Four Threat Clusters Using CastleLoader as GrayBravo Expands Its Malware Service Infrastructure

Updated on December 9, 2025

Four distinct threat activity clusters have been observed leveraging a malware loader known as CastleLoader, strengthening the previous assessment that the tool is offered to other threat actors under a malware-as-a-service (MaaS) model.
The threat actor behind CastleLoader has been assigned the name GrayBravo by Recorded Future’s Insikt Group, which was previously tracking it as TAG-150….

Read the rest of the story at Read More

Source: The Hacker News

May 12, 2025 Uncategorized

The Persistence Problem: Why Exposed Cre...

September 3, 2025 Uncategorized

Detecting Data Leaks Before Disaster

October 24, 2025 Uncategorized

Four Threat Clusters Using CastleLoader as GrayBravo Expands Its Malware Service Infrastructure

Related posts

The Persistence Problem: Why Exposed Cre...

Detecting Data Leaks Before Disaster

3,000 YouTube Videos Exposed as Malware ...

Leave a Comment Cancel reply

Recent News

Featured Chrome Browser Extension Caught Intercepting Millions of Users’ AI Chats

FreePBX Patches Critical SQLi, File-Upload, and AUTHTYPE Bypass Flaws Enabling RCE

⚡ Weekly Recap: Apple 0-Days, WinRAR Exploit, LastPass Fines, .NET RCE, OAuth Scams & More

A Browser Extension Risk Guide After the ShadyPanda Campaign

Phantom Stealer Spread by ISO Phishing Emails Hitting Russian Finance Sector

VolkLocker Ransomware Exposed by Hard-Coded Master Key Allowing Free Decryption

CISA Adds Actively Exploited Sierra Wireless Router Flaw Enabling RCE Attacks

Apple Issues Security Updates After Two WebKit Flaws Found Exploited in the Wild

Fake OSINT and GPT Utility GitHub Repos Spread PyStoreRAT Malware Payloads

New Advanced Phishing Kits Use AI and MFA Bypass Tactics to Steal Credentials at Scale