Category: 3. Business

News Highlights

• Attackers using highly convincing, animated lures to trick users into trusting malicious sites and downloads.
• Threat actors carrying out convincing campaigns with minimal effort by using purchasable tools – like PureRAT, and Phantom Stealer – reusing templates and abusing trusted platforms.
• Attackers evading detection through DLL sideloading, modified legitimate tools and continuous adaptation to new Windows protections.

 
PALO ALTO, Calif., 11 December 2025 — HP Inc. (NYSE: HPQ) today issued its latest Threat Insights Report, revealing how attackers are refining campaigns with professional-looking animations and purchasable malware services. HP Threat Researchers warn that these campaigns mix convincing visuals, well known hosting platforms like Discord, and regularly updated malware kits to evade detection by users and detection tools.
 
The report provides an analysis of real-world cyberattacks, helping organizations keep up with the latest techniques cybercriminals use to evade detection and breach PCs in the fast-changing cybercrime landscape. Based on the millions of endpoints running HP Wolf Security*, notable campaigns identified by the HP Threat Research Team include: 

• DLL sideloading slips past endpoint security scanners: Attackers impersonating the Colombian Prosecutor’s Office emailed fake legal warnings to targets. The lure directs users to a fake government website, which displays a slick auto-scroll animation guiding targets to a “one-time password”, tricking them into opening the malicious password-protected archive file. 
  • The file – once opened – launches a folder that includes a hidden, maliciously modified dynamic link library (DLL). This installs PureRAT malware in the background, giving attackers full control of a victim’s device. The samples were highly evasive. On average, only 4 per cent of related samples were detected by anti-virus tools.
• Fake Adobe update installs remote access tool: A fake Adobe-branded PDF redirects users to a fraudulent site that pretends to update their PDF reader software. A staged animation shows a spoofed installation bar that mimics Adobe. This tricks users into downloading a modified ScreenConnect executable – a legitimate remote access tool – which connects back to attacker-controlled servers, so they can hijack the compromised device.
• Discord malware dodges Windows 11 defences: Threat actors hosted their payload on Discord to avoid building their own infrastructure and piggybacked off the positive domain reputation of Discord. Before deployment, the malware patches Windows 11’s Memory Integrity protection to bypass this security feature. The infection chain then delivers Phantom Stealer, a subscription-based infostealer sold on the hacking marketplaces with ready-made credential and financial theft features that update frequently to evade modern security tools.

Patrick Schläpfer, Principal Threat Researcher, HP Security Lab, comments: “Attackers are using polished animations like fake loading bars and password prompts to make malicious sites feel credible and urgent. At the same time, they are relying on off-the-shelf, subscription malware that is fully featured, and updates as fast as legitimate software. This is helping threat actors keep ahead of detection-based security solutions and slip past defences with far less effort.”
 
Alongside the report, the HP Threat Research Team has published a blog analyzing the threat of session cookie hijacking attacks, the use of stolen credentials in intrusions and the proliferation of infostealer malware. Rather than stealing passwords or bypassing multi-factor authentication (MFA), attackers are hijacking the cookies that prove a user is already logged in, giving them instant access to sensitive systems. HP analysis of publicly reported attack data found that over half (57%) of the top malware families in Q3 2025 were information stealers, a type of malware that typically has cookie theft capabilities. 
 
By isolating threats that have evaded detection tools on PCs – but still allowing malware to detonate safely inside secure containers – HP Wolf Security has insight into the latest techniques used by cybercriminals. To date, HP Wolf Security customers have clicked on over 55 billion email attachments, web pages, and downloaded files with no reported breaches.
 
The report, which examines data from July – September 2025, details how cybercriminals continue to diversify attack methods to bypass security tools that rely on detection, such as:

• At least 11% of email threats identified by HP Sure Click bypassed one or more email gateway scanners.
• Archive files were the most popular delivery type (45%), seeing a 5% point rise over Q2, with attackers increasingly using malicious .tar and .z archive files to target users. 
• In Q3, 11% of threats stopped by HP Wolf Security were PDF files, growing 3% points over the previous quarter. 

 
Dr. Ian Pratt, Global Head of Security for Personal Systems at HP Inc., comments: “With attackers abusing legitimate platforms, mimicking trusted brands and adopting convincing visual tricks, like animations, even strong detection tools will miss some threats. Security teams can’t predict every attack. But by isolating high-risk interactions, such as opening untrusted files and websites, organisations gain a safety net that contains threats before they can cause harm, without adding friction for users.”
 
Please visit the Threat Research blog to view the report.
 

About the Data

This data was gathered from consenting HP Wolf Security customers from July – September 2025 with investigations conducted by the HP Threat Research Team. 
 

About HP Wolf Security*

HP Wolf Security is world class endpoint security. HP’s portfolio of hardware-enforced security and endpoint-focused security services are designed to help organizations safeguard PCs, printers, and people from circling cyber predators. HP Wolf Security provides comprehensive endpoint protection and resiliency that starts at the hardware level and extends across software and services. Visit https://hp.com/wolf.

• First Vice President Greg Guyett and Vice President for Banking Matteo Patrone visiting Morocco to meet high-level government officials and business representatives 
• Discussions will focus on EBRD’s support for the private sector, key infrastructure investments and the transition to a green economy 
• Morocco has received almost €5.9 billion in EBRD financing across 125 projects since 2012

The EBRD’s First Vice President, Greg Guyett, and its Vice President for Banking, Matteo Patrone, are visiting Morocco from 11 to 12 December to meet senior government officials and clients from the public and private sectors.

