AA15h ago

New.

Group-IB: Hooking the Archipelago: Dissecting a Phishing Campaign Targeting Philippine Banking Users https://www.group-ib.com/blog/phisles-phishing-banks-philippines/

Any.Run: Major Cyber Attacks in March 2026: OAuth Phishing, SVG Smuggling, Magecart, and More https://any.run/cybersecurity-blog/major-cyber-attacks-march-2026/ @anyrun_app

Kaspersky: A laughing RAT: CrystalX combines spyware, stealer, and prankware features https://securelist.com/crystalx-rat-with-prankware-features/119283/

Halcyon: How One Letter Hid a Ransomware Army https://www.halcyon.ai/blog/how-one-letter-hid-a-ransomware-army-qilin #threatresearch #ransomware #infosec #phishing #scam #spyware #malware

AA16h ago

New.

AhnLab: A malicious LNK that spreads a Python-based backdoor and how it’s spreading (Kimsuky group) https://asec.ahnlab.com/en/93151/ #infosec #threatresearch #Python #malware

A malicious LNK that spreads a Python-based backdoor and how it's spreading (Kimsuky group) - ASEC

A malicious LNK that spreads a Python-based backdoor and how it's spreading (Kimsuky group) ASEC

ASEC
AA16h ago

New.

Proofpoint: I’d come running back to EU again: TA416 resumes European government espionage campaigns https://www.proofpoint.com/us/blog/threat-insight/id-come-running-back-eu-again-ta416-resumes-european-government-espionage

More:

Infosecurity-Magazine: Chinese Threat Actors Target European Governments in Espionage Campaigns https://www.infosecurity-magazine.com/news/china-hackers-ta416-europe/ #infosec #threatresearch #espionage

I’d come running back to EU again: TA416 resumes European government espionage campaigns | Proofpoint US

Key findings From mid-2025 onwards, the China-aligned threat actor TA416 resumed observed targeting of European government and diplomatic organizations following a period of reduced EU-

Proofpoint
AA16h ago

BlueVoyant, from yesterday: Unpacking Augmented Marauder’s Multi-Pronged Casbaneiro Campaigns https://www.bluevoyant.com/blog/augmented-marauders-multi-pronged-casbaneiro-campaigns

More:

The Hacker News: Casbaneiro Phishing Targets Latin America and Europe Using Dynamic PDF Lures https://thehackernews.com/2026/04/casbaneiro-phishing-targets-latin.html @thehackernews #infosec #malware #threatresearch

Augmented Marauder’s Multi-Pronged Casbaneiro Campaigns

BlueVoyant's Security Operations Center (SOC) reviews Augmented Marauder's multi-pronged phishing campaigns delivering the Casbaneiro banking trojan…

BlueVoyant
AA1d ago

New.

Check Point: Operation TrueChaos: 0-Day Exploitation Against Southeast Asian Government Targets https://research.checkpoint.com/2026/operation-truechaos-0-day-exploitation-against-southeast-asian-government-targets/ #infosec #threatresearch #vulnerability

Operation TrueChaos: 0-Day Exploitation Against Southeast Asian Government Targets - Check Point Research

Key Points Introduction At the beginning of 2026, Check Point Research observed a series of targeted attacks against government entities in Southeast Asia carried out via a legitimate TrueConf software installed in the targets’ environment. The investigation led to the discovery of a zero-day vulnerability in the TrueConf client, tracked as CVE-2026-3502 with a CVSS score of 7.8. […]

Check Point Research
AA1d ago

New.

Any.Run: Release Notes: Cross-Platform Threat Analysis with macOS, SSL Decryption, and 1,300+ New Detections https://any.run/cybersecurity-blog/release-notes-march-2026/ @anyrun_app #infosec #threatresearch #Apple #macOS

Release Notes: SSL Decryption, macOS, Windows Server & 1300+ New Detecions

March updates in ANY.RUN bring stronger phishing detection, broader sandbox coverage with macOS and Windows Server, new detections, and fresh TI reports.

ANY.RUN's Cybersecurity Blog
AA1d ago

New.

Zscaler: Latest Xloader Obfuscation Methods and Network Protocol https://www.zscaler.com/blogs/security-research/latest-xloader-obfuscation-methods-and-network-protocol #infosec #threatresearch

Latest Xloader Obfuscation Code & C2 Protocol | ThreatLabz

Xloader version 8 continues to implement new code obfuscation techniques to hinder reverse engineering and defeat automated analysis tools.

AA1d ago

New.

Group-IB: Phantom Stealer: Credential Theft as a Service https://www.group-ib.com/blog/phantom-stealer-credential-theft/

More:

Infosecurity-Magazine: Phantom Project Bundles Infostealer, Crypter and RAT For Sale https://www.infosecurity-magazine.com/news/phantom-project-infostealer-nov-25/ #infosec #threatresearch #malware #phishing

AA1d ago

New.

Unit 42: Double Agents: Exposing Security Blind Spots in GCP Vertex AI https://unit42.paloaltonetworks.com/double-agents-vertex-ai/

More:

The Hacker News: Vertex AI Vulnerability Exposes Google Cloud Data and Private Artifacts https://thehackernews.com/2026/03/vertex-ai-vulnerability-exposes-google.html @thehackernews #Google #infosec #vulnerability #threatresearch

Double Agents: Exposing Security Blind Spots in GCP Vertex AI

Unit 42 uncovers a "double agent" flaw in Google Cloud's Vertex AI, demonstrating how overprivileged AI agents can compromise cloud environments.

Unit 42
AA2d ago

New.

Sophos: Incident responders, s'il vous plait: Invites lead to odd malware events https://www.sophos.com/en-us/blog/incident-responders-s-il-vous-plait @SophosXOps #infosec #threatresearch #phishing #malware

Incident responders, s'il vous plait: Invites lead to odd malware events

A phishing campaign targeting multiple organizations led to RMM installations – but not much else (yet). A threat actor experimenting, or an access-as-a-service attack underway?

SOPHOS