The Hacker News

ScarCruft Uses Zoho WorkDrive and USB Malware to Breach Air-Gapped Networks

North Korea-linked ScarCruft’s Ruby Jumper uses Zoho WorkDrive C2 and USB malware to breach air-gapped systems for ...
Security Boulevard

APT37 Adds New Capabilities for Air-Gapped Networks

IntroductionIn December 2025, Zscaler ThreatLabz discovered a campaign linked to APT37 (also known as ScarCruft, Ruby Sleet, and Velvet Chollima), which is a DPRK-backed threat group. In this campaign ...
Opinion

Suspected Nork digital intruders caught breaking into US healthcare, education orgs

Who is knocking at the Dohdoor? Digital intruders with possible links to North Korea have been infecting US education and healthcare sectors with a never-before-seen backdoor since at least December, ...
Infosecurity Magazine

Fraud Investigation Reveals Sophisticated Python Malware

A sophisticated Python-based malware deployment uncovered during a fraud investigation has revealed a layered attack involving obfuscation, disposable infrastructure and commercial offensive tools.
The Hacker News

UAT-10027 Targets U.S. Education and Healthcare with Dohdoor Backdoor

Cisco Talos tracks UAT-10027 targeting U.S. education and healthcare with Dohdoor DoH-based backdoor and Cobalt Strike ...
Business.com on MSN

How and when to create and use PowerShell modules

PowerShell modules allow you to combine multiple scripts to simplify code management. Learn step-by-step instructions for creating and using these modules.
Infosecurity Magazine

Aeternum Botnet Shifts Command Control to Polygon Blockchain

A newly identified botnet loader is shifting command-and-control (C2) operations onto the Polygon blockchain, eliminating the ...