#Malware
#Malware

[ follow ]

Supply chain battles intensify as takedowns meet AI-driven noise

Coordinated takedowns can sever malware control and raise attacker costs, but rapid reconstitution and automated false positives make impacts temporary.

fromTechCrunch

2 weeks ago

Data science

This is what some the world's largest banks of malware look like stacked as hard drives | TechCrunch

fromwww.theregister.com

2 weeks ago

Information security

Malware crew TeamPCP open-sources its Shai-Hulud worm on GitHub

fromSecurityWeek

2 weeks ago

Information security

Free OnlyFans Lure Used to Spread Cross-Platform CRPx0 Malware

Privacy technologies

fromMakeUseOf

2 weeks ago

Malware is now hiding in Google search ads - here's how to protect yourself

Malicious ads in Google results can deliver Claude Mac malware via Terminal commands, appearing legitimate and running largely in memory.

Information security

fromSecurityWeek

2 weeks ago

'PCPJack' Worm Removes TeamPCP Infections, Steals Credentials

PCPJack removes TeamPCP artifacts, then deploys a self-propagating credential-stealing framework across cloud environments using modular payloads.

Information security

fromInfoWorld

10 minutes ago

Supply chain battles intensify as takedowns meet AI-driven noise

Coordinated takedowns can sever malware control and raise attacker costs, but rapid reconstitution and automated false positives make impacts temporary.

fromTechCrunch

2 weeks ago

Data science

This is what some the world's largest banks of malware look like stacked as hard drives | TechCrunch

Information security

fromwww.theregister.com

2 weeks ago

Malware crew TeamPCP open-sources its Shai-Hulud worm on GitHub

Shai-Hulud worm source code was open-sourced, enabling rapid modification and credential-stealing attacks against npm packages and cloud accounts.

Information security

fromSecurityWeek

2 weeks ago

Free OnlyFans Lure Used to Spread Cross-Platform CRPx0 Malware

CRPx0 uses a free OnlyFans lure to deliver stealthy malware that steals cryptocurrency, exfiltrates data, and deploys ransomware via persistence and C2 control.

Privacy technologies

fromMakeUseOf

2 weeks ago

Malware is now hiding in Google search ads - here's how to protect yourself

Malicious ads in Google results can deliver Claude Mac malware via Terminal commands, appearing legitimate and running largely in memory.

Information security

fromSecurityWeek

2 weeks ago

'PCPJack' Worm Removes TeamPCP Infections, Steals Credentials

PCPJack removes TeamPCP artifacts, then deploys a self-propagating credential-stealing framework across cloud environments using modular payloads.

Windows Users Targeted in New Phishing Campaign

A phishing campaign uses purchase-order emails to deliver encrypted JavaScript that decrypts PowerShell, performs process hollowing, and downloads adaptive modules via remote C2.

fromSecurityWeek

1 week ago

Information security

201 Arrested in Crackdown on Cybercrime in Middle East, North Africa

fromSecurityWeek

3 weeks ago

Information security

Microsoft Warns of Sophisticated Phishing Campaign Targeting US Organizations

fromThe Hacker News

3 weeks ago

Information security

Phishing Campaign Hits 80+ Orgs Using SimpleHelp and ScreenConnect RMM Tools

Information security

fromSecurityWeek

3 weeks ago

New Bluekit Phishing Kit Features AI Assistant

Bluekit is a sophisticated phishing kit with AI capabilities, automated domain registration, and extensive templates for various online services.

Information security

fromTechzine Global

3 weeks ago

Bluekit combines AI and phishing in a new all-in-one platform

Bluekit integrates AI into phishing tools, offering templates and centralized management for streamlined cybercrime operations.

