

Apr 4, 2025 By Leandro Fróes In Netskope

Starting February 2025, Netskope Threat Labs has tracked and reported on multiple phishing and malware campaigns targeting victims searching for PDF documents on search engines. Once they open the PDFs, the attackers employ various techniques to direct these victims to malicious websites or trick them into downloading malware.

Read Post

Netskope

Read more about New Evasive Campaign Delivers LegionLoader via Fake CAPTCHA & CloudFlare Turnstile

A DLS EMERGEncy! - Record breaking extortion group DLS emergence in 2025

Apr 4, 2025 By Adam Price In CYJAX

As the threat landscape continues to develop, ransomware and data broker groups constantly emerge, develop, and disband. Cyjax has observed a significant number of new data-leak sites (DLS) emerge in March 2025, with a total of 14 new sites. This is the highest observed number of extortion groups which have emerged in a single month. The second highest number was observed in September 2022, when 10 data-leak sites emerged. Overall, 21 DLSs have been identified in 2025 so far.

Read Post

CYJAX

Read more about A DLS EMERGEncy! - Record breaking extortion group DLS emergence in 2025

CoffeeLoader Malware: The Advanced Threat Evading Detection

Apr 4, 2025 By Foresiet In Foresiet

The virtual world is ever-changing, as are the cybercriminals who continue to evolve in order to circumvent even the strongest security systems. The newest threat to hit the headlines is CoffeeLoader—a second-stage payload dropper designed to bypass endpoint security tools, digital forensic tools, and EDR (Endpoint Detection and Response) tools.

Read Post

Foresiet

Read more about CoffeeLoader Malware: The Advanced Threat Evading Detection

Inside Anubis Ransomware: Tactics, Impact & Protection

Apr 4, 2025 By Foresiet In Foresiet

Recently, a new ransomware group, Anubis, has emerged, making its presence known on Twitter. The Foresiet Threat Intel team monitored their activity and observed a new ransomware operation being advertised on their account. The group updated their profile picture and began posting about their latest breaches. Through analysis of their communication patterns and language, Foresiet has determined that the operators behind Anubis likely belong to a Russian-speaking threat group.

Read Post

Foresiet

Read more about Inside Anubis Ransomware: Tactics, Impact & Protection

Does Cloud Backup Protect Against Ransomware?

Apr 3, 2025 By Internxt In Internxt

As of 2024, 75 active ransomware groups targeted healthcare industries, businesses, and individuals with the aim of threatening these individuals with data loss or leaks in return for large payouts to decrypt this data. Many security organizations and cybersecurity experts are fighting to prevent ransomware from becoming common. One question on the minds of many people related to this topic is: Does cloud backup protect against ransomware?

Read Post

Internxt

Read more about Does Cloud Backup Protect Against Ransomware?

HellCat Ransomware: What You Need To Know

Apr 3, 2025 By Graham Cluley In Tripwire

HellCat is the name of a relatively new ransomware-as-a-service (RaaS) group that first came to prominence in the second half of 2024. Like many other ransomware operations, HellCat breaks into organisations, steals sensitive files, and encrypts computer systems - demanding a ransom payment for a decryption key and to prevent the leaking of stolen files.

Read Post

Tripwire

Read more about HellCat Ransomware: What You Need To Know

Malicious Memes: How Cybercriminals Use Humor to Spread Malware

Apr 3, 2025 By Erich Kron In KnowBe4

Internet memes and viral content have become a universal language of online culture. They're easily shareable, often humorous, and can spread rapidly across various platforms. However, this same virality and cultural resonance make memes an attractive vector for cybercriminals and threat actors. Anatomy of a meme Memes are nothing new, and have been around for decades. In fact, a comic published in 1921 followed one of today's most common meme themes: ‘Expectation vs.

Read Post

KnowBe4

Read more about Malicious Memes: How Cybercriminals Use Humor to Spread Malware

Hide and Fail: Obfuscated Malware, Empty Payloads, and npm Shenanigans

Apr 3, 2025 By Willem Delbare In Aikido

‍ On March 14th 2025, we detected a malicious package on npm called node-facebook-messenger-api. At first, it seemed to be pretty run-of-the-mill malware, though we couldn’t tell what the end-goal was. We didn’t think much more of it until April 3rd 2025, when we see the same threat actor expand their attack.

Read Post

Aikido

Read more about Hide and Fail: Obfuscated Malware, Empty Payloads, and npm Shenanigans

Master Advanced Threat Investigation: Forensic Analysis with Cato Sandbox

Apr 1, 2025 By Cato Networks In Cato Networks

In this video, we walk you through how Cato Networks' anti-malware and NextGen anti-malware solutions block both known and unknown threats in real time—*before* they can spread. But stopping malware is only the beginning. Learn how Cato Sandbox takes your cybersecurity strategy to the next level by: We’ll show you how to quickly enable Cato Sandbox, demonstrate real-time malware blocking, and explore a full forensic analysis via the Cato Management Application (CMA). Watch as we break down.

View Video

Cato Networks

Read more about Master Advanced Threat Investigation: Forensic Analysis with Cato Sandbox

Babuk2 Bjorka: The Evolution of Ransomware for 'Data Commoditization'

Apr 1, 2025 By John Basmayor In Trustwave

An investigation that started with a tip from one of our threat intel sources about the revival of the Babuk (figure 1) threat group has led Trustwave SpiderLabs to uncover what appears to be a paradigm shift in the ransomware landscape. Figure 1. SpiderLabs telemetry (January 2025 events). Figure 1A. February to March events. Figure 1B. SpiderLabs telemetry (March 2025 events).

Read Post