Phishers go “interplanetary” to get company login credentials
An ongoing campaign to harvest company login credentials is using IPFS to host its phishing pages.
1 minute
Pieter Arntz
Infighting brings down the Black Basta ransomware group
It seems that internal struggles lead to the break-down of one of the last ransomware-as-a-service giants.
2 minutes
“Enhanced Bonus” QR code phish steals Microsoft credentials
A personalized phishing attack could lead to a catastrophic loss of credentials.
2 minutes
USB worms: Still wriggling on to under-protected computers after all these years
Malware doesn't care if it's being talked about or not.
2 minutes
Four zero-days in February’s Patch Tuesday
February 2025's Patch Tuesday seems relatively relaxed, but there’s a catch for organizations using NTLM.
2 minutes
Analyzing a Mispadu Trojan’s attack chain
We tracked a Mispadu banking Trojan infection from the email attachment to the payload.
1 minute
ThreatDown State of Malware Report 2025: Autonomous AI and Ransomware
The ThreatDown State of Malware report focuses on a few key developments that we witnessed in 2024.
3 minutes
How a clipboard hijacker delivers Lumma Stealer
The use of fake Captcha websites has doubled in only a few months.
3 minutes
8 zero-days in one Patch Tuesday? Welcome to 2025
The January 2025 Patch Tuesday consists of 159 Microsoft CVEs, including three that are actively exploited.
2 minutes
Web shop spreads SocGolish malware and steals credit cards
A web shop selling jewelry was found with code belonging to two web skimmers and the SocGolish Trojan downloader.
2 minutes
Akira ransomware’s secret weapon—AnyDesk
The Akira ransomware group drops the AnyDesk client to gain persistence.
2 minutes
Which ports to monitor for ransomware attacks
There are a few ports that deserve extra attention when you're monitoring your systems for ransomware attacks.
3 minutes
Clipboard hijacker tries to install a Trojan
Criminals are attempting to get users to install malware from the clipboard.
2 minutes
Sysrv cryptomining botnet is still alive (and kicking out the competition)
Sysrv cryptomining botnets are still active, and analysis shows they are actively kicking out other malware.
4 minutes
Cleo, the next MOVEit and GoAnywhere?
The CL0P ransomware gang has claimed responsibility for attacks exploiting a vulnerability in Cleo file sharing products.
3 minutes
Top 5 most dangerous software weaknesses in 2024
The more things change, the more they stay the same.
3 minutes
December patch Tuesday fixes one actively exploited zero-day vulnerability
Microsoft patched an actively exploited vulnerability in the CLFS component.
1 minute
2024 MITRE ATT&CK® Evaluation results: ThreatDown detected every step
MITRE has released its 2024 ATT&CK Evaluation: Enterprise results, with ThreatDown alerting customers to each step of the infection chain…
2 minutes
Beluga phishing campaign targets OneDrive credentials
The Beluga phishing campaign uses .htm files to capture your company OneDrive credentials.
2 minutes
Cybercrime Has Gone Machine-Scale
AI is automating malware faster than security can adapt.
Get the facts Read the 2026 State of Malware