WSL created an attack surface that has allowed adversaries to introduce malware with little chance of AV detection.

Infosec teams struggle to detect Linux-based threats such as Vermillion Strike due to an overemphasis on Windows malware, a lack of effective solutions for protecting data centers, and the immaturity of sandboxes.

In separate reports Thursday, Akamai detailed two threats: One new, complex miner targeting WordPress, and a Linux miner that just learned to speak Windows.

Adversaries use the storage mechanism as a way to hide second-stage malware payloads, knowing that "no one in security really knows the exact structure of these files except Microsoft, said one security expert.

Previously unseen tactic can work on various connected devices found in both traditional workplaces and WFH environments.

Raccoon Stealer can collect passwords, cookies, and the “autofill” text for websites, including credit card data and other PII that’s potentially stored by the browser.

IIS malware most recently appeared in the Halfnium Exchange Server attacks. Zuzana Hromcová created what may be the first systematic overview of the wide world of IIS malware.

The recently discovered malicious "ISOmorph" campaign is designed to infect victims with a RAT by dynamically constructing a malicious dropper payload via their browsers.

The malware profiled by CISA cover a wide array of functions, though many appear to be different Pulse Secure scripts modified to load web shells.