On June 24, 2026, Microsoft’s Digital Crimes Unit (DCU) facilitated the takedown, suspension, and blocking of domains that ...

Microsoft Threat Intelligence analyzed a cryptocurrency clipper campaign that combines clipboard theft, wallet replacement, ...

Cato Networks tracked Poisson using OpenSSH and Tailscale to maintain access after Havoc C2 outage in a 33-day intrusion.

The malware program has been deployed across multiple sectors since April, helping to provide initial access sold to ransomware gangs.

Our tracking of OceanLotus activities from 2024–2026 reveals a shift in operational focus. During this period, the Vietnam-aligned OceanLotus adopted a more selective approach to external operations ...

The Vietnam-aligned threat actor known as OceanLotus has been attributed to two distinct campaigns that targeted domestic entities and stock investors with a backdoor known as SPECTRALVIPER. The ...

There's another likely North Korean-linked scam hitting developers and their employers, while snarfing up credentials and cryptocurrency - and this one doesn't even involve embedding IT workers at ...

A new ransomware operation named ‘Prinz Eugen’ prioritizes recently modified files for encryption and leaves no ransom note on the system. An investigation from Threatdown, the former corporate ...

A new backdoor dubbed Mistic has been observed in financially motivated attacks targeting organizations in the insurance, ...

Microsoft discovered a self-spreading USB worm active since February that monitors clipboards for crypto wallets and routes stolen data through Tor.

When Windows fails, this tiny USB drive takes over.