DPRK Crypto Theft | macOS RustBucket Droppers Pivot to Deliver KandyKorn Payloads
Two apparently separate North Korean crypto theft campaigns targeting macOS users appear to be linked as threat actors mix and match droppers and payloads.
C3RB3R Ransomware | Ongoing Exploitation of CVE-2023-22518 Targets Unpatched Confluence Servers - SentinelOne
Learn how threat actors are exploiting Confluence CVE-2023-22518 to deploy Cerber ransomware on Linux and Windows hosts.
Predator AI | ChatGPT-Powered Infostealer Takes Aim at Cloud Platforms
An emerging infostealer being sold on Telegram looks to harness generative AI to streamline cyber attacks on cloud services.
macOS MetaStealer | New Family of Obfuscated Go Infostealers Spread in Targeted Attacks
The rise of macOS infostealers continues with the latest entrant aiming to compromise business environments with targeted social engineering lures.
XLoader's Latest Trick | New macOS Variant Disguised as Signed OfficeNote App
Notorious botnet and infostealer XLoader makes a return to macOS with a new dropper and malware payload.
The New Frontline of Geopolitics | Understanding the Rise of State-Sponsored Cyber Attacks
Understanding the complex threat landscape facing businesses today from state-sponsored cyber attacks is crucial to effective cyber defense.
Apple Crimeware | Massive Rust Infostealer Campaign Aiming for macOS Sonoma Ahead of Public Release
Crimeware actors have launched an extensive campaign to target macOS users with malware disguised in multiple fake blockchain games.
BlueNoroff | How DPRK’s macOS RustBucket Seeks to Evade Analysis and Detection -
Threat actors are using increasingly sophisticated forms of evasion and anti-analysis as they respond to increased attention to macOS security in the enterprise.
Atomic Stealer | Threat Actor Spawns Second Variant of macOS Malware Sold on Telegram
A macOS infostealer being sold on Telegram, Atomic Stealer has a second variant that appears primed to target users directly on YouTube.
LockBit for Mac | How Real is the Risk of macOS Ransomware?
Discovery of a macOS variant of LockBit has caused alarm, but how serious a threat is it? We explore the malware and the threat of ransomware on Apple Macs.
Winter Vivern | Uncovering a Wave of Global Espionage
SentinelLabs uncover a previously unknown set of espionage campaigns conducted by Winter Vivern advanced persistent threat (APT) group.
Session Cookies, Keychains, SSH Keys and More | 7 Kinds of Data Malware Steals from macOS Users
Stealing data from Mac devices can unlock the door for both financially-motivated cybercrime and espionage. Learn how recent macOS malware does it.
BlackMamba ChatGPT Polymorphic Malware | A Case of Scareware or a Wake-up Call for Cyber Security?
The rise of publicly-accessible Al models like ChatGPT has produced some interesting attempts to create malware. How seriously should defenders take them?
Hunting for Honkbox | Multistage macOS Cryptominer May Still Be Hiding
A cryptominer that uses the Invisible Internet protocol, Honkbox variants could still be evading some detection solutions.
.NET Virtualization Thrives in Malvertising Attacks
.NET malware loaders distributed through malvertising are using obfuscated virtualization for anti-analysis and evasion in an ongoing campaign.
Breaking Down the SEO Poisoning Attack | How Attackers Are Hijacking Search Results
SEO poisoning is gaining momentum as threat actors leverage malicious ads to deliver malware through web browser searches.
7 Ways Threat Actors Deliver macOS Malware in the Enterprise
Stay ahead of the game with our review on macOS malware threats. Learn about the top techniques used by threat actors to deliver malware and how to build more resilient defenses.
Pro-Russia hackers use Telegram, GitHub to attack Czech presidential election
The Record by Recorded Future gives exclusive, behind-the-scenes access to leaders, policymakers, researchers, and the shadows of the cyber underground.
NoName057(16) - The Pro-Russian Hacktivist Group Targeting NATO
In the name of Russia's war in Ukraine, NoName057(16) abuses GitHub and Telegram in an ongoing campaign to disrupt NATO's critical infrastructure.
Winter Vivern | Uncovering a Wave of Global Espionage
SentinelLabs uncover a previously unknown set of espionage campaigns conducted by Winter Vivern advanced persistent threat (APT) group.
Session Cookies, Keychains, SSH Keys and More | 7 Kinds of Data Malware Steals from macOS Users
Stealing data from Mac devices can unlock the door for both financially-motivated cybercrime and espionage. Learn how recent macOS malware does it.
BlackMamba ChatGPT Polymorphic Malware | A Case of Scareware or a Wake-up Call for Cyber Security?
The rise of publicly-accessible Al models like ChatGPT has produced some interesting attempts to create malware. How seriously should defenders take them?
Hunting for Honkbox | Multistage macOS Cryptominer May Still Be Hiding
A cryptominer that uses the Invisible Internet protocol, Honkbox variants could still be evading some detection solutions.
.NET Virtualization Thrives in Malvertising Attacks
.NET malware loaders distributed through malvertising are using obfuscated virtualization for anti-analysis and evasion in an ongoing campaign.
Breaking Down the SEO Poisoning Attack | How Attackers Are Hijacking Search Results
SEO poisoning is gaining momentum as threat actors leverage malicious ads to deliver malware through web browser searches.
7 Ways Threat Actors Deliver macOS Malware in the Enterprise
Stay ahead of the game with our review on macOS malware threats. Learn about the top techniques used by threat actors to deliver malware and how to build more resilient defenses.
Pro-Russia hackers use Telegram, GitHub to attack Czech presidential election
The Record by Recorded Future gives exclusive, behind-the-scenes access to leaders, policymakers, researchers, and the shadows of the cyber underground.
NoName057(16) - The Pro-Russian Hacktivist Group Targeting NATO
In the name of Russia's war in Ukraine, NoName057(16) abuses GitHub and Telegram in an ongoing campaign to disrupt NATO's critical infrastructure.