#evasion

8 articles

This archive collects 10 articles tagged evasion published between April 12, 2026 and May 4, 2026, giving security teams a focused view of how this topic has appeared across ZCyberNews coverage. Observed actor references include Payouts King and The Gentlemen, presented only where the underlying article metadata supports the attribution. The affected-scope signals emphasize financial services, healthcare, and multiple across Czech republic, EU, and North america, helping readers compare exposure patterns without adding claims beyond the archive data. Severity coverage includes 8 high, and 2 medium reports.

Amazon SES Abused in Phishing to Evade Email Security Filters

HIGH

Threat IntelMay 4, 2026

Amazon SES Abused in Phishing to Evade Email Security Filters

Threat actors exploit Amazon SES to send phishing emails that bypass SPF, DKIM, and DMARC checks, with a 40% rise in abuse since Q4 2025.

3 min read

PureRAT Malware Evades Detection with PNG-Stashed Payloads

HIGH

MalwareApr 21, 2026

PureRAT Malware Evades Detection with PNG-Stashed Payloads

PureRAT hides its Windows PE payloads inside PNG files and executes them filelessly in memory, a technique detailed by cybersecurity researchers analyzing a new sophisticated campaign.

3 min read

Threat Actors Embed Malicious Payloads in .WAV Audio Files

MEDIUM

Threat IntelApr 21, 2026

Threat Actors Embed Malicious Payloads in .WAV Audio Files

SANS ISC reports threat actors are using .WAV audio files to deliver malware payloads, exploiting the format's ability to conceal malicious code within seemingly benign audio data.

2 min read

The Gentlemen Ransomware Deploys SystemBC Proxy for C2 Evasion

HIGH

MalwareApr 20, 2026

The Gentlemen Ransomware Deploys SystemBC Proxy for C2 Evasion

The Gentlemen ransomware-as-a-service group uses the SystemBC SOCKS5 proxy tool to hide command-and-control traffic, according to a Check Point DFIR report analyzing a recent affiliate attack.

3 min readThe Gentlemen

Payouts King Ransomware Deploys QEMU VMs as Stealthy Reverse SSH Backdoors

HIGH

MalwareApr 17, 2026

Payouts King Ransomware Deploys QEMU VMs as Stealthy Reverse SSH Backdoors

The Payouts King ransomware group is deploying the open-source QEMU emulator to create hidden virtual machines on compromised hosts, establishing a persistent reverse SSH backdoor that evades conventional endpoint detection.

4 min readPayouts King

PowMix Botnet Targets Czech Workforce with Randomized C2 Traffic

HIGH

MalwareApr 16, 2026

PowMix Botnet Targets Czech Workforce with Randomized C2 Traffic

Cisco Talos researchers identify the PowMix botnet, active since December 2025, targeting Czech workers with randomized C2 beaconing to evade detection and deploy additional payloads.

3 min read

Threat Actors Weaponize MSBuild LOLBin for Fileless Windows Attacks

HIGH

Threat IntelApr 13, 2026

Threat Actors Weaponize MSBuild LOLBin for Fileless Windows Attacks

Cybercriminals are abusing the legitimate Microsoft Build Engine (MSBuild.exe) to execute malicious .NET code directly in memory, evading traditional detection by avoiding file drops.

3 min read

Ransomware Gangs Evolve EDR Evasion, Adopt New Driver-Based Killers

HIGH

Threat IntelApr 12, 2026

Ransomware Gangs Evolve EDR Evasion, Adopt New Driver-Based Killers

ESET Research reports ransomware operators are expanding their arsenal of EDR-killing tools, moving beyond exploiting vulnerable drivers to using legitimate but maliciously signed drivers for stealth.

4 min read

Stay Updated

Get the latest cybersecurity news delivered to your inbox.