Hundreds of popular add‑ons used encrypted, URL‑sized payloads to send search queries, referrers, and timestamps to outside servers, in some cases tied to data brokers and unknown operators.

North Korea-linked ScarCruft’s Ruby Jumper uses Zoho WorkDrive C2 and USB malware to breach air-gapped systems for ...

IntroductionIn December 2025, Zscaler ThreatLabz discovered a campaign linked to APT37 (also known as ScarCruft, Ruby Sleet, and Velvet Chollima), which is a DPRK-backed threat group. In this campaign ...

Underground Telegram channels shared SmarterMail exploit PoCs and stolen admin credentials within days of disclosure. Flare explains how monitoring these communities reveals rapid weaponization of CVE ...

Aeternum C2, a native C++ botnet loader, operates on smart contracts on the Polygon blockchain, increasing its resilience.

Keenadu firmware backdoor infects Android tablets via signed OTA updates, enabling remote control, ad fraud, and data theft across 13,715 devices.

Malicious MEV attacks pose a significant threat to traders on Ethereum. Our latest research shows that almost 2,000 sandwich ...

M-code is more resistant to jamming, and its encryption makes it more difficult to spoof, a kind of attack that makes ...

North Korean hackers are deploying newly uncovered tools to move data between internet-connected and air-gapped systems, spread via removable drives, and conduct covert surveillance.

When ransomware strikes, IT leaders face a deceptively simple question: How confident are you that you have clean data for ...

Danish company Renegade UxS delivered approximately 10,000 of their Nightmare first-person view (FPV) unmanned aircraft ...

A suspected Chinese espionage group exploited hardcoded admin credentials in Dell RecoverPoint for Virtual Machines to deploy ...