Campaign 2025 2026(5) 2025(58) 2024(58) 2023(1) 2022(0)
DATE |
NAME |
INFO |
CATEGORY |
SUBCATE |
|
20.12.25 |
EXECUTIVE SUMMARY CYFIRMA examines a sophisticated phishing campaign that leverages QR-code-based delivery, commonly referred to as “quishing,” to target employees with |
|||
|
8.12.25 |
MuddyWater campaign analysis reveals macro-based delivery, extensive anti-analysis techniques, and shared infrastructure links |
|||
|
26.11.25 |
The Korean Leaks – Analyzing the Hybrid Geopolitical Campaign Targeting South Korean Financial Services With Qilin RaaS |
|||
|
24.11.25 |
Detect and mitigate malicious npm packages linked to the recent Shai-Hulud-style campaign. Over 25,000 affected repositories across ~350 unique users. |
|||
|
24.11.25 |
It's another Monday morning, sitting down at the computer. And I see a stack of alerts from the last hour of packages showing signs of malware in our triage queue. Having not yet finished my first cup of coffee, I see Shai Hulud indicators. Y |
|||
|
23.11.25 |
The Great Indonesian TEA Theft: Analyzing a NPM Spam Campaign |
SPAM |
||
|
18.11.25 |
SmartApeSG campaign uses ClickFix page to push NetSupport RAT |
CAMPAIGN |
||
|
18.11.25 |
EVALUSION Campaign Delivers Amatera Stealer and NetSupport RAT |
CAMPAIGN |
||
|
15.11.25 |
SpearSpecter |
Israel National Digital
Agency researchers have uncovered an ongoing, sophisticated espionage
campaign, |
BIGBROTHER |
|
|
14.11.25 |
CRIL analyzed an active phishing campaign leveraging HTML-based Telegram bot credential harvesters designed to mimic multiple prominent brands |
PHISHING |
||
|
13.11.25 |
The Great Indonesian TEA Theft: Analyzing a NPM Spam Campaign |
SPAM |
||
|
10.11.25 |
Phishing Campaigns “I Paid Twice” Targeting Booking.com Hotels and Customers |
PHISHING |
||
|
26.10.25 |
Odyssey Stealer and AMOS Campaign Targets macOS Developers Through Fake Tools |
Malware |
||
|
25.10.25 |
The Smishing Deluge: China-Based Campaign Flooding Global Text Messages |
|||
|
25.10.25 |
Jingle Thief: Inside a Cloud-Based Gift Card Fraud Campaign |
|||
|
22.10.25 |
PassiveNeuron: a sophisticated campaign targeting servers of high-profile organizations |
|||
|
13.10.25 |
RondoDox: From Targeting Pwn2Own Vulnerabilities to Shotgunning Exploits |
|||
|
12.10.25 |
Inside Akira’s SonicWall Campaign: Darktrace’s Detection and Response |
CAMPAIGN |
||
|
7.10.25 |
Investigating active exploitation of CVE-2025-10035 GoAnywhere Managed File Transfer vulnerability |
CAMPAIGN |
||
|
5.10.25 |
Smash and Grab: Aggressive Akira Campaign Targets SonicWall VPNs, Deploys Ransomware in an Hour or Less |
Ramsomware |
||
|
4.10.25 |
Network edge devices such as routers, switches, firewalls, VPNs, and access points are being targeted by waves of cyberattacks. |
CAMPAIGN |
||
|
3.10.25 |
New spyware campaigns target privacy-conscious Android users in the UAE |
|||
|
17.9.25 |
With the evolution of cyber threats, the final execution of a malicious payload is no longer the sole focus of the cybersecurity industry. |
|||
|
17.9.25 |
The GhostAction Campaign: 3,325 Secrets Stolen Through Compromised GitHub Workflows |
CAMPAIGN |
||
|
16.9.25 |
FileFix in the wild! New FileFix campaign goes beyond POC and leverages steganography |
CAMPAIGN |
||
|
11.9.25 |
Behind the Mask of Madgicx Plus: A Chrome Extension Campaign Targeting Meta Advertisers |
Social |
||
|
29.8.25 |
TAOTH Campaign Exploits End-of-Support Software to Target Traditional Chinese Users and Dissidents |
Exploit |
||
|
27.8.25 |
ZipLine Campaign: A Sophisticated Phishing Attack Targeting US Companies |
Phishing |
||
|
26.8.25 |
Israel National Digital Agency Uncovers Global Cyberattack Campaign “ShadowCaptcha” |
CAMPAIGN |
||
|
26.8.25 |
Deception in Depth: PRC-Nexus Espionage Campaign Hijacks Web Traffic to Target Diplomats |
CAMPAIGN |
||
|
13.8.25 |
