SafeAeon Threat Reports

Ghost CMS Mass Compromised via CVE-2026-26980, Now Fueling ClickFix Attacks...

30 May 2026

Tracking Iranian APT Screening Serpens’ 2026 Espionage Campaigns...

28 May 2026

OverlayPhantom: The Android Banking Trojan Hiding in Plain Sight...

27 May 2026

BTMOB: A stealthy RAT burrowing deep into Android devices...

27 May 2026

Emulating the Gentlemen Ransomware...

26 May 2026

Fast and Furious – Nimbus Manticore Operations During the Iranian Conflict...

26 May 2026

RemotePE: The Lazarus RAT that lives in memory...

25 May 2026

Living off the Land with VS Code: Inside a Sophisticated Phishing Campaign...

24 May 2026

Beyond the breach: inside a cargo theft actor’s post-compromise...

23 May 2026

Kimsuky targets organizations with PebbleDash-based tools...

21 May 2026

Inside SHADOW-WATER-063’s Banana RAT: From Build Server...

21 May 2026

A Closer Look at The Gentlemen’s Alleged Leak...

20 May 2026

Suspected China-Linked Threat Actor Targets Global Manufacturer with...

17 May 2026

FrostyNeighbor: Fresh mischief and digital shenanigans...

17 May 2026

FrostyNeighbor: Fresh mischief and digital shenanigans...

17 May 2026

Chinese APT Campaign Targets Entities with Updated FDMTP Backdoor...

17 May 2026

Analyzing TeamPCP’s Supply Chain Attacks: Checkmarx KICS and...

14 May 2026

Seedworm: Iran-Linked Hackers Breached Korean Electronics Maker...

14 May 2026

Tinker Tailor Soldier: Paper Werewolf’s latest toolkit...

13 May 2026

Lorem Ipsum Malware: Trojanized MS Teams Installers Deliver...

10 May 2026

TCLBANKER: Brazilian Banking Trojan Spreading via WhatsApp...

09 May 2026

TA558 Uses Steganography to Launch Global Cyberattacks...

09 May 2026

Operation GriefLure: Dissecting an APT Campaign Targeting Vietnam’s...

08 May 2026

InstallFix and Claude Code: How Fake Install Pages Lead to...

08 May 2026

UAT-8302 and its box full of malware...

06 May 2026

Poisoning the well: AI supply chain attacks on Hugging Face and...

06 May 2026

WatchGuard! Qilin affiliate exploits network appliances for initial...

05 May 2026

South-East Asian Military Entities Targeted via cPanel...

05 May 2026

Inside Vect Ransomware-as-a-Service...

02 May 2026

Inside Shadow-Earth-053: A China-Aligned Cyberespionage Campaign Against...

02 May 2026

Observations of “Japanese Malspam” in 2026 Q1: Analysis of Emails Delivering...

01 May 2026

APT36 /Transparent Tribe — DeskRAT via '.desktop' Files, T-72/T-90Procurement Lures...

28 April 2026

GopherWhisper: A burrow full of malware...

26 April 2026

Void Dokkaebi Uses Fake Job Interview Lure to Spread Malware via...

26 April 2026

New NGate variant hides in a trojanized NFC payment app...

23 April 2026

Multi-Stage SEO Poisoning Campaign Targets Chinese-Speaking...

20 April 2026

Multi-Stage SEO Poisoning Campaign Targets Chinese-Speaking...

20 April 2026

A Single Operator, Two AI Platforms, Nine Government Agencies...

20 April 2026

Uptick in Bomgar RMM Exploitation...

19 April 2026

Dissecting Sapphire Sleet’s macOS intrusion from lure to compromise...

19 April 2026

Supply chain attack: Security scanner compromise leads to widespread...

17 April 2026

Eastern Handwriting: Investigating an Asian Group's Cyberattack on...

17 April 2026

When PUPs Grow Fangs: Dragon Boss Solutions' $10 Supply Chain Risk...

16 April 2026

From fake Proton VPN sites to gaming mods, this Windows infostealer...

16 April 2026

CPU-Z / HWMonitor watering hole infection – a copy-pasted attack...

