Threat Research

    VShell and SparkRAT Observed in Exploitation of BeyondTrust Critical Vulnerability (CVE-2026-1731)

    VShell and SparkRAT Observed in Exploitation of BeyondTrust Critical Vulnerability (CVE-2026-1731) details active exploitation of a pre-authentication RCE flaw in BeyondTrust Remote Support software that enables attackers to execute OS-level commands and fully compromise affected systems....
    2/20/2026  0
    Read More »

    The Silent, Fileless Threat of VShell

    Linux is trusted for its security, stability, and control, often seen as safer than Windows. But this trust can create blind spots, as attackers innovate beyond software exploits. New threats use behaviors, scripts, and even filenames to breach systems stealthily. We’ll explore a real Linux malware case where a filename alone triggers infection....
    8/22/2025  0
    Read More »

    Operation DRAGONCLONE

    A recent campaign has been uncovered targeting the Chinese telecom sector, with a specific focus on China Mobile Tietong Co., Ltd., a major subsidiary of China Mobile. The attack leverages a malware ecosystem built around VELETRIX and VShell malware....
    6/11/2025  0
    Read More »

    UAT-6382 Exploits Cityworks Zero-Day Vulnerability to Deliver Malware

    A Chinese-speaking threat group, tracked as UAT-6382, is exploiting a zero-day vulnerability (CVE-2025-0994) in Cityworks, a popular asset management system, to gain remote code execution. The attackers deploy web shells such as AntSword and Chopper on IIS servers....
    5/26/2025  0
    Read More »
    Looking for Something?
    Threat Research Categories:
    Tags

    Privacy & Security StatementTerms & Conditions
    Copyright © 2026 by Gurucul - All rights reserved.