| New Lua-based malware LucidRook observed in targeted attacks | 2026-04-08 | lucidrook, spearphishing, lucidpawn, lucidknight | 20 |
| Threat Actors Weaponize Tiflux RMMs in Malspam Attacks | 2026-05-08 | splashtop, ultravnc, rmm abuse, tiflux | 10 |
| PCPJack | Cloud Worm Evicts TeamPCP and Steals Credentials a | 2026-05-07 | kubernetes exploitation, docker compromise, pcpjack, sliver |
| 5 Malicious NuGet Packages Impersonate Chinese UI Libraries | 2026-05-07 | nuget, browser credential theft, arrowrat, quantum | 13 |
| Donuts and Beagles: Fake Claude site spreads backdoor | 2026-05-07 | beagle, adaptixc2, beagle backdoor, donutloader | 2 |
| Unmasking The 64-bit Variant of the Infamous Lumma Stealer | 2026-04-08 | lumma stealer, application-bound encryption bypass, blockchain c2, tenzor | 83 |
| Fake call logs, real payments: How CallPhantom tricks Androi | 2026-05-07 | fraudulent apps, upi payment, fake call history, india targeting | 28 |
| Operation GriefLure: Dissecting an APT Campaign Targeting Vi | 2026-05-07 | living-off-the-land, spear phishing | 15 |
| Threat Brief: Exploitation of PAN-OS Captive Portal Zero-Day | 2026-05-07 | zero-day, pan-os, buffer overflow, reversesocks5 | 16 |
| ClickFix campaign uses fake macOS utilities lures to deliver | 2026-05-06 | phantompulse, infostealer, shub stealer, clickfix | 154 |
| TCLBANKER: Brazilian Banking Trojan Spreading via WhatsApp a | 2026-05-06 | whatsapp worm, tclbanker, maverick, sorvepotel | 15 |
| APT28 exploit routers to enable DNS hijacking operations | 2026-04-07 | exploit, tp-link, dns hijacking, russia | 1 |
| Detections for the Axios supply chain compromise | 2026-04-07 | supply chain attack, post-install execution, axios | 23 |
| Unit42: Understanding Current Threats to Kubernetes Environm | 2026-04-07 | React2Shell, Kubernetes | 9 |
| Operation Silent Rotor: Rust-Based Malware Targets Eurasian | 2026-05-06 | c2 exfiltration, multi-stage payload, aviation sector, unmanned aerial systems | 11 |
| OceanLotus suspected of distributing ZiChatBot malware via w | 2026-05-06 | pypi, dropper, wheel packages, supply chain attack | 37 |
| Data Extortion Groups Intensify Pressure On Global Aerospace | 2026-05-06 | critical infrastructure, aerospace, remus, data extortion | 6 |
| Malware Bypasses Browser Application-Bound Encryption Protec | 2026-05-06 | etherhiding, browser credential theft, ethereum blockchain c2, remus | 4 |
| Multi-Stage AiTM Attack Uses Code Of Conduct Phishing Emails | 2026-05-06 | aitm, financial services, credential theft, healthcare targeting | 3 |
| Seqrite: Advisory: Middle East Conflict & Cyber Escalation | 2026-04-06 | apt, muddywater, seedworm, government | 5 |
| Iranian-Nexus Operation Against Oman's Government: 12 Minist | 2026-05-05 | proxyshell, apt34, iranian-nexus, dotnetnuke | 29 |
| Malicious OpenClaw Skill Distributes Remcos RAT and GhostLoa | 2026-05-05 | remcos, ghostloader, deepseek-claw, openclaw | 13 |
| Storm-1175 focuses gaze on vulnerable web-facing assets in h | 2026-04-06 | psexec, medusa, remote access, ransomware | 23 |
| Four published versions of a fake "tanstack" package uploade | 2026-05-05 | webhook-exfiltration, postinstall-hook, npm, package-squatting | 5 |
| Popular DAEMON Tools software compromised | 2026-05-05 | software compromise, quic rat, daemon tools | 21 |