#malware
#malware

1 day ago

Information security

201 Arrested in Crackdown on Cybercrime in Middle East, North Africa

Microsoft Warns of Sophisticated Phishing Campaign Targeting US Organizations

Microsoft warns of a phishing campaign using a 'code of conduct review' theme targeting organizations in the US.

Phishing Campaign Hits 80+ Orgs Using SimpleHelp and ScreenConnect RMM Tools

An active phishing campaign using legitimate RMM software has targeted over 80 organizations since April 2025, enabling persistent remote access.

New Bluekit Phishing Kit Features AI Assistant

Bluekit is a sophisticated phishing kit with AI capabilities, automated domain registration, and extensive templates for various online services.

Bluekit combines AI and phishing in a new all-in-one platform

Bluekit integrates AI into phishing tools, offering templates and centralized management for streamlined cybercrime operations.

1 day ago

Information security

201 Arrested in Crackdown on Cybercrime in Middle East, North Africa

Microsoft Warns of Sophisticated Phishing Campaign Targeting US Organizations

Microsoft warns of a phishing campaign using a 'code of conduct review' theme targeting organizations in the US.

Phishing Campaign Hits 80+ Orgs Using SimpleHelp and ScreenConnect RMM Tools

An active phishing campaign using legitimate RMM software has targeted over 80 organizations since April 2025, enabling persistent remote access.

New Bluekit Phishing Kit Features AI Assistant

Bluekit is a sophisticated phishing kit with AI capabilities, automated domain registration, and extensive templates for various online services.

Bluekit combines AI and phishing in a new all-in-one platform

Bluekit integrates AI into phishing tools, offering templates and centralized management for streamlined cybercrime operations.

Information security

MENA Region Runs First-of-its-Kind Cybercrime Operation, 201 Arrested

Silver Fox Deploys ABCDoor Malware via Tax-Themed Phishing in India and Russia

A China-based cybercrime group is targeting organizations in Russia and India with a new malware called ABCDoor via phishing emails.

Brazilian LofyGang Resurfaces After Three Years With Minecraft LofyStealer Campaign

A Brazilian cybercrime group targets Minecraft players with LofyStealer malware disguised as a hack called 'Slinky'.

fromSecuritymagazine

2 days ago

Information security

MENA Region Runs First-of-its-Kind Cybercrime Operation, 201 Arrested

Silver Fox Deploys ABCDoor Malware via Tax-Themed Phishing in India and Russia

A China-based cybercrime group is targeting organizations in Russia and India with a new malware called ABCDoor via phishing emails.

Brazilian LofyGang Resurfaces After Three Years With Minecraft LofyStealer Campaign

A Brazilian cybercrime group targets Minecraft players with LofyStealer malware disguised as a hack called 'Slinky'.

Four Malicious npm Packages Deliver Infostealers and Phantom Bot DDoS Malware

Four npm packages were found to contain information-stealing malware, including a clone of the Shai-Hulud worm and a Golang DDoS botnet payload.

Node JS

fromThe Cyber Express

5 days ago

Node-ipc Npm Package Hit By Credential Stealer Attack

Malicious node-ipc npm releases used obfuscated code to fingerprint systems, steal files, encrypt data, and exfiltrate via DNS, with prior versions also compromised.

#npm

6 days ago

Node JS

Stealer Backdoor Found in 3 Node-IPC Versions Targeting Developer Secrets

Information security

Malicious pgserve, automagik developer tools found in npm registry

Information security

Another npm supply chain worm hits dev environments

6 days ago

Node JS

Stealer Backdoor Found in 3 Node-IPC Versions Targeting Developer Secrets

Malicious pgserve, automagik developer tools found in npm registry

Malicious npm packages aim to steal sensitive data and credentials, potentially leading to complete organizational takeovers.

Another npm supply chain worm hits dev environments

A new npm supply-chain attack targets developer workflows, compromising multiple packages and stealing sensitive data, with similarities to previous CanisterWorm infections.

This is what some the world's largest banks of malware look like stacked as hard drives | TechCrunch

vx-underground’s 30TB and VirusTotal’s 31PB malware collections translate to roughly 30 inches and about 2,500 feet of stacked 1TB hard drives, respectively.

#rubygems

Ruby on Rails

Hundreds of Malicious Packages Force RubyGems to Suspend Registrations

Ruby on Rails

RubyGems Suspends New Signups After Hundreds of Malicious Packages Are Uploaded

Ruby on Rails

Hundreds of Malicious Packages Force RubyGems to Suspend Registrations

Ruby on Rails

RubyGems Suspends New Signups After Hundreds of Malicious Packages Are Uploaded

more#rubygems

fromwww.theregister.com

Malware crew TeamPCP open-sources its Shai-Hulud worm on GitHub

“Shai-Hulud: Open Sourcing The CarnageIs it vibe coded? Yes. Does it work? Let results speak. Change keys and C2 as needed. Love - TeamPCP”

Information security

Free OnlyFans Lure Used to Spread Cross-Platform CRPx0 Malware

CRPx0 uses a free OnlyFans lure to deliver stealthy malware that steals cryptocurrency, exfiltrates data, and deploys ransomware via persistence and C2 control.

