A recent Emotet malware campaign is homing in on victims in the military and government sectors.
Microsoft looked at Windows Events Log to understand what RDP brute-force attacks looked like in the enterprise, and found that attackers frequently space out the login attempts over several days to avoid detection.
The new ZeroCleare malware has been used in destructive attacks against energy companies in the Middle East.
The DHS and FBI say North Korean-backed attackers are using a powerful new piece of malware known as Hoplight to infiltrate target machines.
Investigations by the NSA and Uk's NCSC found that the Russian Turla attack group was using compromised C2 infrastructure and tools belonging to an Iranian APT group in several operations.