Information security

fromSecuritymagazine

1 day ago

Windows Users Targeted in New Phishing Campaign

A phishing campaign uses purchase-order emails to deliver encrypted JavaScript that decrypts PowerShell, performs process hollowing, and downloads adaptive modules via remote C2.

fromSecurityWeek

1 week ago

Information security

201 Arrested in Crackdown on Cybercrime in Middle East, North Africa

Information security

fromSecurityWeek

3 weeks ago

Microsoft Warns of Sophisticated Phishing Campaign Targeting US Organizations

Microsoft warns of a phishing campaign using a 'code of conduct review' theme targeting organizations in the US.

Information security

fromThe Hacker News

3 weeks ago

Phishing Campaign Hits 80+ Orgs Using SimpleHelp and ScreenConnect RMM Tools

An active phishing campaign using legitimate RMM software has targeted over 80 organizations since April 2025, enabling persistent remote access.

Information security

fromSecurityWeek

3 weeks ago

New Bluekit Phishing Kit Features AI Assistant

Bluekit is a sophisticated phishing kit with AI capabilities, automated domain registration, and extensive templates for various online services.

Information security

fromTechzine Global

3 weeks ago

Bluekit combines AI and phishing in a new all-in-one platform

Bluekit integrates AI into phishing tools, offering templates and centralized management for streamlined cybercrime operations.

GlassWorm Malware Takedown Disrupts Developer Supply Chain Attack Infrastructure

GlassWorm targets software developers via trojanized extensions and packages, then steals credentials and data; CrowdStrike, Google, and Shadowserver disrupted its C2 channels.

UK politics

fromtheregister

2 days ago

Experts pour cold borscht on Farage's Russian hack claim

Digital forensics experts say proving a hack came from Russia requires evidence beyond disguised email sources or non-unique malware code.

#supply-chain-attacks

Information security

fromnews.bitcoin.com

2 days ago

Trapdoor Malware: The Massive Supply Chain Attack Targeting Crypto Developers

Trapdoor supply-chain malware infected 34 crypto-related developer packages across npm, PyPI, and Crates.io to steal wallets, keys, and secrets, including via AI tool manipulation.

Information security

fromSecurityWeek

6 days ago

Grafana Says Codebase and Other Data Stolen via TanStack Supply Chain Attack

Unauthorized access to Grafana Labs GitHub repositories resulted from a TanStack supply chain attack, leading to token compromise, code theft, and mitigations without customer production impact.

Information security

fromtheregister

2 weeks ago

Checkmarx tackles another TeamPCP intrusion as Jenkins plugin sabotaged

A modified Checkmarx Jenkins AST plugin was published on the Jenkins Marketplace, and untrusted versions must be replaced with the verified release.

Information security

fromTheregister

3 weeks ago

Ongoing supply chain attacks worm into SAP npm packages

Supply chain attacks have compromised multiple npm packages, including those from SAP and Intercom, with credential-stealing malware affecting developers.

Information security

fromTheregister

4 weeks ago

Don't pay VECT a ransom - your big files are likely gone

Organizations affected by Trivy and LiteLLM compromises that paid Vect likely received little data recovery, according to Check Point Research.

Information security

fromnews.bitcoin.com

2 days ago

Trapdoor Malware: The Massive Supply Chain Attack Targeting Crypto Developers

Trapdoor supply-chain malware infected 34 crypto-related developer packages across npm, PyPI, and Crates.io to steal wallets, keys, and secrets, including via AI tool manipulation.

Information security

fromSecurityWeek

6 days ago

Grafana Says Codebase and Other Data Stolen via TanStack Supply Chain Attack

Unauthorized access to Grafana Labs GitHub repositories resulted from a TanStack supply chain attack, leading to token compromise, code theft, and mitigations without customer production impact.

Information security

fromtheregister

2 weeks ago

Checkmarx tackles another TeamPCP intrusion as Jenkins plugin sabotaged

A modified Checkmarx Jenkins AST plugin was published on the Jenkins Marketplace, and untrusted versions must be replaced with the verified release.

Information security

fromTheregister

3 weeks ago

Ongoing supply chain attacks worm into SAP npm packages

Supply chain attacks have compromised multiple npm packages, including those from SAP and Intercom, with credential-stealing malware affecting developers.

