#Malware
#Malware

19 hours ago

Information security

In Other News: Cyberattack Stings Stryker, Windows Zero-Day, China Supercomputer Hack

20 hours ago

Information security

GlassWorm Campaign Uses Zig Dropper to Infect Multiple Developer IDEs

Information security

UAT-10362 Targets Taiwanese NGOs with LucidRook Malware in Spear-Phishing Campaigns

Information security

Old Adobe Reader zero-day uses PDFs to size up targets

Masjesu Botnet Emerges as DDoS-for-Hire Service Targeting Global IoT Devices

Masjesu is a stealthy botnet designed for DDoS attacks, targeting IoT devices while ensuring low visibility and persistence.

APT28 Deploys PRISMEX Malware in Campaign Targeting Ukraine and NATO Allies

A Russian threat actor is conducting a spear-phishing campaign targeting Ukraine using a new malware suite called PRISMEX, exploiting zero-day vulnerabilities.

19 hours ago

In Other News: Cyberattack Stings Stryker, Windows Zero-Day, China Supercomputer Hack

Cybersecurity developments include discussions on AI risks, new malware targeting crypto wallets, and collaboration among Japanese corporations to enhance security.

20 hours ago

GlassWorm Campaign Uses Zig Dropper to Infect Multiple Developer IDEs

A new Zig dropper in the GlassWorm campaign stealthily infects all IDEs on a developer's machine through a malicious VS Code extension.

UAT-10362 Targets Taiwanese NGOs with LucidRook Malware in Spear-Phishing Campaigns

A new threat cluster UAT-10362 targets Taiwanese NGOs and universities with Lua-based malware LucidRook via spear-phishing campaigns.

Old Adobe Reader zero-day uses PDFs to size up targets

Hackers exploit a zero-day vulnerability in Adobe Acrobat Reader using malicious PDFs for targeted profiling and potential system compromise.

Masjesu Botnet Emerges as DDoS-for-Hire Service Targeting Global IoT Devices

Masjesu is a stealthy botnet designed for DDoS attacks, targeting IoT devices while ensuring low visibility and persistence.

APT28 Deploys PRISMEX Malware in Campaign Targeting Ukraine and NATO Allies

A Russian threat actor is conducting a spear-phishing campaign targeting Ukraine using a new malware suite called PRISMEX, exploiting zero-day vulnerabilities.

CPUID hijacked to serve malware as HWMonitor downloads

CPUID's website was compromised, redirecting users to malware-laden downloads for several hours.

Privacy technologies

Google Rolls Out DBSC in Chrome 146 to Block Session Theft on Windows

Google's Device Bound Session Credentials enhance security for Chrome users by tying authentication sessions to specific devices, combating session theft.

Backdoored Smart Slider 3 Pro Update Distributed via Compromised Nextend Servers

Unknown threat actors hijacked the Smart Slider 3 Pro plugin update system to distribute a backdoored version affecting WordPress and Joomla users.

ZachXBT Publishes Leaked DPRK Payment Data Showing $1M Monthly Crypto-to-Fiat Pipeline

ZachXBT's investigation revealed a DPRK IT worker payment server processing over $3.5 million, exposing sanctioned entities and compromised user data.

4 days ago

DPRK-Linked Hackers Use GitHub as C2 in Multi-Stage Attacks Targeting South Korea

DPRK-linked threat actors use GitHub for command-and-control in attacks on South Korean organizations, employing obfuscated LNK files and PowerShell scripts.

Cryptocurrency

fromnews.bitcoin.com

ZachXBT Publishes Leaked DPRK Payment Data Showing $1M Monthly Crypto-to-Fiat Pipeline

ZachXBT's investigation revealed a DPRK IT worker payment server processing over $3.5 million, exposing sanctioned entities and compromised user data.

4 days ago

DPRK-Linked Hackers Use GitHub as C2 in Multi-Stage Attacks Targeting South Korea

DPRK-linked threat actors use GitHub for command-and-control in attacks on South Korean organizations, employing obfuscated LNK files and PowerShell scripts.

ThreatsDay Bulletin: Hybrid P2P Botnet, 13-Year-Old Apache RCE and 18 More Stories

A new variant of the Phorpiex botnet combines traditional and peer-to-peer communication, facilitating sophisticated malware operations and high-volume spam.

Adobe Reader Zero-Day Exploited via Malicious PDFs Since December 2025

A zero-day vulnerability in Adobe Reader is being exploited through malicious PDF documents to harvest sensitive data and execute additional payloads.