Privacy technologies

fromMakeUseOf

Malware is now hiding in Google search ads - here's how to protect yourself

Malicious ads in Google results can deliver Claude Mac malware via Terminal commands, appearing legitimate and running largely in memory.

Malicious Hugging Face model masquerading as OpenAI release hits 244K downloads

Malicious Hugging Face model repos can impersonate legitimate releases, inflate popularity, and deliver credential-stealing malware to Windows systems through deceptive setup files.

#supply-chain-attacks

fromtheregister

Information security

Checkmarx tackles another TeamPCP intrusion as Jenkins plugin sabotaged

Information security

Ongoing supply chain attacks worm into SAP npm packages

Information security

Don't pay VECT a ransom - your big files are likely gone

fromtheregister

Checkmarx tackles another TeamPCP intrusion as Jenkins plugin sabotaged

A modified Checkmarx Jenkins AST plugin was published on the Jenkins Marketplace, and untrusted versions must be replaced with the verified release.

Ongoing supply chain attacks worm into SAP npm packages

Supply chain attacks have compromised multiple npm packages, including those from SAP and Intercom, with credential-stealing malware affecting developers.

more#supply-chain-attacks

Don't pay VECT a ransom - your big files are likely gone

Organizations affected by Trivy and LiteLLM compromises that paid Vect likely received little data recovery, according to Check Point Research.

Privacy professionals

Fake OpenAI Privacy Filter Repo Hits #1 on Hugging Face, Draws 244K Downloads

A typosquatted Hugging Face repo impersonated OpenAI’s Privacy Filter and delivered a Rust-based Windows infostealer via loader scripts and PowerShell execution.

Apple

fromFast Company

If you see this iCloud message on your iPhone, don't click it-it's a scam

Phishing messages impersonate Apple to trick iPhone users into clicking links that steal Apple ID and payment details or deliver malware.

In Other News: Train Hacker Arrested, PamDOORa Linux Backdoor, New CISA Director Frontrunner

Federal agencies are being pushed to patch critical vulnerabilities within three days due to faster AI-enabled exploitation.

'PCPJack' Worm Removes TeamPCP Infections, Steals Credentials

PCPJack removes TeamPCP artifacts, then deploys a self-propagating credential-stealing framework across cloud environments using modular payloads.

Microsoft Details Phishing Campaign Targeting 35,000 Users Across 26 Countries

A large-scale credential theft campaign targeted over 35,000 users using legitimate email services and code of conduct-themed lures.

'PCPJack' Worm Removes TeamPCP Infections, Steals Credentials

PCPJack removes TeamPCP artifacts, then deploys a self-propagating credential-stealing framework across cloud environments using modular payloads.

Microsoft Details Phishing Campaign Targeting 35,000 Users Across 26 Countries

A large-scale credential theft campaign targeted over 35,000 users using legitimate email services and code of conduct-themed lures.

more#credential-theft

#cybersecurity

Information security

Mirai-Based xlabs_v1 Botnet Exploits ADB to Hijack IoT Devices for DDoS Attacks

fromArs Technica

Information security

Widely used Daemon Tools disk app backdoored in monthlong supply-chain attack

fromTechCrunch

Information security

Kaspersky suspects Chinese hackers planted a backdoor into Daemon Tools in 'widespread' attack | TechCrunch

fromComputerworld

Information security

Stealthy malware abuses Microsoft Phone Link to siphon SMS OTPs from enterprise PCs

Trellix Source Code Repository Breached

Trellix experienced a breach of its source code repository but found no evidence of exploitation or impact on its source code distribution process.

DigiCert Revokes Certificates After Support Portal Hack

DigiCert revoked certificates fraudulently obtained through a cyberattack targeting its support portal, affecting multiple customer accounts.

Mirai-Based xlabs_v1 Botnet Exploits ADB to Hijack IoT Devices for DDoS Attacks

A new Mirai-derived botnet named xlabs_v1 targets Android devices with exposed ADB for DDoS attacks.

fromArs Technica

Widely used Daemon Tools disk app backdoored in monthlong supply-chain attack

A minimalistic backdoor and a complex backdoor called QUIC RAT were identified in targeted attacks on various organizations.

fromTechCrunch

Kaspersky suspects Chinese hackers planted a backdoor into Daemon Tools in 'widespread' attack | TechCrunch

A backdoor in Daemon Tools has been identified, allowing hackers to target thousands of Windows computers and plant additional malware.

fromComputerworld

Stealthy malware abuses Microsoft Phone Link to siphon SMS OTPs from enterprise PCs

A new .NET trojan and Pheno plugin exploit Microsoft's Phone Link to capture mobile authentication codes from Windows systems without compromising phones.

