APT42: AI-Assisted Rapport Phishing and a More Resilient TAMECAT
Executive Summary APT42 continues to refine a familiar operating model, making it harder to detect...
Read MoreFrom Windows Telemetry to Arrest: How Microsoft’s GDID Helped Connect the Dots
Executive Summary The arrest and extradition of an alleged Scattered Spider member drew attention...
Read MoreLoaderClient Malware Analysis: How WeedHack Uses Ethereum Smart Contracts for Resilient C2 Infrastructure
Executive Summary LoaderClient is a Minecraft-based malware loader linked to the WeedHack...
Read MoreHow a Go Binary Locks Down Enterprise Networks in Minutes: The Story Behind Gentlemen Ransomware
Overview The enterprise threat landscape in 2026 has been reshaped by the rapid ascent of...
Read MoreInside Modern Supply Chain Intrusions: From CI/CD Abuse to Ecosystem-Wide Compromise
Modern supply chain intrusions are attacks that compromise trusted software development systems,...
Read MoreBehind .payload: In-Depth Technical Analysis of Payload Ransomware
Payload ransomware is a Windows ransomware family that appends the .payload extension to encrypted...
Read MorePlugX DLL Sideloading via MSI Installer: Complete Malware Analysis of a KorPlug Campaign
PlugX (KorPlug) is a modular remote access trojan delivered in this campaign through an MSI-based...
Read MorePhantom Stealer Analysis: Inside the Two-Layer Attack Chain Hidden Behind a Windows DLL
Phantom Stealer is a two-layer Windows infostealer attack chain that uses a malicious pdh.dll...
Read MoreSalat Stealer Analysis: Go-Based RAT, C2 Resilience, and Info-Stealing Capabilities
Executive Overview Salat Stealer is a sophisticated Go-based Remote Access Trojan (RAT) with deep...
Read MoreBeyond TTPs: A Better Way to Attribute APT Activity Through Campaign Linkage
Introduction Attribution in cyber threat intelligence has long been built around the concept of...
Read More