Information security

fromTheregister

4 weeks ago

Don't pay VECT a ransom - your big files are likely gone

Organizations affected by Trivy and LiteLLM compromises that paid Vect likely received little data recovery, according to Check Point Research.

more#supply-chain-attacks

#cybersecurity

fromTechCrunch

5 days ago

Privacy professionals

Kash Patel's clothing brand website shut down after reports it was hacked | TechCrunch

fromThe Hacker News

3 weeks ago

Information security

Mirai-Based xlabs_v1 Botnet Exploits ADB to Hijack IoT Devices for DDoS Attacks

fromArs Technica

3 weeks ago

Information security

Widely used Daemon Tools disk app backdoored in monthlong supply-chain attack

fromTechCrunch

3 weeks ago

Information security

Kaspersky suspects Chinese hackers planted a backdoor into Daemon Tools in 'widespread' attack | TechCrunch

Information security

fromSecurityWeek

3 weeks ago

Trellix Source Code Repository Breached

Trellix experienced a breach of its source code repository but found no evidence of exploitation or impact on its source code distribution process.

Information security

fromSecurityWeek

3 weeks ago

DigiCert Revokes Certificates After Support Portal Hack

DigiCert revoked certificates fraudulently obtained through a cyberattack targeting its support portal, affecting multiple customer accounts.

Privacy professionals

fromTechCrunch

5 days ago

Kash Patel's clothing brand website shut down after reports it was hacked | TechCrunch

FBI director Kash Patel’s merchandise site was taken offline after reports of hacker malware infection attempts targeting visitors.

Information security

fromThe Hacker News

3 weeks ago

Mirai-Based xlabs_v1 Botnet Exploits ADB to Hijack IoT Devices for DDoS Attacks

A new Mirai-derived botnet named xlabs_v1 targets Android devices with exposed ADB for DDoS attacks.

Information security

fromArs Technica

3 weeks ago

Widely used Daemon Tools disk app backdoored in monthlong supply-chain attack

A minimalistic backdoor and a complex backdoor called QUIC RAT were identified in targeted attacks on various organizations.

Information security

fromTechCrunch

3 weeks ago

Kaspersky suspects Chinese hackers planted a backdoor into Daemon Tools in 'widespread' attack | TechCrunch

A backdoor in Daemon Tools has been identified, allowing hackers to target thousands of Windows computers and plant additional malware.

Information security

fromSecurityWeek

3 weeks ago

Trellix Source Code Repository Breached

Trellix experienced a breach of its source code repository but found no evidence of exploitation or impact on its source code distribution process.

Information security

fromSecurityWeek

3 weeks ago

DigiCert Revokes Certificates After Support Portal Hack

DigiCert revoked certificates fraudulently obtained through a cyberattack targeting its support portal, affecting multiple customer accounts.

more#cybersecurity

fromtheregister

1 week ago

GitHub says internal repos exfiltrated after poisoned VS Code extension attack

GitHub, the world's biggest code repository and DevOps platform, fell victim to a malicious Visual Studio Code (VS Code) extension. The company's initial assessment is that only internal repositories were exfiltrated. The incident was reported by GitHub on X, with follow-up posts revealing a "poisoned VS Code extension" as the cause. The Microsoft-owned code shack continues to "analyze logs, validate secret rotation, and monitor for any follow-on activity."

Information security

Video games

fromGameSpot

1 week ago

Another Steam Game Gets Removed Over Malware

Beyond the Dark was removed from Steam after malware hidden in UnityPlayer.dll was found to steal player data.

#cybercrime

fromSecuritymagazine

1 week ago

Information security

MENA Region Runs First-of-its-Kind Cybercrime Operation, 201 Arrested

Information security

fromThe Hacker News

3 weeks ago

Silver Fox Deploys ABCDoor Malware via Tax-Themed Phishing in India and Russia

A China-based cybercrime group is targeting organizations in Russia and India with a new malware called ABCDoor via phishing emails.

