APT37 Deploys NarwhalRAT via Fake Microsoft Security Alerts
June 16, 2026
North Korean APT37 deployed NarwhalRAT, a new backdoor with encrypted custom C2, via fake Microsoft OTP security alerts targeting South
Endpoint Security
APT37 Deploys NarwhalRAT via Fake Microsoft Security Alerts
North Korean APT37 deployed NarwhalRAT, a new backdoor with encrypted custom C2, via fake Microsoft OTP security alerts targeting South Korean defense and crypto sectors.
ESET Finds WIN_DRV: Earth Lusca’s First Windows SprySOCKS Rootkit
ESET Research disclosed WIN_DRV, a kernel-mode Windows rootkit linked to China-aligned Earth Lusca — the first confirmed Windows variant of SprySOCKS — signed with a ...
What Is Scareware? How Fake Security Warnings Lead to Real Malware
Scareware tricks users with fake virus warnings into paying for rogue security software. Learn how it works, examples, and how to remove it.
Awesome Motive CDN Compromised; Backdoor Served to OptinMonster Users
Attackers hijacked Awesome Motive's CDN to push a backdoor to OptinMonster, TrustPulse, and PushEngage, creating rogue admin accounts on WordPress sites.
OnyxC2 Stealer Targets 200+ Apps for $250 Per Month
OnyxC2, a new MaaS information stealer priced at $250 per month, targets 200-plus applications using DLL sideloading and encryption to evade detection.
RoguePlanet Zero-Day Gives Attackers SYSTEM on Patched Windows
Security researcher Nightmare Eclipse dropped RoguePlanet, an unpatched LPE zero-day in Microsoft Defender that grants SYSTEM on fully patched Windows.
Exploit Published for Linux Kernel nf_tables CVE-2026-23111
Exodus Intelligence released a working exploit for Linux kernel CVE-2026-23111, a nf_tables flaw enabling root escalation on unpatched Ubuntu and Debian.
Veeam CVE-2026-44963 Exposes Backup Servers to Low-Privilege RCE
Veeam patched CVE-2026-44963, a CVSS 9.4 RCE flaw letting any domain user execute code on backup servers across its 550,000-customer install base.
What Is Dropper Malware and How Does It Evade Detection
Dropper malware secretly installs payloads while evading detection. Learn how droppers work, evasion techniques, and endpoint defense strategies.
C0XMO Botnet Exploits DD-WRT CVE-2021-27137, Evicts Rival Malware
Fortinet researchers found C0XMO, a Gafgyt variant exploiting CVE-2021-27137 in DD-WRT routers, that kills rival botnets and supports 19 DDoS attack methods.
ESET Finds WIN_DRV: Earth Lusca’s First Windows SprySOCKS Rootkit
June 16, 2026
ESET Research disclosed WIN_DRV, a kernel-mode Windows rootkit linked to China-aligned Earth Lusca — the first confirmed Windows variant of
What Is Scareware? How Fake Security Warnings Lead to Real Malware
June 15, 2026
Scareware tricks users with fake virus warnings into paying for rogue security software. Learn how it works, examples, and how
Awesome Motive CDN Compromised; Backdoor Served to OptinMonster Users
June 15, 2026
Attackers hijacked Awesome Motive’s CDN to push a backdoor to OptinMonster, TrustPulse, and PushEngage, creating rogue admin accounts on WordPress
OnyxC2 Stealer Targets 200+ Apps for $250 Per Month
June 12, 2026
OnyxC2, a new MaaS information stealer priced at $250 per month, targets 200-plus applications using DLL sideloading and encryption to
RoguePlanet Zero-Day Gives Attackers SYSTEM on Patched Windows
June 11, 2026
Security researcher Nightmare Eclipse dropped RoguePlanet, an unpatched LPE zero-day in Microsoft Defender that grants SYSTEM on fully patched Windows.
Exploit Published for Linux Kernel nf_tables CVE-2026-23111
June 10, 2026
Exodus Intelligence released a working exploit for Linux kernel CVE-2026-23111, a nf_tables flaw enabling root escalation on unpatched Ubuntu and
Veeam CVE-2026-44963 Exposes Backup Servers to Low-Privilege RCE
June 10, 2026
Veeam patched CVE-2026-44963, a CVSS 9.4 RCE flaw letting any domain user execute code on backup servers across its 550,000-customer
What Is Dropper Malware and How Does It Evade Detection
June 9, 2026
Dropper malware secretly installs payloads while evading detection. Learn how droppers work, evasion techniques, and endpoint defense strategies.
C0XMO Botnet Exploits DD-WRT CVE-2021-27137, Evicts Rival Malware
June 8, 2026
Fortinet researchers found C0XMO, a Gafgyt variant exploiting CVE-2021-27137 in DD-WRT routers, that kills rival botnets and supports 19 DDoS
Trending
Daily Briefing Newsletter
Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.