Threats

Malware, attack campaigns, APT groups

Pre-Stuxnet Sabotage Malware Fast16 Confirmed as Nuclear Weapons Simulation Tampering Tool Dating Back to 2005

Threats

Pre-Stuxnet Sabotage Malware Fast16 Confirmed as Nuclear Weapons Simulation Tampering Tool Dating Back to 2005

Symantec and Carbon Black have published a definitive analysis confirming that Fast16, a Lua-based malware framework first surfaced by SentinelOne weeks ago, was purpose-built to sabotage nuclear weapons testing simulations. The findings establish Fast16 as the earliest known cyber sabotage tool targeting nuclear weapons research — predating the first

By Zero Day Wire
FamousSparrow Targets Azerbaijani Oil and Gas Firm in Three-Wave Campaign Using ProxyNotShell, Deed RAT, and Kernel-Level Rootkit

Threats

FamousSparrow Targets Azerbaijani Oil and Gas Firm in Three-Wave Campaign Using ProxyNotShell, Deed RAT, and Kernel-Level Rootkit

Bitdefender Labs has documented a sustained espionage campaign by Chinese-aligned APT group FamousSparrow against an oil and gas company in Azerbaijan, carried out across three distinct waves between December 2025 and February 2026. The campaign marks a strategic pivot for the group toward South Caucasus energy infrastructure and demonstrates

By Zero Day Wire
Iranian APT Seedworm Deploys Dindoor Backdoor via Microsoft Teams Social Engineering Using Deno Runtime for In-Memory Execution

Threats

Iranian APT Seedworm Deploys Dindoor Backdoor via Microsoft Teams Social Engineering Using Deno Runtime for In-Memory Execution

CyberProof researchers have uncovered a campaign by Iranian APT group Seedworm that uses Microsoft Teams as an initial access vector, deploying a custom backdoor called Dindoor through social engineering that impersonates IT support personnel. The campaign emerged in early March 2026, coinciding with a surge in Iranian-linked cyber activity

By Zero Day Wire
DSCourier Proof-of-Concept Abuses WinGet COM API to Bypass CrowdStrike Falcon, Microsoft Defender, and Elastic EDR

Threats

DSCourier Proof-of-Concept Abuses WinGet COM API to Bypass CrowdStrike Falcon, Microsoft Defender, and Elastic EDR

A security researcher has released DSCourier, a proof-of-concept tool that abuses the WinGet Configuration COM API to apply arbitrary Desired State Configuration (DSC) configurations through Microsoft-signed binaries — a technique that has been demonstrated bypassing three of the most widely deployed enterprise EDR platforms: CrowdStrike Falcon, Microsoft Defender

By Zero Day Wire