Threat Research

    PeckBirdy: A Versatile Script Framework for LOLBins Exploitation Used by China-aligned Threat Groups

    PeckBirdy is a JavaScript-based command-and-control framework used by China-aligned APT actors since 2023. It is designed for cross-environment execution, enabling flexible and scalable deployment. Two modular backdoors, HOLODONUT and MKDOOR, extend its capabilities beyond the core framework....
    1/27/2026  0
    Read More »

    ShadowV2 Casts a Shadow Over IoT Devices

    At the end of October, during a global AWS connectivity disruption, Labs detected malware known as “ShadowV2” exploiting IoT vulnerabilities to spread. The incidents impacted multiple countries and affected seven different industries. To date, the malware has only been observed operating during the major AWS outage window....
    11/27/2025  0
    Read More »

    RondoDox: From Targeting Pwn2Own Vulnerabilities to Shotgunning Exploits

    A major botnet campaign, dubbed RondoDox, is actively exploiting over 50 known vulnerabilities in routers, DVRs, NVRs, CCTV systems, and web servers from more than 30 vendors. Organizations with internet-facing infrastructure face heightened risks of data theft, persistent access, and operational disruption....
    10/10/2025  0
    Read More »

    Exploitation Attempt Of CVE-2020-1472 - Execution of ZeroLogon PoC

    The "Exploitation Attempt of CVE-2020-1472 - Execution of ZeroLogon PoC" refers to the exploitation of a critical vulnerability in Microsoft Windows' Netlogon protocol, identified as CVE-2020-1472. This vulnerability allows attackers to impersonate any computer on a domain, potentially gaining unauthorized access to sensitive data and systems....
    9/18/2024  0
    Read More »
    Looking for Something?
    Threat Research Categories:
    Tags

    Privacy & Security StatementTerms & Conditions
    Copyright © 2026 by Gurucul - All rights reserved.