N. Korean Hackers Spread 1,700 Malicious Packages Across npm, PyPI, Go, Rust

Contagious Interview campaign targets Go, Rust, and PHP ecosystems with malicious packages that function as malware loaders.

fromwww.cybersecuritydive.com

Axios open-source library targeted in sophisticated supply chain attack

A North Korean threat actor compromised the axios library, introducing a malicious dependency that deploys a backdoor across multiple operating systems.

fromDevOps.com

North Korean Hackers Suspected in Supply Chain Attack on Popular Axios Project - DevOps.com

North Korean hackers hijacked the npm account of an axios maintainer, publishing malicious versions that installed a remote access trojan.

North Korean Hackers Abuse VS Code Auto-Run Tasks to Deploy StoatWaffle Malware

North Korean threat actors use StoatWaffle malware via malicious VS Code projects to steal data and execute commands on infected systems.

3 days ago

N. Korean Hackers Spread 1,700 Malicious Packages Across npm, PyPI, Go, Rust

Contagious Interview campaign targets Go, Rust, and PHP ecosystems with malicious packages that function as malware loaders.

fromwww.cybersecuritydive.com

Axios open-source library targeted in sophisticated supply chain attack

A North Korean threat actor compromised the axios library, introducing a malicious dependency that deploys a backdoor across multiple operating systems.

fromDevOps.com

North Korean Hackers Suspected in Supply Chain Attack on Popular Axios Project - DevOps.com

North Korean hackers hijacked the npm account of an axios maintainer, publishing malicious versions that installed a remote access trojan.

North Korean Hackers Abuse VS Code Auto-Run Tasks to Deploy StoatWaffle Malware

North Korean threat actors use StoatWaffle malware via malicious VS Code projects to steal data and execute commands on infected systems.

Android Alert: 50 Google Play Apps Linked to 'NoVoice' Malware Reached 2.3M Downloads

NoVoice malware infiltrated Google Play Store, downloaded over 2.3 million times, exposing sensitive data on millions of devices.

Apple Rolls Out Fix: New macOS Update Could Protect 100M Mac Users

Apple's macOS update introduces a warning system to prevent users from executing potentially harmful commands in Terminal.

Information security

Cloudflare-Themed ClickFix Attack Drops Infiniti Stealer on Macs

macOS users are targeted by a ClickFix campaign delivering a Python-based information stealer through a fake Cloudflare verification page.

4 days ago

Apple Rolls Out Fix: New macOS Update Could Protect 100M Mac Users

Apple's macOS update introduces a warning system to prevent users from executing potentially harmful commands in Terminal.

Cloudflare-Themed ClickFix Attack Drops Infiniti Stealer on Macs

macOS users are targeted by a ClickFix campaign delivering a Python-based information stealer through a fake Cloudflare verification page.

Qilin and Warlock Ransomware Use Vulnerable Drivers to Disable 300+ EDR Tools

Qilin and Warlock ransomware use BYOVD techniques to disable security tools on compromised hosts.

Russian Hacker Sentenced to 2 Years for TA551 Botnet-Driven Ransomware Attacks

A Russian national was sentenced to two years for managing a botnet used in ransomware attacks against U.S. companies.

Silicon Valley

fromwww.theguardian.com

We Know You Can Pay a Million by Anja Shortland review the terrifying new world of ransomware

Ransomware originated from a 1989 stunt by Joseph L Popp Jr, who used a Trojan virus to extort money under the guise of HIV prevention.

5 days ago

Qilin and Warlock Ransomware Use Vulnerable Drivers to Disable 300+ EDR Tools

Qilin and Warlock ransomware use BYOVD techniques to disable security tools on compromised hosts.

Russian Hacker Sentenced to 2 Years for TA551 Botnet-Driven Ransomware Attacks

A Russian national was sentenced to two years for managing a botnet used in ransomware attacks against U.S. companies.

Silicon Valley

fromwww.theguardian.com

We Know You Can Pay a Million by Anja Shortland review the terrifying new world of ransomware

Ransomware originated from a 1989 stunt by Joseph L Popp Jr, who used a Trojan virus to extort money under the guise of HIV prevention.

Apple issues warning to iPhone users over stealthy attack: Act NOW

Apple has released critical iOS updates to protect against the DarkSword cyberattack method targeting vulnerable devices.

#malware

Information security

New SparkCat Variant in iOS, Android Apps Steals Crypto Wallet Recovery Phrase Images

Information security

Fake Claude Code source downloads actually delivered malware

Researchers Uncover Mining Operation Using ISO Lures to Spread RATs and Crypto Miners

Operation REF1695 uses fake installers to deploy RATs and cryptocurrency miners, monetizing infections through CPA fraud since November 2023.

Information security

Sophisticated CrystalX RAT Emerges

Microsoft: Hackers Are Using WhatsApp to Deliver Malware to Windows PCs

WhatsApp messages are being exploited to deliver malware to Windows users, creating significant security risks.

