MALWARE 190
- New JS#SMUGGLER Campaign Drops NetSupport RAT Through Infected Sites
- Exploitation of React2Shell Surges
- Android Malware FvncBot, SeedSnatcher, and ClayRat Gain Stronger Data Theft Features
- LummaC2 Infects North Korean Hacker Device Linked to Bybit Heist
- Despite Microsoft’s secret patch, LNK loophole remains viable for hackers to deliver malware
- MuddyWater Snakes by the riverbank
- How a Russian Threat Actor Uses a Recent WinRAR Vulnerability in Their Ukraine Operations
- Glassworm malware returns in third wave of malicious VS Code packages
- North Korea-linked actors behind Contagious Interview uploaded 197 new malicious npm packages to distribute a new OtterCookie malware version.
- ThreatsDay Bulletin - AI Malware, Voice Bot Flaws, Crypto Laundering, IoT Attacks — and 20 More Stories
- Shai-hulud 2.0 Campaign Targets Cloud and Developer Ecosystems
- Dead Man’s Switch – Widespread npm Supply Chain Attack Driving Malware Attacks
- FAQ About Sha1-Hulud 2.0 The "Second Coming" of the npm Supply-Chain Campaign
- Security Affairs newsletter Round 551 by Pierluigi Paganini – INTERNATIONAL EDITION
- Sturnus - New Android banking trojan targets WhatsApp, Telegram, and Signal
- Google exposes BadAudio malware used in APT24 espionage campaigns
- Mac users warned about new DigitStealer information stealer
- Frontline Intelligence Analysis of UNC1549 TTPs, Custom Tools, and Malware Targeting the Aerospace and Defense Ecosystem
- RondoDox Exploits Unpatched XWiki Servers to Pull More Devices Into Its Botnet
- RONINGLOADER Weaponizes Signed Drivers to Disable Defender and Evade EDR Tools
- Hackers are Weaponizing Invoices to Deliver XWorm That Steals Login Credentials
- North Korean hackers exploit Google’s safety tools for remote wipe
- Nine NuGet packages disrupt DBs and industrial systems with time-delayed payloads
- List of AI Tools Promoted by Threat Actors in Underground Forums and Their Capabilities
- Large-Scale ClickFix Phishing Attacks Target Hotel Systems with PureRAT Malware
- Gootloader malware back for the attack, serves up ransomware
- Google sounds alarm on self-modifying AI malware
- GlassWorm Returns New Wave Strikes as We Expose Attacker Infrastructure
- Russian hackers sneak a full Linux virtual machine inside Windows to run undetected
- Google warns of new AI-powered malware families deployed in the wild
- Curly COMrades Hacker Group Using New Tools to Create Hidden Remote Access on Compromised Windows 10
- Russian spies pack custom malware into hidden VMs on Windows machines
- Attackers targeting unpatched Cisco kit notice malware implant removal, install it again
- New "Brash" Exploit Crashes Chromium Browsers Instantly with a Single Malicious URL
- Researchers Expose GhostCall and GhostHire BlueNoroff's New Malware Chains
- SocGholish Malware Using Compromised Sites to Deliver Ransomware
- Threat Actors Leverage npm Ecosystem to Deliver AdaptixC2 Post-Exploitation Framework
- Russian Coldriver Hackers Deploy New 'NoRobot' Malware
- Self-spreading GlassWorm malware hits OpenVSX, VS Code registries
- New .NET CAPI Backdoor Targets Russian Auto and E-Commerce Firms via Phishing ZIPs
- North Korean Hackers Use EtherHiding to Hide Malware Inside Blockchain Smart Contracts
- Hacker Group TA585 Emerges With Advanced Attack Infrastructure
- Hackers Can Inject Malicious Code into Antivirus Processes to Create a Backdoor
- Cybercrime ring GXC Team dismantled in Spain, 25-year-old leader detained
- SquareX Shows AI Browsers Fall Prey to OAuth Attacks, Malware Downloads and Malicious Link Distribution
