Threat Research

A China-linked cyber-espionage campaign attributed to UNC5221 targeted U.S. law firms and technology organizations. The attackers exploited zero-day vulnerabilities, deployed the BRICKSTORM backdoor, and maintained access for over a year to steal sensitive legal, trade, and national security information....

WeedHack is a large-scale Malware-as-a-Service (MaaS) operation that targets Minecraft players through trojanized mods, clients, and cheats distributed via SEO poisoning, YouTube videos, and malicious websites....

This research analyzes a ClickFix campaign leveraging the spoofed licensing-themed website canndelta.com to deliver the PureLogs stealer through malicious PowerShell commands. The attack uses Donut shellcode, fileless execution, RWX memory allocation, and in-memory .NET assembly loading to evade detection....

A malware campaign is targeting users searching for open-source C++ IDE software by redirecting them from legitimate websites to fake MEGA Transfer pages that deliver RemusStealer....

The Guardrails-AI incident highlights the growing sophistication of software supply chain attacks targeting AI and developer ecosystems. Even trusted and widely adopted packages can become delivery mechanisms for malicious payloads when repository infrastructure, CI/CD workflows, or deployment credentials are compromised....

Users searching for legitimate C++ software land on a compromised site that executes malicious JavaScript. The script conducts heavy profiling via browser fingerprinting, mouse telemetry, and click interception. Profiled victims are redirected through intermediary domains to a dynamic, fake "MEGA Transfer" page....

This campaign demonstrates how ClickFix-style social engineering continues to evolve through abuse of legitimate Windows tooling and user-assisted execution workflows....

Threat actors continue to abuse MSHTA (mshta.exe), a legacy Windows utility and Living-off-the-Land binary (LOLBIN), to execute malicious VBScript and JavaScript code while blending into legitimate system activity....

Gremlin Stealer is an evolving infostealer malware that uses advanced obfuscation techniques, including embedded resource concealment and commercial packers with instruction virtualization, to evade detection and analysis....

In March 2026, ThreatLabz uncovered an attack chain targeting AI agentic workflows through a malicious OpenClaw framework skill. The attackers used manipulated installation instructions to trick autonomous AI agents into downloading and executing a remote MSI package....