Open-Weight Chinese AI Models Drive Privacy Innovation in LLMs

Blog

Byadmblake June 2, 2025

Edge computing and stricter regulations may usher in a new era of AI privacy.

Blog

Dragon Breath Uses RONINGLOADER to Disable Security Tools and Deploy Gh0st RAT

The threat actor known as Dragon Breath has been observed making use of a multi-stage loader codenamed RONINGLOADER to deliver a modified variant of a remote access trojan called Gh0st RAT. The campaign, which is primarily aimed at Chinese-speaking users, employs trojanized NSIS installers masquerading as legitimate like Google Chrome and Microsoft Teams, according to…

Read More Dragon Breath Uses RONINGLOADER to Disable Security Tools and Deploy Gh0st RAT
Blog

How Malware Authors Are Incorporating LLMs to Evade Detection

Cyberattackers are integrating large language models (LLMs) into the malware, running prompts at runtime to evade detection and augment their code on demand.

Read More How Malware Authors Are Incorporating LLMs to Evade Detection
Blog

Apache ActiveMQ Flaw Exploited to Deploy DripDropper Malware on Cloud Linux Systems

Threat actors are exploiting a nearly two-year-old security flaw in Apache ActiveMQ to gain persistent access to cloud Linux systems and deploy malware called DripDropper. But in an unusual twist, the unknown attackers have been observed patching the exploited vulnerability after securing initial access to prevent further exploitation by other adversaries and evade detection, Red…

Read More Apache ActiveMQ Flaw Exploited to Deploy DripDropper Malware on Cloud Linux Systems
Blog

Black Basta Goes Dark Amid Infighting, Chat Leaks Show

One of 2024’s most active ransomware outfits has been asleep through early 2025, thanks to reality-show-style, behind-the-scenes drama.

Read More Black Basta Goes Dark Amid Infighting, Chat Leaks Show
Blog

First Malicious MCP Server Found Stealing Emails in Rogue Postmark-MCP Package

Cybersecurity researchers have discovered what has been described as the first-ever instance of a Model Context Protocol (MCP) server spotted in the wild, raising software supply chain risks. According to Koi Security, a legitimate-looking developer managed to slip in rogue code within an npm package called “postmark-mcp” that copied an official Postmark Labs library of…

Read More First Malicious MCP Server Found Stealing Emails in Rogue Postmark-MCP Package
Blog

Genesis Market Malware Attack

What is the attack? The FortiGuard Lab’s EDR team recently identified malware infection exhibiting strong similarities to the previously reported Genesis Market malicious campaign that was dismantled by law enforcement in early 2023. The investigation traced some initial compromises to tools used for circumventing software licensing and counterfeit GPG MSI installers embedded with PowerShell scripts….

Read More Genesis Market Malware Attack

Related