- Hackers leveraging Teams to drop malware, steal data, Microsoft warns
- Foreign threat actors adopting ChatGPT, AI to bolster "old playbook" of attacks, OpenAI finds
- Massive network of 30,000 websites filters victims before delivering scams or malware
- Phantom Taurus A New Chinese Nexus APT and the Discovery of the NET-STAR Malware Suite
- New MatrixPDF toolkit turns PDFs into phishing and malware lures
- $50 Battering RAM Attack Breaks Intel and AMD Cloud Security Protections
- New Malware-as-a-Service Olymp Loader Promises Defender-Bypass With Automatic Certificate Signing
- EvilAI Malware Masquerades as AI Tools to Infiltrate Global Organizations
- Cisco Talos attributes Asian telecom and manufacturing attacks to Naikon PlugX campaign
- Malware Operators Collaborate With Covert North Korean IT Workers to Attack Corporate Organizations
- Hackers Leverage AI-Generated Code to Obfuscate Its Payload and Evade Traditional Defenses
- NCSC warns of persistent malware campaign [RayInitiator and LINE VIPER] targeting Cisco devices
- COLDRIVER Updates Arsenal with BAITSWITCH and SIMPLEFIX
- Researchers expose MalTerminal, an LLM-enabled malware pioneer
- Nimbus Manticore Deploys New Malware Targeting Europe
- Gamaredon X Turla collab
- Large-Scale Attack Targeting Macs via GitHub Pages Impersonating Companies to Attempt to Deliver Stealer Malware
- Tech Note - BeaverTail variant distributed via malicious repositories and ClickFix lure
- EvilAI malware campaign exploits AI-generated code to breach global critical sectors
- 40 npm Packages Compromised in Supply Chain Attack Using bundle.js to Steal Credentials
- Actors Behind AppSuite-PDF and PDF Editor Used 26 Code-Signing Certificates to Make Software Appear Legitimate
- New Buterat Backdoor Malware Found in Enterprise and Government Networks
- Malicious npm Code Reached 10% of Cloud Environments
- Lazarus Group Deploys Malware With ClickFix Scam in Fake Job Interviews
- GhostRedirector Hacks 65 Windows Servers Using Rungan Backdoor and Gamshen IIS Module
- Russian APT28 Expands Arsenal with 'NotDoor' Outlook Backdoor
- Iran-Nexus Hackers Abuses Omani Mailbox to Target Global Governments
- Android Droppers Now Deliver SMS Stealers and Spyware, Not Just Banking Trojans
- New Phishing Campaign Abuses ConnectWise ScreenConnect to Take Over Devices
- MixShell Malware Delivered via Contact Forms Targets U.S. Supply Chain Manufacturers
- Transparent Tribe Targets Indian Govt With Weaponized Desktop Shortcuts via Phishing
- Kimsuky APT Data Leak – GPKI Certificates, Rootkits and Cobalt Strike Personal Uncovered
- Hook Version 3 The Banking Trojan with The Most Advanced Capabilities
- Fake macOS Help Sites Seek to Spread Infostealer in Targeted Campaign
- ClickFix Attack Tricks AI Summaries Into Pushing Malware
- Malicious Go Module Poses as SSH Brute-Force Tool, Steals Credentials via Telegram Bot
- APT36 hackers abuse Linux .desktop files to install malware in new attacks
- Hackers Using New QuirkyLoader Malware to Spread Agent Tesla, AsyncRAT and Snake Keylogger
- Threat Actors Attacking Organizations Key Employees With Weaponized Copyright Documents to Deliver Noodlophile Stealer
- Someone's poking the bear with infostealers targeting Russian crypto developers
- PhantomCard New NFC-driven Android malware emerging in Brazil
- Malvertising campaign leads to PS1Bot, a multi-stage malware framework
- Unmasking SocGholish Silent Push Untangles the Malware Web Behind the “Pioneer of Fake Updates” and Its Operator, TA569
