“Call me back”: cybercriminals abuse Windows 10 for malware delivery
Cybercriminal abuse of Windows 10 features for callback-based malware delivery: phone-based social engineering, lure templates and detection considerations.
Blog · research & analysis
Latest analysis
Read the analysis
HTML Smuggling attack: an increasingly common technique
HTML Smuggling: payload assembly client-side from JavaScript-encoded blobs, perimeter-bypass mechanics and detection considerations for email and web gateways.
Fast extortion attacks without ransomware
Extortion-only intrusions skipping the encryption stage: rapid data theft, leak-site coercion, response time pressure and detection priorities for security teams.
Latest TrickBot cyber-gang activity
TrickBot operations update: infrastructure rebuilds, module evolution, partnership with ransomware affiliates and detection signals across recent campaigns.
Anatomy of an attack — Conti Ransomware
Conti ransomware operations: initial access patterns, Cobalt Strike pivoting, domain-controller compromise, exfiltration tooling and double-extortion mechanics.
FIN12: threat against Hospitals and Healthcare
FIN12 financially-motivated actor targeting healthcare: short dwell time, ransomware deployment patterns and operational priorities for hospital security teams.
New variant of the Jupyter malware
Jupyter (SolarMarker) malware new variant: PowerShell-driven loader, infostealer modules, persistence techniques and IOC indicators.
Backdoor inside REvil Ransomware
Backdoor discovered inside the REvil ransomware affiliate build: developer access to victim payments, affiliate-trust implications and underground reactions.
Windows bug allows RootKit installation
Windows kernel-level vulnerability enabling unsigned-driver loading: rootkit installation pathway, exploitation pre-conditions and detection considerations.
