Nature-halftone cover-image eval — 50 reports (real crops)

PyPI Package Impersonates SymPy to Deliver Cryptomining Malware

cryptominercollection/stagingDEPENDENCY TREE 019cab97-b583-757b-ac39-9c61fe66a35a

banner — Banner — detail header (full width × 208px, object-cover)

banner spotlight — Spotlight
677×200 · 3.4:1 (banner)

test

ransomwaredisruption/impactSHATTERED SCENE 019cab97-6a34-7669-86e5-31dc819ee2df

Analysis of Threat Clusters Targeting Southeast Asian Government

commercial spyware / nation-state espionagestrategic targetingTOWERING FORM 019d3525-42ca-76b9-be8e-8f73e490846e

Critical 7-Zip Heap Buffer Overflow Vulnerability

exploit kit / vulnerability chainlateral movement/spreadCROSS-SECTION 019e6457-bad8-70c2-8a51-3b5d074c0cdc

Storm-0501’s evolving techniques lead to cloud-based ransomware

ransomwaredisruption/impactSHATTERED SCENE 019cb1ab-e946-71d9-a3e7-0e23de682a5b

elementary-data PyPI Supply Chain Attack

supply chain compromisesupply chain compromiseDEPENDENCY TREE 019dd4db-86c5-7646-a991-f773f242a3de

EvilTokens PhaaS Abuse of Railway.com PaaS

credential harvesterexfiltration/theftLINEAR PATH 019d3106-7ade-716a-8ec5-83b49730cc24

Crescentharvest Iranian Protestors and Dissidents Targeted in Cyberespionage Campaign

commercial spyware / nation-state espionagestrategic targetingTOWERING FORM 019cab97-13a5-7025-809d-7f43e35ab28b

Gemini and Claude Code Impersonation Infostealer Campaign

infostealerexfiltration/theftCROSS-SECTION 019e4a81-51ed-7122-9dc8-90554d08e084

MuddyWater: Snakes by the riverbank

backdoorC2/signalingNODE NETWORK 019cab96-ebc9-72ae-868a-8cf39f3e648d

Progress ShareFile Pre-Auth RCE Vulnerability Chain

exploit kit / vulnerability chainlateral movement/spreadBRANCHING PATHS 019d4e35-9e5e-757b-becd-6ee58fee9a38

TeamPCP Hijacks Bitwarden CLI npm Package

supply chain compromisesupply chain compromiseDEPENDENCY TREE 019dcf2d-8c35-74cf-8da1-d56d190b263d

How RainyDay, Turian and a new PlugX variant abuse DLL search order hijacking

backdoorC2/signalingNODE NETWORK 019cab97-8497-76e8-b19d-c1233d78811a

Unfurling Hemlock

infostealerexfiltration/theftCROSS-SECTION 019d00f8-64b9-7761-938f-b6ea4f98539b

FortiGate Edge Intrusions | Stolen Service Accounts Lead to Rogue Workstations and Deep AD Compromise

backdoorC2/signalingNODE NETWORK 019ced34-59de-75be-a3e0-a50002fde212

Play Ransomware

ransomwaredisruption/impactSHATTERED SCENE 019cab97-7974-7799-8861-2dd268328d45

Storm-2561 uses SEO poisoning to distribute fake VPN clients for credential theft

infostealerexfiltration/theftCROSS-SECTION 019d1d91-8278-761c-a467-c8bfa24878c8

STX RAT CPU-Z Watering Hole Supply Chain Attack

supply chain compromisesupply chain compromiseDEPENDENCY TREE 019db066-e2cd-73cb-b0ed-6b345d1b4bdd

Deep#Door Python Backdoor and Credential Stealer

backdoorC2/signalingHIDDEN REVEAL 019dde60-6dab-7797-ac79-798e7128ebc6

Axios NPM Supply Chain Attack Delivering RAT

supply chain compromisesupply chain compromiseDEPENDENCY TREE 019dac83-f13f-75d1-92eb-89354f187084

ClickFix Campaign Evolves with PySoxy Proxy Tooling

backdoorC2/signalingNODE NETWORK 019e1c26-8015-70ca-b10a-eca0b87ca679

Key Insights on SHADOW-AETHER-015 and Earth Preta from the 2025 MITRE ATT&CK Evaluation with TrendAI Vision One™

commercial spyware / nation-state espionagestrategic targetingTOWERING FORM 019cab97-671d-71cd-a217-9230af349a59

TeamPCP Supply Chain Attack Against Trivy

supply chain compromisesupply chain compromiseDEPENDENCY TREE 019d0cca-515e-723c-863d-0d772923717e

SolarWinds Web Help Desk Exploitation and JavaGhost Cloud Campaigns

exploit kit / vulnerability chainlateral movement/spreadBRANCHING PATHS 019cbf76-a8a8-722a-92dc-52ba25064021

Cyber Security Advisory – Iranian Cyber Threat Response to U.S. / Israel Strikes, February 2026

DDoS / disruption tooldisruption/impactSHATTERED SCENE 019ced34-57ce-7145-8114-05e7e3eddede

