Fake Booking.com emails target hotels A new phishing campaign is using a famous brand to compromise hotels. 1 minute
Ransomware in February 2025—Cl0p and RansomHub run riot The Cl0p ransomware group posted data on 335 victims in February 2025, by far the largest one month total any… 2 minutes
Phishers go “interplanetary” to get company login credentials An ongoing campaign to harvest company login credentials is using IPFS to host its phishing pages. 1 minute
“Enhanced Bonus” QR code phish steals Microsoft credentials A personalized phishing attack could lead to a catastrophic loss of credentials. 2 minutes
USB worms: Still wriggling on to under-protected computers after all these years Malware doesn't care if it's being talked about or not. 2 minutes
ThreatDown State of Malware report 2025 The ThreatDown State of Malware report focuses on a few key developments that we witnessed in 2024. 2 minutes
Ransomware in December 2024—Cl0p returns December 2024 saw the unwelcome return of the notorious Cl0p ransomware gang. 1 minute
Clipboard hijacker tries to install a Trojan Criminals are attempting to get users to install malware from the clipboard. 2 minutes
Sysrv cryptomining botnet is still alive (and kicking out the competition) Sysrv cryptomining botnets are still active, and analysis shows they are actively kicking out other malware. 4 minutes
Beluga phishing campaign targets OneDrive credentials The Beluga phishing campaign uses .htm files to capture your company OneDrive credentials. 2 minutes
How the Black Basta ransomware gang hides Cobalt Strike beacons with PowerShell Ransomware gangs love PowerShell. 4 minutes
A visit to a print shop put a password stealer on a co-worker’s laptop Old-school malware distribution methods have a habit of hanging around long after people stop talking about them. 2 minutes
Watch out! Mobidash Android adware spread through phishing and online links ThreatDown has uncovered a new campaign spreading the MobiDash adware for Android. 1 minute
Ransomware review: September 2024 In August, we recorded a total of 442 ransomware victims, the second-most all year. 2 minutes
New RansomHub attack uses TDSSKiller and LaZagne, disables EDR The attack signals a new shift in RansomHub's arsenal of tools. 3 minutes
Lowe’s employees targeted in new malvertising campaign In August, Lowe's employees were the subject of a targeted campaign using fake ads and websites. 1 minute
Rise of Atomic Stealer signals a sea change in macOS malware Atomic Stealer is the most popular malware-as-a-service on macOS because of highly active affiliate-driven distribution campaigns and constant feature upgrades. 4 minutes
New phishing campaign uses Discord for payload delivery A new phishing campaign uses two Discord CDN's to host malicious executables. 3 minutes
Ransomware review: July 2024 In June, LockBit said it breached the Federal Reserve and Black Basta was seen exploiting a Windows zero-day. 3 minutes