Morphisec

eScan update server breached to deliver malicious update on January 20 2026

Cybercrime, News, Vendors, Vulnerabilities

January 29, 2026

An eScan update server was breached on January 20 2026 and pushed a malicious update to a subset of customers. Morphisec’s security bulletin details the modified updater and final backdoor payload.
GitHub repositories used to deliver new PyStoreRAT JavaScript RAT

Cybercrime, News, Research, Vendors

December 13, 2025

Researchers say GitHub-hosted Python repositories have been used to deliver a JavaScript-based RAT called PyStoreRAT that executes remote HTA payloads, deploys a Rhadamanthys stealer and includes persistence and evasion measures; Chinese vendor QiAnXin also reported a separate SetcodeRat campaign.
Malicious Blender .blend files used to deliver StealC V2, researchers say

Cybercrime, News, Research, Risk, Vulnerabilities

November 25, 2025

Researchers at Morphisec say a campaign has used malicious Blender .blend files uploaded to free 3D asset sites to execute embedded Python scripts and deliver the StealC V2 information stealer and a secondary Python stealer; the attack runs when Blender’s Auto Run option is enabled.
Researchers detail use of Tuoni C2 in attack on U.S. real-estate firm

Cybercrime, Research, Risk, Vendors

November 19, 2025

Researchers said attackers used the Tuoni C2 framework in a mid-October 2025 intrusion attempt against a U.S. real-estate firm, employing social engineering, PowerShell downloaders, BMP steganography and in-memory execution; the campaign was detected and blocked.

Morphisec

eScan update server breached to deliver malicious update on January 20 2026

GitHub repositories used to deliver new PyStoreRAT JavaScript RAT

Malicious Blender .blend files used to deliver StealC V2, researchers say

Researchers detail use of Tuoni C2 in attack on U.S. real-estate firm