MaaS operation using Emmenhtal and Amadey linked to threats against Ukrainian entities |
CAMPAIGN |
||
|
22.7.25 |
LARVA-208 , known for its phishing attacks and social engineering tactics targeting English-speaking IT staff through phone calls, has adopted a new technique in its operations. |
CAMPAIGN |
||
|
2.7.25 |
(a.k.a. Cuba, STORM-0978, Tropical Scorpius, UNC2596) is
a Russian-speaking cyber espionage group that has actively deployed the
RomCom |
CAMPAIGN |
||
|
26.6.25 |
The surge in ClickFix campaigns also coincides with the discovery of various phishing campaigns that |
CAMPAIGN |
||
|
20.6.25 |
Shadow Vector targets Colombian users via privilege escalation and court-themed SVG decoys |
CAMPAIGN |
||
|
20.6.25 |
Since March 2025, Check Point Research has been tracking malicious GitHub repositories targeting Minecraft users with an undetected Java downloader. |
CAMPAIGN |
||
|
20.6.25 |
Analyzing SERPENTINE#CLOUD: Threat Actors Abuse Cloudflare Tunnels to Infect Systems with Stealthy Python-Based Malware |
CAMPAIGN |
||
|
14.6.25 |
JSFireTruck: Exploring Malicious JavaScript Using JSF*ck as an Obfuscation Technique |
CyberCrime |
||
|
1.6.25 |
GreyNoise Discovers Stealthy Backdoor Campaign Affecting Thousands of ASUS Routers |
CAMPAIGN |
||
| 19.4.25 | Smishing Triad | Smishing Triad: Chinese eCrime Group Targets 121+ Countries, Intros New Banking Phishing Kit | SPAM | |
| 17.4.25 | Sponsored Actors Try ClickFix | Around the World in 90 Days: State-Sponsored Actors Try ClickFix | CAMPAIGN | |
|
6.4.25 |
PoisonSeed Campaign | PoisonSeed Campaign Targets CRM and Bulk Email Providers in Supply Chain Spam Operation | SPAM | |
| 3.4.25 | Stripe API Skimming Campaign | Stripe API Skimming Campaign: Additional Victims and Insights | Skimming | |
|
28.3.25 |
Juniper Routers, Network Devices Targeted with Custom Backdoors |
MALWARE |
||
|
28.3.25 |
Gamaredon campaign abuses LNK files to distribute Remcos backdoor |
MALWARE |
||
|
25.3.25 |
.NET MAUI | New Android Malware Campaigns Evading Detection Using Cross-Platform Framework .NET MAUI | Malware | |
|
20.3.25 |
ClearFake | ClearFake’s New Widespread Variant: Increased Web3 Exploitation for Malware Delivery | MALWARE | |
| 10.3.25 | Desert Dexter. Attacks | Desert Dexter. Attacks on Middle Eastern countries | Malware | |
|
8.3.25 | Phishing Campaign Using Private Video Sharing | We’re aware that phishers have been sharing private videos to send false videos, including an AI generated video of YouTube’s CEO Neal Mohan announcing changes in monetization. | PHISHING | |
|
8.3.25 | Snail Mail Fail | Snail Mail Fail: Fake Ransom Note Campaign Preys on Fear | Ransom | |
| 25.2.25 | GitVenom campaign | The GitVenom campaign: cryptocurrency theft using GitHub | CRYPTOCURRENCY | |
| 22.2.25 | DeceptiveDevelopment | Cybercriminals have been known to approach their targets under the guise of company recruiters, enticing them with fake employment offers. | Malware | |
| 18.2.25 | RevivalStone | The China-linked threat actor known as Winnti has been attributed to a new campaign dubbed RevivalStone that targeted Japanese companies in the manufacturing, materials, and energy sectors in March 2024. | APT | |
| 18.2.25 | Earth Freybug’s | Stealth in the Shadows: Dissecting Earth Freybug’s Recent Campaign and Operational Techniques | Malware | |
| 15.2.25 | DEEP#DRIVE | Analyzing DEEP#DRIVE: North Korean Threat Actors Observed Exploiting Trusted Platforms for Targeted Attacks | APT | |
| 15.2.25 | BadPilot | The BadPilot campaign: Seashell Blizzard subgroup conducts multiyear global access operation | Operation | |
| 10.2.25 | Webflow CDN | New Phishing Campaign Abuses Webflow, SEO, and Fake CAPTCHAs | Phishing | |
|
18.1.25 | GSocket Gambling Scavenger | GSocket Gambling Scavenger – How Hackers Use PHP Backdoors and GSocket to Facilitate Illegal Gambling in Indonesia | CAMPAIGN | |