Malpedia Library

Click here to download all references as Bib-File.•

2025-11-19 ⋅ SecurityScorecard ⋅ Gilad Friedenreich Maizles, Marty Kareem
Thousands of ASUS Routers Hijacked in Global Operation “WrtHug” in a Suspected China-Backed Campaign

2025-11-19 ⋅ ESET Research ⋅ Dávid Gábriš, Facundo Muñoz
PlushDaemon compromises network devices for adversary-in-the-middle attacks
EdgeStepper LittleDaemon

2025-11-18 ⋅ ⋅ Cert-UA ⋅ Cert-UA
Cyberattack against an educational institution in eastern Ukraine using the GAMYBEAR software tool (CERT-UA#18329)
GAMYBEAR

2025-11-17 ⋅ AhnLab ⋅ ASEC Analysis Team
NKNShell Malware Distributed via VPN Website
Larva-24010

2025-11-17 ⋅ 0x0d4y ⋅ 0x0d4y
Nation-State Actor’s Arsenal: An In-Depth Look at Lazarus’ ScoringMathTea
ScoringMathTea

2025-11-15 ⋅ Elastic ⋅ Jia Yu Chan, Salim Bitam
RONINGLOADER: DragonBreath’s New Path to PPL Abuse
DragonBreath RONINGLOADER

2025-11-14 ⋅ The Record ⋅ Jonathan Greig
Multiple US citizens plead guilty to helping North Korean IT workers earn $2 million

2025-11-13 ⋅ Ransom-ISAC ⋅ Yashraj Solanki
Cross-Chain TxDataHiding Crypto Heist: A Very Chainful Process (Part 3)
JADESNOW

2025-11-13 ⋅ Politie NL ⋅ Politie NL
Again criminal infrastructure dismantled in international ransomware operation
Rhadamanthys Venom RAT

2025-11-13 ⋅ NVISO Labs ⋅ Bart Parys, Efstratios Lontzetidis, Stef Collart
Contagious Interview Actors Now Utilize JSON Storage Services for Malware Delivery
BeaverTail OtterCookie InvisibleFerret Beavertail TsunamiKit

2025-11-13 ⋅ Anthropic ⋅ Anthropic
Disrupting the first reported AI-orchestrated cyber espionage campaign

2025-11-13 ⋅ Israel National Digital Agency ⋅ Adi Pick, Hila David, Idan Beit-Yosef, Shimi Cohen, Yaniv Goldman
SpearSpecter: Unmasking Iran’s IRGC Cyber Operations Targeting High-Profile Individuals
TAMECAT

2025-11-12 ⋅ Amazon ⋅ CJ Moses
Amazon discovers APT exploiting Cisco and Citrix zero-days

2025-11-10 ⋅ Genians ⋅ Genians
State-Sponsored Remote Wipe Tactics Targeting Android Devices
Quasar RAT Remcos

2025-11-07 ⋅ ENKI ⋅ ENKI
Lazarus Group targets Aerospace and Defense with new Comebacker variant
ComeBacker

2025-11-07 ⋅ Unit 42
LANDFALL: New Commercial-Grade Android Spyware in Exploit Chain Targeting Samsung Devices
LANDFALL

2025-11-05 ⋅ Huntress Labs ⋅ Anna Pham
Gootloader Returns: What Goodies Did They Bring?
GootLoader Supper

2025-11-05 ⋅ ESET Research ⋅ ESET Research
APT Activity: Russia-Aligned APTs Ramp Up Attacks Against Ukraine and Its Strategic Partners (April 2025 – September 2025 Report)

2025-11-05 ⋅ KrebsOnSecurity ⋅ Brian Krebs
Cloudflare Scrubs Aisuru Botnet from Top Domains List
Aisuru

2025-11-05 ⋅ nviso ⋅ Maxime Thiebaut
Decoding VShell: Insights into a Chinese-Language Cyber Espionage Tool
VShell