Firestarter malware survives Cisco firewall updates, security patches

Cybersecurity agencies in the U.S. and U.K. are warning about a custom malware called Firestarter persisting on Cisco ...
The Hacker News

Tropic Trooper Uses Trojanized SumatraPDF and GitHub to Deploy AdaptixC2

Tropic Trooper used trojanized SumatraPDF and GitHub C2 in 2024 to deploy AdaptixC2, enabling covert VS Code tunnel access.
Security Boulevard

Tropic Trooper Pivots to AdaptixC2 and Custom Beacon Listener

IntroductionOn March 12, 2026, Zscaler ThreatLabz discovered a malicious ZIP archive containing military-themed document lures targeting Chinese-speaking individuals. Our analysis of this sample ...
The Hacker News

Researchers Detect ZionSiphon Malware Targeting Israeli Water, Desalination OT Systems

Cybersecurity researchers have flagged a new malware called ZionSiphon that appears to be specifically designed to target ...
Security Boulevard

A fake Slack download is giving attackers a hidden desktop on your machine

This trojanized Slack installer looks normal, but quietly gives attackers an invisible desktop to access your accounts and ...

New AgingFly malware used in attacks on Ukraine govt, hospitals

A new malware family named 'AgingFly' has been identified in attacks against local governments and hospitals that steal ...
CSOonline

XWorm campaign shows a shift toward fileless malware and in-memory evasion tactics

In a newly disclosed multi-stage threat campaign, attackers were seen skipping disk and leaning on in-memory tricks to deliver the XWorm remote access trojan (RAT). According to Forcepoint Labs’ ...
Infosecurity-magazine.com

Chinese APT Group Targets Web Hosting Services in Taiwan

A newly identified Chinese advanced persistent threat (APT) group is targeting web infrastructure providers in Taiwan, with a focus on long-term access and data theft, according to Cisco Talos. The ...
GitHub

ZYPE: Your Payload Encryptor

In the following example, I will use MSFvenom to generate a Windows shellcode to execute calc.exe and use ZYPE to do the IPv6 obfuscation. Let's first generate the shellcode. This will generate the ...
CSOonline

Stealth RAT uses a PowerShell loader for fileless attacks

Remcos RAT gets a stealthy upgrade as attackers ditch old office exploits for a fileless PowerShell loader that runs entirely in memory. Threat actors have been spotted using a PowerShell-based ...