MEDIUMMalware
Global

Lazarus Deploys RemotePE Memory-Only RAT Against Financial and Crypto Firms

·Source: The Hacker News

Updated:

Executive Summary

Cybersecurity researchers have shed light on a cross-platform malware called RemotePE that has been put to use by the North Korea-linked Lazarus Group in attacks targeting financial and cryptocurrency organizations. RemotePE, per NCC Group subsidiary Fox-IT, is part of a multi-stage attack chain that involves two loaders tracked as DPAPILoader and RemotePELoader. "DPAPILoader decrypts and

Analysis

Cybersecurity researchers have shed light on a cross-platform malware called RemotePE that has been put to use by the North Korea-linked Lazarus Group in attacks targeting financial and cryptocurrency organizations. RemotePE, per NCC Group subsidiary Fox-IT, is part of a multi-stage attack chain that involves two loaders tracked as DPAPILoader and RemotePELoader. "DPAPILoader decrypts and
Source Attribution

Originally published by The Hacker News on May 25, 2026.

Related Threats

MEDIUMMalware

The HazyBeacon Protocol – How Malware Weaponizes Amazon Web Services (AWS) Lambda Function URLs

Key Takeaways The Rise of Cloud-Native Command and Control (C2) Command and control (C2) infrastructure traditionally lived outside the victim environment. Malware beaconed to attacker-operated servers hosted on rented VPS infrastructure or compromised websites, and defenders focused on identifying those endpoints through IP reputation, domain intelligence, and network blocking. Cloud computing ha

Qualys Blog
MEDIUMMalware

The Zero-Knowledge Threat Actor and the End of Responsible Disclosure

AI can help attackers generate malware, create malicious payloads, bypass simple security checks, and convert vague malicious intent into functional code. The post The Zero-Knowledge Threat Actor and the End of Responsible Disclosure appeared first on SecurityWeek .

SecurityWeek
CRITICALMalware

Attackers exploit Palo Alto GlobalProtect flaw days after disclosure

A Palo Alto Networks vulnerability that allows attackers to establish unauthorized VPN access into corporate networks is being actively exploited in the wild, weeks after the company disclosed the flaw as a medium-severity issue and said it was unaware of any attacks. However, according to Rapid7, threat actors began exploiting the bug within days of disclosure. “Rapid7 MDR identified successful e

CVE-2026-0257
CSO Online