Information security

fromThe Hacker News

4 weeks ago

Brazilian LofyGang Resurfaces After Three Years With Minecraft LofyStealer Campaign

A Brazilian cybercrime group targets Minecraft players with LofyStealer malware disguised as a hack called 'Slinky'.

fromSecuritymagazine

1 week ago

Information security

MENA Region Runs First-of-its-Kind Cybercrime Operation, 201 Arrested

Information security

fromThe Hacker News

3 weeks ago

Silver Fox Deploys ABCDoor Malware via Tax-Themed Phishing in India and Russia

A China-based cybercrime group is targeting organizations in Russia and India with a new malware called ABCDoor via phishing emails.

Information security

fromThe Hacker News

4 weeks ago

Brazilian LofyGang Resurfaces After Three Years With Minecraft LofyStealer Campaign

A Brazilian cybercrime group targets Minecraft players with LofyStealer malware disguised as a hack called 'Slinky'.

Four Malicious npm Packages Deliver Infostealers and Phantom Bot DDoS Malware

Four npm packages were found to contain information-stealing malware, including a clone of the Shai-Hulud worm and a Golang DDoS botnet payload.

Node JS

fromThe Cyber Express

1 week ago

Node-ipc Npm Package Hit By Credential Stealer Attack

Malicious node-ipc npm releases used obfuscated code to fingerprint systems, steal files, encrypt data, and exfiltrate via DNS, with prior versions also compromised.

#npm

fromThe Hacker News

1 week ago

Node JS

Stealer Backdoor Found in 3 Node-IPC Versions Targeting Developer Secrets

Information security

fromTheregister

1 month ago

Another npm supply chain worm hits dev environments

A new npm supply-chain attack targets developer workflows, compromising multiple packages and stealing sensitive data, with similarities to previous CanisterWorm infections.

fromThe Hacker News

1 week ago

Node JS

Stealer Backdoor Found in 3 Node-IPC Versions Targeting Developer Secrets

Information security

fromTheregister

1 month ago

Another npm supply chain worm hits dev environments

A new npm supply-chain attack targets developer workflows, compromising multiple packages and stealing sensitive data, with similarities to previous CanisterWorm infections.

Ruby on Rails

Hundreds of Malicious Packages Force RubyGems to Suspend Registrations

fromThe Hacker News

2 weeks ago

Ruby on Rails

RubyGems Suspends New Signups After Hundreds of Malicious Packages Are Uploaded

fromSecurityWeek

2 weeks ago

Ruby on Rails

Hundreds of Malicious Packages Force RubyGems to Suspend Registrations

fromThe Hacker News

2 weeks ago

Ruby on Rails

RubyGems Suspends New Signups After Hundreds of Malicious Packages Are Uploaded

Malicious Hugging Face model masquerading as OpenAI release hits 244K downloads

Malicious Hugging Face model repos can impersonate legitimate releases, inflate popularity, and deliver credential-stealing malware to Windows systems through deceptive setup files.

Privacy professionals

fromThe Hacker News

2 weeks ago

Fake OpenAI Privacy Filter Repo Hits #1 on Hugging Face, Draws 244K Downloads

A typosquatted Hugging Face repo impersonated OpenAI’s Privacy Filter and delivered a Rust-based Windows infostealer via loader scripts and PowerShell execution.

Apple

fromFast Company

2 weeks ago

If you see this iCloud message on your iPhone, don't click it-it's a scam

Phishing messages impersonate Apple to trick iPhone users into clicking links that steal Apple ID and payment details or deliver malware.

Information security

fromSecurityWeek

2 weeks ago

In Other News: Train Hacker Arrested, PamDOORa Linux Backdoor, New CISA Director Frontrunner

Federal agencies are being pushed to patch critical vulnerabilities within three days due to faster AI-enabled exploitation.

Information security

fromSecurityWeek

3 weeks ago

Sophisticated Quasar Linux RAT Targets Software Developers

Quasar Linux (QLNX) is a Linux backdoor designed to steal developer credentials across the software supply chain.

