Threat Research

TUXBOT v3 Evolution, also known as Akiru, is a previously undocumented modular IoT botnet framework designed for large-scale device compromise and DDoS-for-hire operations. The framework targets multiple IoT device families through vulnerability exploitation and extensive Telnet brute-forcing, supporting numerous hardware architectures and encrypted C2 communications....

In late April 2026, we were retained for incident response after a client detected unauthorized cryptocurrency miners on user workstations. Our investigation revealed the malware was delivered through illicit movie and TV streaming platforms using a deceptive video player plugin update....

First VPN Service was a criminally oriented VPN infrastructure that operated for over a decade and was widely used by ransomware groups and other cybercriminals to conduct network reconnaissance, intrusions, scanning, botnet activity, denial-of-service attacks, and scams....

A malware campaign is targeting users searching for open-source C++ IDE software by redirecting them from legitimate websites to fake MEGA Transfer pages that deliver RemusStealer....

Security researchers have discovered OverlayPhantom, a new Android banking trojan spreading through malicious URLs. The malware utilizes a two-stage infection process, relying on dropper apps that impersonate trusted platforms like TikTok and the Austrian government’s "ID Austria" app to trick users....

We recently uncovered a phishing campaign delivering a variant of PureLogs, an infostealer designed to harvest sensitive data from compromised devices. This report breaks down the campaign's mechanics, analyzing the deceptive "purchase order" emails used to trick victims and the inner workings of the initial JavaScript payload....

Device code phishing has rapidly evolved into a major identity-focused attack technique, driven by publicly available phishing toolkits, phishing-as-a-service (PhaaS) offerings, and AI-assisted “vibe coded” tools....

An Iran-linked APT group known as Screening Serpens conducted targeted cyberespionage campaigns against organizations in the U.S., Israel, the UAE, and other Middle Eastern regions during early 2026....

Void Dokkaebi (also known as Famous Chollima) has evolved its InvisibleFerret malware by shifting from readable Python scripts to Cython-compiled binaries, improving evasion and making detection more difficult....

The Guardrails-AI incident highlights the growing sophistication of software supply chain attacks targeting AI and developer ecosystems. Even trusted and widely adopted packages can become delivery mechanisms for malicious payloads when repository infrastructure, CI/CD workflows, or deployment credentials are compromised....