Trellix Source Code Repository Breached

Trellix experienced a breach of its source code repository but found no evidence of exploitation or impact on its source code distribution process.

DigiCert Revokes Certificates After Support Portal Hack

DigiCert revoked certificates fraudulently obtained through a cyberattack targeting its support portal, affecting multiple customer accounts.

Sophisticated Quasar Linux RAT Targets Software Developers

Quasar Linux (QLNX) is a Linux backdoor designed to steal developer credentials across the software supply chain.

#supply-chain-attack

Information security

Government, Scientific Entities Hit via Daemon Tools Supply Chain Attack

Information security

DAEMON Tools Supply Chain Attack Compromises Official Installers with Malware

Information security

1,800 Hit in Mini Shai-Hulud Attack on SAP, Lightning, Intercom

Government, Scientific Entities Hit via Daemon Tools Supply Chain Attack

A sophisticated supply chain attack targets organizations through malicious code in Daemon Tools software, affecting multiple countries and sectors.

DAEMON Tools Supply Chain Attack Compromises Official Installers with Malware

A supply chain attack on DAEMON Tools has compromised installers to deliver malicious payloads, affecting users globally since April 2026.

1,800 Hit in Mini Shai-Hulud Attack on SAP, Lightning, Intercom

Over 1,800 developers were impacted by the Mini Shai-Hulud supply chain attack affecting multiple package ecosystems.

more#supply-chain-attack

fromTechRepublic

New WhatsApp Flaws Could Affect Billions of Users After Meta Security Patch

Meta patched two WhatsApp vulnerabilities affecting iOS, Android, and Windows users, enhancing security against risky files and links.

China-Linked UAT-8302 Targets Governments Using Shared APT Malware Across Regions

A China-nexus APT group, UAT-8302, targets government entities in South America and southeastern Europe using advanced malware like NosyDoor.

Popular Daemon Tools utility exploited in supply chain attack

Daemon Tools' official website is distributing trojanized installers, enabling a supply chain attack with remote control capabilities since April 8th.

fromZDNET

Trojan abuses Microsoft Phone Link app to steal your passwords

CloudZ Trojan targets Microsoft Phone Link to steal sensitive information through a plugin, posing a significant threat to users.

ScarCruft Hacks Gaming Platform to Deploy BirdCall Malware on Android and Windows

A North Korea-aligned hacking group compromised a gaming platform to target ethnic Koreans in China using a backdoor called BirdCall.

North Korean Hackers Use AppleScript, ClickFix in Fresh macOS Attacks

North Korean hackers are targeting macOS users in financial organizations using social engineering techniques to install information-stealing malware.

ScarCruft Hacks Gaming Platform to Deploy BirdCall Malware on Android and Windows

A North Korea-aligned hacking group compromised a gaming platform to target ethnic Koreans in China using a backdoor called BirdCall.

North Korean Hackers Use AppleScript, ClickFix in Fresh macOS Attacks

North Korean hackers are targeting macOS users in financial organizations using social engineering techniques to install information-stealing malware.

New Global Scam Uses Fake Meeting Links to Run PowerShell Malware

BlueNoroff hackers exploit fake Zoom calls and fileless malware to steal credentials from Web3 and cryptocurrency organizations.

#open-source

fromDeveloper Tech News

Information security

Open-source registries hit by 'Mini Shai-Hulud' supply chain attacks

Information security

Malicious Python package poses new supply chain threat

fromDeveloper Tech News

Open-source registries hit by 'Mini Shai-Hulud' supply chain attacks

The 'Mini Shai-Hulud' worm targets developer credentials across multiple ecosystems, exploiting vulnerabilities in popular packages to steal sensitive information.

Malicious Python package poses new supply chain threat

The open-source package elementary-data was compromised, leading to the publication of a malicious version that stole sensitive user credentials.

more#open-source

#software-supply-chain

Poisoned Ruby Gems and Go Modules Exploit CI Pipelines for Credential Theft

A software supply chain attack campaign uses sleeper packages to push malicious payloads for credential theft and tampering.

PyTorch Lightning Compromised in PyPI Supply Chain Attack to Steal Credentials

Malicious versions of the Lightning Python package were released, enabling credential theft through an automated attack chain.

