Threats

Threats

Fake Notepad++ and 7-Zip Websites Distribute Weaponized RMM Tools to Deploy Backdoor Malware

Threat actors are exploiting legitimate Remote Monitoring and Management software as an initial infection vector, distributing weaponized RMM tools through fake download sites impersonating popular utilities like Notepad++, 7-Zip, Telegram, and ChatGPT, according to research published by ASEC. The campaigns represent a shift in attacker tactics. Traditionally, threat actors deployed

Threats

Pakistan-Linked APT Targets Indian Government with New Golang Malware Using GitHub for Command and Control

A Pakistan-linked advanced persistent threat group is targeting Indian government entities with three previously undocumented malware tools that leverage private GitHub repositories for command-and-control communication, according to research published by Zscaler ThreatLabz. The campaign, dubbed Gopher Strike, deploys a new downloader called GOGITTER, a backdoor named GITSHELLPAD, and a shellcode

Threats

Russian Malware Toolkit Guarantees Chrome Web Store Approval for $6,000

A malware-as-a-service toolkit circulating on Russian cybercrime forums offers turnkey website spoofing capabilities disguised as a Chrome extension, with its premium tier guaranteeing publication on the official Chrome Web Store, according to research published by Varonis. The toolkit, dubbed Stanley after the seller's alias, sells for $2,000

Threats

WinRAR Vulnerability Exploited to Deploy Fileless Quasar RAT Without User Consent

A malware campaign is actively exploiting a WinRAR path validation vulnerability to deliver a fileless remote access trojan without requiring macros, exploit kits, or elevated privileges, according to research published by CYFIRMA. The attack chain abuses archive extraction behavior to silently establish persistence before any visible malware execution occurs. The

Threats

Bank of England Finds Financial Firms Failing Basic Cybersecurity Controls

The Bank of England's CBEST cybersecurity assessment program has found widespread failures in basic cybersecurity practices across UK financial institutions, according to a thematic report published jointly by the Bank of England, Prudential Regulation Authority, and Financial Conduct Authority. The findings, derived from 13 threat-led penetration tests of

Threats

Sandworm Deployed New DynoWiper Malware Against Poland Energy Grid in Failed Attack

Russian state-linked threat group Sandworm targeted Poland's energy infrastructure in late 2025 with a previously undocumented data-wiping malware called DynoWiper, according to new research from ESET. Security experts have described the intrusion as one of the largest cyberattacks the country has faced in years. The attack failed to

Threats

MacSync Infostealer Targets macOS Users with Fake Terminal Commands and Trojanized Wallet Apps

A new macOS Malware-as-a-Service operation dubbed MacSync is targeting cryptocurrency users through ClickFix-style social engineering attacks that trick victims into executing a single malicious Terminal command. The campaign combines credential harvesting, multi-stage payload delivery, and trojanized hardware wallet applications to steal cryptocurrency assets and sensitive system data. Attack Chain Begins

Threats

Researchers Uncover KazakRAT Campaign Targeting Central Asian Government Entities

Security researchers at CtrlAltIntel have uncovered a persistent espionage campaign targeting government entities in Kazakhstan and Afghanistan using a previously undocumented Windows RAT they've dubbed KazakRAT. The campaign has operated since at least August 2022, with C2 infrastructure still active as of January 20, 2026. C2 Domain Takeover

Threats

Multi-Stage Campaign Delivers Amnesia RAT and Ransomware Using Defendnot to Disable Microsoft Defender

A sophisticated multi-stage phishing campaign is targeting Russian users with Amnesia RAT and ransomware derived from the Hakuna Matata family, leveraging legitimate cloud infrastructure and a novel technique to disable Microsoft Defender. The campaign, documented by Fortinet FortiGuard Labs, stands out for its abuse of defendnot—a tool that tricks

Threats

Anubis Ransomware Introduces Wiper Mode That Destroys Data Even After Payment

A ransomware-as-a-service operation called Anubis is challenging a core assumption of ransomware response: that paying the ransom guarantees data recovery. The group has introduced an optional wiper mode that permanently destroys files, making decryption impossible regardless of payment. First observed in late 2024, Anubis emerged on Russian-language cybercrime forums including

Threats

Vishing Toolkits Enable Real-Time MFA Bypass Through Synchronized Phone and Browser Attacks

Security researchers have uncovered sophisticated phishing toolkits purpose-built for voice-based social engineering attacks that synchronize fake login pages with live phone conversations to defeat multifactor authentication in real time. The toolkits, sold as-a-service to criminals, target major identity providers including Google, Microsoft, Okta, and various cryptocurrency platforms. Unlike traditional phishing

Threats

PDFSider Backdoor Deployed Against Fortune 100 Company Using DLL Side-Loading

A sophisticated Windows backdoor dubbed PDFSider has been identified in targeted attacks against enterprise environments, including a Fortune 100 financial services company. The malware demonstrates APT-grade tradecraft while being deployed in ransomware operations, blending advanced evasion techniques with financially motivated attacks. DLL Side-Loading via PDF24 Creator PDFSider is delivered through