#supply-chain-attack

fromSecurityWeek

3 weeks ago

Information security

Government, Scientific Entities Hit via Daemon Tools Supply Chain Attack

fromThe Hacker News

3 weeks ago

Information security

DAEMON Tools Supply Chain Attack Compromises Official Installers with Malware

fromSecurityWeek

3 weeks ago

Information security

1,800 Hit in Mini Shai-Hulud Attack on SAP, Lightning, Intercom

Information security

fromSecurityWeek

3 weeks ago

Government, Scientific Entities Hit via Daemon Tools Supply Chain Attack

A sophisticated supply chain attack targets organizations through malicious code in Daemon Tools software, affecting multiple countries and sectors.

Information security

fromThe Hacker News

3 weeks ago

DAEMON Tools Supply Chain Attack Compromises Official Installers with Malware

A supply chain attack on DAEMON Tools has compromised installers to deliver malicious payloads, affecting users globally since April 2026.

Information security

fromSecurityWeek

3 weeks ago

1,800 Hit in Mini Shai-Hulud Attack on SAP, Lightning, Intercom

Over 1,800 developers were impacted by the Mini Shai-Hulud supply chain attack affecting multiple package ecosystems.

more#supply-chain-attack

Information security

fromTechRepublic

3 weeks ago

New WhatsApp Flaws Could Affect Billions of Users After Meta Security Patch

Meta patched two WhatsApp vulnerabilities affecting iOS, Android, and Windows users, enhancing security against risky files and links.

Information security

fromThe Hacker News

3 weeks ago

China-Linked UAT-8302 Targets Governments Using Shared APT Malware Across Regions

A China-nexus APT group, UAT-8302, targets government entities in South America and southeastern Europe using advanced malware like NosyDoor.

Information security

fromTechzine Global

3 weeks ago

Popular Daemon Tools utility exploited in supply chain attack

Daemon Tools' official website is distributing trojanized installers, enabling a supply chain attack with remote control capabilities since April 8th.

Information security

fromZDNET

3 weeks ago

Trojan abuses Microsoft Phone Link app to steal your passwords

CloudZ Trojan targets Microsoft Phone Link to steal sensitive information through a plugin, posing a significant threat to users.

ScarCruft Hacks Gaming Platform to Deploy BirdCall Malware on Android and Windows

A North Korea-aligned hacking group compromised a gaming platform to target ethnic Koreans in China using a backdoor called BirdCall.

Information security

fromSecurityWeek

1 month ago

North Korean Hackers Use AppleScript, ClickFix in Fresh macOS Attacks

North Korean hackers are targeting macOS users in financial organizations using social engineering techniques to install information-stealing malware.

Information security

fromThe Hacker News

3 weeks ago

ScarCruft Hacks Gaming Platform to Deploy BirdCall Malware on Android and Windows

A North Korea-aligned hacking group compromised a gaming platform to target ethnic Koreans in China using a backdoor called BirdCall.

Information security

fromSecurityWeek

1 month ago

North Korean Hackers Use AppleScript, ClickFix in Fresh macOS Attacks

North Korean hackers are targeting macOS users in financial organizations using social engineering techniques to install information-stealing malware.

Microsoft Details Phishing Campaign Targeting 35,000 Users Across 26 Countries

A large-scale credential theft campaign targeted over 35,000 users using legitimate email services and code of conduct-themed lures.

Information security

fromTechRepublic

3 weeks ago

New Global Scam Uses Fake Meeting Links to Run PowerShell Malware

BlueNoroff hackers exploit fake Zoom calls and fileless malware to steal credentials from Web3 and cryptocurrency organizations.

#open-source

fromDeveloper Tech News

3 weeks ago

Information security

Open-source registries hit by 'Mini Shai-Hulud' supply chain attacks

fromTechzine Global

4 weeks ago

Information security

Malicious Python package poses new supply chain threat

Information security

fromDeveloper Tech News

3 weeks ago

Open-source registries hit by 'Mini Shai-Hulud' supply chain attacks

The 'Mini Shai-Hulud' worm targets developer credentials across multiple ecosystems, exploiting vulnerabilities in popular packages to steal sensitive information.