New DeepLoad Malware Dropped in ClickFix Attacks

DeepLoad malware steals credentials and intercepts browser interactions, utilizing ClickFix for distribution and evading detection through sophisticated techniques.

New SparkCat Variant in iOS, Android Apps Steals Crypto Wallet Recovery Phrase Images

A new version of SparkCat malware targets cryptocurrency users on mobile platforms, concealing itself in benign apps and evolving its technical capabilities.

Fake Claude Code source downloads actually delivered malware

Leaked Claude Code source code led to malware downloads, including credential-stealing Vidar and proxy tool GhostSocks, via a malicious GitHub repository.

Researchers Uncover Mining Operation Using ISO Lures to Spread RATs and Crypto Miners

Operation REF1695 uses fake installers to deploy RATs and cryptocurrency miners, monetizing infections through CPA fraud since November 2023.

Sophisticated CrystalX RAT Emerges

CrystalX RAT is a new malware-as-a-service combining spyware, stealer, and remote access capabilities, promoted on Telegram and YouTube.

Microsoft: Hackers Are Using WhatsApp to Deliver Malware to Windows PCs

WhatsApp messages are being exploited to deliver malware to Windows users, creating significant security risks.

New DeepLoad Malware Dropped in ClickFix Attacks

DeepLoad malware steals credentials and intercepts browser interactions, utilizing ClickFix for distribution and evading detection through sophisticated techniques.

Axios npm Package Compromised in Supply Chain Attack

A significant supply chain attack on Axios introduced a Remote Access Trojan via hijacked maintainer accounts, affecting numerous developer environments.

fromBleepingComputer

Hackers compromise Axios npm package to drop cross-platform malware

Hackers compromised the Axios npm account to distribute remote access trojans across multiple operating systems.

Top npm package backdoored to drop dirty RAT on dev machines

A widely used npm library, axios, was compromised to deliver malware through a maintainer's hijacked account.

fromInfoQ

Axios npm Package Compromised in Supply Chain Attack

A significant supply chain attack on Axios introduced a Remote Access Trojan via hijacked maintainer accounts, affecting numerous developer environments.

fromBleepingComputer

Hackers compromise Axios npm package to drop cross-platform malware

Hackers compromised the Axios npm account to distribute remote access trojans across multiple operating systems.

Top npm package backdoored to drop dirty RAT on dev machines

A widely used npm library, axios, was compromised to deliver malware through a maintainer's hijacked account.

Information security

CERT-UA Impersonation Campaign Spread AGEWHEEZE Malware to 1 Million Emails

Information security

Casbaneiro Phishing Targets Latin America and Europe Using Dynamic PDF Lures

Major phishing campaign on GitHub using fake security alerts

A large-scale phishing campaign targets developers on GitHub, exploiting Discussions to spread fake security alerts about Visual Studio Code and distribute malware.

Information security

AitM Phishing Targets TikTok Business Accounts Using Cloudflare Turnstile Evasion

Information security

Hackers Use Fake Resumes to Steal Enterprise Credentials and Deploy Crypto Miner

Information security

Microsoft Warns IRS Phishing Hits 29,000 Users, Deploys RMM Malware

CERT-UA Impersonation Campaign Spread AGEWHEEZE Malware to 1 Million Emails

A phishing campaign impersonating CERT-UA distributed malware called AGEWHEEZE targeting various organizations in Ukraine.

Casbaneiro Phishing Targets Latin America and Europe Using Dynamic PDF Lures

A phishing campaign targets Spanish-speaking users in Latin America and Europe, delivering banking trojans via malware called Horabot.

Major phishing campaign on GitHub using fake security alerts

A large-scale phishing campaign targets developers on GitHub, exploiting Discussions to spread fake security alerts about Visual Studio Code and distribute malware.

AitM Phishing Targets TikTok Business Accounts Using Cloudflare Turnstile Evasion

Threat actors are using AitM phishing to compromise TikTok for Business accounts, targeting business accounts for malvertising and malware distribution.

Hackers Use Fake Resumes to Steal Enterprise Credentials and Deploy Crypto Miner

A phishing campaign targets French-speaking corporations with fake resumes, deploying malware for credential theft and cryptocurrency mining.

Microsoft Warns IRS Phishing Hits 29,000 Users, Deploys RMM Malware

Microsoft warns of phishing campaigns exploiting the U.S. tax season to steal credentials and deliver malware.

more#phishing

Privacy professionals

FBI Warns of Data Security Risks From China-Made Mobile Apps

Foreign-developed mobile applications pose significant data security risks, particularly those from China, according to an FBI alert.

North Korea behind social engineering attack on Axios project

Attackers compromised the Axios maintainer's account through social engineering, publishing malicious versions that installed a Remote Access Trojan on victims' systems.

