Nimhawk is an actively developed command and control (C2) framework that builds on the NimPlant project, offering enhanced modularity, security, and a user-friendly web interface for managing implants. Currently, it supports Windows x64 platforms, with plans for a Linux agent in the future. The project encourages community contributions and provides detailed documentation for developers.

The article discusses a report on the malware traffic associated with the notorious Los Pollos Hermanos network. It highlights the methods used by cybercriminals to exploit vulnerabilities and distribute malicious software, shedding light on the ongoing challenges in cybersecurity. The findings underscore the importance of vigilance and proactive measures in combating such threats.

Hackers are exploiting a vulnerability in domain name system (DNS) records to hide malware, allowing malicious scripts to fetch binaries without detection by traditional security measures. Researchers from DomainTools discovered that malware was encoded in hexadecimal and distributed across multiple subdomains, enabling retrieval through seemingly harmless DNS requests. As encrypted DNS methods like DOH and DOT gain traction, monitoring this type of traffic may become even more challenging.

Hacking groups, including those affiliated with the North Korean government, are utilizing a new method called EtherHiding to distribute malware via public cryptocurrency blockchains. This technique embeds malware within smart contracts, providing a decentralized and nearly untouchable platform for cybercriminals to operate, thus enhancing the resilience against law enforcement actions.

A new attack known as "pixnapping" has emerged, targeting Android devices by using pixel-stealing techniques to access sensitive information. This method allows attackers to manipulate the display output, potentially compromising user data without their knowledge. Users are advised to remain vigilant and update their security measures to protect against this threat.

Hackers are compromising end-of-life SonicWall Secure Mobile Access appliances, exploiting leaked administrator credentials and potentially using a custom backdoor malware called Overstep. Google’s Threat Intelligence Group urges organizations to analyze their devices for signs of compromise, as many details about the attacks and vulnerabilities remain unclear.