The Hacker News

Multi-Stage VOID#GEIST Malware Delivering XWorm, AsyncRAT, and Xeno RAT

VOID#GEIST malware campaign delivers XWorm, AsyncRAT, and Xeno RAT using batch scripts, Python loaders, and explorer.exe ...
Dark Reading

New Ransomware Variant Developed Entirely as Shellcode

Researchers have discovered a new ransomware variant that they say has significantly different behavior and characteristics than most other ransomware types. The ransomware, called PwndLocker, was ...
Computerworld

Injecting shellcode into processes with Syringe

The method that this tool uses is a simple one that opens a location in its address space with a call to VirtualAlloc with permissions of read, write, and execute. VirualAlloc is a Windows specific ...
SecurityWeek

North Korean APT Targets Air-Gapped Systems in Recent Campaign

North Korean hacking group APT37 was seen deploying new implants, backdoors, and other tools in attacks targeting air-gapped ...
Dark Reading

Sneaky Shellcode: Windows Fibers Offer EDR-Proof Code Execution

BLACK HAT ASIA – Singapore – Windows fibers, little-known components of Windows OS, represent a largely undocumented code-execution pathway that exists exclusively in user mode — and is therefore ...
Security Boulevard

APT37 Adds New Capabilities for Air-Gapped Networks

IntroductionIn December 2025, Zscaler ThreatLabz discovered a campaign linked to APT37 (also known as ScarCruft, Ruby Sleet, and Velvet Chollima), which is a DPRK-backed threat group. In this campaign ...