In early May 2025, Unit 42 researchers observed that AdaptixC2 was used to infect several systems. AdaptixC2 is a recently identified, open-source post-exploitation and adversarial emulation framework made for penetration testers that threat actors are using in campaigns.
Unlike many well-known C2 frameworks, AdaptixC2 has remained largely under the radar. There is limited public documentation available demonstrating its use in real-world attacks. Our research looks at what AdaptixC2 can do, helping security teams to defend against it. AdaptixC2 is a versatile post-exploitation framework. Threat actors use it to execute commands, transfer files and perform data exfiltration on compromised systems. Because it’s open-source, threat actors can easily customize and adapt it for their specific objectives. This makes it a highly flexible and dangerous tool.
Read more…
Source: Palo Alto Unit 42
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Dutch government is relinquishing control of Chinese-owned chipmaker Nexperia
November 19, 2025
The Dutch government said it’s relinquishing control of Chinese-owned chipmaker Nexperia, easing a standoff between China and the Netherlands that threatened supplies of semiconductors vital for global auto manufacturing. Economics Affairs Minister Vincent Karremans said Wednesday that he was suspending an earlier order to take control of Nexperia under a rarely invoked law. Read more… Source: ABC News Sign ...
- Myanmar: Authorities arrest nearly 350 in raids targeting illegal gambling and online scam centres on Thai border
November 19, 2025
On the morning of 18 November, security forces together with departmental teams conducted an operation in the Shwe Kokko area, located to the north of Myawady. First, they cleared three buildings that had been constructed without official permission. During the operation, 346 foreign nationals currently under scrutiny were arrested. Nearly ten thousand mobile phones used in ...
- Tens of thousands more ASUS routers pwned by suspected, evolving China operation
November 19, 2025
Around 50,000 ASUS routers have been compromised in a sophisticated attack that researchers believe may be linked to China, according to findings released today by SecurityScorecard’s STRIKE team. Dubbed “Operation WrtHug”, the campaign exclusively targets end-of-life ASUS WRT routers, exploiting multiple known vulnerabilities – some dating back to 2023. The affected routers are primarily concentrated in ...
- IT threat evolution in Q3 2025. Mobile statistics
November 19, 2025
According to Kaspersky Security Network, in Q3 2025, 47 million attacks utilizing malware, adware, or unwanted mobile software were prevented. Trojans were the most widespread threat among mobile malware, encountered by 15.78% of all attacked users of Kaspersky solutions. More than 197,000 malicious installation packages were discovered, including, 52,723 associated with mobile banking Trojans,1564 packages identified ...
- DoorDash says personal information of customers, dashers stolen in data breach
November 18, 2025
DoorDash confirmed a data breach that exposed the names, email addresses, phone numbers and physical addresses of some of its users, including customers, dashers and merchants. In a Help Center article published Nov. 13, DoorDash said that although hackers stole personal information from users, “no sensitive information was accessed by the unauthorized third party,” and the ...
- Hackers claim to have hit Under Armour in massive data breach
November 18, 2025
The notorious Everest ransomware group has claimed sportswear maker and retailer Under Armour as its latest victim – with the group posting what it claims is a sample of ‘more than millions of personal data’ and internal company data onto a dark web site. The dark leak site post claims the hackers have accessed and exfiltrated ...