For more than a year, a Russian-speaking threat actor targeted human resource (HR) departments with malware that delivers a new EDR killer named BlackSanta.

IntroductionIn December 2025, Zscaler ThreatLabz discovered a campaign linked to APT37 (also known as ScarCruft, Ruby Sleet, and Velvet Chollima), which is a DPRK-backed threat group. In this campaign ...

Microsoft has identified a phishing campaign using malformed links to legitimate OAuth services to redirect to malware ...

IntroductionIn January 2026, Zscaler ThreatLabz observed activity by a suspected Iran-nexus threat actor targeting government officials in Iraq. ThreatLabz discovered previously undocumented malware ...

Huntress researchers uncover campaign exploiting vulnerabilities to steal data using Elastic Cloud as a data hub ...

Researchers uncover APT28-linked phishing attacks against Ukrainian targets deploying BadPaw loader and MeowMeow backdoor for ...

Cisco Talos tracks UAT-10027 targeting U.S. education and healthcare with Dohdoor DoH-based backdoor and Cobalt Strike payload.

A fake CAPTCHA scam is tricking Windows users into running PowerShell commands that install StealC malware and steal passwords, crypto wallets, and more.

There are moments in the evolution of a nation when a single incident, seemingly isolated, exposes a deeper and more troubling ...

Microsoft warns of a campaign on chat platforms where attackers slip malware to victims as supposed gaming tools.

ESET researchers document how the Sednit APT group has reemerged with a modern toolkit centered on two paired implants – BeardShell and Covenant.

Discover the 7 best cloud orchestration tools for enterprises in 2026, including AWS CloudFormation, Ansible, Spacelift, CloudBolt, and more. Compare features, pricing, multi-cloud support, and use ...