Research
-
ESET: Gamaredon and Turla Coordinating Campaign Targets Ukrainian Institutions, Deploying Kazuar Backdoor
Security researchers have identified a coordinated campaign between Gamaredon and Turla targeting Ukrainian entities, with Kazuar backdoor deployments signaling active collaboration and evolving tactics across multiple campaigns in early 2025.
-
TA558 Deploys AI-Generated Scripts to Deliver Venom RAT, Targeting Hotels in Latin America
Kaspersky links TA558’s latest activity to the RevengeHotels cluster, where attackers use AI-generated scripts to deliver Venom RAT to hotels in Latin America through phishing emails, with goals including stealing guest credit card data and expanding their reach via AI-assisted phishing.
-
AI-assisted CopyCop disinformation network expands with hundreds of fake-news sites, researchers say
A Recorded Future Insikt Group study finds that CopyCop, a Kremlin-linked disinformation network, has expanded into hundreds of AI-generated fake-news sites, using self-hosted Llama 3 models to craft content and deepen influence across the U.S., Europe, and Canada, while funding and infrastructure details highlight the scale of the operation.
-
FileFix: New Facebook security alert spoof hijacks victims into downloading StealC infostealer, researchers warn
Security researchers have uncovered a campaign dubbed FileFix that masquerades as a Facebook security alert to trick users into executing a malicious payload, culminating in the StealC infostealer. The operation, a variant of the ClickFix social-engineering technique, shows global reach, steganography-based delivery, and a Go-based loader that drops StealC v2, with researchers noting evolving infrastructure…
-
Mustang Panda Deploys SnakeDisk USB Worm and Updated TONESHELL Backdoor, IBM X-Force Warns
IBM X-Force reports that the Mustang Panda group has deployed an updated TONESHELL backdoor alongside a new USB worm named SnakeDisk, with SnakeDisk geofenced to Thailand and capable of dropping Yokai, a reverse-shell backdoor. The investigation highlights ongoing evolution within Hive0154 and a focus on targeted regional operations.
-
ETH Zurich researchers reveal Phoenix DDR5 Rowhammer defeats TRR, enabling privilege escalation on commodity systems
Researchers from ETH Zurich and Google have disclosed Phoenix, a DDR5 Rowhammer variant that bypasses TRR protections and enables privilege escalation on commodity systems within minutes, affecting most DDR5 modules produced between 2021 and 2024. The work includes a proof-of-concept showing root access and other exploits, and provides links to the technical paper and a…
-
North Korea-linked hackers used AI-generated fake military ID in espionage campaign, researchers say
Researchers say North Korea’s Kimsuky used a deepfaked image of a military ID generated with ChatGPT to launch a July spear-phishing campaign against a South Korean defense-related institution, highlighting AI-assisted espionage tactics and the ongoing challenges of AI misuse.
-
HybridPetya ransomware emerges with UEFI Secure Boot bypass, encrypts MFT and demands Bitcoin ransom
A new ransomware strain named HybridPetya has been identified by ESET, combining traits of Petya/NotPetya with a UEFI Secure Boot bypass. The threat encrypts the Master File Table on NTFS partitions via a bootkit installed on the EFI System Partition, and demands Bitcoin ransom while offering a decryption mechanism contingent on payment. Researchers warn that…
-
ECG signals can be linked to individuals, study finds, prompting privacy cautions
A new study shows ECG signals can be linked to identifiable individuals with high accuracy, challenging traditional de-identification methods and prompting calls for stronger privacy protections in health data sharing.
-
Backdoor.Win32.Buterat Targets Government and Enterprise Networks, Researchers Say
A new analysis from Point Wild details Buterat, a long-running backdoor that targets government and enterprise networks. The malware uses thread manipulation and encrypted C2 channels to avoid detection and maintain persistence, with defenders urged to strengthen endpoints and employee training.
