Kimsuky Uses SharpExt To Gather Intelligence From Stolen Email
The threat actor tracked as Kimsuky continue to deliver booby trapped documents to targets that are laced with browser extension malware.
Once received and executed, the malicious Hangul Word Processor (HWP) files communicate with the threat actor controlled C2 to gather the SharpEXT browser extension that is leveraged to steal emails and attachments from the victims in the United States, South Korea, and Europe.
Featured Resources
EscapeRoute: Breaking the Scope of Anthropic’s Filesystem MCP Server
(CVE-2025-53109 & CVE-2025-53110)
EXECUTIVE SUMMARY The Cymulate Research Labs is committed to advancing cybersecurity by scrutinizing emerging technologies and exposing hidden risks. Our
Healthcare - Industry Brief
Healthcare Industry Under Attack Security leaders in the healthcare industry face significant challenges as threat actors target valuable data and
AI Threat Detection: Supercharging Cyber Defenses with Intelligence & Scale
Security teams face an onslaught of ever-evolving threats, bloated alert queues and sprawling attack surfaces. Manual detection and periodic pen