malware — Cybersecurity News

PCAPGraph: Threat Hunting at the Speed of Triage

PCAPGraph: Threat Hunting at the Speed of Triage

PCAPGraph is an open-source network investigation and threat hunting tool that transforms packet cap...

Open-Source Network Discovery & Topology Mapping

Open-Source Network Discovery & Topology Mapping

RedSide Security has open-sourced NETMAPPER, a network discovery and visualization tool designed to ...

 RDPGraph: Turn Windows Event Logs into an Interactive RDP Attack Graph

RDPGraph: Turn Windows Event Logs into an Interactive RDP Attack Graph

When an incident unfolds and all you have left are Windows event logs, understanding attacker moveme...

Latest Posts

New Open-Source Tool: TeleSink - Turning Malware C2 Against Itself

New Open-Source Tool: TeleSink - Turning Malware C2 Against Itself

RedSide Security June 10, 2026 Tools & Technology 127 views

TeleSink is an open-source malware analysis tool that redirects Telegram bot traffic into a controlled local environment, enabling real-time extraction of bot tokens, chat IDs, and exfiltrated data without manual deobfuscation.

Continue reading: New Open-Source Tool: TeleSink - Turning Malware C…
FIFA World Cup 2026 Fans Targeted by Massive Wave of Ticket Scams, Malware, and Phishing Attacks

FIFA World Cup 2026 Fans Targeted by Massive Wave of Ticket Scams, Malware, and Phishing Attacks

RedSide Security June 05, 2026 Cybercrime 97 views

Cybercriminals are aggressively targeting FIFA World Cup 2026 fans through thousands of fake websites, phishing campaigns, malicious streaming applications, and banking malware. Security researchers warn that ticket fraud, account takeovers, identity theft, and financial scams are expected to surge as the tournament approaches.

Continue reading: FIFA World Cup 2026 Fans Targeted by Massive Wave …
Critical Everest Forms Pro Vulnerability Actively Exploited to Compromise WordPress Sites

Critical Everest Forms Pro Vulnerability Actively Exploited to Compromise WordPress Sites

RedSide Security June 05, 2026 Vulnerability 58 views

Threat actors are actively exploiting a critical remote code execution vulnerability in the Everest Forms Pro WordPress plugin. The flaw allows unauthenticated attackers to execute arbitrary PHP code, create administrator accounts, deploy web shells, and fully compromise affected websites.

Continue reading: Critical Everest Forms Pro Vulnerability Actively …
VECT 2.0 Ransomware Can Damage Files Its Own Decryptor Cannot Reliably Restore

VECT 2.0 Ransomware Can Damage Files Its Own Decryptor Cannot Reliably Restore

RedSide Security June 05, 2026 Cybersecurity 65 views

Security researchers have uncovered serious design flaws in the VECT 2.0 ransomware family that can leave victim files permanently damaged, even when a ransom is paid and a decryptor is provided. Analysis reveals multiple implementation errors, race conditions, and encryption logic flaws that can result in incomplete recovery and irreversible data loss.

Continue reading: VECT 2.0 Ransomware Can Damage Files Its Own Decry…
PCAPGraph: Threat Hunting at the Speed of Triage

PCAPGraph: Threat Hunting at the Speed of Triage

RedSide Security June 04, 2026 Tools & Technology 71 views

PCAPGraph is an open-source network investigation and threat hunting tool that transforms packet captures into interactive graphs. Designed for rapid incident response, it helps analysts quickly identify malicious communications, visualize host relationships, investigate indicators of compromise (IoCs), and uncover suspicious activity without spending hours manually reviewing packets.

Continue reading: PCAPGraph: Threat Hunting at the Speed of Triage
GitHub Breached - Employee Device Hack Led to Exfiltration of 3,800+ Internal Repos

GitHub Breached - Employee Device Hack Led to Exfiltration of 3,800+ Internal Repos

RedSide Security May 20, 2026 Data Leaks & Breaches 85 views

GitHub is investigating unauthorized access to its internal repositories following a supply chain attack linked to the threat actor **TeamPCP**, who reportedly listed GitHub source code and internal data for sale on a cybercrime forum. The incident is part of an ongoing malware campaign targeting open-source ecosystems, including a compromised Microsoft Python package and a self-replicating infostealer known as Mini Shai-Hulud.

Continue reading: GitHub Breached - Employee Device Hack Led to Exfi…
NGINX CVE-2026-42945 Exploited in the Wild, Causing Worker Crashes and Possible RCE

NGINX CVE-2026-42945 Exploited in the Wild, Causing Worker Crashes and Possible RCE

RedSide Security May 17, 2026 CVE 90 views

A critical NGINX vulnerability tracked as CVE-2026-42945 is now being actively exploited in the wild, just days after public disclosure. The flaw allows attackers to crash NGINX worker processes and potentially achieve remote code execution under specific conditions. At the same time, threat actors have also begun weaponizing multiple critical vulnerabilities in openDCIM to deploy PHP web shells and gain remote access to exposed systems.

Continue reading: NGINX CVE-2026-42945 Exploited in the Wild, Causin…
First Public macOS Kernel Exploit on Apple M5 Prepared Using Mythos Preview in Five Days

First Public macOS Kernel Exploit on Apple M5 Prepared Using Mythos Preview in Five Days

RedSide Security May 17, 2026 Vulnerability 200 views

Security researchers have reportedly developed the first public macOS kernel exploit targeting Apple’s new M5 silicon, successfully bypassing the company’s hardware-based Memory Integrity Enforcement (MIE) protections. The exploit chain achieves full root access on macOS 26.4.1 using only standard system calls from an unprivileged local account, highlighting the growing impact of AI-assisted offensive security research.

Continue reading: First Public macOS Kernel Exploit on Apple M5 Prep…
TeamPCP and BreachForums Launch $1,000 Contest to Drive Open-Source Supply Chain Attacks

TeamPCP and BreachForums Launch $1,000 Contest to Drive Open-Source Supply Chain Attacks

RedSide Security May 14, 2026 Cybersecurity 115 views

Cybercrime groups **TeamPCP** and **BreachForums** are reportedly running a coordinated contest offering a $1,000 Monero prize for supply chain attacks targeting open-source ecosystems. The competition incentivizes participants to compromise software packages and CI/CD pipelines using a malicious tool called “Shai-Hulud,” raising serious concerns about large-scale, crowdsourced software supply chain compromise.

Continue reading: TeamPCP and BreachForums Launch $1,000 Contest to …