During their visit to Casablanca, they will meet with the Minister of Economy and Finance and EBRD Governor, Nadia Fettah. The discussions will focus on enhancing private-sector support in Morocco, accelerating the transition to a green economy and driving investments in key infrastructure.

The EBRD delegation will also meet representatives of local public and private companies, including clients in Morocco’s banking sector, and will sign agreements on a number of new investments.

Mr Guyett said: “I am delighted to make my first visit to Morocco as EBRD First Vice President and meet our public- and private-sector clients. It’s an excellent opportunity to deepen our cooperation and explore new opportunities. The EBRD will support Morocco’s development priorities by investing in the energy transition, expanding access to finance for SMEs, supporting the innovation economy and strengthening private-sector competitiveness.”

The First Vice President and the Vice President for Banking will be joined by Mark Davis, the EBRD’s Managing Director for the Southern and Eastern Mediterranean, and Haytham Eissa, the EBRD’s Head of Morocco.

The EBRD is a leading institutional investor in Morocco, having invested almost €5.9 billion across 125 projects to date. The Bank has also mobilised €312 million of funding from other parties in 2025. The Bank started investing in the country in 2012, with a focus on fostering sustainable energy, promoting infrastructure reform, and supporting the direct and indirect financing of private enterprises, with 69 per cent of the EBRD’s funding going to the private sector.

The recent FOMC meetings share a theme: rates are converging toward what appears to be a landing zone on several fronts, even if only temporarily. The balance sheet is now on freeze (there is a floor set for bank reserves), and the funds rate is now close to where it is looking more normal, or at least close to it. Let’s delve into both.

First, the level of the funds rate and floating rates in general. The 3mth SOFR rate is finally below the 10yr SOFR rate (just this week). Which means, at long last, it’s cheaper to fund floating than to fund fixed. This is with the 10yr SOFR having been under rising pressure in the past weeks, but also as the 3mth SOFR has been tamed by the rate-cutting narrative. It’s the first time since the second half of 2022 (and briefly in January 2025) that the 10yr SOFR rate has been above most floating rates, and that will be copper-fastened as soon as the Fed cuts by 25bp in a bit. For players who have baulked at the idea of swapping to floating on account of negative impact carry, that has now gone away (at least for as long as 10yr SOFR remains elevated).

Second, liquidity conditions. Repo has been trending tight in the past few months, and things reached a point of no return when the effective funds rate began to de-anchor and trek towards the rate on excess reserves (now just 1bp below). The Fed reacted at the previous FOMC meeting by reverse engineering this into a rationale for freezing the balance sheet, where further MBS roll-offs would be matched by T-bills buying. But as we’ve noted, the Fed will ultimately have to re-expand the balance sheet at the same pace as the nominal economy is growing. So, if nominal GDP is growing at 3-5%, bank reserves too should expand at that rate. The Fed has reacted to this reality by implementing flexibility to buy T-bills in excess of the MBS roll-off, to ensure ample reserves.

Reserve management purchases is the term the Fed is using to describe its T-bill buying agenda, as in fact they can go out as far as three years in Treasuries if needed. That’s quite deviant from a pure T- bills buying programme, and bordering in fact on QE. They’ll start with $40bn of buying, and suggest it will wane in later months due to seasonal liquidity circumstances. Good for the front end!

NEW YORK — Time magazine is set to name its person of the year for 2025 on Thursday.

Among those in the running according to prediction markets is artificial intelligence itself, along with tech CEOs Jensen Huang of Nvidia and Sam Altman of OpenAI. Pope Leo XIV, the first American pope whose election this year followed the death of Pope Francis, is also considered a contender, with President Donald Trump, Israeli Prime Minister Benjamin Netanyahu and New York Mayor-elect Zohran Mamdani topping lists as well.

Trump was named the 2024 person of the year by the magazine after his winning his second bid for the White House, succeeding Taylor Swift, who was the 2023 person of the year.

The magazine’s selection dates from 1927, when its editors have picked the person they say most shaped headlines over the previous 12 months.

• Rolls-Royce is one of the first engine manufacturer to verify and publish the environmental footprint of emergency power generators
• The entire life cycle of the systems is taken into account – from raw material extraction to end of life
• mtu gensets can be operated with sustainable fuels, reducing CO₂ emissions by up to 90%

Rolls-Royce has delivered mtu emergency power generators with verified environmental product declarations (EPDs) to a European data center operator for the first time. The company is setting a new standard for transparency and sustainability in the supply of energy to critical infrastructure.

In collaboration with sustainability expert Sphera, Rolls-Royce is one of the first engine manufacturers to develop externally verified EPDs for emergency power generators and publish them in the international EPD system (Environdec). The reports document the entire environmental life cycle of the mtu 16V 4000 DS2500 and 10V 1600 systems – from raw material extraction to production and use, to end-of-life recycling.

“With these environmental product declarations, we set a new industry standard for environmental transparency in the field of energy systems,” said Tobias Ostermaier, President Stationary Power Solutions at Rolls-Royce’s Power Systems division. “This is our response to growing demand from our customers, and we are actively supporting them in reducing their carbon footprint.”