Malpedia Library

Click here to download all references as Bib-File.•

2025-12-30 ⋅ Koi Security ⋅ Gal Hachamov, Tuval Admoni
DarkSpectre: Unmasking the Threat Actor Behind 8.8 Million Infected Browsers
DarkSpectre ShadyPanda

2025-12-30 ⋅ US Department of Justice ⋅ Office of Public Affairs
Two Americans Plead Guilty to Targeting Multiple U.S. Victims Using ALPHV BlackCat Ransomware
BlackCat BlackCat

2025-12-29 ⋅ LinkedIn (Idan Tarab) ⋅ Idan Tarab
Active Spear-Phishing Campaign Targeting Israeli Security-Related Individuals — Infrastructure Linked to APT42 (Hashtag#CharmingKitten)

2025-12-23 ⋅ secpod ⋅ Santosh Sethuraman
Zero-Day Crisis: CVE-2025-20393 Unpatched on Cisco Email Gateways, Exploited by China-Linked Hackers
UAT-9686

2025-12-21 ⋅ Genians ⋅ Genians
Operation Artemis: Analysis of HWP-Based DLL Side Loading Attacks
RokRAT

2025-12-19 ⋅ Intezer ⋅ Nicole Fishbein
Tracing a Paper Werewolf campaign through AI-generated decoys and Excel XLLs
EchoGather

2025-12-18 ⋅ HelpNetSecurity ⋅ John Wilson
Clipping Scripted Sparrow’s wings: Tracking a global phishing ring
Scripted Sparrow

2025-12-18 ⋅ Acronis ⋅ Acronis Security
Acronis TRU Alliance {Hunt.io}: Hunting DPRK threats - New Global Lazarus & Kimsuky campaigns
BADCALL POOLRAT Quasar RAT

2025-12-18 ⋅ Gen Digital Inc ⋅ Vojtěch Krejsa
Gen Blogs | Defeating AuraStealer: Practical Deobfuscation Workflows for Modern Infostealers
Aura Stealer

2025-12-18 ⋅ safebreach ⋅ Tomer Bar
Prince of Persia: A decade of Iranian Nation State APT Campaign Activity
Infy Tonnerre

2025-12-18 ⋅ Cyderes ⋅ Rahul Ramesh
From Loader to Looter: ACR Stealer Rides on Upgraded CountLoader
ACR Stealer CountLoader

2025-12-18 ⋅ BlackPoint ⋅ Nevan Beal, Sam Decker
New MintsLoader Variant Using Hashtable Obfuscation
MintsLoader

2025-12-17 ⋅ Cisco Talos ⋅ Cisco Talos
UAT-9686 actively targets Cisco Secure Email Gateway and Secure Email and Web Manager
UAT-9686

2025-12-17 ⋅ XLab ⋅ Acey9, Alex.Turing, RootKiter, Wang Hao
Kimwolf Exposed: The Massive Android Botnet with 1.8 Million Infected Devices
Kimwolf Aisuru

2025-12-16 ⋅ sysdig ⋅ Sysdig Threat Research Team
EtherRAT dissected: How a React2Shell implant delivers 5 payloads through blockchain C2
EtherRAT

2025-12-15 ⋅ Squiblydoo ⋅ Squiblydoo
SolarMarker: Actions-On-Target
solarmarker

2025-12-15 ⋅ StrikeReady ⋅ StrikeReady Labs
Russian APT actor phishes the Baltics and the Balkans

2025-12-15 ⋅ Bleeping Computer ⋅ Sergiu Gatlan
French Interior Ministry confirms cyberattack on email servers

2025-12-12 ⋅ Google ⋅ Aragorn Tseng, Austin Larsen, CASEY CHARRIER, Genevieve Stark, Robert Weiner, Zander Work
Multiple Threat Actors Exploit React2Shell (CVE-2025-55182)
ANGRYREBEL MINOCAT SNOWLIGHT Earth Lamia

2025-12-11 ⋅ Trend Micro ⋅ Daniel Lunghi, Feike Hacquebord, Ian Kenefick
SHADOW-VOID-042 Targets Multiple Industries with Void Rabisu-like Tactics
ROMCOM RAT