Poisoned Ruby Gems and Go Modules Exploit CI Pipelines for Credential Theft

A software supply chain attack campaign uses sleeper packages to push malicious payloads for credential theft and tampering.

more#software-supply-chain

PyTorch Lightning Compromised in PyPI Supply Chain Attack to Steal Credentials

Malicious versions of the Lightning Python package were released, enabling credential theft through an automated attack chain.

Hugging Face, ClawHub Abused for Malware Distribution

Threat actors exploit AI distribution platforms to distribute malware through trojanized shared files, relying on social engineering tactics to deceive users.

SAP NPM Packages Targeted in Supply Chain Attack

Four SAP NPM packages were compromised with malicious code, targeting cloud application workflows and stealing sensitive credentials.

Dozens of Open VSX Extension Clones Linked to GlassWorm Malware

Over 70 extensions in the Open VSX marketplace are likely linked to GlassWorm malware, designed to steal sensitive information and deploy malware.

Software development

fromArs Technica

Open source package with 1 million monthly downloads stole user credentials

Developers must uninstall version 0.23.3 of elementary-data due to security vulnerabilities and follow specific remediation steps.

China-Linked APT GopherWhisper Abuses Legitimate Services in Government Attacks

GopherWhisper is a newly identified APT using legitimate services for command-and-control communication and data exfiltration, primarily targeting a Mongolian government entity.

US Federal Agency's Cisco Firewall Infected With 'Firestarter' Backdoor

A US federal agency was infected with malware due to vulnerabilities in Cisco firewalls linked to a China-backed espionage campaign.

Bitwarden NPM Package Hit in Supply Chain Attack

The Bitwarden CLI NPM package was compromised, enabling credential theft through a malicious payload targeting various cloud services and GitHub repositories.

Information security

Bitwarden CLI Compromised in Ongoing Checkmarx Supply Chain Campaign

Bitwarden CLI was compromised in the Checkmarx supply chain campaign, with malicious code stealing sensitive data from users.

Bitwarden NPM Package Hit in Supply Chain Attack

The Bitwarden CLI NPM package was compromised, enabling credential theft through a malicious payload targeting various cloud services and GitHub repositories.

Bitwarden CLI Compromised in Ongoing Checkmarx Supply Chain Campaign

Bitwarden CLI was compromised in the Checkmarx supply chain campaign, with malicious code stealing sensitive data from users.

Vercel says some of its customers' data was stolen prior to its recent hack | TechCrunch

Vercel experienced a data breach affecting customer accounts, with evidence of prior compromises suggesting broader security implications.

Vercel Finds More Compromised Accounts in Context.ai-Linked Breach

Vercel identified additional compromised customer accounts linked to a security incident involving unauthorized access to its internal systems.

fromTechRepublic

Malicious TikTok Downloader Extensions Quietly Compromised 130K Users

Browser extensions disguised as TikTok video downloaders are compromising user data, highlighting vulnerabilities in enterprise security.

Google Antigravity in Crosshairs of Security Researchers, Cybercriminals

Google Antigravity's vulnerabilities have attracted both security researchers and cybercriminals, leading to risks of remote code execution and malware delivery.

Mustang Panda's New LOTUSLITE Variant Targets India Banks, South Korea Policy Circles

A new variant of LOTUSLITE malware targets India's banking sector, focusing on espionage rather than financial gain.

SystemBC C2 Server Reveals 1,570+ Victims in The Gentlemen Ransomware Operation

The Gentlemen ransomware group uses SystemBC malware to target over 1,570 victims, employing sophisticated tactics for initial access and lateral movement.

fromMail Online

Urgent warning to all 1.8b Gmail users over new account takeover scam

Gmail users are warned about fake alerts designed to hijack phones and steal personal information.

macOS ClickFix attacks deliver AppleScript stealers

A ClickFix campaign targets macOS users with an AppleScript infostealer that collects sensitive data from various browsers and cryptocurrency wallets.

Dozens of Malicious Crypto Apps Land in Apple App Store

Over two dozen fake cryptocurrency apps targeting iOS users have been found in the Apple App Store, aimed at stealing recovery phrases and private keys.

fromTechRepublic

Over 800 Android Apps Targeted in PIN-Stealing Trojan Campaign

Hackers exploit Android's overlay feature to capture PINs and monitor user interactions across over 800 apps using banking trojans.

Hackers Abuse QEMU for Defense Evasion

Threat actors are exploiting QEMU for ransomware and remote access tool deployment, with increased activity observed since late 2025.

1 month ago

Kubernetes attack surface explodes: number of threats quadruples

Kubernetes faces a surge in cyberattacks, with a 282% increase in attempts, particularly targeting the IT sector and crypto exchanges.

1 month ago

Researchers Detect ZionSiphon Malware Targeting Israeli Water, Desalination OT Systems

ZionSiphon malware targets Israeli water treatment systems, showcasing a trend in politically motivated attacks on critical infrastructure.