- Shared secret EDR killer in the kill chain
- From Bing Search to Ransomware Bumblebee and AdaptixC2 Deliver Akira
- Tracking Updates to Raspberry Robin
- New Plague Linux malware stealthily maintains SSH access
- LegalPwn Attack Tricks GenAI Tools Into Misclassifying Malware as Safe Code
- Fingerprinting Malware C2s with Tags
- Fake Telegram Premium Site Distributes New Lumma Stealer Variant
- Unmasking Interlock Group's Evolving Malware Arsenal
- Frozen in transit Secret Blizzard’s AiTM campaign against diplomats
- APT36 Expands Beyond Military New Attacks Hit Indian Railways, Oil & Government Systems
- Qwins Ltd Bulletproof Hosting Provider Powering Global Malware Campaigns
- Cobalt Strike Beacon delivered via GitHub and social media
- JSCEAL Targets Crypto App Users – A New Threat in the Cyber Security Landscape
- GOLD BLADE remote DLL sideloading attack deploys RedLoader
- Auto-Color Backdoor How Darktrace Thwarted a Stealthy Linux Intrusion
- ToxicPanda The Android Banking Trojan Targeting Europe
- RAVEN STEALER UNMASKED Telegram-Based Data Exfiltration
- Hackers Exploit Official Gaming Mouse Software to Spread Windows-based Xred Malware
- Florida Student Research Deploys AI to Spot Stealthy Android Malware
- Cyber Stealer Analysis When Your Malware Developer Has FOMO About Features
- Operation CargoTalon UNG0901 Targets Russian Aerospace & Defense Sector using EAGLET implant.
- The Rise of Acreed Infostealer in the Post-LummaC2 Threat Landscape
- Coyote in the Wild First-Ever Malware That Abuses UI Automation
- Clickfix on macOS AppleScript Malware Campaign Uses Terminal Prompts to Steal Data
- Back to Business Lumma Stealer Returns with Stealthier Methods
- UK calls out Russian military intelligence for use of espionage tool
- Malware Identified in Attacks Exploiting Ivanti Connect Secure Vulnerabilities
- CERT-UA Discovers LAMEHUG Malware Linked to APT28, Using LLM for Phishing Campaign
- WordPress Redirect Malware Hidden in Google Tag Manager Code
- Threat hunting case study Lumma infostealer
- The Linuxsys Cryptominer
- GhostContainer backdoor malware compromising Exchange servers of high-value organizations in Asia
- On the Move Fast Flux in the Modern Threat Landscape
- Konfety Returns Classic Mobile Threat with New Evasion Techniques
- KongTuke FileFix Leads to New Interlock RAT Variant
- Contagious Interview Campaign Escalates With 67 Malicious npm Packages and New Malware Loader
- OCTALYN STEALER UNMASKED
- macOS.ZuRu Resurfaces | Modified Khepri C2 Hides Inside Doctored Termius App
- Malware of the Day – Multi-Modal C2 Communication – Numinon C2
- Fix the Click Preventing the ClickFix Attack Vector
- Code highlighting with Cursor AI for $500,000
- GitHub Abused to Spread Malware Disguised as Free VPN
- Attackers Inject Code into WordPress Theme to Redirect Visitors
- Researchers Reveal 18 Malicious Chrome and Edge Extensions Disguised as Everyday Tools
- From Click to Compromise Unveiling the Sophisticated Attack of DoNot APT Group on Southern European Government Entities
- Digging Gold with a Spoon – Resurgence of Monero-mining Malware
- Deploying NetSupport RAT via WordPress & ClickFix
- Batavia spyware steals data from Russian organizations
- Phishing Attack Deploying Malware on Indian Defense BOSS Linux
- When Installers Turn Evil The Pascal Script Behind Inno Setup Malware Campaign
- macOS NimDoor | DPRK Threat Actors Target Web3 and Crypto Platforms with Nim-Based Malware
- Gamaredon in 2024 Cranking out spearphishing campaigns against Ukraine with an evolved toolset
