AsyncRAT is a malware family tracked across 22 threat clusters and 36 intelligence report mentions on ThreatCluster. First observed December 4, 2025; most recent activity July 14, 2026.
On June 18, 2026, international law enforcement agencies launched Operation Endgame, disrupting the SocGholish malware infrastructure linked to the Russian cybercrime group Evil Corp. The operation resulted in the…
Two Russia-aligned cyber campaigns are exploiting the WinRAR vulnerability CVE-2025-8088 against Ukrainian targets nearly a year after it was patched. The flaw, a path traversal vulnerability, allows attackers to write…
ConnectWise ScreenConnect has been compromised by two critical vulnerabilities, CVE-2024-1708 and CVE-2024-1709, which allow attackers to bypass authentication and execute remote code. The vulnerabilities were disclosed…
A Pakistan-linked threat actor, SideCopy, has initiated a spear-phishing campaign against Afghanistan's Ministry of Finance, targeting all 34 provincial revenue directorates. The campaign utilizes a ZIP archive…
A significant cybersecurity campaign has emerged, exploiting the legitimate remote access tool ScreenConnect to deploy AsyncRAT malware. Attackers utilized spoofed websites and typosquatted domains, masquerading as…
Two phishing campaigns have been identified targeting organizations in Greece, Spain, Slovenia, Bosnia, Croatia, and several South American countries, aiming to deliver the Formbook infostealer malware. The first…
Cybercriminals are exploiting CAPTCHA verification prompts to distribute malware, according to security experts from the Identity Theft Resource Center. Users are tricked into completing fake CAPTCHAs on compromised…
A phishing campaign has been identified that utilizes a fake invoice PDF to deliver multiple remote access trojans (RATs), primarily AsyncRAT, along with VenomRAT and XWorm. The attack begins with a phishing email…
Between November 2025 and February 2026, a coordinated cyber espionage campaign targeted a Libyan oil refinery, a telecommunications organization, and a state institution. The attacks utilized AsyncRAT, a publicly…
A recent report from Hunt.io reveals that over 1,350 command-and-control (C2) servers are active across 98 providers in the Middle East, with Saudi Telecom Company (STC) responsible for over 72% of the activity. This…