MALWARE 121

• GhostRedirector Hacks 65 Windows Servers Using Rungan Backdoor and Gamshen IIS Module Sep 4, 2025
• Russian APT28 Expands Arsenal with 'NotDoor' Outlook Backdoor Sep 3, 2025
• Iran-Nexus Hackers Abuses Omani Mailbox to Target Global Governments Sep 2, 2025
• Android Droppers Now Deliver SMS Stealers and Spyware, Not Just Banking Trojans Sep 1, 2025
• New Phishing Campaign Abuses ConnectWise ScreenConnect to Take Over Devices Aug 27, 2025
• MixShell Malware Delivered via Contact Forms Targets U.S. Supply Chain Manufacturers Aug 26, 2025
• Transparent Tribe Targets Indian Govt With Weaponized Desktop Shortcuts via Phishing Aug 25, 2025
• Kimsuky APT Data Leak – GPKI Certificates, Rootkits and Cobalt Strike Personal Uncovered Aug 25, 2025
• Hook Version 3 The Banking Trojan with The Most Advanced Capabilities Aug 25, 2025
• Fake macOS Help Sites Seek to Spread Infostealer in Targeted Campaign Aug 25, 2025
• ClickFix Attack Tricks AI Summaries Into Pushing Malware Aug 25, 2025
• Malicious Go Module Poses as SSH Brute-Force Tool, Steals Credentials via Telegram Bot Aug 24, 2025
• APT36 hackers abuse Linux .desktop files to install malware in new attacks Aug 22, 2025
• Hackers Using New QuirkyLoader Malware to Spread Agent Tesla, AsyncRAT and Snake Keylogger Aug 21, 2025
• Threat Actors Attacking Organizations Key Employees With Weaponized Copyright Documents to Deliver Noodlophile Stealer Aug 19, 2025
• Someone's poking the bear with infostealers targeting Russian crypto developers Aug 18, 2025
• PhantomCard New NFC-driven Android malware emerging in Brazil Aug 14, 2025
• Malvertising campaign leads to PS1Bot, a multi-stage malware framework Aug 12, 2025
• Unmasking SocGholish Silent Push Untangles the Malware Web Behind the “Pioneer of Fake Updates” and Its Operator, TA569 Aug 6, 2025
• Shared secret EDR killer in the kill chain Aug 6, 2025
• From Bing Search to Ransomware Bumblebee and AdaptixC2 Deliver Akira Aug 5, 2025
• Tracking Updates to Raspberry Robin Aug 4, 2025
• New Plague Linux malware stealthily maintains SSH access Aug 4, 2025
• LegalPwn Attack Tricks GenAI Tools Into Misclassifying Malware as Safe Code Aug 4, 2025
• Fingerprinting Malware C2s with Tags Aug 4, 2025
• Fake Telegram Premium Site Distributes New Lumma Stealer Variant Aug 3, 2025
• Unmasking Interlock Group's Evolving Malware Arsenal Jul 31, 2025
• Frozen in transit Secret Blizzard’s AiTM campaign against diplomats Jul 31, 2025
• APT36 Expands Beyond Military New Attacks Hit Indian Railways, Oil & Government Systems Jul 31, 2025
• Qwins Ltd Bulletproof Hosting Provider Powering Global Malware Campaigns Jul 30, 2025
• Cobalt Strike Beacon delivered via GitHub and social media Jul 30, 2025
• JSCEAL Targets Crypto App Users – A New Threat in the Cyber Security Landscape Jul 29, 2025
• GOLD BLADE remote DLL sideloading attack deploys RedLoader Jul 29, 2025
• Auto-Color Backdoor How Darktrace Thwarted a Stealthy Linux Intrusion Jul 29, 2025
• ToxicPanda The Android Banking Trojan Targeting Europe Jul 28, 2025
• RAVEN STEALER UNMASKED Telegram-Based Data Exfiltration Jul 26, 2025
• Hackers Exploit Official Gaming Mouse Software to Spread Windows-based Xred Malware Jul 26, 2025
• Florida Student Research Deploys AI to Spot Stealthy Android Malware Jul 26, 2025
• Cyber Stealer Analysis When Your Malware Developer Has FOMO About Features Jul 24, 2025