Information security

fromTechzine Global

4 weeks ago

Malicious Python package poses new supply chain threat

The open-source package elementary-data was compromised, leading to the publication of a malicious version that stole sensitive user credentials.

more#open-source

#software-supply-chain

Information security

fromThe Hacker News

3 weeks ago

Poisoned Ruby Gems and Go Modules Exploit CI Pipelines for Credential Theft

A software supply chain attack campaign uses sleeper packages to push malicious payloads for credential theft and tampering.

Information security

fromThe Hacker News

3 weeks ago

PyTorch Lightning Compromised in PyPI Supply Chain Attack to Steal Credentials

Malicious versions of the Lightning Python package were released, enabling credential theft through an automated attack chain.

Information security

fromThe Hacker News

3 weeks ago

Poisoned Ruby Gems and Go Modules Exploit CI Pipelines for Credential Theft

A software supply chain attack campaign uses sleeper packages to push malicious payloads for credential theft and tampering.

Information security

fromThe Hacker News

3 weeks ago

PyTorch Lightning Compromised in PyPI Supply Chain Attack to Steal Credentials

Malicious versions of the Lightning Python package were released, enabling credential theft through an automated attack chain.

more#software-supply-chain

Information security

fromSecurityWeek

3 weeks ago

SAP NPM Packages Targeted in Supply Chain Attack

Four SAP NPM packages were compromised with malicious code, targeting cloud application workflows and stealing sensitive credentials.

Information security

fromSecurityWeek

4 weeks ago

Dozens of Open VSX Extension Clones Linked to GlassWorm Malware

Over 70 extensions in the Open VSX marketplace are likely linked to GlassWorm malware, designed to steal sensitive information and deploy malware.

Software development

fromArs Technica

1 month ago

Open source package with 1 million monthly downloads stole user credentials

Developers must uninstall version 0.23.3 of elementary-data due to security vulnerabilities and follow specific remediation steps.

Information security

fromSecurityWeek

1 month ago

China-Linked APT GopherWhisper Abuses Legitimate Services in Government Attacks

GopherWhisper is a newly identified APT using legitimate services for command-and-control communication and data exfiltration, primarily targeting a Mongolian government entity.

Information security

fromSecurityWeek

1 month ago

US Federal Agency's Cisco Firewall Infected With 'Firestarter' Backdoor

A US federal agency was infected with malware due to vulnerabilities in Cisco firewalls linked to a China-backed espionage campaign.

Bitwarden NPM Package Hit in Supply Chain Attack

The Bitwarden CLI NPM package was compromised, enabling credential theft through a malicious payload targeting various cloud services and GitHub repositories.

fromThe Hacker News

1 month ago

Information security

Bitwarden CLI Compromised in Ongoing Checkmarx Supply Chain Campaign

Bitwarden CLI was compromised in the Checkmarx supply chain campaign, with malicious code stealing sensitive data from users.

Information security

fromSecurityWeek

1 month ago

Bitwarden NPM Package Hit in Supply Chain Attack

The Bitwarden CLI NPM package was compromised, enabling credential theft through a malicious payload targeting various cloud services and GitHub repositories.

Information security

fromThe Hacker News

1 month ago

Bitwarden CLI Compromised in Ongoing Checkmarx Supply Chain Campaign

Bitwarden CLI was compromised in the Checkmarx supply chain campaign, with malicious code stealing sensitive data from users.

Vercel says some of its customers' data was stolen prior to its recent hack | TechCrunch

Vercel experienced a data breach affecting customer accounts, with evidence of prior compromises suggesting broader security implications.

Information security

fromThe Hacker News

1 month ago

Vercel Finds More Compromised Accounts in Context.ai-Linked Breach

Vercel identified additional compromised customer accounts linked to a security incident involving unauthorized access to its internal systems.

