Ransomware group Mora_001 targets Fortinet applications
The new gang appears to have links to the defunct LockBit group.
2 minutes
Pieter Arntz
Product of the Year! AVLab honors ThreatDown Endpoint Protection
ThreatDown Endpoint Protection has been awarded AVLab's Product of the Year for the third consecutive year.
1 minute
March 2025 Patch Tuesday, severity over quantity
The March 2025 Patch Tuesday update contains an unusually large number of zero-day vulnerabilities that are being actively exploited.
3 minutes
Phishers go “interplanetary” to get company login credentials
An ongoing campaign to harvest company login credentials is using IPFS to host its phishing pages.
1 minute
Infighting brings down the Black Basta ransomware group
It seems that internal struggles lead to the break-down of one of the last ransomware-as-a-service giants.
2 minutes
“Enhanced Bonus” QR code phish steals Microsoft credentials
A personalized phishing attack could lead to a catastrophic loss of credentials.
2 minutes
USB worms: Still wriggling on to under-protected computers after all these years
Malware doesn't care if it's being talked about or not.
2 minutes
Four zero-days in February’s Patch Tuesday
February 2025's Patch Tuesday seems relatively relaxed, but there’s a catch for organizations using NTLM.
2 minutes
Analyzing a Mispadu Trojan’s attack chain
We tracked a Mispadu banking Trojan infection from the email attachment to the payload.
1 minute
ThreatDown State of Malware report 2025
The ThreatDown State of Malware report focuses on a few key developments that we witnessed in 2024.
2 minutes
How a clipboard hijacker delivers Lumma Stealer
The use of fake Captcha websites has doubled in only a few months.
3 minutes
8 zero-days in one Patch Tuesday? Welcome to 2025
The January 2025 Patch Tuesday consists of 159 Microsoft CVEs, including three that are actively exploited.
2 minutes
Web shop spreads SocGolish malware and steals credit cards
A web shop selling jewelry was found with code belonging to two web skimmers and the SocGolish Trojan downloader.
2 minutes
Akira ransomware’s secret weapon—AnyDesk
The Akira ransomware group drops the AnyDesk client to gain persistence.
2 minutes
Which ports to monitor for ransomware attacks
There are a few ports that deserve extra attention when you're monitoring your systems for ransomware attacks.
3 minutes
Clipboard hijacker tries to install a Trojan
Criminals are attempting to get users to install malware from the clipboard.
2 minutes
Sysrv cryptomining botnet is still alive (and kicking out the competition)
Sysrv cryptomining botnets are still active, and analysis shows they are actively kicking out other malware.
4 minutes
Cleo, the next MOVEit and GoAnywhere?
The CL0P ransomware gang has claimed responsibility for attacks exploiting a vulnerability in Cleo file sharing products.
3 minutes
Top 5 most dangerous software weaknesses in 2024
The more things change, the more they stay the same.
3 minutes
