Threat Research

    GOLD BLADE remote DLL sideloading attack deploys RedLoader

    Analysts are examining a new infection chain linked to the GOLD BLADE cybercriminal group’s custom RedLoader malware, which establishes command and control (C2) communications. The attackers use a LNK file to remotely execute and sideload a benign executable, which then loads the stage 1 RedLoader payload hosted on GOLD BLADE infrastructure....
    7/31/2025  0
    Read More »

    Rainbow Hyena Strikes Again: New Backdoor and Shift in Tactics

    In late June, a phishing campaign targeted Russian healthcare and IT organizations using compromised email accounts from legitimate sources. The attacks were attributed to the Rainbow Hyena cluster, which deployed a new custom-built backdoor named PhantomRemote....
    7/21/2025  0
    Read More »

    Windows Shortcut (LNK) Malware Strategies

    Attackers are increasingly leveraging Windows shortcut (.lnk) files as a stealthy malware delivery method. These files, designed to provide quick access to other files or programs, are being weaponized to execute malicious payloads while mimicking legitimate shortcuts. A sharp rise in malicious LNK samples—from 21,098 in 2023 to 68,392 in 2024—highlights their growing use....
    7/3/2025  0
    Read More »
    Looking for Something?
    Threat Research Categories:
    Tags

    Privacy & Security StatementTerms & Conditions
    Copyright © 2026 by Gurucul - All rights reserved.