Seven Malicious Vite npm Packages Use Blockchain C2 to Deliver a RAT
Cybersecurity researchers have discovered a cluster of seven malicious npm packages targeting the Vite frontend tooling ecosystem as part of a software supply chain attack
Discover the latest trends on Command and Control in cyber security, your hub for infosec insights, threats, and defense strategies.
Search across headline titles and summaries.
Background for this topic.
Command and Control (C2) describes the communication channels attackers use to remotely manage compromised systems within a target network. These channels allow adversaries to send instructions to malware, enabling actions like data theft, lateral movement, or launching attacks such as Distributed Denial of Service (DDoS). C2 infrastructure often involves covert protocols or encrypted traffic to evade detection.
Effective defense requires monitoring network traffic for unusual patterns or connections to known malicious domains and blocking or isolating suspected C2 communications. Disrupting these channels can prevent attackers from controlling infected devices, limiting the scope and impact of an intrusion. Understanding C2 techniques is essential for prioritizing network segmentation, threat intelligence integration, and timely response to contain active compromises.
Weekly headline count for the current query.
Cybersecurity researchers have discovered a cluster of seven malicious npm packages targeting the Vite frontend tooling ecosystem as part of a software supply chain attack
Cybersecurity researchers have called attention to a new modular malware called TELEPUZ that's been spreading via websites infected with ClickFix lures since late April 2026
Chinese actors used Claude Code and DeepSeek to automate attacks that breached government systems and targeted financial firms. Hunt.io researchers stumbled onto an active intrusion campaign in June 2026 while pivoting on known TencShell command-and-control infrastructure. A single HTTP header fingerprint on port 1111 led them to 13 Hong Kong-based servers and, on one of […]
An Iranian hacking group affiliated with Iran's Ministry of Intelligence and Security (MOIS) has been wielding a previously undocumented modular command-and-control (C2) framework dubbed Cavern (aka Cav3rn) targeting Israeli organizations
Microsoft, with law enforcement and industry partners, disrupted more than 200 command and control servers for Amadey and StealC, often used in conjunction. The post In a first, a court takedown goes after two cybercrime tools at once appeared first on CyberScoop.
Microsoft has disclosed details of a Windows-based cryptocurrency clipper campaign that has targeted users since February 2026 with clipboard-intercepting malware with self-spreading capabilities and using the Tor anonymity network to hide communication
Threat actors associated with the DragonForce ransomware have been observed using a custom Go-based remote access trojan (RAT) called Backdoor.Turn to conceal command-and-control (C2) traffic inside Microsoft Teams relay infrastructure
A French-speaking attacker broke into a small French automotive business, planted a keylogger, and stole banking and email credentials
DragonForce hid for months by routing malware traffic through Microsoft Teams infrastructure, masking C2 activity and evading network detection. DragonForce ransomware operators hit a major U.S. services firm and stayed hidden for one to two months by routing their command-and-control traffic through Microsoft’s own Teams relay servers. Symantec’s threat hunters tracked the custom backdoor they […]
Rokarolla Android malware targets 217 banking and crypto apps, steals credentials, blocks bank calls, intercepts SMS, and disables Play Protect. Zimperium’s zLabs researchers have published a detailed analysis of Rokarolla, a new Android banking trojan named after its command-and-control infrastructure. It spreads through malicious websites masquerading as TikTok and Chrome, one confirmed distribution point being […]
Custom malware routed communications through legitimate Microsoft services, making malicious activity look like routine corporate collaboration
Command and control traffic exploited a Teams visitor token to make malicious activity look legitimate to defenders
DragonForce ransomware used a custom malware named 'Backdoor.Turn' to hide command-and-control traffic inside Microsoft Teams relay infrastructure. [...]
Cybersecurity researchers have flagged two previously undocumented Windows variants of what was believed to be a Linux-only backdoor called SprySOCKS
Malware on approximately 2,000 WordPress sites hid C2 instructions in Steam profile comments using invisible Unicode. GoDaddy researchers spotted a command-and-control infrastructure for a malware campaign abusing Valve’s Steam gaming platform. The experts discovered malware on approximately 1,980 WordPress sites that fetches its instructions by reading Steam Community profile comments, where the actual payload is […]
Nearly 2,000 WordPress websites were infected with malware that relies on Steam Community profile comments to hide command-and-control (C2) data. [...]
Suspected Russian Crime Group Built Resilient Command-and-Control InfrastructureIn a joint operation, CrowdStrike, Google and Shadowserver Foundation disrupted infrastructure used by the Glassworm cybercrime group, cutting off attackers from victims. The group has wielded a remote access Trojan to repeatedly target developers of widely used open-source software.
The Glassworm botnet targeting developers in software supply-chain attacks has been disrupted after researchers took down its resilient command-and-control infrastructure relying on Solana blockchain transactions and the BitTorrent DHT network. [...]
CrowdStrike, in partnership with Google and the Shadowserver Foundation, has announced the simultaneous disruption of all command-and-control (C2) channels associated with GlassWorm, a persistent software chain campaign targeting software developers through malicious packages and extensions
Glassworm infected developers through poisoned tools and packages until a coordinated takedown killed all four of its C2 channels at once. On May 26, 2026, at 14:00 UTC, CrowdStrike Counter Adversary Operations team, working with Google and the Shadowserver Foundation, killed all four command-and-control channels of the Glassworm botnet at the same time. The timing […]