The Hacker News

Multi-Stage VOID#GEIST Malware Delivering XWorm, AsyncRAT, and Xeno RAT

VOID#GEIST malware campaign delivers XWorm, AsyncRAT, and Xeno RAT using batch scripts, Python loaders, and explorer.exe ...
GitHub

PowerShell Shellcode Injection via Windows API.yml

description: Detects PowerShell using VirtualAlloc, CreateThread, and similar API calls for memory injection techniques. - 'VirtualAlloc' # Detects use of VirtualAlloc, a Windows API function used to ...
GitHub

A collection of C# shellcode injection techniques. All techniques use an AES encrypted meterpreter payload.

I will be building this project up as I learn, discover or develop more techniques. Note: The project is not intended to be used as-is. If you are going to use any of the techniques there is a better ...
Security Boulevard

APT37 Adds New Capabilities for Air-Gapped Networks

IntroductionIn December 2025, Zscaler ThreatLabz discovered a campaign linked to APT37 (also known as ScarCruft, Ruby Sleet, and Velvet Chollima), which is a DPRK-backed threat group. In this campaign ...