Fake Booking.com emails target hotels
A new phishing campaign is using a famous brand to compromise hotels.
1 minute
Threat Intelligence
Ransomware in February 2025—Cl0p and RansomHub run riot
The Cl0p ransomware group posted data on 335 victims in February 2025, by far the largest one month total any…
2 minutes
Phishers go “interplanetary” to get company login credentials
An ongoing campaign to harvest company login credentials is using IPFS to host its phishing pages.
1 minute
“Enhanced Bonus” QR code phish steals Microsoft credentials
A personalized phishing attack could lead to a catastrophic loss of credentials.
2 minutes
USB worms: Still wriggling on to under-protected computers after all these years
Malware doesn't care if it's being talked about or not.
2 minutes
ThreatDown State of Malware report 2025
The ThreatDown State of Malware report focuses on a few key developments that we witnessed in 2024.
2 minutes
Ransomware in December 2024—Cl0p returns
December 2024 saw the unwelcome return of the notorious Cl0p ransomware gang.
1 minute
Clipboard hijacker tries to install a Trojan
Criminals are attempting to get users to install malware from the clipboard.
2 minutes
Sysrv cryptomining botnet is still alive (and kicking out the competition)
Sysrv cryptomining botnets are still active, and analysis shows they are actively kicking out other malware.
4 minutes
Beluga phishing campaign targets OneDrive credentials
The Beluga phishing campaign uses .htm files to capture your company OneDrive credentials.
2 minutes
How the Black Basta ransomware gang hides Cobalt Strike beacons with PowerShell
Ransomware gangs love PowerShell.
4 minutes
A visit to a print shop put a password stealer on a co-worker’s laptop
Old-school malware distribution methods have a habit of hanging around long after people stop talking about them.
2 minutes
Watch out! Mobidash Android adware spread through phishing and online links
ThreatDown has uncovered a new campaign spreading the MobiDash adware for Android.
1 minute
Ransomware review: September 2024
In August, we recorded a total of 442 ransomware victims, the second-most all year.
2 minutes
New RansomHub attack uses TDSSKiller and LaZagne, disables EDR
The attack signals a new shift in RansomHub's arsenal of tools.
3 minutes
Lowe’s employees targeted in new malvertising campaign
In August, Lowe's employees were the subject of a targeted campaign using fake ads and websites.
1 minute
Rise of Atomic Stealer signals a sea change in macOS malware
Atomic Stealer is the most popular malware-as-a-service on macOS because of highly active affiliate-driven distribution campaigns and constant feature upgrades.
4 minutes
New phishing campaign uses Discord for payload delivery
A new phishing campaign uses two Discord CDN's to host malicious executables.
3 minutes
Ransomware review: July 2024
In June, LockBit said it breached the Federal Reserve and Black Basta was seen exploiting a Windows zero-day.
3 minutes
