Malware, attack campaigns, APT groups
Threats
Summary Attackers compromised the official download page of EmEditor, a popular text and code editor, to distribute a trojanized installer containing multi-stage malware. The attack targeted the software's primarily Japanese developer user base during the late December 2025 holiday period when security monitoring typically weakens. The malware performs
Threats
A sophisticated evolution of the ClearFake malware campaign is abusing a legitimate Windows component to execute malicious PowerShell commands while evading endpoint detection systems. The campaign, which has compromised hundreds of websites since August 2025, now leverages a command injection vulnerability in a trusted Microsoft-signed script to silently run malicious
Threats
A previously undocumented ransomware family dubbed Osiris has emerged in attacks targeting enterprise environments, with technical evidence suggesting the operators may have ties to the Inc ransomware group. Symantec's Threat Hunter Team identified the new strain during an investigation into an attack against a major food service franchisee
Threats
North Korean-linked threat actor KONNI is deploying an AI-generated PowerShell backdoor in an ongoing phishing campaign targeting software developers and engineering teams with access to blockchain infrastructure. The campaign, documented by Check Point Research, marks a notable evolution in both the group's targeting and tooling. Expanding Beyond Traditional
Threats
While much of the security industry's attention has been fixed on North Korea's sprawling IT worker infiltration schemes, Pyongyang's traditional cyber espionage units have been far from idle. New research from WithSecure reveals that Andariel—a state-sponsored group linked to the RGB's
Threats
CISA, the NSA, and the Canadian Centre for Cyber Security have issued a joint malware analysis report warning that Chinese state-sponsored actors are using BRICKSTORM, a sophisticated backdoor designed for long-term persistence in VMware vSphere and Windows environments. The advisory, first published in December 2025 and updated with additional samples,
Threats
Microsoft is introducing the External Domains Anomalies Report for Teams, a security feature designed to help administrators identify suspicious external communications before they escalate into breaches. The tool, scheduled for global rollout in February 2026, addresses a critical gap as threat actors increasingly exploit Teams for social engineering campaigns. How
Threats
Iranian state-sponsored hacking groups have significantly escalated their operations against U.S. and Israeli targets over the past year, shifting from opportunistic cyber espionage to sustained campaigns aimed at critical infrastructure, cloud environments, and supply chains. The shift reflects what security researchers describe as the full militarization of Iran'
Threats
North Korea's Lazarus Group is targeting software developers through fake job recruiters on LinkedIn, Fiverr, and UpWork, delivering a three-stage malware attack via a malicious npm package. Security researchers at OpenSourceMalware uncovered the campaign, which uses the package tailwindcss-forms-kit - disguised as a legitimate Tailwind CSS utility -
Threats
The identity behind one of the most prolific cybercriminal personas of recent years has been revealed. IntelBroker, the hacker who haunted major corporations and government agencies, is Kai Logan West - a 25-year-old British national and former National Crime Agency trainee. West was arrested in France in February 2025 and
Threats
Check Point Research has documented what they believe is the first truly advanced malware framework built almost entirely by artificial intelligence, developed by a single individual in under a week. The discovery of VoidLink marks a significant shift in the threat landscape, demonstrating how AI can enable lone actors to
Threats
A 40-year-old Jordanian man has pleaded guilty in U.S. federal court to operating as an "access broker," selling unauthorized network access to at least 50 victim companies. Feras Khalil Ahmad Albashiti, who operated under the alias "r1z," entered his plea before U.S. District Judge