Calypso Targets Telcos with Showboat and JFMBackdoor

backdoorC2/signalingNODE NETWORK 019e5ddd-c62f-70cd-bd6a-9fba776e24b9

peckbirdy

C2 / C2 frameworkC2/signalingNODE NETWORK 019cab97-7719-7049-9985-21fae8dd0c10

tr-chrysalis-backdoor-dive-into-lotus-blossoms-toolkit

backdoorC2/signalingHIDDEN REVEAL 019cab97-2060-754f-86f7-762e86154adf

Contagious Trader campaign - Coordinated weaponisation of cryptocurrency trading bots by suspected DPRK malware operators

infostealerexfiltration/theftLINEAR PATH 019cfd02-089a-77a3-93fe-8602dae15ac8

UAT-10608 Large-Scale Credential Harvesting via React2Shell Vulnerability

credential harvesterexfiltration/theftCROSS-SECTION 019d4e39-4f14-77fe-8c6a-cd095081720a

UAT-8099: Chinese-speaking cybercrime group targets high-value IIS for SEO fraud

infostealerexfiltration/theftLINEAR PATH 019cab97-a70b-74ad-8510-e37b8924e8ed

Phorpiex malware analysis – part 1: validating MalCluster on a real family

botnet / C2 frameworkC2/signalingNODE NETWORK 019cab97-0d81-7618-bc36-d8f70d1b6644

Buy A Help Desk, Bundle A Remote Access Solution? (SolarWinds Web Help Desk Pre-Auth RCE Chain(s))

exploit kit / vulnerability chainlateral movement/spreadCHAIN SEQUENCE 019cb1ab-eeff-7448-a261-f34737575e08

PURE MAL

backdoorC2/signalingNODE NETWORK 019cab96-f20f-736f-81e8-66877cdd5d07

MicroStealer Analysis: A Fast-Spreading Infostealer with Limited Detection

infostealerexfiltration/theftCROSS-SECTION 019cfd02-04f3-7699-a747-eb0677b7285b

Analysis of CVE-2024-39763, CVE-2024-39764, and CVE-2024-39765

exploit kit / vulnerability chainlateral movement/spreadBRANCHING PATHS 019cf77b-0be6-776d-b6c2-e3ebf6314ae2

AP28

backdoorC2/signalingNODE NETWORK 019cab97-7c18-73ad-8b23-d2ef0dd2645e

TeamPCP LiteLLM AI Gateway Supply Chain Compromise

supply chain compromisesupply chain compromisedependency tree 019d3923-9614-773f-95ac-09d7f23d3ca9

Nimbus Manticore Operations During Operation Epic Fury

backdoorC2/signalingNODE NETWORK 019e5137-121f-7328-98ed-364cd0335726

Preventing the ClickFix Attack Vector

exploit kit / vulnerability chainlateral movement/spreadBRANCHING PATHS 019cb1ab-e87c-77a5-8e4d-101277246856

Kyber Ransomware Targeting VMware ESXi and Windows

ransomwaredisruption/impactSHATTERED SCENE 019db653-046d-7229-b776-445902a8bacc

From a New Year's surprise to a bag of coal - Analysis of mystery PowerShell

loader / dropperlateral movement/spreadCUTAWAY REVEAL 019cab96-ede5-73da-8c18-40c1756e2d75

UAT-7290 targets high value telecommunications infrastructure in South Asia

commercial spyware / nation-state espionagestrategic targetingTOWERING FORM 019cab97-3465-70ca-87c2-ee38350dc833

MuddyWater Adopts Russian CastleRAT Malware-as-a-Service

RAT (remote access trojan)C2/signalingNODE NETWORK 019d7232-2ae4-73ff-b1e2-8f1fad0f1548

Mr_Rot13 Actor Exploits CVE-2026-41940 for Backdoor Deployment

backdoorC2/signalingNODE NETWORK 019e1c28-69f2-761b-a1ef-15b2f2ac2268

Rapid7: Chrysalis - Notepad++ Backdoor

backdoorC2/signalingHIDDEN REVEAL 019cab97-49d6-729f-ba99-f5869dad15f8

Threat Hunting Power Up | Enhance Campaign Discovery With Validin and Synapse

botnet / C2 frameworkC2/signalingNODE NETWORK 019cab97-137c-72fa-b12e-ce36b4e4879f

Diverse Threat Actors Exploiting Critical WinRAR Vulnerability CVE-2025-8088

exploit kit / vulnerability chainlateral movement/spreadBRANCHING PATHS 019cab96-f02c-7633-9444-c8ccb263d6f1

EtherRAT dissected: How a React2Shell implant delivers 5 payloads through blockchain C2

RAT (remote access trojan)C2/signalingNODE NETWORK 019cab97-9c6f-72ef-ab50-03c8f2931038

Digit stealer: a JXA-based infostealer that leaves little footprint

infostealerexfiltration/theftCROSS-SECTION 019cab97-2701-776e-a6e4-d8626ae63480