%term

Donuts and Beagles: Fake Claude site spreads backdoor

May 7, 2026 By Chaitanya Ghorpade In Sophos

A malicious imitation of Anthropic’s Claude site leads to DLL sideloading – and a backdoor As we reported on social media recently, Sophos X-Ops has been investigating reports of a fake Claude AI website distributing malware. Like other researchers, we thought this might be a PlugX-like campaign, given that the attack chain shares several characteristics with observed PlugX attacks.

Read Post

Sophos

Read more about Donuts and Beagles: Fake Claude site spreads backdoor

The Brief: GARUDA C2 Malware

May 6, 2026 By Kroll In Kroll

This article provides an overview of Kroll’s investigation of the GARUDA C2 malware. Stay tuned for our upcoming white paper which will provide a deep dive into the malware’s architecture; command and control tradecraft; observed threat actor tactics, techniques and procedures; and actionable detection and mitigation guidance.

Read Post

Kroll

Read more about The Brief: GARUDA C2 Malware

The Terrorist Designation: A New Red Line for Ransomware with Cynthia Kaiser

May 5, 2026 By Rubrik In Rubrik

In this episode, host ⁠Caleb Tolin⁠ explores the battlefield of enterprise defense, which has moved from simple data theft to ultra heinous crimes that put patient outcomes at risk. Guest ⁠Cynthia Kaiser⁠ shares Battlefield Stories from her time at the FBI and her current work as SVP of the Ransomware Research Center at ⁠Halcyon⁠ (@halcyonsecurity ) illustrating how the industrialization of cybercrime has reached a tipping point. They dive into the alarming reality of modern dwell times, specifically looking at how groups like Akira move from initial access to full encryption in as little as one hour.

View Video

Rubrik

Read more about The Terrorist Designation: A New Red Line for Ransomware with Cynthia Kaiser

Your Backups Know More Than You Think

May 5, 2026 By Rubrik In Rubrik

You may not be aware of how valuable your backups are: they can contain extremely valuable information that leaves a record of what your other security tools may have missed. This is just one of the many interesting tidbits Kyle Fiehler provided on his recent episode of Data Security Decoded. Kyle also explains how threat actors exploit backup blind spots, why identity and recovery are now prime attack surfaces, and how security leaders can rethink MTTR.

View Video

Rubrik

Read more about Your Backups Know More Than You Think

Lorem Ipsum Malware: Trojanized MS Teams Installers Deliver Multi-Stage Loader and Backdoor

May 4, 2026 By Thomas Elkins and Joshua Green In BlueVoyant

BlueVoyant Security Operations Center (SOC) and Threat Fusion Cell (TFC) security researchers have been tracking an emerging, rapidly maturing threat group conducting a global SEO-poisoning campaign that distributes trojanized Microsoft Teams installers. These installers ultimately deploy a multi-stage shellcode loader and backdoor BlueVoyant has designated Lorem Ipsum.

Read Post

BlueVoyant

Read more about Lorem Ipsum Malware: Trojanized MS Teams Installers Deliver Multi-Stage Loader and Backdoor

You Wouldn't Download a Shipment - The 443 Podcast - Episode 369

May 4, 2026 By WatchGuard Technologies In WatchGuard

This week on the podcast, we discuss a recent warning from the FBI about hacking leading to stolen shipments. Before that, we cover the Vercel software supply chain incident before discussing the Vect Ransomware-as-a-service turned accidental wiper.

View Video

WatchGuard

Read more about You Wouldn't Download a Shipment - The 443 Podcast - Episode 369

VENOMOUS#HELPER: Dual-RMM Phishing Campaign Leveraging JWrapper-Packaged SimpleHelp and ScreenConnect for Silent Remote Access

May 4, 2026 By Akshay Gaikwad, Shikha Sangwan, Aaron Beardslee In Securonix

Phishing campaigns leveraging remote management tools is nothing new. Securonix Threat Research has conducted in-depth dynamic analysis of an ongoing phishing campaign targeting multiple vectors, active since at least April 2025. The campaign has impacted over 80 organizations, predominantly in the United States, spanning multiple sectors. This campaign leverages vendor-signed Remote Monitoring and Management (RMM) software to establish silent, persistent access.

Read Post

Securonix

Read more about VENOMOUS#HELPER: Dual-RMM Phishing Campaign Leveraging JWrapper-Packaged SimpleHelp and ScreenConnect for Silent Remote Access

OUT OF BAND | The Breaking Point: Inside Mythos' Zero-Day Machine with Anthropic's Nicholas Carlini

Apr 30, 2026 By Rubrik In Rubrik

Nicole Perlroth sits down with Nicholas Carlini for an Out of Band conversation on the imminent zero-day surge. Carlini explains what Mythos can already do: find and exploit flaws in some of the world’s most hardened, widely deployed software—with minimal human input. He details what Mythos has already hacked, which now includes most of the operating systems in use.

View Video

Rubrik

Read more about OUT OF BAND | The Breaking Point: Inside Mythos' Zero-Day Machine with Anthropic's Nicholas Carlini

"A Mini Shai-Hulud Has Appeared": Bun-Based Stealer Hits SAP @cap-js and mbt npm Packages

Apr 29, 2026 By Stephen Thoemmes In Snyk

On April 29, 2026, attackers published malicious versions of four npm packages in the SAP development ecosystem: mbt, @cap-js/db-service, @cap-js/sqlite, and @cap-js/postgres. Each compromised release ships a preinstall hook that downloads the Bun JavaScript runtime from GitHub Releases and uses it to execute an ~11.6 MB obfuscated credential stealer.

Read Post

Snyk

Read more about "A Mini Shai-Hulud Has Appeared": Bun-Based Stealer Hits SAP @cap-js and mbt npm Packages

Fake Ransomeware Scam

Apr 29, 2026 By KnowBe4 | Human Risk Management In KnowBe4

A Flashy pop-up + a huge ransom demand = FAKE. "Your files aren't encrypted." It's theater designed to panic you into paying. Close the browser. Don't click and don't pay. Real ransomware doesn't need the dramatics. Fake ones do.

View Video