16 April 2026

Emulating the Persuasive NightSpire Ransomware...

15 April 2026

Emulating the Persuasive NightSpire Ransomware...

15 April 2026

Qilin Ransomware: The Operation Powering Large-Scale Attacks in 2026...

14 April 2026

Reverse Engineering a Multi Stage File Format Steganography Chain of...

13 April 2026

STX RAT:A new RAT in 2026 with Infostealer Capabilities...

13 April 2026

Operation DualScript: Multi-Stage PowerShell Malware Targets Crypto...

13 April 2026

New Luabased malware “LucidRook” observed in targeted attacks...

11 April 2026

New Luabased malware “LucidRook” observed in targeted attacks...

11 April 2026

Operation TrueChaos: 0-Day Exploitation Against Southeast Asian...

02 April 2026

I’d come running back to EU again: TA416 resumes European government...

02 April 2026

InterLock: full tooling teardown of a ransomware operation...

02 April 2026

InterLock: full tooling teardown of a ransomware operation...

01 April 2026

From Phishing to Exfiltration: A Deep Dive into PXA Stealer...

01 April 2026

Supply Chain Compromise of axios npm Package...

01 April 2026

Weaponizing the Protectors: TeamPCP’s Multi-Stage Supply Chain Attack...

01 April 2026

Silver Fox: The only Tax Audit Where Fine Print Installs...

31 March 2026

Elastic Security Labs uncovers BRUSHWORM and BRUSHLOGGER...

29 March 2026

NICKEL ALLEY strategy: Fake it ‘til you make it...

27 March 2026

From Access to Encryption in Hours: TheGentlemen Ransomware...

27 March 2026

Converging Interests: Analysis of Threat Clusters Targeting...

27 March 2026

Pawn Storm Campaign Deploys PRISMEX, Targets Government and...

26 March 2026

Fake CAPTCHA Campaign: Inside a Multi-Stage Stealer Assault...

24 March 2026

Copyright Lures Mask a Multi‑Stage PureLog Stealer Attack on Key Industries...

23 March 2026

New A0Backdoor Linked to Teams Impersonation and Quick Assist...

21 March 2026

Free real estate: GoPix, the banking Trojan living off...

21 March 2026

Vishing and Microsoft Teams Used to Deliver PhantomBackdoor...

19 March 2026

Boggy Serpens Threat Assessment...

18 March 2026

Suspected China-Based Espionage Operation Against Military...

16 March 2026

Sednit reloaded: Back in the trenches...

13 March 2026

Chinanexus Threat Actor Targets Persian Gulf Region With PlugX...

13 March 2026

APT36:A Nightmare of Vibeware...

12 March 2026

Iranian APT Infrastructure in Focus: Mapping State-Aligned Clusters During...

11 March 2026

TAXISPY RAT : Analysis of TaxiSpy RAT - Russian Banking - Focused Android...

10 March 2026

Hydra Saiga: Covert Espionage and Infiltration of Critical Utilities...

10 March 2026

SloppyLemming Deploys BurrowShell and Rust-Based RAT to Target...

08 March 2026

Seedworm: Iranian APT on Networks of U.S. Bank, Airport, Software Company...

08 March 2026

Silver Dragon Targets Organizations in Southeast Asia and Europe...

04 March 2026

Dust Specter APT Targets Government Officials in Iraq...

04 March 2026

Mercenary Akula Hits Ukraine-Supporting Financial Institution...

03 March 2026

APT36 :Multi-Vector Execution Malware Campaign Targeting Indian...

03 March 2026

StegaBin: 26 Malicious npm Packages Use Pastebin Steganography to Deploy...

02 March 2026

New Dohdoor malware campaign targets education and health care...

28 February 2026

Exposing the Undercurrent: Disrupting the GRIDTIDE Global Cyber Espionage...

28 February 2026

Emulating the Mutative BlackByte Ransomware...

26 February 2026

North Korean Lazarus Group Now Working With Medusa Ransomware...

26 February 2026

Sticky Trail: Investigating PseudoSticky Attacks...

24 February 2026

VShell and SparkRAT Observed in Exploitation of BeyondTrust Critical Vulnerability...

