An updated version of a malware loader, known as Hijack Loader, has been discovered with new features aimed at evading detection and maintaining persistence. The information-stealing malware uses methods including call stack spoofing to hide the origin of function calls and perform anti-VM checks to detect malware analysis environments. Cybersecurity community is keeping track of Hijack Loader’s evolution, which had previously used legitimate code-signing certificates and a now infamous ClickFix strategy for distribution.
Mandiant warns of attacks on newly-disclosed Ivanti remote takeover threat
Google’s Mandiant team has issued an alert about a remote code execution flaw in the Ivanti Connect Secure VPN platform. The vulnerability, designated CVE-2025-22457, is
