On June 5, 2026, the Miasma worm campaign reached Microsoft’s Azure GitHub organizations. GitHub disabled 73 repositories across four Microsoft GitHub organizations after a malicious commit was pushed ...
The attackers used a Python SimpleHTTP server and a MeshCentral agent disguised as an Azure binary, performing SSH lateral movement via a C2 server (azurenetfiles.net) to steal data. Mandiant notified ...
The Chinese nation-state group known as Camaro Dragon has been linked to yet another backdoor that's designed to meet its intelligence-gathering goals. Israeli cybersecurity firm Check Point, which ...
This includes the misuse of Microsoft 365 Mail, Azure, Google Firebase, and Dropbox for malware delivery, data exfiltration, and command-and-control (C2) purposes. The initial intrusion vector used in ...
In Operation Muck and Load, over 200 GitHub repositories serve a Go module that leads to Windows malware infections.
GigaWiper is a destructive backdoor that combines multiple wiping and ransomware-like capabilities into a single operational ...
description: The following analytic detects the execution of PowerShell scripts containing Base64 encoded content, specifically identifying the use of `FromBase64String`. It leverages PowerShell ...
description: The following analytic identifies modifications to registry keys commonly used for persistence mechanisms. It leverages data from endpoint detection sources like Sysmon or Carbon Black, ...