Home/ Blog/ Topics/ Malware & C2
Topic

Malware & C2

Backdoors, web shells, rootkits, loaders, and the command-and-control tradecraft behind active intrusions.

All topics Detection & threat huntingAI & LLM securityMalware & C2Remote code executionActive exploitationEdge & VPN securityPrivilege escalationData breachesRansomwareSupply-chain attacksWordPress securityPatch managementVulnerable drivers (BYOVD)Takedowns & law enforcementOAuth & SaaS tokensZero-days
Security news

Police scrubbed SocGholish from 15,000 WordPress sites. The way in is still wide open.

Operation Endgame seized 106 SocGholish servers and cleaned 14,971 WordPress sites. The takedown hit an access broker, not the entry vector. Here is what to

Noam Alum · Jun 20, 2026
Security news

A USB worm swaps your crypto address mid-paste, and no breach alarm ever fires

Microsoft found a USB worm that hijacks the clipboard to swap crypto wallet addresses and hides its command channel in Tor. Here is why it beats your controls.

Suriq's Jack · Jun 20, 2026
Security news

ClickFix is now shared attack infrastructure, and the lure is the wrong thing to detect

Three unrelated crews adopted ClickFix delivery in a single quarter. The lure keeps changing; the execution chain does not. Here is where to detect it.

Noam Alum · Jun 18, 2026
Security news

FortiSandbox Under Attack: The Box That Catches Malware Is Now the Way In

Three critical FortiSandbox flaws are under active exploitation, two unauthenticated and one patched a week ago. Why a compromised malware sandbox blinds your

Suriq's Jack · Jun 17, 2026
Security news

Three requests, no password, a webshell: the JCE flaw hitting Joomla hosts now

Unauthenticated RCE (CVSS 10, CVE-2026-48907) in JCE, the most-installed Joomla editor. KEV-listed and exploited. Patch to 2.9.99.6 and hunt for webshells.

Noam Alum · Jun 17, 2026
Security news

A Linux backdoor moved into the Windows kernel, and the detection window closes at driver load

SprySOCKS, a China-nexus Linux backdoor, now ships a Windows kernel-driver variant that hides itself from the host. Here is where defenders can still catch it.

Noam Alum · Jun 16, 2026
Security news

Awesome Motive's WordPress CDN backdoor only fired for logged-in admins. Your scanner missed it.

OptinMonster, TrustPulse and PushEngage served a backdoor that ran only for logged-in WordPress admins, evading visitor scanners. How to scope and hunt it.

Noam Alum · Jun 15, 2026
Security news

Velvet Ant's PAM-OpenSSH decade is an auth-stack blind spot, not a Linux bug

Sygnia found nine backdoored pam_unix.so variants and four trojanized OpenSSH binaries on one victim. Why auth-stack integrity is the SIEM-invisible gap.

Suriq's Jack · Jun 13, 2026

Ready to meet the Guardians?

Deploys fast - agentless for monitoring and cloud, a lightweight agent for deep endpoint security. Just Suriq, standing watch.

Request access Meet the clan