20 February 2026

LockBit strikes with new 5.0 version, targeting Windows, Linux and...

16 February 2026

Amaranth-Dragon: Weaponizing CVE-2025-8088 for Targeted Espionage...

12 February 2026

Security Bulletin: UAC-0001 (APT28) Conducting Cyberattacks Against...

11 February 2026

Tech impersonators: ClickFix and MacOS infostealers...

11 February 2026

Active Exploitation of Gladinet CentreStack/Triofox Insecure Cryptography...

10 February 2026

The Shadow Campaigns: Uncovering Global Espionage...

07 February 2026

APT28’s Stealthy Multi-Stage Campaign Leveraging CVE‐2026‐21509...

06 February 2026

New year, new sector: Transparent Tribe targets India’s...

06 February 2026

Stan Ghouls targeting Russia and Uzbekistan with NetSupport...

05 February 2026

The Notepad++ supply chain attack - unnoticed execution chains...

04 February 2026

Infostealers without borders: macOS, Python stealers, and...

04 February 2026

Meet IClickFix: a widespread WordPress-targeting framework...

03 February 2026

DynoWiper update: Technical analysis and attribution...

03 February 2026

Revisiting GPUGate: Repo Squatting and OpenCL Deception...

29 January 2026

HoneyMyte updates CoolClient and deploys multiple stealers in recent campaigns...

29 January 2026

Unveiling the Weaponized Web Shell EncystPHP...

29 January 2026

Diverse Threat Actors Exploiting Critical WinRAR Vulnerability...

28 January 2026

APT Attacks Target Indian Government Using SHEETCREEP, FIREPOWER...

28 January 2026

APT Attacks Target Indian Government Using GOGITTER, GITSHELLPAD...

28 January 2026

PeckBirdy: A Versatile Script Framework for LOLBins Exploitation Used...

27 January 2026

KONNI Adopts AI to Generate PowerShell Backdoors...

23 January 2026

Osiris:New Ransomware, Experienced Attackers?...

23 January 2026

Operation Nomad Leopard: Targeted Spear-Phishing Campaign Against...

20 January 2026

Operation Covert Access: Weaponized LNK-Based Spear-Phishing Targeting Argentina’s...

20 January 2026

From Extension to Infection: An In-Depth Analysis of the Evelyn Stealer...

20 January 2026

deVixor: An Evolving Android Banking RAT with Ransomware Capabilities...

14 January 2026

Unveiling VoidLink – A Stealthy, Cloud-Native Linux Malware...

14 January 2026

In-Depth Analysis Report on LockBit 5.0: Operation and Countermeasures...

13 January 2026

Silver Fox Targeting India Using Tax Themed Phishing...

12 January 2026

Reborn in Rust: Muddy Water Evolves Tooling with RustyWater...

12 January 2026

Boto-Cor-de-Rosa campaign reveals Astaroth WhatsApp-based worm...

09 January 2026

Trial, Error, and Typos: Why Some Malware Attacks Aren't as 'Sophisticated' as You Think...

07 January 2026

UNG0801: Tracking Threat Clusters obsessed with AV Icon Spoofing targeting Israel...

07 January 2026

Analyzing PHALT#BLYX: How Fake BSODs and Trusted Build Tools Are Used to Construct a Malware Infection...

07 January 2026

LongNosedGoblin tries to sniff out governmental affairs in Southeast Asia and Japan...

06 January 2026

APT36 : Multi-Stage LNK Malware Campaign Targeting Indian Government Entities...

06 January 2026

Stealth in Layers: Unmasking the Loader used in Targeted Email Campaigns...

05 January 2026

Operation Artemis: Analysis of HWP-Based DLL Side Loading Attacks...

22 December 2025

Zscaler Threat Hunting Catches Evasive SideWinder APT Campaign...

21 December 2025

Inside Ink Dragon: Revealing the Relay Network and Inner Workings of...

19 December 2025

BlueDelta’s Persistent Campaign Against UKR.NET...

19 December 2025

BlindEagle Targets Colombian Government Agency with Caminho and DCRAT...

17 December 2025

Frogblight threatens you with a court case: a new Android banker targets Turkish users...

