Malpedia Library

Click here to download all references as Bib-File.•

2026-04-07 ⋅ Gen Digital ⋅ Jan Rubín, Vojtěch Krejsa
Remus: Unmasking The 64-bit Variant of the Infamous Lumma Stealer
Lumma Stealer Remus Tenzor

2026-04-06 ⋅ PICUS Security ⋅ Umut Bayram
How NoName057(16) Uses DDoSia to Attack NATO Targets
Z-Pentest Alliance

2026-04-05 ⋅ 0x3oBAD ⋅ Abdullah Islam
Deep Technical Analysis Of Payload Ransomware Targeting ESXi Environment
Payload

2026-04-03 ⋅ Trend Micro ⋅ Jacob Santos, Jeffrey Francis Bonaobra, Sophia Nilette Robles
Weaponizing Trust Signals: Claude Code Lures and GitHub Release Payloads
GhostSocks Vidar

2026-04-02 ⋅ cocomelonc ⋅ cocomelonc
MacOS malware persistence 8: periodic scripts. Simple C example

2026-04-02 ⋅ tracebit ⋅ Alessandro Brucato
Detecting CI/CD Supply Chain Attacks with Canary Credentials
TeamPCP

2026-04-02 ⋅ Cisco Talos ⋅ Asheer Malhotra, Brandon White
UAT-10608: Inside a large-scale automated credential harvesting operation targeting web applications
UAT-10608

2026-04-02 ⋅ Elastic ⋅ Remco Sprooten, Ruben Groenewoud
Hooked on Linux: Rootkit Detection Engineering

2026-04-01 ⋅ SOC Prime ⋅ Daryna Olyniychuk
UAC-0255 Attack Detection: Threat Actors Impersonate CERT-UA to Infect Ukrainian Public and Private Sector Organizations With AGEWHEEZE RAT
AGEWHEEZE Cyber Serp

2026-04-01 ⋅ Zscalar ⋅ Avinash Kumar, Jithin Prajeev Nair, Mallikarjun Piddannavar, Manisha Ramcharan Prajapati
Anthropic Claude Code Leak
GhostSocks Vidar

2026-04-01 ⋅ cocomelonc ⋅ cocomelonc
MacOS hacking part 13: sysinfo stealer via VirusTotal API. Simple C example

2026-03-31 ⋅ BitSight ⋅ BitSight
Ransomware with a Twizt: Inside the Phorpiex Botnet
LockBit Phorpiex

2026-03-31 ⋅ Google ⋅ Adrian Hernandez, Ashley Zaya, Austin Larsen, Christopher Gardner, Dima Lenz, Michael Rudden, Mon Liclican, Tyler McLellan
North Korea-Nexus Threat Actor Compromises Widely Used Axios NPM Package in Supply Chain Attack
WAVESHAPER

2026-03-30 ⋅ ⋅ CERT.PL ⋅ CERT.PL
FvncBot Campaign Analysis
SpyFRPTunnel

2026-03-30 ⋅ Trend Micro ⋅ John Rainier Navato
TeamPCP’s Telnyx Attack Marks a Shift in Tactics Beyond LiteLLM
TeamPCP

2026-03-30 ⋅ Synthient ⋅ Synthient
ProxyBox: Socks5Systemz Lives On
Socks5 Systemz

2026-03-29 ⋅ ⋅ Cert-UA ⋅ Cert-UA
UAC-0255 cyberattack disguised as a notification from CERT-UA using the AGEWHEEZE software tool (CERT-UA#21075)
AGEWHEEZE Cyber Serp

2026-03-29 ⋅ cocomelonc ⋅ cocomelonc
MacOS malware persistence 7: Re-opened applications. Simple C example

2026-03-27 ⋅ 0x3oBAD ⋅ 0x3oBAD
Inside Mustang Panda: From Spear-Phishing Chains to PlugX — A Deep Dive into Loader Infrastructure
PlugX

2026-03-27 ⋅ Twitter (@fbgwls245) ⋅ Bitshadow
Tweet about Killada Ransomware
killada