Modern supply chain intrusions are attacks that compromise trusted software development systems, including CI/CD pipelines, package registries, GitHub repositories, developer tools, and cloud environments. Instead of attacking one organization directly, threat actors abuse trusted dependencies, automation workflows, and stolen developer credentials to spread across entire software ecosystems. TeamPcP History TeamPCP (also tracked as PCPcat, DeadCatx3, […]

Payload ransomware is a Windows ransomware family that appends the .payload extension to encrypted files, drops RECOVER_payload.txt ransom notes, and uses ChaCha20 encryption with per-file Curve25519 ECDH key exchange. The sample also includes anti-forensics features such as ETW patching, VSS deletion, Windows Event Log clearing, and process/service termination. Key Takeaways Overview On 15 February 2026, […]

PlugX (KorPlug) is a modular remote access trojan delivered in this campaign through an MSI-based DLL sideloading chain. In this sample,The installer drops a legitimate G DATA executable, a malicious AVK.dll sideloader, and an XOR-encrypted AVKTray.dat payload that ultimately loads a reflective PlugX DLL and establishes persistence. Key Takeaways Introduction A PlugX DLL sideloading campaign […]