The threat actors behind a malware family known as RomCom targeted a U.S.-based civil engineering company via a JavaScript loader dubbed SocGholish to deliver the Mythic Agent. "This is the first time that a RomCom payload has been observed being distributed by SocGholish," Arctic Wolf Labs researcher Jacob Faires said in a Tuesday report. The activity has been attributed with medium-to-high
![]()
source https://thehackernews.com/2025/11/romcom-uses-socgholish-fake-update.html
source https://thehackernews.com/2025/11/romcom-uses-socgholish-fake-update.html