WineLoader
-
PipeMagic backdoor used in RansomExx attacks tied to patched Windows vulnerability CVE-2025-29824
Security researchers say the PipeMagic backdoor, used in RansomExx attacks, exploits a patched Windows vulnerability (CVE-2025-29824) and leverages a modular loader to deploy additional payloads, with activity spanning Saudi Arabia, Brazil and beyond.
-
Russian APT29 Launches New Phishing Campaign Targeting Embassies with Sophisticated Malware
Russian state-sponsored group Midnight Blizzard, also known as APT29, has launched a highly targeted phishing campaign against European embassies, utilizing a new malware loader named GrapeLoader and an evolved version of the WineLoader backdoor. Experts from Check Point Research warn that these developments require advanced multi-layered defenses to counteract the increased sophistication of this cyber…
