In late August 2025, Cleafy’s Threat Intelligence team uncovered Klopatra, a new, highly sophisticated Android banking trojan and Remote Access Trojan (RAT) that grants attackers…
The monitoring and analysis of vulnerability exploitations are among the primary responsibilities of Sekoia.io’s Threat Detection & Research (TDR) team. Using honeypots, the team monitors…
Patchwork, the advanced persistent threat (APT) actor also known as Dropping Elephant, Monsoon, and Hangover Group, has been observed deploying a new PowerShell-based loader that…
China-linked advanced persistent threat (APT) group Phantom Taurus has intensified espionage operations against government and telecommunications targets across Africa, the Middle East, and Asia, deploying…
An emerging phishing campaign is targeting job seekers by masquerading as Google Careers recruiters, delivering seemingly legitimate emails that lead victims to malicious sites designed…
Japanese beer and beverage giant Asahi Group Holdings has been forced to halt production at its domestic factories as a result of a cyberattack that…
Cybercriminals are exploiting the growing popularity of artificial intelligence tools by distributing malicious Chrome browser extensions that masquerade as legitimate AI services. These fake extensions,…
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical security alert highlighting the active exploitation of a serious vulnerability in the Libraesva Email…
The Cybersecurity and Infrastructure Security Agency (CISA) has released an urgent alert for system administrators and IT teams worldwide. Researchers have confirmed that attackers are…
A newly discovered attack on the npm ecosystem has exposed a deceptive backdoor embedded in a malicious package impersonating Postmark. The package, named postmark-mcp, quietly…
A surge in attacks targeting improperly managed MS-SQL servers, culminating in the deployment of the open-source XiebroC2 command-and-control (C2) framework. Similar in functionality to legitimate…
Stormshield CTI researchers have identified two active phishing servers linked to APT35, revealing ongoing credential-stealing operations targeting government and military entities. In an active threat-hunting…
