News • Insights • Analysis
Merom Harpaz, Andrea Nicola Constantino Hermes Gambazzi, and Sara Aleksandra Fayssal Hamou – three individuals who were sanctioned by the US for alleged links to commercial spyware products, have had their bans lifted recently. In a new press release published Read More …
Security researchers have uncovered enormous cybercrime infrastructure in Indonesia that’s been operating unabated for more than 14 years. The length of the operation, the domains included, the malware circulated, and the data being sold on the black market, were all Read More …
North Korean state-sponsored threat actors are targeting macOS users with new malware, utilizing a strategy that combines two popular approaches – fake job ads, and ClickFix, experts have warned. Security researchers Jamf confirmed they have spotted attacks in the wild Read More …
According to Kaspersky Security Network, in Q3 2025, 47 million attacks utilizing malware, adware, or unwanted mobile software were prevented. Trojans were the most widespread threat among mobile malware, encountered by 15.78% of all attacked users of Kaspersky solutions. More Read More …
Between 10 and 13 November 2025, the latest phase of Operation Endgame was coordinated from Europol’s headquarters in The Hague. The actions targeted one of the biggest infostealers Rhadamanthys, the Remote Access Trojan VenomRAT, and the botnet Elysium, all of Read More …
Unit 42 researchers have uncovered a previously unknown Android spyware family, which we have named LANDFALL. To deliver the spyware, attackers exploited a zero-day vulnerability (CVE-2025-21042) in Samsung’s Android image processing library. The specific flaw LANDFALL exploited, CVE-2025-21042, is not Read More …
The Polish Computer Emergency Response Team (CERT Polska) analyzed a new Android-based malware that uses NFC technology to perform unauthorized ATM cash withdrawals and drain victims’ bank accounts. Researchers found that the malware, called NGate, lets attackers withdraw cash from Read More …
A new Android malware variant is posing as popular apps, stealing sensitive files and propagating further. Experts from Zimperium revealed ClayRat, targeting primarily Russian users by spoofing popular Android apps such as WhatsApp, TikTok, Google Photos, or YouTube, distributed mostly Read More …
The online cybercrime marketplace, Russian Market, has evolved from selling Remote Desktop Protocol (RDP) access to becoming one of the most active underground hubs for information-stealing malware logs, where stolen user credentials are traded daily. Each compromised login represents a Read More …
Just weeks after the s1ngularity attack weaponized AI assistants, the NPM ecosystem was rocked by a far more dangerous threat: a self-propagating worm named Shai-Hulud. In a sobering demonstration of this rapid escalation in attack techniques, the worm has compromised Read More …