• Operation CargoTalon UNG0901 Targets Russian Aerospace & Defense Sector using EAGLET implant. Jul 23, 2025
• The Rise of Acreed Infostealer in the Post-LummaC2 Threat Landscape Jul 22, 2025
• Coyote in the Wild First-Ever Malware That Abuses UI Automation Jul 22, 2025
• Clickfix on macOS AppleScript Malware Campaign Uses Terminal Prompts to Steal Data Jul 22, 2025
• Back to Business Lumma Stealer Returns with Stealthier Methods Jul 22, 2025
• UK calls out Russian military intelligence for use of espionage tool Jul 18, 2025
• Malware Identified in Attacks Exploiting Ivanti Connect Secure Vulnerabilities Jul 18, 2025
• CERT-UA Discovers LAMEHUG Malware Linked to APT28, Using LLM for Phishing Campaign Jul 18, 2025
• WordPress Redirect Malware Hidden in Google Tag Manager Code Jul 17, 2025
• Threat hunting case study Lumma infostealer Jul 17, 2025
• The Linuxsys Cryptominer Jul 17, 2025
• GhostContainer backdoor malware compromising Exchange servers of high-value organizations in Asia Jul 17, 2025
• On the Move Fast Flux in the Modern Threat Landscape Jul 15, 2025
• Konfety Returns Classic Mobile Threat with New Evasion Techniques Jul 15, 2025
• KongTuke FileFix Leads to New Interlock RAT Variant Jul 14, 2025
• Contagious Interview Campaign Escalates With 67 Malicious npm Packages and New Malware Loader Jul 14, 2025
• OCTALYN STEALER UNMASKED Jul 12, 2025
• macOS.ZuRu Resurfaces | Modified Khepri C2 Hides Inside Doctored Termius App Jul 10, 2025
• Malware of the Day – Multi-Modal C2 Communication – Numinon C2 Jul 10, 2025
• Fix the Click Preventing the ClickFix Attack Vector Jul 10, 2025
• Code highlighting with Cursor AI for $500,000 Jul 10, 2025
• GitHub Abused to Spread Malware Disguised as Free VPN Jul 9, 2025
• Attackers Inject Code into WordPress Theme to Redirect Visitors Jul 9, 2025
• Researchers Reveal 18 Malicious Chrome and Edge Extensions Disguised as Everyday Tools Jul 8, 2025
• From Click to Compromise Unveiling the Sophisticated Attack of DoNot APT Group on Southern European Government Entities Jul 8, 2025
• Digging Gold with a Spoon – Resurgence of Monero-mining Malware Jul 7, 2025
• Deploying NetSupport RAT via WordPress & ClickFix Jul 7, 2025
• Batavia spyware steals data from Russian organizations Jul 7, 2025
• Phishing Attack Deploying Malware on Indian Defense BOSS Linux Jul 4, 2025
• When Installers Turn Evil The Pascal Script Behind Inno Setup Malware Campaign Jul 3, 2025
• macOS NimDoor | DPRK Threat Actors Target Web3 and Crypto Platforms with Nim-Based Malware Jul 2, 2025
• Gamaredon in 2024 Cranking out spearphishing campaigns against Ukraine with an evolved toolset Jul 2, 2025
• Stealthy WordPress Malware Drops Windows Trojan via PHP Backdoor Jun 27, 2025
• Odyssey Stealer The Rebrand of Poseidon Stealer Jun 26, 2025
• GIFTEDCROOK’s Strategic Pivot From Browser Stealer to Data Exfiltration Platform During Critical Ukraine Negotiations Jun 26, 2025
• In the Wild Malware Prototype with Embedded Prompt Injection Jun 25, 2025
• Russia-linked APT28 use Signal chats to target Ukraine official with malware Jun 24, 2025
• SparkKitty, SparkCat’s little brother A new Trojan spy found in the App Store and Google Play Jun 23, 2025
• ConnectUnwise Threat actors abuse ConnectWise as builder for signed malware Jun 23, 2025
• Androxgh0st Continues Exploitation Operators Compromise a US University For Hosting C2 Logger Jun 22, 2025
