Delivering simplified cybersecurity alerts and information, ensuring you're always prepared to take immediate action.

BatShadow launches Vampire Bot in fake job campaigns
VampireBot

BatShadow launches Vampire Bot in fake job campaigns

Threat Group – BatShadow Group Threat Type – Multi-stage info-stealer and remote access bot Exploited Vulnerabilities – Social engineering, Windows default “hide known file extensions,” LNK-launched encoded PowerShell, abuse of legitimate remote access software for persistence Malware Used – Vampire Bot (Go-compiled) Threat Score – 7.6 🔴 High — Multi-stage chain with LNK→PowerShell execution, behaviour-evasive
7 min read
LockBit 5.0 Variant Expands Attacks on Windows Linux and Virtual Infrastructure
Ransomware

LockBit 5.0 Variant Expands Attacks on Windows Linux and Virtual Infrastructure

Threat Group – LockBit operators Threat Type – Ransomware as a Service Exploited Vulnerabilities – Exposed remote access services, unpatched internet facing infrastructure, valid credential reuse, weak virtualisation hardening Malware Used – LockBit 5.0 Windows Linux and ESXi variants Threat Score – 7.5 🔴 High – Cross platform impact with ESXi targeting, rapid encryption, and
6 min read
BRICKSTORM new Windows variant expands targeting of legal and technology sectors
$BRICKSTORM

BRICKSTORM new Windows variant expands targeting of legal and technology sectors

Threat Group – China-nexus UNC5221 Threat Type – Espionage backdoor and post-exploitation toolkit Exploited Vulnerabilities – Ivanti Connect Secure auth-bypass and command injection (CVE-2023-46805, CVE-2024-21887), Ivanti Connect Secure RCE buffer overflow (CVE-2025-22457), weak edge-appliance hardening, exposed management interfaces, valid-credential reuse Malware Used – BRICKSTORM backdoor with file-manager UI and network tunnelling; associated tooling and
6 min read
COLDRIVER targets policy and critical infrastructure using BAITSWITCH-SIMPLEFIX chain
COLDRIVER

COLDRIVER targets policy and critical infrastructure using BAITSWITCH-SIMPLEFIX chain

Threat Group – COLDRIVER Threat Type – Espionage malware and social engineering Exploited Vulnerabilities – User execution via ClickFix lure, abuse of rundll32, script execution and registry-based persistence (no CVEs assigned) Malware Used – BAITSWITCH downloader, SIMPLEFIX PowerShell backdoor, LOSTKEYS VBS payload, SPICA backdoor Threat Score – 8.2 🔴 High Last Threat Observation – 25 September
7 min read