AI-generated Slopoly malware used by Hive0163 in 2026 attacks maintained access for over a week, highlighting how AI ...

New ClickFix variant maps WebDAV drive to run trojanized WorkFlowy app, enabling stealth C2 beacon and payload delivery.

As users (and detection tools) have gotten better at identifying the signs of a malware infection and savvy enough to avoid ...

A fake $TEMU crypto airdrop uses the ClickFix trick to make victims run malware themselves and quietly installs a remote-access backdoor.

ESET researchers document how the Sednit APT group has reemerged with a modern toolkit centered on two paired implants – BeardShell and Covenant.

Sudo in Windows is a godsend.

After several years of using simple implants, the Russia-affiliated threat actor is back with two new sophisticated malware tools.

The Russian state-sponsored APT28 threat group is using a custom variant of the open-source Covenant post-exploitation framework for long-term espionage operations.

ESET researchers have traced the reactivation of Sednit’s advanced implant team to a 2024 case in Ukraine, where a keylogger named SlimAgent was deployed.During that operation, BeardShell, a second ...

As enterprises increasing depend on cloud services, living off the land has evolved into living off the cloud.

Huntress researchers uncover campaign exploiting vulnerabilities to steal data using Elastic Cloud as a data hub ...

Throughout early 2026, SentinelOne’s Digital Forensics & Incident Response (DFIR) team has responded to several incidents where FortiGate Next-Generation Firewall (NGFW) appliances have been ...