Kaspersky researchers have found a new UEFI rootkit called CosmicStrand that infects the firmware of some specific motherboards.
The threat actor has been observed targeting companies with operations supporting foreign exchanges and cryptocurrency, and organizations in the Decentralized Finance (DeFi) industry.
A new piece of malware called ZuoRAT, based on the Mirai code, is hitting SOHO routers and performing DNS and HTTP hijacking.
A new "highly-evasive" Linux malware leverages the Berkeley Packet Filter (BPF) hooking functionality to hide malicious network traffic.
A newly discovered malware loader is under active development and is executed via shellcode stored in a Word document.