The threat actors behind a malware family known as RomCom targeted a U.S.-based civil engineering company via a JavaScript loader dubbed SocGholish to deliver the Mythic Agent.
"This is the first time that a RomCom payload has been observed being distributed by SocGholish," Arctic Wolf Labs researcher Jacob Faires said in a Tuesday report.
The activity has been attributed with medium-to-high



Source: TheHackerNews
Source Link: https://thehackernews.com/2025/11/romcom-uses-socgholish-fake-update.html