Finding Minhook in a sideloading attack – and Sweden too
Multifaceted changes in TTPs illustrate what researchers see when they start digging
Similar Posts
TA558 Uses AI-Generated Scripts to Deploy Venom RAT in Brazil Hotel Attacks
Bys sThe threat actor known as TA558 has been attributed to a fresh set of attacks delivering various remote access trojans (RATs) like Venom RAT to breach hotels in Brazil and Spanish-speaking markets. Russian cybersecurity vendor Kaspersky is tracking the activity, observed in summer 2025, to a cluster it tracks as RevengeHotels. “The threat actors continue…
Critical NVIDIA Container Toolkit Flaw Allows Privilege Escalation on AI Cloud Services
Bys sCybersecurity researchers have disclosed a critical container escape vulnerability in the NVIDIA Container Toolkit that could pose a severe threat to managed AI cloud services. The vulnerability, tracked as CVE-2025-23266, carries a CVSS score of 9.0 out of 10.0. It has been codenamed NVIDIAScape by Google-owned cloud security company Wiz. “NVIDIA Container Toolkit for all…
DragonForce Exploits SimpleHelp Flaws to Deploy Ransomware Across Customer Endpoints
Bys sThe threat actors behind the DragonForce ransomware gained access to an unnamed Managed Service Provider’s (MSP) SimpleHelp remote monitoring and management (RMM) tool, and then leveraged it to exfiltrate data and drop the locker on multiple endpoints. It’s believed that the attackers exploited a trio of security flaws in SimpleHelp (CVE-2024-57727, CVE-2024-57728, and CVE-2024-57726) that…
ThreatsDay Bulletin: Edge Plaintext Passwords, ICS 0-Days, Patch-or-Die Alerts and 25+ New Stories
Bys sBad week. Turns out the easiest way to get hacked in 2026 is still the same old garbage: shady packages, fake apps, forgotten DNS junk, scam ads, and stolen logins getting dumped into Discord channels like it’s normal. Some of these attack chains don’t even feel sophisticated anymore. More like some tired guy with a…
Over 1,000 Exposed ComfyUI Instances Targeted in Cryptomining Botnet Campaign
Bys sAn active campaign has been observed targeting internet-exposed instances running ComfyUI, a popular stable diffusion platform, to enlist them into a cryptocurrency mining and proxy botnet. “A purpose-built Python scanner continuously sweeps major cloud IP ranges for vulnerable targets, automatically installing malicious nodes via ComfyUI-Manager if no exploitable node is already
Cyberattack pushes German napkin company into insolvency
Bys sIt is not often that a ransomware attack or cyberattack is wholly responsible for a business failing. With each such claim that is investigated, we sometimes find that an entity was already in financial distress and the attack may just have been one stress too many. Maike Krebber reports: A cyberattack has potentially serious consequences…