16 December 2025

GOLD SALEM tradecraft for deploying Warlock ransomware...

14 December 2025

Ransom Tales: Volume VI - Throwback Edition! Emulating Ryuk, Conti, and BlackCat Ransomware...

12 December 2025

Operation MoneyMount-ISO - Deploying Phantom Stealer via ISO-Mounted Executables...

12 December 2025

GrayBravo’s CastleLoader Activity Clusters Target Multiple Industries...

09 December 2025

Hook for Gold: Inside GoldFactory's Сampaign That Turns Apps Into Goldmines...

06 December 2025

Unravelling Water Saci's New Multi-Format, AI-Enhanced Attacks Propagated via WhatsApp...

05 December 2025

MuddyWater: Snakes by the riverbank...

04 December 2025

Attacks of the Striking Panda: APT31 Today...

03 December 2025

Albiriox Exposed: A New RAT Mobile Malware Targeting Global Finance and Crypto Wallets...

02 December 2025

Operation Hanoi Thief: Threat Actor targets Vietnamese IT professionals and recruitment teams...

01 December 2025

New WhatsApp Worm Can Take Over Your Account and Send Malware to All Your Contacts...

24 November 2025

Brazilian Campaign: Spreading the Malware via WhatsApp...

24 November 2025

Beyond the Watering Hole: APT24's Pivot to Multi-Vector Attacks...

21 November 2025

Blockchain and Node.js abused by Tsundere: an emerging botnet...

21 November 2025

Cooking up trouble: How TamperedChef uses signed apps to deliver stealthy payloads...

21 November 2025

Revisiting the Versatile Qilin Ransomware...

21 November 2025

SpiderLabs IDs New Banking Trojan Distributed Through WhatsApp...

20 November 2025

#StopRansomware: Akira Ransomware...

20 November 2025

China-linked Actors Maintain Focus on Organizations Influencing U.S. Policy...

19 November 2025

Ransomware Spotlight: Dragon Force...

12 November 2025

Fantasy Hub: Another Russian Based RAT as M-a-a-S...

11 November 2025

Phishing Campaigns “I Paid Twice” Targeting Booking.com Hotels...

10 November 2025

[Threat Analysis] Malware Disguised as a Health Checkup Guide Document...

10 November 2025

Crossed wires: a case study of Iranian espionage and attribution...

06 November 2025

Remote access, real cargo: cybercriminals targeting trucking...

04 November 2025

Operation Peek-a-Baku: Silent Lynx APT makes sluggish shift...

03 November 2025

Crypto wasted: BlueNoroff’s ghost mirage of funding and jobs...

29 October 2025

Unmasking The Gentlemen Ransomware: Tactics, Techniques,and...

14 September 2025

GhostRedirector poisons Windows servers: Backdoors with...

10 September 2025

Plump Spider: Technical and Strategic Analysis of an Advanced Threat...

10 September 2025

Response to CISA Advisory (AA25-239A): Countering Chinese State-Sponsored...

09 September 2025

GPUGate Malware: Malicious GitHub Desktop Implants Use Hardware...

09 September 2025

Dire Wolf Ransomware: A Threat That Combines Data...

04 September 2025

Three Lazarus RATs coming for your cheese...

02 September 2025

Warning About NightSpire Ransomware Following Cases of...

02 September 2025

Phishing Campaign Targeting Companies via UpCrypter...

01 September 2025

The Resurgence of IoT Malware: Inside the Mirai-Based Botnet...

28 August 2025

ZipLine Campaign: A Sophisticated Phishing Attack Targeting...

27 August 2025

North Korea's Fraudulent IT Employment Scheme: A Cybersecurity...

26 August 2025

GodRAT – New RAT targeting financial institutions...

26 August 2025

DeceptiveDevelopment targets freelance developers...

26 August 2025

Dissecting PipeMagic: Inside the architecture of a modular...

22 August 2025

Crypto24 Ransomware Group Blends Legitimate Tools with Custom...

19 August 2025

UAT-7237 targets Taiwanese web hosting infrastructure...

19 August 2025

Threat Actor Profile: Interlock Ransomware...

18 August 2025

Evolution of the PipeMagic backdoor: from the RansomExx incident...

