Latest news

Cavern Manticore: Iranian-Linked APT Abuses SysAid RMM and DLL Sideloading to Deploy Modular C2 Framework
Malware

Cavern Manticore: Iranian-Linked APT Abuses SysAid RMM and DLL Sideloading to Deploy Modular C2 Framework

7 July 2026 dark6

A newly identified Iranian-linked group, Cavern Manticore, is abusing the SysAid RMM platform and DLL sideloading via WinDirStat to deploy...
PamStealer: New macOS Infostealer Disguises Itself as the Maccy Clipboard Manager
Malware

PamStealer: New macOS Infostealer Disguises Itself as the Maccy Clipboard Manager

6 July 2026 dark6

PamStealer is a newly discovered macOS infostealer that impersonates the Maccy clipboard manager, using a two-stage AppleScript-to-Rust infection chain to...
Ousaban Banking Trojan Resurfaces With Steganographic PDF Lures Targeting Spain and Portugal
Malware

Ousaban Banking Trojan Resurfaces With Steganographic PDF Lures Targeting Spain and Portugal

4 July 2026 dark6

Fortinet's FortiGuard Labs has documented a fresh wave of the Ousaban banking trojan hitting Windows users in Spain and Portugal...
AsyncRAT Trojan Hidden in 90+ Fake Software Download Sites via DLL Sideloading and ScreenConnect
Malware

AsyncRAT Trojan Hidden in 90+ Fake Software Download Sites via DLL Sideloading and ScreenConnect

3 July 2026 dark6

A stealthy campaign is hiding the AsyncRAT trojan inside fake installers for popular free software, using DLL sideloading and the...
Malicious ClawHub Skills Compromise AI Agents With Hidden Backdoors — 247,000 Installs, $2.3M Stolen
Malware

Malicious ClawHub Skills Compromise AI Agents With Hidden Backdoors — 247,000 Installs, $2.3M Stolen

30 June 2026 dark6

Researchers scanning 50,000 ClawHub skills — the official marketplace for the OpenClaw AI agent platform — found working remote control...
LokiBot Returns: Multi-Stage JScript Campaign Uses Process Injection to Steal Credentials
Malware

LokiBot Returns: Multi-Stage JScript Campaign Uses Process Injection to Steal Credentials

29 June 2026 dark6

LokiBot, the decade-old credential stealer, has resurfaced with a sophisticated multi-stage attack chain: a JScript email dropper, in-memory .NET injection,...
Shai-Hulud Malware Expands to npm Ecosystem, Stealing Cloud and CI/CD Credentials From Developers
Malware

Shai-Hulud Malware Expands to npm Ecosystem, Stealing Cloud and CI/CD Credentials From Developers

26 June 2026 dark6

A credential-stealing malware campaign known as Shai-Hulud has expanded to target developers using the Leo/RStreams npm package ecosystem, harvesting GitHub...
Operation Endgame Strikes Again: Europol Seizes StealC, Amadey and SocGholish Infrastructure — 326 Servers Down, $47M Frozen
Malware

Operation Endgame Strikes Again: Europol Seizes StealC, Amadey and SocGholish Infrastructure — 326 Servers Down, $47M Frozen

25 June 2026 dark6

Europol's Operation Endgame has dismantled the infrastructure behind StealC, Amadey, and SocGholish malware, seizing 326 servers, freezing USD 47 million...
AryStinger Botnet Hijacks 4,300+ Routers to Build Global Covert Attack Proxy Network
Malware

AryStinger Botnet Hijacks 4,300+ Routers to Build Global Covert Attack Proxy Network

23 June 2026 dark6

Researchers have uncovered AryStinger, a stealthy botnet that has hijacked over 4,300 legacy Linksys and D-Link routers by exploiting decade-old...
International Authorities Dismantle SocGholish (FakeUpdates) Malware Network — 106 Servers and 101 Domains Seized
Malware

International Authorities Dismantle SocGholish (FakeUpdates) Malware Network — 106 Servers and 101 Domains Seized

19 June 2026 dark6

International law enforcement agencies from the US, Netherlands, Canada, and Germany have dismantled the SocGholish malware network under Operation Endgame,...
Supply Chain Attack Compromises 140+ Mastra npm Packages, Targeting Developer Credentials and Crypto Wallets
Malware

Supply Chain Attack Compromises 140+ Mastra npm Packages, Targeting Developer Credentials and Crypto Wallets

18 June 2026 dark6

A sophisticated supply chain attack has compromised over 141 packages in the Mastra-AI npm ecosystem, including @mastra/core which sees 918,000...
Chinese Hackers (UNC6508) Spent Over a Year Spying on US Medical Research Institutions via REDCap
Malware

Chinese Hackers (UNC6508) Spent Over a Year Spying on US Medical Research Institutions via REDCap

17 June 2026 dark6

Google GTIG has attributed a 2+ year Chinese cyber-espionage campaign to UNC6508, which exploited REDCap medical research servers across North...