- Stealthy WordPress Malware Drops Windows Trojan via PHP Backdoor
- Odyssey Stealer The Rebrand of Poseidon Stealer
- GIFTEDCROOK’s Strategic Pivot From Browser Stealer to Data Exfiltration Platform During Critical Ukraine Negotiations
- In the Wild Malware Prototype with Embedded Prompt Injection
- Russia-linked APT28 use Signal chats to target Ukraine official with malware
- SparkKitty, SparkCat’s little brother A new Trojan spy found in the App Store and Google Play
- ConnectUnwise Threat actors abuse ConnectWise as builder for signed malware
- Androxgh0st Continues Exploitation Operators Compromise a US University For Hosting C2 Logger
- Resurgence of the Prometei Botnet
- Part 2 Tracking LummaC2 Infrastructure
- Fake Minecraft mods distributed by the Stargazers Ghost Network to steal gamers’ data
- Report Links Los Pollos and RichAds to Malware Traffic Operations
- PyPI, npm, and AI Tools Exploited in Malware Surge Targeting DevOps and Cloud Environments
- Fileless AsyncRAT Distributed Via Clickfix Technique Targeting German Speaking Users
- Clone, Compile, Compromise Water Curse’s Open-Source Malware Trap on GitHub
- From Trust to Threat Hijacked Discord Invites Used for Multi-Stage Malware Delivery
- Don't Get Caught in the Headlights - DeerStealer Analysis
- Toxic trend Another malware threat targets DeepSeek
- Unmasking the Infrastructure of a Spearphishing Campaign
- The Evolution of Linux Binaries in Targeted Cloud Operations
- Two Botnets, One Flaw Mirai Spreads Through Wazuh Vulnerability
- The FBI Issued a Warning About This Malware That's Infecting Millions of Devices
- Operation DRAGONCLONE Chinese Telecommunication industry targeted via VELETRIX & VShell malware
- Blitz Malware A Tale of Game Cheats and Code Repositories
- Operation Endgame Disrupts AvCheck, Forces Threat Actors to Seek Alternatives
- ClickFix Attack Exploits Fake Cloudflare Turnstile to Deliver Malware
- BladedFeline Whispering in the dark
- Android Spyware Alert! Fake government app targeting Android users in India!
- Abusing Paste.ee to Deploy XWorm and AsyncRAT Across Global C2 Infrastructure
- The strange tale of ischhfd83 When cybercriminals eat their own
- From open-source to open threat Tracking Chaos RAT’s evolution
- Fake WordPress Caching Plugin Used to Steal Admin Credentials
- Android malware trends Stealthier, easier-to-use
- The Rising Tide Understanding the Surge in Cyber Attacks in India
- How Threat Actors Exploit Human Trust A Breakdown of the 'Prove You Are Human' Malware Scheme
- Crocodilus Mobile Malware Evolving Fast, Going Global
- Victims risk AsyncRAT infection after being redirected to fake Booking.com sites
- Malicious Ruby Gems Exfiltrate Telegram Tokens and Messages Following Vietnam Ban
- Hackers Weaponize Free SSH Client PuTTY to Deliver Malware on Windows
- Alleged Conti, TrickBot Gang Leader Unmasked
- Monkey-Patched PyPI Packages Use Transitive Dependencies to Steal Solana Private Keys
- Emulating the Unyielding Scattered Spider
- Cybercriminals camouflaging threats as AI tool installers
- Zanubis in motion Tracing the active evolution of the Android banking malware
- Pakistan Telecommunication Company (PTCL) Targeted by Bitter APT During Heightened Regional Conflict
- Mark Your Calendar APT41 Innovative Tactics
- The Sharp Taste of Mimo’lette Analyzing Mimo’s Latest Campaign targeting Craft CMS
- Text-to-Malware How Cybercriminals Weaponize Fake AI-Themed Websites
- DragonForce actors target SimpleHelp vulnerabilities to attack MSP, customers
- Reborn in Rust AsyncRAT