In early May 2025, Unit 42 researchers observed that AdaptixC2 was used to infect several systems. AdaptixC2 is a recently identified, open-source post-exploitation and adversarial emulation framework made for penetration testers that threat actors are using in campaigns.
Unlike many well-known C2 frameworks, AdaptixC2 has remained largely under the radar. There is limited public documentation available demonstrating its use in real-world attacks. Our research looks at what AdaptixC2 can do, helping security teams to defend against it. AdaptixC2 is a versatile post-exploitation framework. Threat actors use it to execute commands, transfer files and perform data exfiltration on compromised systems. Because it’s open-source, threat actors can easily customize and adapt it for their specific objectives. This makes it a highly flexible and dangerous tool.
Read more…
Source: Palo Alto Unit 42
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Hyundai IT services breach could put 2.7 million Hyundai, Kia owners in the US at risk
November 7, 2025
Hyundai AutoEver America (HAEA), the carmaker’s IT-services subsidiary servicing the North American region, has confirmed suffering a cyberattack and lost sensitive customer data as a result. In a data breach notification letter recently sent out to affected individuals, HAEA explained that the attack began on February 22, 2025, and lasted until March 2, when the attackers ...
- U.S. Congressional Budget Office confirms it was hacked
November 7, 2025
The U.S. Congressional Budget Office has confirmed it was hacked. Caitlin Emma, a spokesperson for CBO, told TechCrunch on Friday that the agency is investigating the breach and “has identified the security incident, has taken immediate action to contain it, and has implemented additional monitoring and new security controls to further protect the agency’s systems ...
- Cisco Releases Security Updates for Unified CCX
November 6, 2025
Cisco has released security updates to address two critical vulnerabilities in Unified Contact Center Express (Unified CCX). CVE-2025-20354 – Unauthenticated Remote Code Execution (RCE) vulnerability – CVSSv3 score: 9.8 CVE-2025-20358 – Authentication Bypass (unauthenticated to administrative privileges) vulnerability – CVSSv3 score: 9.4 Read more… Source: NHS Digital Sign up for the Cyber Security Review Newsletter The latest cyber security news and ...
- SonicWall blames state hackers for damaging data breach
November 6, 2025
SonicWall has blamed “state-sponsored threat actors” for the cloud backup security breach which hit its services in September 2025. In an update posted on the company’s website, SonicWall said it completed the investigation into the incident, and confirmed that the malicious activity was “carried out by a state-sponsored threat actor” and was “isolated to the unauthorized ...
- Malware-pwned laptop gifts cybercriminals Nikkei’s Slack
November 6, 2025
Japanese media behemoth Nikkei has admitted to a data breach after miscreants slipped into its internal Slack workspace, exposing the personal details of more than 17,000 employees and business partners.… The company blamed the intrusion on malware that infected an employee’s device, letting attackers pinch Slack credentials and waltz into its chat system. Once the suspicious ...
- Android malware steals your card details and PIN to make instant ATM withdrawals
November 6, 2025
The Polish Computer Emergency Response Team (CERT Polska) analyzed a new Android-based malware that uses NFC technology to perform unauthorized ATM cash withdrawals and drain victims’ bank accounts. Researchers found that the malware, called NGate, lets attackers withdraw cash from ATMs (Automated Teller Machines, or cash machines) using banking data exfiltrated from victims’ phones—without ever physically ...