Researchers have linked a malware loader, called CeeLoader, to the threat group behind the SolarWinds supply-chain attack.
A threat actor has been deploying web browser credential stealers, an undocumented backdoor and new Google Chrome malicious extension in an ongoing campaign.
Three APTs have been observed using RTF template injection, and researchers warn more threat groups may adopt the new tactic.
The TA505 threat group known for using the Clop ransomware and Dridex trojan is now using a new P2P RAT.
VirusTotal has added a Collections feature to enable better real-time sharing of IOCs and context around malicious files and URLs.