ALL POSTS

Key Findings Russia-linked APT28 targeted European entities with a webhook-based macro malware campaign called Operation MacroMaze from September 2025 to January 2026. The campaign used spear-phishing emails delivering weaponized documents with an "INCLUDEPICTURE" field pointing to a webhook[.]site URL hosting a JPG. When opened, the file silently retrieves the image, acting as a tracking pixel to alert attackers the document was viewed. Variants dropped modified macros that

Key Findings The Iranian hacking group known as MuddyWater has been observed deploying a new backdoor called UDPGangster that uses the User Datagram Protocol (UDP) for command-and-control (C2) communication. The cyber espionage activity targeted users in Turkey, Israel, and Azerbaijan. The attack chain involves using spear-phishing tactics to distribute booby-trapped Microsoft Word documents that trigger the execution of a malicious payload once macros are enabled. UDPGangste