Skip to content

News
Cybercrime
Risk
Policy
Privacy
Research
Cloud
Insurance

LinkedIn
Facebook

XWorm

TA584 adopts Tsundere Bot and XWorm in expanded initial access campaign

Cybercrime, News, Research

January 29, 2026

TA584 is using Tsundere Bot and XWorm in phishing campaigns that tripled in late 2025. The chain uses geofenced URLs, redirect systems, CAPTCHA and PowerShell in memory loaders that complicate detection.
Researchers: ClickFix social‑engineering used to deliver Amatera stealer and NetSupport RAT

Cybercrime, News, Research, Risk

November 18, 2025

Researchers say operators are using ClickFix social‑engineering to install the Amatera stealer and, conditionally, NetSupport RAT; eSentire and other vendors have published analyses and indicators tied to multiple concurrent phishing campaigns.
XWorm backdoor resurfaces with ransomware module and dozens of plugins

Cybercrime, News, Research, Vulnerabilities

October 6, 2025

Researchers at Trellix told BleepingComputer that new XWorm variants 6.0, 6.4 and 6.5 are circulating in phishing campaigns, include more than 35 plugins and a ransomware module that encrypts user files and drops ransom instructions.

About
Editorial Policy
Privacy
Contact