{
  "$type": "site.standard.document",
  "bskyPostRef": {
    "cid": "bafyreic64vn7isqf42uz6rf2ldl4apywagnfepchnyvq353s4zohrexyya",
    "uri": "at://did:plc:6wtxqaikjf62unmnajbfbq5v/app.bsky.feed.post/3mogwrgxsqkr2"
  },
  "coverImage": {
    "$type": "blob",
    "ref": {
      "$link": "bafkreiaalpaiyb6o3pjjuqaqdfnlbq4oeag2jz672irl22xfnfxn7o7tqq"
    },
    "mimeType": "image/webp",
    "size": 20316
  },
  "path": "/khmer-shadow-hackers-abuse-vmware-signed-binary-to-deploy-nightforge-loader/",
  "publishedAt": "2026-06-16T18:26:31.000Z",
  "site": "https://vpncentral.com",
  "tags": [
    "News",
    "Khmer Shadow Hackers Abuse VMware-Signed Binary to Deploy NIGHTFORGE Loader",
    "VPN Central"
  ],
  "textContent": "Acronis researchers have uncovered two espionage campaigns targeting Cambodian government organizations, with attackers using a legitimate VMware-signed binary to sideload a custom loader called NIGHTFORGE. The campaigns, tracked as Khmer Shadow by Acronis Threat Research Unit, focused on entities in Cambodia’s defense and public works sectors. Acronis assesses with moderate confidence that the activity supports […]\n\nThe post Khmer Shadow Hackers Abuse VMware-Signed Binary to Deploy NIGHTFORGE Loader appeared first on VPN Central.",
  "title": "Khmer Shadow Hackers Abuse VMware-Signed Binary to Deploy NIGHTFORGE Loader"
}