News • Insights • Analysis
Microsoft Incident Response – Detection and Response Team (DART) researchers uncovered a new backdoor that is notable for its novel use of the OpenAI Assistants Application Programming Interface (API) as a mechanism for command-and-control (C2) communications. Instead of relying on Read More …
Palo Alto Unit 42 researchers have discovered a new Windows-based malware family they’ve named Airstalk, which is available in both PowerShell and .NET variants. Unit 42 assess with medium confidence that a possible nation-state threat actor used this malware in Read More …
Trend Research is continuously tracking the aggressive malware campaign it identified as Water Saci, which uses WhatsApp as its primary infection vector. In our previous blog, the Water Saci campaign, with its malware identified as SORVEPOTEL, automatically distributes the same Read More …
n March 2025, Kaspersky detected a wave of infections that occurred when users clicked on personalized phishing links sent via email. No further action was required to initiate the infection; simply visiting the malicious website using Google Chrome or another Read More …
Group-IB Threat Intelligence uncovered a sophisticated phishing campaign orchestrated by the Advanced Persistent Threat (APT) MuddyWater, targeting international organizations worldwide to gather foreign intelligence. MuddyWater accessed the compromised mailbox through NordVPN(a legitimate service abused by the threat actor), and used Read More …
On October 6, 2025, the developer known as “Loadbaks” announced the release of Vidar Stealer v2.0 on underground forums. This new version features a complete transition from C++ to a pure C implementation, allegedly enhancing performance and efficiency. Its release Read More …
A malware campaign was recently detected in Brazil, distributing a malicious LNK file using WhatsApp. It targets mainly Brazilians and uses Portuguese-named URLs. To evade detection, the command-and-control (C2) server verifies each download to ensure it originates from the malware Read More …
The Trend Zero Day Initiative (ZDI) Threat Hunting and Trend Research teams have identified a significant RondoDox botnet campaign that targets a wide range of internet-exposed infrastructure. This campaign consists of over 50 exploits, including unpatched router flaws across over Read More …
Trend Research is currently investigating an aggressive malware campaign that leverages online instant messaging platform WhatsApp as its primary infection vector. Unlike traditional attacks focused on theft or ransomware, this campaign is engineered for speed and propagation, abusing social trust Read More …
The Confucius group is a long-running cyber-espionage actor operating primarily across South Asia. First identified in 2013, the group is believed to have links to state-sponsored operations in the region. Over the past decade, Confucius has repeatedly targeted government agencies, Read More …