fp-3b

Average breakout time drops to 18 minutes (June-August 2025, per ReliaQuest), fueled by automation and Oyster malware's abuse of rundll32.exe for DLL loading via scheduled tasks. Learn about Gamarue USB attacks, AI-driven malvertising, and defenses like behavioral monitoring.

The npm package "fezbox" (alias janedu) disguises as a JS/TS utility library but hides credential-stealing code in a Cloudinary QR image. Discovered by Socket Threat Research, it uses reversed strings and obfuscation to evade detection—learn risks and defenses like CI/CD scanning and zero-trust dependencies.

Malicious fake online speedtest tools, uncovered September 21, 2025, use obfuscated JavaScript, Node.js, and Inno Setup to exfiltrate system data to C2 servers like cloud.appusagestats[.]com. Learn about XOR-encoded commands, execution risks, and key mitigations like EDR and app whitelisting.

Iranian threat group Nimbus Manticore (UNC1549) targets job seekers with phishing via fake recruitment sites mimicking Boeing and Airbus, delivering evasive malware like MiniJunk and MiniBrowse. Explore tactics, expansion to Western Europe, and essential mitigations for defense and telecom sectors.

Kawa4096 ransomware, active since June 2025, attacks multinational firms using double extortion by stealing data before encryption and threatening public leaks. It employs partial encryption and deletes shadow copies to prevent recovery.

SentinelLABS uncovers MalTerminal, an early LLM-enabled malware using OpenAI's GPT-4 to dynamically create ransomware or reverse shells at runtime, evading detection and marking a new era in AI-driven cyber threats.

Zero Salarium's EDR-Freeze proof-of-concept uses Windows' MiniDumpWriteDump to freeze EDR and antivirus software indefinitely, offering a stealthy alternative to BYOVD attacks without third-party drivers or detection risks.

A sophisticated phishing attack uses Facebook’s URL redirect service to trick users into entering login credentials on fake pages, stealing emails, phone numbers, and passwords.

RevengeHotels (TA558) escalates cyberattacks with AI-crafted loaders delivering VenomRAT malware, targeting Windows users via phishing. The malware features stealth, persistence, and encrypted communication.

Two medium-severity vulnerabilities in Spring Framework and Spring Security enable authorization bypass via flawed annotation detection on generic superclasses. Upgrade to fixed versions immediately to secure your applications.