• Resurgence of the Prometei Botnet Jun 20, 2025
• Part 2 Tracking LummaC2 Infrastructure Jun 19, 2025
• Fake Minecraft mods distributed by the Stargazers Ghost Network to steal gamers’ data Jun 18, 2025
• Report Links Los Pollos and RichAds to Malware Traffic Operations Jun 16, 2025
• PyPI, npm, and AI Tools Exploited in Malware Surge Targeting DevOps and Cloud Environments Jun 16, 2025
• Fileless AsyncRAT Distributed Via Clickfix Technique Targeting German Speaking Users Jun 16, 2025
• Clone, Compile, Compromise Water Curse’s Open-Source Malware Trap on GitHub Jun 16, 2025
• From Trust to Threat Hijacked Discord Invites Used for Multi-Stage Malware Delivery Jun 12, 2025
• Don't Get Caught in the Headlights - DeerStealer Analysis Jun 12, 2025
• Toxic trend Another malware threat targets DeepSeek Jun 11, 2025
• Unmasking the Infrastructure of a Spearphishing Campaign Jun 10, 2025
• The Evolution of Linux Binaries in Targeted Cloud Operations Jun 10, 2025
• Two Botnets, One Flaw Mirai Spreads Through Wazuh Vulnerability Jun 9, 2025
• The FBI Issued a Warning About This Malware That's Infecting Millions of Devices Jun 6, 2025
• Operation DRAGONCLONE Chinese Telecommunication industry targeted via VELETRIX & VShell malware Jun 6, 2025
• Blitz Malware A Tale of Game Cheats and Code Repositories Jun 6, 2025
• Operation Endgame Disrupts AvCheck, Forces Threat Actors to Seek Alternatives Jun 5, 2025
• ClickFix Attack Exploits Fake Cloudflare Turnstile to Deliver Malware Jun 5, 2025
• BladedFeline Whispering in the dark Jun 5, 2025
• Android Spyware Alert! Fake government app targeting Android users in India! Jun 5, 2025
• Abusing Paste.ee to Deploy XWorm and AsyncRAT Across Global C2 Infrastructure Jun 5, 2025
• The strange tale of ischhfd83 When cybercriminals eat their own Jun 4, 2025
• From open-source to open threat Tracking Chaos RAT’s evolution Jun 4, 2025
• Fake WordPress Caching Plugin Used to Steal Admin Credentials Jun 4, 2025
• Android malware trends Stealthier, easier-to-use Jun 4, 2025
• The Rising Tide Understanding the Surge in Cyber Attacks in India Jun 3, 2025
• How Threat Actors Exploit Human Trust A Breakdown of the 'Prove You Are Human' Malware Scheme Jun 3, 2025
• Crocodilus Mobile Malware Evolving Fast, Going Global Jun 3, 2025
• Victims risk AsyncRAT infection after being redirected to fake Booking.com sites Jun 2, 2025
• Malicious Ruby Gems Exfiltrate Telegram Tokens and Messages Following Vietnam Ban Jun 2, 2025
• Hackers Weaponize Free SSH Client PuTTY to Deliver Malware on Windows Jun 2, 2025
• Alleged Conti, TrickBot Gang Leader Unmasked Jun 2, 2025
• Monkey-Patched PyPI Packages Use Transitive Dependencies to Steal Solana Private Keys May 29, 2025
• Emulating the Unyielding Scattered Spider May 29, 2025
• Cybercriminals camouflaging threats as AI tool installers May 29, 2025
• Zanubis in motion Tracing the active evolution of the Android banking malware May 28, 2025
• Pakistan Telecommunication Company (PTCL) Targeted by Bitter APT During Heightened Regional Conflict May 28, 2025
• Mark Your Calendar APT41 Innovative Tactics May 28, 2025
• The Sharp Taste of Mimo’lette Analyzing Mimo’s Latest Campaign targeting Craft CMS May 27, 2025
• Text-to-Malware How Cybercriminals Weaponize Fake AI-Themed Websites May 27, 2025
• DragonForce actors target SimpleHelp vulnerabilities to attack MSP, customers May 27, 2025
• Reborn in Rust AsyncRAT May 26, 2025