Trellix
-
Trellix says attackers accessed part of source code repository
Trellix said attackers gained unauthorized access to part of its source code repository. The company has found no evidence so far that the code was exploited or altered and is investigating with forensic experts.
-
SideWinder adopts ClickOnce-based infection chain in South Asia espionage campaign
Researchers say the SideWinder group used a new ClickOnce‑based infection chain alongside Word exploits in spear‑phishing waves from March to September 2025 to deliver ModuleInstaller and the StealerBot implant against diplomatic and government targets in South Asia.
-
XWorm backdoor resurfaces with ransomware module and dozens of plugins
Researchers at Trellix told BleepingComputer that new XWorm variants 6.0, 6.4 and 6.5 are circulating in phishing campaigns, include more than 35 plugins and a ransomware module that encrypts user files and drops ransom instructions.
-
DoNot APT Group Launches Cyber Espionage Attack on European Foreign Affairs Ministry
The DoNot APT group has launched a sophisticated cyber espionage attack on a European foreign affairs ministry, marking a significant expansion beyond its traditional focus on South Asia, according to researchers at Trellix.
