Signed malware backed by a stolen EV certificate deployed legitimate RMM tools to gain persistent access inside enterprise ...

A compromised Chrome extension with 7,000 users was updated to deploy malware, strip security headers, and steal cryptocurrency wallet seed phrases.

The Hacker News is the top cybersecurity news platform, delivering real-time updates, threat intelligence, data breach reports, expert analysis, and actionable insights for infosec professionals and ...

RMM工具之所以难以被检测，还在于其通信机制的隐蔽性。大多数现代RMM软件采用端到端加密的HTTPS或专有加密协议与控制服务器通信。对于网络监控设备而言，这些流量看起来与普通的Web浏览流量或合法的软件更新流量无异。此外，RMM软件通常会连接到全球分布的云节点，IP地址频繁变动且属于知名云服务商（如AWS, Azure, Google Cloud），这使得基于IP信誉的黑名单机制难以生效。

IntroductionIn December 2025, Zscaler ThreatLabz discovered a campaign linked to APT37 (also known as ScarCruft, Ruby Sleet, and Velvet Chollima), which is a DPRK-backed threat group. In this campaign ...