18 August 2025

Scammers mass-mailing the Efimer Trojan to steal crypto...

16 August 2025

Blue Locker' Analysis: Ransomware Targeting Oil & Gas...

14 August 2025

Update WinRAR tools now: RomCom and others exploiting zero-day vulnerability...

12 August 2025

PyLangGhost RAT: Rising Stealer from Lazarus Group...

10 August 2025

Android Malware Targets Indian Banking Users...

09 August 2025

Cobalt Strike Beacon delivered via GitHub...

06 August 2025

Imperva Detects and Mitigates Rejetto HFS...

06 August 2025

TraderTraitor: Deep Dive...

05 August 2025

Ghost in the Zip | New PXA Stealer and Its Telegram...

04 August 2025

Major Cyber Attacks in July 2025: Obfuscated .LNK‑Delivered...

31 July 2025

GLOBAL GROUP: Emerging Ransomware-as-a-Service...

30 July 2025

Dropping Elephant APT Group Targets Turkish Defense Industry...

29 July 2025

Rumble in the jungle: APT41’s new target in Africa...

24 July 2025

Scanception: A QRiosity-Driven Phishing Campaign...

23 July 2025

Malware or LLM? Silent Werewolf employs new loaders to attack...

21 July 2025

Greedy Sponge Targets Mexico with AllaKore RAT and SystemBC...

20 July 2025

Phish and Chips: China-Aligned Espionage Actors Ramp Up...

19 July 2025

Threat Analysis: SquidLoader - Still Swimming Under the Radar...

17 July 2025

GhostContainer backdoor: malware compromising Exchange servers...

17 July 2025

UNG0002: Regional Threat Operations Tracked Across...

16 July 2025

Analysis of Secp0 Ransomware...

16 July 2025

Rainbow Hyena strikes again: new backdoor and shift in tactics...

15 July 2025

Batavia spyware steals data from Russian organizations...

10 July 2025

XWorm's Shape-Shifting Arsenal: Loader and Stager Variants...

10 July 2025

Fix the Click: Preventing the ClickFix Attack Vector...

10 July 2025

BERT Ransomware Group Targets Asia and Europe on Multiple...

08 July 2025

GoldMelody’s Hidden Chords: Initial Access Broker In-Memory...

08 July 2025

Targeted activity of UAC-0212 against developers and suppliers...

07 July 2025

Tracing Blind Eagle to Proton66...

05 July 2025

macOS NimDoor | DPRK Threat Actors Target Web3 and Crypto...

03 July 2025

Apt 41 Unmasked: China’s Hybrid Cyber Espionage Group...

30 June 2025

Lunar Spider – Lotus V2 Loader Campaign Using Fake CAPTCHA...

28 June 2025

Cybercriminals Abuse Open-Source Tools To Target Africa’s Financial...

27 June 2025

Uncovering a Tor-Enabled Docker Exploit

25 June 2025

Silver Fox APT Targets Public Sector via Trojanized Medical...

25 June 2025

Threat actor Banana Squad exploits GitHub repos in new campaign

18 June 2025

Fog Ransomware: Unusual Toolset Used in Recent Attack

17 June 2025

Anubis: A Closer Look at an Emerging Ransomware with Built...

17 June 2025

Clone, Compile, Compromise: Water Curse’s Open-Source...

16 June 2025

The Golden Eyed Dog (APT-Q-27) group recently carried out...

13 June 2025

Imprints of the past: F6 investigated new and previously...

12 June 2025

Analysis of the Triple Combo Threat of the Kimsuky Group...

11 June 2025

Follow the Smoke | China-nexus Threat Actors...

10 June 2025

Unpacking ClickFix: Darktrace’s detection of a prolific...

09 June 2025

From Ideology to Financial Gain: Exploring the Convergence...

07 June 2025

OtterCookie: Analysis of New Lazarus Group Malware...

06 June 2025

ViperSoftX Targeting Cryptocurrency Users...

04 June 2025

PhaaS the Secrets: The Hidden Ties Between Tycoon2FA...

02 June 2025

Silent Werewolf employs new loaders to attack Russian and...

02 June 2025