New Golang-based malware we have dubbed GoBruteforcer targets web servers. Golang is becoming popular with malware programmers due to its versatility.

PlugX remains an active threat. A newly discovered variant infects USB devices and a similar variant makes copies of PDF and Microsoft Word files.

We observed a recent spate of supply chain attacks attempting to exploit CVE-2021-35394, affecting IoT devices with chipsets made by Realtek.

Meddler-in-the-Middle (MitM) phishing attacks show how threat actors find ways to get around traditional defenses and advice.

Vice Society, a ransomware gang, has been involved in high-profile activity against schools this year.

Unit 42 researchers examine several malware samples that incorporate Cobalt Strike components, and discuss some of the ways that we catch these samples by analyzing artifacts from the deltas in process memory at key points of execution. We will also discuss the evasion tactics used by these threats, and other issues that make their analysis problematic.

Understanding banking Trojan techniques can help detect other activities of financially motivated threat groups.

Ransom Cartel is ransomware as a service (RaaS) that exhibits several similarities to and technical overlaps with REvil ransomware. Read our overview.

Users often store passwords in third-party software for convenience – but credential gathering techniques can target this behavior.