VOID#GEIST malware campaign delivers XWorm, AsyncRAT, and Xeno RAT using batch scripts, Python loaders, and explorer.exe ...

North Korea-linked ScarCruft’s Ruby Jumper uses Zoho WorkDrive C2 and USB malware to breach air-gapped systems for ...

Those aren't toys. Malware used in a sophisticated spear-phishing and infostealing campaign by Russian bad actors includes a component dubbed BlackSanta that can shut down antivirus and EDR ...

IntroductionIn December 2025, Zscaler ThreatLabz discovered a campaign linked to APT37 (also known as ScarCruft, Ruby Sleet, and Velvet Chollima), which is a DPRK-backed threat group. In this campaign ...

Signed malware backed by a stolen EV certificate deployed legitimate RMM tools to gain persistent access inside enterprise ...

North Korean hackers are deploying newly uncovered tools to move data between internet-connected and air-gapped systems, spread via removable drives, and conduct covert surveillance.

A campaign by Russian-speaking cyberattackers hijacks workflows to deliver security-busting malware, allowing attackers to steal data without detection.

North Korean hacking group APT37 was seen deploying new implants, backdoors, and other tools in attacks targeting air-gapped ...

The security researchers from Zscaler ThreatLabz have also discovered five new tools deployed by the North Korean hacking ...

The latest example is detailed by researchers at Aryaka, who this week described a campaign by an unnamed threat actor who is distributing resumés containing a malicious ISO file to HR departments. It ...

Throughout early 2026, SentinelOne’s Digital Forensics & Incident Response (DFIR) team has responded to several incidents where FortiGate Next-Generation Firewall (NGFW) appliances have been ...

A compromised Chrome extension with 7,000 users was updated to deploy malware, strip security headers, and steal cryptocurrency wallet seed phrases.