Threat Research

The EtherRAT malware family was first identified by Sysdig in December 2025, initially exploiting CVE-2025-55182 (React2Shell) on Linux servers. In March 2026, Atos reported a Windows-based EtherRAT campaign with activity traced back to December 2025....

We investigated reports of a fake Claude AI website spreading malware. At first, the attack appeared similar to known PlugX campaigns due to shared techniques. Closer analysis revealed a first-stage DonutLoader payload and a previously undocumented backdoor....

In March 2026, ThreatLabz uncovered an attack chain targeting AI agentic workflows through a malicious OpenClaw framework skill. The attackers used manipulated installation instructions to trick autonomous AI agents into downloading and executing a remote MSI package....

The InstallFix campaign is a social engineering attack targeting users searching for Anthropic’s Claude AI through fake installation pages promoted via Google Ads. It uses convincing, OS-specific instructions to trick users into executing malicious PowerShell commands....

The increasing reliance on AI has led to a surge in AI-driven tools. However, these platforms can also be exploited for malicious purposes, as demonstrated in the case of Kuse.ai. While Kuse is generally regarded as a reliable workplace solution, threat actors continuously develop new social engineering tactics....

Kali365 is a newly emerged phishing-as-a-service (PhaaS) kit that abuses OAuth device code registration flows to conduct large-scale credential phishing campaigns. Distributed through Telegram, the platform offers advanced capabilities including mailbox scanning, phishing page generation, and AI-powered chatbot assistance for creating convincing lures....

Threat actors are abusing AI workflow automation platforms like n8n to conduct sophisticated phishing campaigns by sending automated emails that deliver malware and fingerprint victim devices. By leveraging trusted services and integrations with tools like Slack, Gmail, and AI models, attackers can bypass traditional security controls and scale their operations....

The supply chain compromise involving LiteLLM demonstrates how attackers, potentially leveraging social engineering tactics, injected malicious code that enabled unauthorized data access and potential command execution. It highlights how downstream users, including organizations like Mercor, were impacted due to implicit trust in the compromised dependency....

A targeted social engineering campaign tracked as REF6598 abuses the Obsidian note-taking app to gain initial access, targeting individuals in the financial and cryptocurrency sectors via LinkedIn and Telegram. Victims are tricked into opening a shared vault with malicious plugins that silently execute code, leading to a multi-stage, fileless attack chain....

A threat campaign has published over 200 malicious packages to NPM, using names like “huggingface-cli,” “webflow,” and “codeium.” These packages pose as a new AI coding agent called “Stardrop,” which gives the campaign its name. Detection began on April 9, with an average of 40+ new packages appearing daily....