The Ruby Jumper campaign, first identified by Zscaler ThreatLabz in December 2025, deploys multiple malware families such...
malware
The compromised Go module injects malicious code into the "ssh/terminal/terminal.go" file, specifically within the "ReadPassword()" function.
Threat actors use a fake Ivanti certificate for authentication, which, although unencrypted, can serve as a network...
The compromises are attributed to the exploitation of CVE-2025-64328, a vulnerability with a CVSS score of 8.6,...
Once the threat actor establishes persistence, it can return and expanding access.
Aeternum C2, developed in C++, operates by writing commands into smart contracts on the Polygon blockchain.
Steaelite allows cybercriminals to control victims’ machines through a single browser panel.
The attackers create fake Next.js projects, a popular JavaScript framework, and host them on platforms like Bitbucket.
SURXRAT is sold through a Telegram channel, with two licensing tiers: a Reseller Plan for a one-time...