One Click to Compromise: ThreatLabz 2026 Phishing and Initial Access Report
AI is accelerating the enterprise, but it is also raising the cost of a single user mistake. Phishing remains one of the easiest on-ramps for attackers, with campaigns that look routine, move ...
Technical Analysis of MLTBackdoor
IntroductionIn May 2026, Zscaler ThreatLabz identified a new malware family that we track as MLTBackdoor that is likely leveraged by a ransomware-related threat actor. MLTBackdoor has been observed by ThreatLabz being delivered in ...
When the Scanner Starts Thinking: Learnings from Mythos & GPT 5.5 Cyber in Security Testing
OverviewFrontier AI models like Anthropic Mythos and OpenAI GPT 5.5 Cyber present a critical inflection point for enterprise security. While they unlock transformative potential for security engineers seeking to embed AI into ...
Malicious OpenClaw Skill Distributes Remcos RAT and GhostLoader
IntroductionOpenClaw, previously known as Clawdbot, Moltbot, and Molty, is an open-source framework designed for autonomous AI agents that execute complex tasks requiring high-privilege local system access. While intended for automation, its modular ...
Tropic Trooper Pivots to AdaptixC2 and Custom Beacon Listener
IntroductionOn March 12, 2026, Zscaler ThreatLabz discovered a malicious ZIP archive containing military-themed document lures targeting Chinese-speaking individuals. Our analysis of this sample uncovered a campaign leveraging a multi-stage attack chain where ...
Payouts King Takes Aim at the Ransomware Throne
IntroductionIn February 2022, BlackBasta emerged as a successor to Conti ransomware and quickly rose to prominence. BlackBasta was operational for three years until February 2025 when their internal chat logs were leaked ...
When AI Finds a Way Out: The Alibaba Incident and Why Zero Trust Matters More Than Ever
The incidentIn cybersecurity, the most important lessons rarely come from theory, but reality.A recent incident involving an experimental AI agent in the Alibaba ecosystem is one of those moments that forces us ...
In-Memory Loader Drops ScreenConnect
IntroductionIn February 2026, Zscaler ThreatLabz discovered an attack chain where attackers used a fake Adobe Acrobat Reader download to lure victims into installing ConnectWise’s ScreenConnect. While ScreenConnect is a legitimate remote access tool, it can ...
Supply Chain Attacks Surge in March 2026
IntroductionThere was a significant increase in software supply chain attacks in March 2026. There were five major software supply-chain attacks that occurred including the Axios NPM package compromise, which has been attributed ...
Anthropic Claude Code Leak
IntroductionOn March 31, 2026, Anthropic accidentally exposed the full source code of Claude Code (its flagship terminal-based AI coding agent) through a 59.8 MB JavaScript source map (.map) file bundled in the ...
