| Location | Springfield, Ohio |
| Since | 2002 · Veteran Owned |
| Focus | Legal · Medical · Financial |
| Certified | SonicWall · N-able Partner |
Malicious npm packages (aes-decode-runner-pro, postcss-minify-selector) impersonating PostCSS tools deliver multi-stage Windows RAT with Python native extension modules. The infection chain: JavaScript dropper → PowerShell downloader...
Law enforcement disrupted Amadey and StealC malware operations across eight countries, recovering 27M credentials and taking down 326 servers. Both operated as MaaS—Amadey as a loader deploying secondary payloads (Lumma, Vidar,...
macOS.Gaslight demonstrates a tactical shift: instead of obfuscation, this Rust backdoor embeds 38 fabricated system messages wrapped in Markdown and {{DATA}} tokens to confuse LLM-assisted triage. The implant uses...
Storm-2603 exploited SharePoint servers to deploy Velociraptor with SYSTEM privileges, establishing redundant access via Cloudflare tunneling, Zoho Assist, and SSH through VS Code. Meanwhile, a second threat actor used...
Analysis of 20M SSH brute force attempts reveals sophisticated botnet coordination: identical HASSH fingerprints (03a80b21afa810682a776a7d42e5e6fb) across 702K events, synchronized attacks from US and Ukraine within 53...
Supply chain attack on Mastra AI: threat actors gained control of npm maintainer account and published malicious updates across 140+ packages. The malware disabled TLS certificate verification, hunted for 166...
Evil MSI demonstrates sophisticated evasion: attackers manipulate BASE64 encoding to defeat statistical analysis tools by replacing 'A' with '#', reversing strings, and creating payloads that appear corrupted to automated...
The Klue OAuth compromise demonstrates OAuth refresh token risk at scale. Attackers exploited a legacy credential to access integration service infrastructure, then weaponized stolen refresh tokens for persistent Salesforce API access. Python...
Professional services under fire: attackers using VHDX files to deliver Remcos RAT through a sophisticated chain—ZIP → VHDX → obfuscated JavaScript → WMI-based PowerShell → .NET reflection shellcode injection. Detection rates below...
Operation Endgame disrupted SocGholish's multi-layered JavaScript framework that weaponized 14,971 WordPress sites through domain shadowing and fake update lures. Attackers injected malicious JS directly into webpage...
