GOLD BLADE Remote DLL Sideloading Attack Deploys RedLoader
Attacks surged in July 2025 after the threat group updated its process to combine malicious LNK files and a recycled WebDAV technique
Similar Posts
Russian Hackers Target Ukrainian Organizations Using Stealthy Living-Off-the-Land Tactics
Bys sOrganizations in Ukraine have been targeted by threat actors of Russian origin with an aim to siphon sensitive data and maintain persistent access to compromised networks. The activity, according to a new report from the Symantec and Carbon Black Threat Hunter Team, targeted a large business services organization for two months and a local government…
GCP Cloud Composer Bug Let Attackers Elevate Access via Malicious PyPI Packages
Bys sCybersecurity researchers have detailed a now-patched vulnerability in Google Cloud Platform (GCP) that could have enabled an attacker to elevate their privileges in the Cloud Composer workflow orchestration service that’s based on Apache Airflow. “This vulnerability lets attackers with edit permissions in Cloud Composer to escalate their access to the default Cloud Build service account,…
CountLoader Broadens Russian Ransomware Operations With Multi-Version Malware Loader
Bys sCybersecurity researchers have discovered a new malware loader codenamed CountLoader that has been put to use by Russian ransomware gangs to deliver post-exploitation tools like Cobalt Strike and AdaptixC2, and a remote access trojan known as PureHVNC RAT. “CountLoader is being used either as part of an Initial Access Broker’s (IAB) toolset or by a…
Analysing ClickFix: 3 Reasons Why Copy/Paste Attacks Are Driving Security Breaches
Bys sClickFix, FileFix, fake CAPTCHA — whatever you call it, attacks where users interact with malicious scripts in their web browser are a fast-growing source of security breaches. ClickFix attacks prompt the user to solve some kind of problem or challenge in the browser — most commonly a CAPTCHA, but also things like fixing an error…
Cryptojacking Campaign Exploits DevOps APIs Using Off-the-Shelf Tools from GitHub
Bys sCybersecurity researchers have discovered a new cryptojacking campaign that’s targeting publicly accessible DevOps web servers such as those associated with Docker, Gitea, and HashiCorp Consul and Nomad to illicitly mine cryptocurrencies. Cloud security firm Wiz, which is tracking the activity under the name JINX-0132, said the attackers are exploiting a wide range of known misconfigurations…
Detecting fraudulent North Korean hires: A CISO playbook
Bys sHas a North Korean threat actor applied for a position at your organization, or even been hired? We’re sharing a toolkit to help you detect and avoid that risk.