The first version of the AdaptixC2 post-exploitation framework, which can be considered an alternative to the well-known Cobalt Strike, was made publicly available in early 2025. In spring of 2025, the framework was first observed being used for malicious means.
In October 2025, Kaspersky experts found that the npm ecosystem contained a malicious package with a fairly convincing name: https-proxy-utils. It was posing as a utility for using proxies within projects. At the time of this post, the package had already been taken down. The name of the package closely resembles popular legitimate packages: http-proxy-agent, which has approximately 70 million weekly downloads, and https-proxy-agent with 90 million downloads respectively.
Read more…
Source: Kaspersky
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Nation-State Attacks Drop in Latest Google Analysis
March 30, 2020
Google has registered a significant drop in government-backed cyberattacks against its properties and the people who use its products. Google sends out warnings if it detects that an account is a target of government-backed phishing or malware attempts. For 2019, the internet giant sent almost 40,000 warnings – which, while a large number, is still a ...
- Zeus Sphinx Banking Trojan Arises Amid COVID-19
March 30, 2020
According to researchers Amir Gandler and Limor Kessem at IBM X-Force, Sphinx (a.k.a. Zloader or Terdot) began resurfacing in December. However, the researchers observed a significant increase in volume in March, as Sphinx’s operators looked to take advantage of the interest and news around government relief payments. First seen in August 2015, Sphinx is a modular ...
- A mysterious hacker group is eavesdropping on corporate email and FTP traffic
March 28, 2020
Since at least early December 2019, a mysterious hacker group has been taking over DrayTek enterprise routers to eavesdrop on FTP and email traffic inside corporate networks, Chinese security firm Qihoo 360 said today. In a report published on the blog of its network security division Netlab, Qihoo said its researchers detected two different threat actors, each exploiting ...
- Cyber criminals shift focus to target remote workers
March 27, 2020
Criminals are only just getting started when it comes to exploiting the global spread of coronavirus to profit from hacking and cybercrime, and the number of attacks is likely to rise, Europe’s law enforcement agency Europol has warned. The new report on how criminals profit from the COVID-19 pandemic details the increase in coronavirus-themed attacks, including phishing emails and spam ...
- Ryuk Ransomware Keeps Targeting Hospitals During the Pandemic
March 26, 2020
The Ryuk Ransomware operators to continue to target hospitals even as these organizations are overwhelmed during the Coronavirus pandemic. Last week BleepingComputer contacted various ransomware groups and asked if they would target hospitals and other healthcare organizations during the pandemic. With the amount of strain healthcare organizations are under during this pandemic, I was hoping that ransomware operators would ...
- Ransomware Maze
March 26, 2020
The Maze ransomware, previously known in the community as “ChaCha ransomware”, was discovered on May the 29th 2019 by Jerome Segura. The main goal of the ransomware is to crypt all files that it can in an infected system and then demand a ransom to recover the files. However, the most important characteristic of Maze is the ...