Information security

fromTechRepublic

1 month ago

Malicious TikTok Downloader Extensions Quietly Compromised 130K Users

Browser extensions disguised as TikTok video downloaders are compromising user data, highlighting vulnerabilities in enterprise security.

Information security

fromSecurityWeek

1 month ago

Google Antigravity in Crosshairs of Security Researchers, Cybercriminals

Google Antigravity's vulnerabilities have attracted both security researchers and cybercriminals, leading to risks of remote code execution and malware delivery.

Information security

fromThe Hacker News

1 month ago

Mustang Panda's New LOTUSLITE Variant Targets India Banks, South Korea Policy Circles

A new variant of LOTUSLITE malware targets India's banking sector, focusing on espionage rather than financial gain.

Information security

fromThe Hacker News

1 month ago

SystemBC C2 Server Reveals 1,570+ Victims in The Gentlemen Ransomware Operation

The Gentlemen ransomware group uses SystemBC malware to target over 1,570 victims, employing sophisticated tactics for initial access and lateral movement.

Information security

fromMail Online

1 month ago

Urgent warning to all 1.8b Gmail users over new account takeover scam

Gmail users are warned about fake alerts designed to hijack phones and steal personal information.

Information security

fromTheregister

1 month ago

macOS ClickFix attacks deliver AppleScript stealers

A ClickFix campaign targets macOS users with an AppleScript infostealer that collects sensitive data from various browsers and cryptocurrency wallets.

Information security

fromSecurityWeek

1 month ago

Dozens of Malicious Crypto Apps Land in Apple App Store

Over two dozen fake cryptocurrency apps targeting iOS users have been found in the Apple App Store, aimed at stealing recovery phrases and private keys.

[ Load more ]

#Malware#Malware

Supply chain battles intensify as takedowns meet AI-driven noise

This is what some the world's largest banks of malware look like stacked as hard drives | TechCrunch

Malware crew TeamPCP open-sources its Shai-Hulud worm on GitHub

Free OnlyFans Lure Used to Spread Cross-Platform CRPx0 Malware

Malware is now hiding in Google search ads - here's how to protect yourself

'PCPJack' Worm Removes TeamPCP Infections, Steals Credentials

Supply chain battles intensify as takedowns meet AI-driven noise

This is what some the world's largest banks of malware look like stacked as hard drives | TechCrunch

Malware crew TeamPCP open-sources its Shai-Hulud worm on GitHub

Free OnlyFans Lure Used to Spread Cross-Platform CRPx0 Malware

Malware is now hiding in Google search ads - here's how to protect yourself

'PCPJack' Worm Removes TeamPCP Infections, Steals Credentials

Windows Users Targeted in New Phishing Campaign

201 Arrested in Crackdown on Cybercrime in Middle East, North Africa

Microsoft Warns of Sophisticated Phishing Campaign Targeting US Organizations

Phishing Campaign Hits 80+ Orgs Using SimpleHelp and ScreenConnect RMM Tools

New Bluekit Phishing Kit Features AI Assistant

Bluekit combines AI and phishing in a new all-in-one platform

Windows Users Targeted in New Phishing Campaign

201 Arrested in Crackdown on Cybercrime in Middle East, North Africa

Microsoft Warns of Sophisticated Phishing Campaign Targeting US Organizations

Phishing Campaign Hits 80+ Orgs Using SimpleHelp and ScreenConnect RMM Tools

New Bluekit Phishing Kit Features AI Assistant

Bluekit combines AI and phishing in a new all-in-one platform

GlassWorm Malware Takedown Disrupts Developer Supply Chain Attack Infrastructure

Experts pour cold borscht on Farage's Russian hack claim

Trapdoor Malware: The Massive Supply Chain Attack Targeting Crypto Developers

Grafana Says Codebase and Other Data Stolen via TanStack Supply Chain Attack

Checkmarx tackles another TeamPCP intrusion as Jenkins plugin sabotaged

Ongoing supply chain attacks worm into SAP npm packages

Don't pay VECT a ransom - your big files are likely gone

Trapdoor Malware: The Massive Supply Chain Attack Targeting Crypto Developers

Grafana Says Codebase and Other Data Stolen via TanStack Supply Chain Attack

Checkmarx tackles another TeamPCP intrusion as Jenkins plugin sabotaged

Ongoing supply chain attacks worm into SAP npm packages

Don't pay VECT a ransom - your big files are likely gone

Kash Patel's clothing brand website shut down after reports it was hacked | TechCrunch

