GOLD SALEM tradecraft for deploying Warlock ransomware
Analysis of the tradecraft evolution across 6 months and 11 incidents
Similar Posts
Texas gastroenterology and surgical practice victim of ransomware attack
Bys sThe InterLock ransomware leak site recently added Texas Digestive Specialists to its listings, claiming to have exfiltrated (and leaked) 263 GB of data consisting of 16,920 folders with 215,245 files. Finding no indication of anything amiss or any breach disclosure on the medical group’s website, DataBreaches sampled selectively from the data tranche. We noticed evidence…
Fake Moltbot AI Coding Assistant on VS Code Marketplace Drops Malware
Bys sCybersecurity researchers have flagged a new malicious Microsoft Visual Studio Code (VS Code) extension for Moltbot (formerly Clawdbot) on the official Extension Marketplace that claims to be a free artificial intelligence (AI) coding assistant, but stealthily drops a malicious payload on compromised hosts. The extension, named “ClawdBot Agent – AI Coding Assistant” (“clawdbot.clawdbot-agent”)
EFF Leads Prominent Security Experts in Urging Trump Administration to Leave Chris Krebs Alone
Bys sDataBreaches has signed the letter, too, and encourages others to sign it. The administration’s attempts to censor honest reporting just because it disagrees with their political agenda and revenge campaign must stop. April 28 – SAN FRANCISCO – The Trump Administration must cease its politically motivated investigation of former U.S. Cybersecurity and Infrastructure Security Agency…
ThreatsDay Bulletin: $176M Crypto Fine, Hacking Formula 1, Chromium Vulns, AI Hijack & More
Bys sCriminals don’t need to be clever all the time; they just follow the easiest path in: trick users, exploit stale components, or abuse trusted systems like OAuth and package registries. If your stack or habits make any of those easy, you’re already a target. This week’s ThreatsDay highlights show exactly how those weak points are…
Noodlophile Malware Campaign Expands Global Reach with Copyright Phishing Lures
Bys sThe threat actors behind the Noodlophile malware are leveraging spear-phishing emails and updated delivery mechanisms to deploy the information stealer in attacks aimed at enterprises located in the U.S., Europe, Baltic countries, and the Asia-Pacific (APAC) region. “The Noodlophile campaign, active for over a year, now leverages advanced spear-phishing emails posing as copyright infringement
“Louvre” as a password, outdated software, impossible updates… Ten years of IT security breaches at the world’s leading museum
Bys sThe headline, and the text that follows, is a machine translation of an article by Brice Le Borgne that appeared in Liberation on November 1, 2025: “The museum’s security systems did not fail,” insisted Culture Minister Rachida Dati shortly after the spectacular burglary at the Louvre Museum on October 19. Ten days later, the tone had changed. On……