Read all Blogs from this Author
Over the past decade, the English-speaking cybercriminal ecosystem commonly referred to as “The COM” has undergone a profound transformation. What began as a niche subculture centered on the trading of what is called “OG Usernames (original gangster)”
CloudSEK discovered a new Epsilon Red ransomware campaign targeting users globally via fake ClickFix verification pages. Active since July 2025, threat actors use social engineering and impersonate platforms like Discord, Twitch, and OnlyFans to trick users into executing malicious .HTA files through ActiveX. This leads to silent payload downloads and ransomware deployment. Users are urged to disable ActiveX, block attacker IPs, and train against such lures.
Read all Whitepapers and reports from this Author
.png)
The report "Beyond the Storefront: E-commerce and Retail Threat Insights" highlights the growing cyber threats to the e-commerce and retail sectors, including a surge in ransomware attacks, hacktivist activities, and data breaches. It emphasizes the need for enhanced security measures as these industries face increasing risks from financially motivated attacks and politically driven hacktivism.
Read More.png)
The report "MichaMichaBot: Unmasking the Threats Exploiting Missing 'X-Frame-Options' Headers" reveals how cybercriminals exploit this vulnerability to launch phishing attacks by embedding legitimate websites in iframes with fake login panels. It provides insights into these attack methods and practical strategies to secure digital assets against such threats.
Read More.webp)
Our whitepaper, "Unveiling Maorrisbot: The Inner Workings of an Android Trojan Malware," explores the sophisticated methods and impacts of Maorrisbot malware, offering insights and strategies to protect your devices. Download it to learn how to safeguard against this significant Android threat.
Read MoreRead all knowledge base articles from this Author
