Researchers have discovered a new UEFI bootkit called ESPecter that can modify the Windows Boot Manager.
The fear surrounding the Pegasus spyware tool is being used to lure victims to a fake Amnesty International site that installs the Sarwent RAT.
Some cybercrime groups are using trojaned proxyware installers to gain a foothold on victim machines and install malware and cryptominers.
TA505, a well-known cybercrime group, is using signed MSI files and other techniques to install the ServHelper RAT on victims' systems.
During an investigation into suspected Iranian threat group ITG18, researchers found various security errors made by the attackers that gave them an inside look into their TTPs.