Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Remote Access Trojans (RATs) continue to be one of the most actively traded malware categories across dark web forums. Their appeal lies in flexibility: a single framework can support espionage, credential theft, ransomware staging, or long-term persistence. Recently our team Identified a dark web actor advertised a tool called“noobsaiBOT”, claiming it to be a fully custom, stealth-focused RAT with source code included, priced at$20,000 and offered as a one-time exclusive sale.

During routine threat research and monitoring of Chinese-language underground distribution channels, our team identified a malicious RAR archive. Specifically, this archive abuses a critical WinRAR directory traversal vulnerability to achieve arbitrary file write and persistence on Windows systems. To accomplish this, the archive leverages a combination of NTFS Alternate Data Streams (ADS) and directory traversal logic.

The digital threats facing critical infrastructure—from energy grids and water treatment plants to hospitals and financial systems—are no longer theoretical. Nation-state actors and organized cybercrime are relentlessly targeting these essential services. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has responded with the updated Cybersecurity Performance Goals (CPG) 2.0, moving the industry beyond simple compliance toward verifiable cybersecurity resilience.

On December 3, 2025, CVE-2025-55182, a critical remote code execution (RCE) vulnerability in React Server Components (RSC), dubbed “React2Shell.” This flaw, carrying a maximum CVSS v3.1 score of 10.0 (Attack Vector: Network; Attack Complexity: Low; Privileges Required: None; User Interaction: None; Scope: Unchanged; Confidentiality/Integrity/Availability: High), stems from unsafe deserialization in the RSC “Flight” protocol.

Stealc, an information-stealing malware operating as Malware-as-a-Service (MaaS), has emerged as a potent tool in the cybercriminal arsenal since its debut in early 2023. Advertised on Russian-speaking underground forums. Established stealers such as Vidar, Raccoon, Mars, and RedLine, offering customizable data exfiltration for browsers, cryptocurrency wallets, and applications. Its non-resident design minimizes footprints, enabling stealthy theft of credentials, cookies, autofill data, and files.

The Mirai botnet, first unleashed in 2016, continues to evolve into increasingly sophisticated variants, posing severe risks to the Internet of Things(IoT) ecosystem. This report examines the Jackskid Botnet—a newly identified Mirai derivative—characterized by its aggressive propagation via zero-day exploits and brute-force attacks, resulting in daily active bot IPs surpassing 40,000 as of late November 2025.

In the digital age, where a smartphone holds the keys to our lives—messages, photos, locations, secrets—few threats loom as insidiously as Pegasus. Developed by Israel’s NSO Group, this zero-click spyware doesn’t need you to tap a link or download a file. Instead, it slips in silently via a missed iMessage, a WhatsApp call you ignore, or a system notification you never see.

The software supply chain has come under assault once again with the resurgence of the Shai-Hulud npm worm—now significantly more advanced, more destructive, and far more widespread. Consequently, what is quickly being described as one of the most serious active threats to the npm ecosystem, the second wave of the Shai-Hulud campaign has compromised at least 600 npm packages, collectively downloaded more than 100 million times. One of the most alarming aspects of this campaign is its origin point.

In today’s digital landscape, the volume and complexity of cyber threats are staggering. Security teams are constantly drowning in a tsunami of data—raw threat feeds, security alerts, and endless reports. Consequently, this data overload leads to alert fatigue, making it nearly impossible to distinguish a critical, targeted attack from simple digital background noise. Furthermore, if you’re relying on manual processes and disparate tools, you’re always playing catch-up.

Our intelligence team has uncovered a fresh escalation in state-sponsored cyber espionage targeting enterprise update infrastructure. A critical remote code execution (RCE) vulnerability in Microsoft Windows Server Update Services (WSUS), designated CVE-2025-59287, is now actively exploited by Chinese-linked advanced persistent threat ( APT) groups. These actors leverage the flaw to deploy ShadowPad, a modular backdoor long favored in espionage operations.