Cybersec Sentinel

UnsolicitedBooker Deploys MarsSnake Against Telecom Providers

UnsolicitedBooker Deploys MarsSnake Against Telecom Providers

Threat Group – UnsolicitedBooker Threat Type – Backdoor / Advanced Persistent Threat Exploited Vulnerabilities – CVE-2018-0802 Malware Used – MarsSnake, MarsSnakeLoader, LuciDoor, LuciLoad Threat Score – 8.7 🔥 Critical – State aligned espionage platform with wormable capability, decentralised IPFS command fallback, telecommunications targeting, long term persistence and advanced evasion techniques Last Threat Observation – 24 February 2026 Overview

What Is Moonrise RAT and Why It Poses a Serious Risk

What Is Moonrise RAT and Why It Poses a Serious Risk

Threat Group – Unattributed Threat Type – Remote Access Trojan Exploited Vulnerabilities – No confirmed CVEs. Delivery aligned with user execution and social engineering techniques Malware Used – Moonrise RAT Threat Score – 7.8 🔴 High. Enables interactive remote control, credential theft, surveillance, and persistence with low early static detection which increases dwell time and

MIMICRAT Campaign Uses Fake Verification Lure

MIMICRAT Campaign Uses Fake Verification Lure

Threat Group – Unknown financially motivated operators Threat Type – Remote Access Trojan and social engineering campaign Exploited Vulnerabilities – User driven execution abuse of Windows Run dialog and PowerShell Malware Used – MIMICRAT Threat Score – 8.2 🔴 High Last Threat Observation – February 2026, reported by multiple security research teams including Securonix and independent

Reynolds Ransomware Shows Why BYOVD Is the New EDR Bypass

Reynolds Ransomware Shows Why BYOVD Is the New EDR Bypass

Threat Group Reynolds Ransomware Group Threat Type Ransomware with integrated Bring Your Own Vulnerable Driver exploitation Exploited Vulnerabilities CVE-2025-68947 abuse of the NsecSoft NSecKrnl driver authorisation model Malware Used Reynolds Ransomware with embedded NSecKrnl.sys kernel driver Threat Score 🔴 9.1/10 High risk Last Threat Observation 11 February 2026

Notepad++ Compromise Reinforces the Need for Strict Software Governance

Notepad++ Compromise Reinforces the Need for Strict Software Governance

Threat Group Lotus Blossom Billbug Threat Type Supply chain compromise via updater infrastructure hijack and malicious plugin persistence Exploited Vulnerabilities Weak certificate and signature validation in the Notepad++ auto updater prior to version 8.8.9. Abuse of shared hosting infrastructure trust. DLL search order hijacking in plugin loading mechanisms.

MoonPeak and the Growing Sophistication of DPRK Intrusions

MoonPeak and the Growing Sophistication of DPRK Intrusions

Threat Group UAT-5394 with strong tactical overlap to Kimsuky Threat Type Remote Access Trojan derived from XenoRAT delivered via weaponised LNK files and PowerShell droppers Exploited Vulnerabilities Windows LNK execution trust abuse, PowerShell execution policy bypass, LOTS and LOLBins abuse, trusted cloud and code hosting platforms Malware Used MoonPeak RAT

PeckBirdy Exposes a New Living off the Land Threat

PeckBirdy Exposes a New Living off the Land Threat

Threat Group China aligned APT operators tracked as SHADOW VOID 044 and SHADOW EARTH 045 Threat Type JScript based command and control framework abusing trusted Windows utilities Exploited Vulnerabilities Abuse of Windows Script Host trust model, mshta.exe execution, ScriptControl ActiveX usage, browser watering hole injection, legacy Chrome V8 flaws

Evelyn Stealer and the rising risk of developer tool supply chain attacks

Evelyn Stealer and the rising risk of developer tool supply chain attacks

Threat Group: Unknown cybercriminal operators leveraging developer tooling supply chains Threat Type: Information stealer malware delivered via malicious development extensions Exploited Vulnerabilities: Abuse of the Visual Studio Code extension trust model, DLL side loading, PowerShell execution policy misuse, Windows process hollowing Malware Used: Evelyn Stealer, Lightshot.dll downloader, iknowyou.model

How SHADOW#REACTOR uses harmless looking text files to deliver Remcos RAT

How SHADOW#REACTOR uses harmless looking text files to deliver Remcos RAT

Threat Group – Unattributed, activity consistent with an initial access broker model Threat Type – Multi stage loader chain delivering remote access capability Exploited Vulnerabilities – None publicly confirmed, primary access relies on user execution and script based lures Malware Used – Remcos RAT delivered via SHADOW#REACTOR staging and loader framework Threat Score

VVS Stealer highlights the rising danger of Discord focused infostealers

VVS Stealer highlights the rising danger of Discord focused infostealers

Threat Group – Unknown Threat Type – Information Stealer Exploited Vulnerabilities – None publicly identified Malware Used – VVS Stealer Threat Score – 7.3 🔴 High Last Threat Observation – 6 January 2026 Overview The cybersecurity environment of late 2025 and early 2026 has been shaped by the rapid commoditisation of advanced evasion techniques. VVS Stealer