Mirai-Based xlabs_v1 Botnet Exploits ADB to Hijack IoT Devices for DDoS Attacks

Widely used Daemon Tools disk app backdoored in monthlong supply-chain attack

Kaspersky suspects Chinese hackers planted a backdoor into Daemon Tools in 'widespread' attack | TechCrunch

Trellix Source Code Repository Breached

DigiCert Revokes Certificates After Support Portal Hack

Kash Patel's clothing brand website shut down after reports it was hacked | TechCrunch

Mirai-Based xlabs_v1 Botnet Exploits ADB to Hijack IoT Devices for DDoS Attacks

Widely used Daemon Tools disk app backdoored in monthlong supply-chain attack

Kaspersky suspects Chinese hackers planted a backdoor into Daemon Tools in 'widespread' attack | TechCrunch

Trellix Source Code Repository Breached

DigiCert Revokes Certificates After Support Portal Hack

GitHub says internal repos exfiltrated after poisoned VS Code extension attack

Another Steam Game Gets Removed Over Malware

MENA Region Runs First-of-its-Kind Cybercrime Operation, 201 Arrested

Silver Fox Deploys ABCDoor Malware via Tax-Themed Phishing in India and Russia

Brazilian LofyGang Resurfaces After Three Years With Minecraft LofyStealer Campaign

MENA Region Runs First-of-its-Kind Cybercrime Operation, 201 Arrested

Silver Fox Deploys ABCDoor Malware via Tax-Themed Phishing in India and Russia

Brazilian LofyGang Resurfaces After Three Years With Minecraft LofyStealer Campaign

Four Malicious npm Packages Deliver Infostealers and Phantom Bot DDoS Malware

Node-ipc Npm Package Hit By Credential Stealer Attack

Stealer Backdoor Found in 3 Node-IPC Versions Targeting Developer Secrets

Another npm supply chain worm hits dev environments

Stealer Backdoor Found in 3 Node-IPC Versions Targeting Developer Secrets

Another npm supply chain worm hits dev environments

Hundreds of Malicious Packages Force RubyGems to Suspend Registrations

RubyGems Suspends New Signups After Hundreds of Malicious Packages Are Uploaded

Hundreds of Malicious Packages Force RubyGems to Suspend Registrations

RubyGems Suspends New Signups After Hundreds of Malicious Packages Are Uploaded

Malicious Hugging Face model masquerading as OpenAI release hits 244K downloads

Fake OpenAI Privacy Filter Repo Hits #1 on Hugging Face, Draws 244K Downloads

If you see this iCloud message on your iPhone, don't click it-it's a scam

In Other News: Train Hacker Arrested, PamDOORa Linux Backdoor, New CISA Director Frontrunner

Sophisticated Quasar Linux RAT Targets Software Developers

Government, Scientific Entities Hit via Daemon Tools Supply Chain Attack

DAEMON Tools Supply Chain Attack Compromises Official Installers with Malware

1,800 Hit in Mini Shai-Hulud Attack on SAP, Lightning, Intercom

Government, Scientific Entities Hit via Daemon Tools Supply Chain Attack

DAEMON Tools Supply Chain Attack Compromises Official Installers with Malware

1,800 Hit in Mini Shai-Hulud Attack on SAP, Lightning, Intercom

New WhatsApp Flaws Could Affect Billions of Users After Meta Security Patch

China-Linked UAT-8302 Targets Governments Using Shared APT Malware Across Regions

#Malware
#Malware