Axios NPM Package Breached in North Korean Supply Chain Attack

Malicious Axios NPM library versions were distributed in a supply chain attack by North Korean hackers, affecting millions of users.

fromAxios

North Korean hackers implicated in major supply chain attack

A compromised maintainer account for the Axios npm package led to the publication of malicious software versions targeting various operating systems.

fromSiliconANGLE

Hackers compromise popular Axios Javascript library with hidden malware - SiliconANGLE

Axios HTTP client library was hacked to distribute malware via a compromised npm account, affecting multiple operating systems.

Axios npm package compromised, posing a new supply chain threat

Malicious versions of axios were published on npm, installing a Remote Access Trojan on multiple operating systems.

Axios Supply Chain Attack Pushes Cross-Platform RAT via Compromised npm Account

Axios experienced a supply chain attack due to malicious dependencies in two npm package versions.

North Korea behind social engineering attack on Axios project

Attackers compromised the Axios maintainer's account through social engineering, publishing malicious versions that installed a Remote Access Trojan on victims' systems.

Axios NPM Package Breached in North Korean Supply Chain Attack

Malicious Axios NPM library versions were distributed in a supply chain attack by North Korean hackers, affecting millions of users.

fromAxios

North Korean hackers implicated in major supply chain attack

A compromised maintainer account for the Axios npm package led to the publication of malicious software versions targeting various operating systems.

fromSiliconANGLE

Hackers compromise popular Axios Javascript library with hidden malware - SiliconANGLE

Axios HTTP client library was hacked to distribute malware via a compromised npm account, affecting multiple operating systems.

Axios npm package compromised, posing a new supply chain threat

Malicious versions of axios were published on npm, installing a Remote Access Trojan on multiple operating systems.

Axios Supply Chain Attack Pushes Cross-Platform RAT via Compromised npm Account

Axios experienced a supply chain attack due to malicious dependencies in two npm package versions.

Don't open that WhatsApp message, Microsoft warns

WhatsApp messages are being exploited to deliver malicious files that allow attackers to control victims' machines and access their data.

fromInfoQ

PyPI Supply Chain Attack Compromises LiteLLM, Enabling the Exfiltration of Sensitive Information

A supply chain attack on LiteLLM led to over 40,000 downloads of a compromised package that harvested sensitive information.

#litellm

fromTechCrunch

Information security

Popular AI gateway startup LiteLLM ditches controversial startup Delve | TechCrunch

fromInfoWorld

Information security

PyPI warns developers after LiteLLM malware found stealing cloud and CI/CD credentials

fromTechCrunch

Popular AI gateway startup LiteLLM ditches controversial startup Delve | TechCrunch

LiteLLM is terminating its relationship with Delve for security certifications after a malware incident and will seek a new compliance auditor.

fromInfoWorld

PyPI warns developers after LiteLLM malware found stealing cloud and CI/CD credentials

Compromised LiteLLM packages executed a three-stage payload targeting sensitive data in cloud environments before being removed from PyPI.

TA446 Deploys Leaked DarkSword iOS Exploit Kit in Targeted Spear-Phishing Campaign

Russian state-sponsored group TA446 is using the DarkSword exploit kit to target iOS devices through phishing emails.

US news

Alleged RedLine Malware Administrator Extradited to US

Hambardzum Minasyan has been extradited to the US for his alleged involvement in the RedLine malware operation.

Privacy technologies

fromZDNET

5 telltale signs that your phone has been compromised (and how to combat them)

Phone hacking can be detected through signs like battery drain, slow performance, unfamiliar logins, and reduced storage space.

Nearly 7M Email Addresses Exposed in Crunchyroll Third-Party Breach

Crunchyroll was breached through a third-party vendor, compromising user data and internal systems via a support agent's account.

fromArs Technica

Self-propagating malware poisons open source software and wipes Iran-based machines

CanisterWorm, as Aikido has named the malware, targets organizations' CI/CD pipelines used for rapid development and deployment of software. Every developer or CI pipeline that installs this package and has an npm token accessible becomes an unwitting propagation vector.

Information security

Roam Research

fromInfoWorld

New 'StoatWaffle' malware autoexecutes attacks on developers

StoatWaffle malware communicates with a C2 server to execute various commands and targets browser data and Keychain databases on macOS.

Stryker Says Malicious File Found During Probe Into Iran-Linked Attack

Stryker identified a malicious file used in a cyberattack by the Iran-linked group Handala, disrupting operations but finding no evidence of malware or ransomware.

fromTechCrunch

FBI says Iranian hackers are using Telegram to steal data in malware attacks | TechCrunch

Iranian government hackers exploit Telegram to steal data from dissidents and journalists through malware disguised as legitimate apps.

fromComputerworld