Malpedia Library

Click here to download all references as Bib-File.•

2025-08-21 ⋅ Swiss Post Cybersecurity ⋅ Louis Schürmann
The ClickFix Deception: How a Fake CAPTCHA Deploys an Evasive Infostealer
donut_injector

2025-08-21 ⋅ CrowdStrike ⋅ Counter Adversary Operations
MURKY PANDA: A Trusted-Relationship Threat in the Cloud

2025-08-20 ⋅ Hunt.io ⋅ Hunt.io
APT MuddyWater Deploys Multi-Stage Phishing to Target CFOs

2025-08-20 ⋅ Kroll ⋅ Marc Messer, Otavio Passos, Ryan Hicks
XWORM Returns to Haunt Systems with Ghost Crypt
XWorm

2025-08-20 ⋅ HarfangLab ⋅ HarfangLab CTR
UAC-0057 keeps applying pressure on Ukraine and Poland
PicassoLoader

2025-08-19 ⋅ cocomelonc ⋅ cocomelonc
MacOS hacking part 9: shellcode injection via task_for_pid - thread hijacking. Simple C (Intel) example

2025-08-19 ⋅ The Wall Street Journal ⋅ Robert McMillan
Oregon Man Accused of Operating One of Most Powerful Attack ‘Botnets’ Ever Seen
RapperBot

2025-08-19 ⋅ IBM X-Force ⋅ Raymond Joseph Alfonso
IBM X-Force Threat Analysis: QuirkyLoader - A new malware loader delivering infostealers and RATs
QuirkyLoader

2025-08-19 ⋅ Red Canary ⋅ Chris Brook, Christina Johns, Tyler Edmonds
Patching for persistence: How DripDropper Linux malware moves through the cloud

2025-08-18 ⋅ Trellix ⋅ Alex Lanstein, Pham Duy Phuc
The Coordinated Embassy Hunt: Unmasking the DPRK-linked GitHub C2 Espionage Campaign
XenoRAT

2025-08-18 ⋅ 0x0d4y ⋅ 0x0d4y
Veletrix Loader Infection: A Look from a Digital Forensic Perspective
VELETRIX

2025-08-18 ⋅ Medium RaghavtiResearch ⋅ BeGoodToAll
Qilin Ransomware-as-a-Service: Threat Analysis and Strategic Outlook
Qilin AgendaCrypt

2025-08-18 ⋅ Trellix ⋅ Ryan Weil
A Comprehensive Analysis of HijackLoader and Its Infection Chain
HijackLoader

2025-08-16 ⋅ t0ast's blog ⋅ t0ast
Warlock Group: We're only here for SharePoint and the Lamborghinis
WarLock

2025-08-15 ⋅ cocomelonc ⋅ cocomelonc
Malware development trick 50: phishing attack using a fake login page with Telegram exfiltration. Simple Javascript example.

2025-08-15 ⋅ Cisco Talos ⋅ Asheer Malhotra, Brandon White, Vitor Ventura
UAT-7237 targets Taiwanese web hosting infrastructure
SoundBill

2025-08-15 ⋅ Bleeping Computer ⋅ Bill Toulas
Colt Telecom attack claimed by WarLock ransomware, data up for sale
WarLock

2025-08-14 ⋅ Censys ⋅ Himaja Motheram
2025 State of the Internet: Digging into Residential Proxy Infrastructure
PolarEdge

2025-08-14 ⋅ Hunt.io ⋅ Hunt.io
Hunt.io Exposes and Analyzes ERMAC V3.0 Banking Trojan Full Source Code Leak
ERMAC

2025-08-13 ⋅ Intezer ⋅ Nicole Fishbein
Threat Bulletin: Fire in the Woods – A New Variant of FireWood
FireWood