Security Research

SharpRhino is delivered as legitimate software and grants remote access to the victim's machine. Read our full analysis to see how attackers use it to propagate other malware.

Skuld, also known as TMPN Stealer, is an information-stealing malware written in Golang (Go) that emerged in May 2023. Read the full analysis of this open-source threat.

Threat actors are using Winword, an ancient version of Microsoft Office, to target drone manufacturers in Taiwan. Read the full analysis from the TRU Security team.

Users who have not properly configured Microsoft Exchange are exposed to email spoofing, which could lead to email compromise, data breaches and more.

In today’s rapidly evolving digital landscape, regularly scanning a company’s external perimeter for vulnerabilities іs not only a proactive measure, but also an essential defense strategy.

Zola ransomware is the latest addition to the Proton ransomware family. Acronis researchers break down the evolution of a Zola attack, from execution to encryption.

Eldorado ransomware has been active from at least March 2024. It mostly targets U.S. companies, including health care, education and government sectors.

Hunters International ransomware was first spotted in October 2023. While it shares many similarities with Hive ransomware, it is not a rebrand. But like Hive, Hunters International works as ransomware as a service (RaaS) and besides encryption, it also exfiltrates victim data.

In our daily work, we are constantly facing various attacks that can be directed at different organizations. One of these cases was the reason for an in-depth study of LNK files.

Detected at the end of 2024, Frea ransomware is a new variant in the Chaos ransomware family. Our latest malware analysis explores Frea in depth, with technical details on the execution and the encryption and post-encryption process.

From cybersecurity and backup to ticketing and billing, MSPs find themselves cobbling together tools and juggling multiple siloed consoles.

Trigona ransomware was first observed in June 2022. It has Windows and Linux versions and operates as ransomware as a service.