The first version of the AdaptixC2 post-exploitation framework, which can be considered an alternative to the well-known Cobalt Strike, was made publicly available in early 2025. In spring of 2025, the framework was first observed being used for malicious means.
In October 2025, Kaspersky experts found that the npm ecosystem contained a malicious package with a fairly convincing name: https-proxy-utils. It was posing as a utility for using proxies within projects. At the time of this post, the package had already been taken down. The name of the package closely resembles popular legitimate packages: http-proxy-agent, which has approximately 70 million weekly downloads, and https-proxy-agent with 90 million downloads respectively.
Read more…
Source: Kaspersky
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Mirai Variant ECHOBOT Resurfaces with 13 Previously Unexploited Vulnerabilities
December 13, 2019
Since the discovery of the Mirai variant using the binary name ECHOBOT in May 2019, it has resurfaced from time to time, using new infrastructure, and more remarkably, adding to the list of vulnerabilities it scans for, as a means to increase its attack surface with each evolution. Unlike other Mirai variants, this particular variant stands out for the sheer ...
- Multi-stage downloader Trojan sLoad abuses BITS almost exclusively for malicious activities
December 12, 2019
Many of today’s threats evolve to incorporate as many living-off-the-land techniques as possible into the attack chain. The PowerShell-based downloader Trojan known as sLoad, however, puts all its bets on BITS. Background Intelligent Transfer Service (BITS) is a component of the Windows operating system that provides an ability to transfer files in an asynchronous and throttled fashion using ...
- More than a Dozen Obfuscated APT33 Botnets Used for Extreme Narrow Targeting
December 12, 2019
The threat group regularly referred to as APT33 is known to target the oil and aviation industries aggressively. This threat group has been reported on consistently for years, but our recent findings show that the group has been using about a dozen live Command and Control (C&C) servers for extremely narrow targeting. The group puts up multiple layers of obfuscation to ...
- DeCypherIT – All eggs in one basket
December 12, 2019
These days, attackers use cheap and publicly accessible services to help them bypass Anti-Virus protections and gain a foothold in their victims’ systems. We give a behind the scenes look at a service called CypherIt, which is sold publicly as a legitimate service but is used to wrap malwares and hide their malicious content. This evasion technique ...
- Zeppelin: Russian Ransomware Targets High Profile Users in the U.S. and Europe
December 11, 2019
Zeppelin is the newest member of the Delphi-based Ransomware-as-a-Service (RaaS) family initially known as Vega or VegaLocker. Although it’s clearly based on the same code and shares most of its features with its predecessors, the campaign that it’s been part of differs significantly from campaigns involving the previous versions of this malware. Vega samples were first ...
- The quiet evolution of phishing
December 11, 2019
The battle against phishing is a silent one: every day, Office 365 Advanced Threat Protection detects millions of distinct malicious URLs and email attachments. Every year, billions of phishing emails don’t ever reach mailboxes—real-world attacks foiled in real-time. Heuristics, detonation, and machine learning, enriched by signals from Microsoft Threat Protection services, provide dynamic, robust protection against email threats. Phishers have been ...