The campaign goes back to 2023 but is the subject of an alert amid conflict in the Middle East.

The botnet, which compromised routers and IoT devices in 163 countries, claimed about 369,000 victims and $5.8 million from its cybercriminal customers, officials said.

Blind spots in complex cloud environments allow identity-based attacks to achieve the same outcome as complex malware or zero-day exploits. Sophistication need not apply.

Google researchers said Chinese attackers have been exploiting a zero-day since mid-2024, and they’ve moved on to a more advanced version of Brickstorm malware called Grimbolt.

Researchers warn that half of the exposed vulnerable instances remain unpatched as in-the-wild exploitation grows rapidly.

Research from Cisco Talos and Google Threat Intelligence Group underscores the extent to which North Korea-aligned attackers attempt to avoid detection.

Phantom Taurus has stolen sensitive data from ministries of foreign affairs, embassies, diplomats and telecom networks in the Middle East, Africa and Asia, researchers said.

Researchers at NYU’s Tandon School of Engineering confirmed they created the code as part of a project to illustrate potential harms of AI-powered malware.

A new Microsoft report finds that the long-running threat group has gained positions on state-aligned ISPs and Russian telecoms, while tricking foreign embassy staff to download custom…

ESET researchers observed tens of thousands of machines infected with AsyncRAT and its variants over the past year. The open-source malware is a popular tool among cybercriminals.