#malware

[ follow ]
#npm
#phishing
fromIT Pro
3 weeks ago
Privacy professionals

Malicious URLs overtake email attachments as the biggest malware threat

fromIT Pro
3 weeks ago
Privacy professionals

Malicious URLs overtake email attachments as the biggest malware threat

Information security
fromTheregister
4 days ago

Double trouble with CastleRAT malware, now in C and Python

TAG-150 created CastleRAT in Python and C, using ClickFix social engineering to trick users into pasting commands that enable remote access and payload delivery.
Information security
fromWIRED
6 days ago

Automated Sextortion Spyware Takes Webcam Pics of Victims Watching Porn

Stealerium automates sextortion by detecting porn browsing, screenshotting tabs, capturing webcam photos, and exfiltrating images alongside stolen credentials for blackmail.
Information security
fromZDNET
1 week ago

Why you should delete your browser extensions right now - or do this to stay safe

Malicious browser extensions infect millions, disable security features, and present significant privacy and performance risks even when they appear vetted.
Artificial intelligence
fromTechzine Global
1 week ago

Anthropic blocks misuse of Claude for cybercrime

Anthropic blocked attempts to misuse Claude for phishing, malware development, filter circumvention, and influence campaigns, banning accounts and tightening filters to mitigate risks.
fromThe Hacker News
2 weeks ago

Malicious Go Module Poses as SSH Brute-Force Tool, Steals Credentials via Telegram Bot

Cybersecurity researchers have discovered a malicious Go module that presents itself as a brute-force tool for SSH but actually contains functionality to discreetly exfiltrate credentials to its creator. "On the first successful login, the package sends the target IP address, username, and password to a hard-coded Telegram bot controlled by the threat actor," Socket researcher Kirill Boychenko said. The deceptive package, named "golang-random-ip-ssh-bruteforce," has been linked to a GitHub account called IllDieAnyway (G3TT), which is currently no longer accessible.
Information security
#insider-threat
fromTheregister
3 weeks ago

Apache ActiveMQ attackers patch critical vuln after entry

After installing a backdoor to the infected systems, they then downloaded two Java Archive (JAR) files that effectively patched the original vuln.
Information security
#cybersecurity
fromZDNET
3 weeks ago
Information security

DripDropper Linux malware cleans up after itself - how it works

Digital life
fromThe Hacker News
3 weeks ago

Weekly Recap: NFC Fraud, Curly COMrades, N-able Exploits, Docker Backdoors & More

Security fails gradually through small issues, emphasizing the need for swift action and clarity to prevent bigger problems.
Information security
fromThe Hacker News
3 weeks ago

Malicious PyPI and npm Packages Discovered Exploiting Dependencies in Supply Chain Attacks

Malicious package 'termncolor' discovered in PyPI allows code execution through its dependency 'colorinal', establishing persistence in systems.
fromZDNET
3 weeks ago
Information security

DripDropper Linux malware cleans up after itself - how it works

fromThe Hacker News
3 weeks ago

Noodlophile Malware Campaign Expands Global Reach with Copyright Phishing Lures

The Noodlophile campaign, active for over a year, now leverages advanced spear-phishing emails posing as copyright infringement notices, tailored with reconnaissance-derived details like specific Facebook Page IDs and company ownership information.
Information security
fromTheregister
3 weeks ago

Solana malware targeting Russian crypto developers

The threat actor known as 'cryptohan' has created npm packages that target the Solana cryptocurrency ecosystem and pretend to 'scan' for Solana SDK components.
Cryptocurrency
Privacy professionals
fromThe Hacker News
3 weeks ago

Taiwan Web Servers Breached by UAT-7237 Using Customized Open-Source Hacking Tools

A Chinese-speaking APT actor, UAT-7237, targets web infrastructure in Taiwan using customized open-source tools for prolonged access.
#ransomware
Ruby on Rails
fromThe Hacker News
1 month ago

RubyGems, PyPI Hit by Malicious Packages Stealing Credentials, Crypto, Forcing Security Changes

60 malicious RubyGems packages target unsuspecting users, posing as automation tools to steal credentials.
Privacy technologies
fromThe Hacker News
1 month ago

SocGholish Malware Spread via Ad Tools; Delivers Access to LockBit, Evil Corp, and Others

SocGholish malware utilizes Traffic Distribution Systems to redirect users to malicious content and has a Malware-as-a-Service model for cybercriminal operations.
Python
fromThe Hacker News
1 month ago

Webinar: How to Stop Python Supply Chain Attacks-and the Expert Tools You Need

Python packages harbor risks due to rising supply chain attacks, notably through various exploitation techniques like typo-squatting and repo-jacking.
Privacy professionals
fromWIRED
1 month ago

A Single Poisoned Document Could Leak 'Secret' Data Via ChatGPT

Generative AI models can be configured to access personal data sources, posing serious security risks and vulnerabilities to sensitive information.
fromThe Hacker News
1 month ago

ClickFix Malware Campaign Exploits CAPTCHAs to Spread Cross-Platform Infections

"Like a real-world virus variant, this new 'ClickFix' strain quickly outpaced and ultimately wiped out the infamous fake browser update scam that plagued the web just last year."
Privacy professionals
Privacy professionals
fromBoston.com
1 month ago

Emergency communications on South Shore targeted by cyber attack

The South Shore Regional Emergency Communications Center was targeted in a cyber attack, rendering its dispatch software unusable but not disrupting 911 services.
#cyber-espionage
Cryptocurrency
fromThe Hacker News
1 month ago

Soco404 and Koske Malware Target Cloud Services with Cross-Platform Cryptomining Attacks

Two malware campaigns, Soco404 and Koske, exploit cloud vulnerabilities to deliver cryptocurrency miners.
#coyote-trojan
US politics
fromArs Technica
1 month ago

Ukrainians arrest alleged admin of major crime forum XSS

Ukrainian authorities arrested the suspected administrator of the Russian-language crime forum XSS.is, a key player in global cybercrime.
fromThe Hacker News
1 month ago

Critical Unpatched SharePoint Zero-Day Actively Exploited, Breaches 75+ Global Organizations

A critical security vulnerability in Microsoft SharePoint Server, tracked as CVE-2025-53770 with a CVSS score of 9.8, has been weaponized in a large-scale exploitation campaign.
Information security
#android
fromThe Hacker News
1 month ago

Google Sues 25 Chinese Entities Over BADBOX 2.0 Botnet Affecting 10M Android Devices

"The BADBOX 2.0 botnet compromised over 10 million uncertified devices running Android's open-source software (Android Open Source Project), which lacks Google's security protections."
Privacy professionals
fromArs Technica
1 month ago

Google finds custom backdoor being installed on SonicWall network devices

The targeted devices are end of life, meaning they no longer receive regular updates for stability and security. Despite the status, many organizations continue to rely on them.
Privacy technologies
Node JS
fromBleepingComputer
1 month ago

North Korean XORIndex malware hidden in 67 malicious npm packages

North Korean threat actors delivered malware through 67 malicious npm packages, affecting over 17,000 downloads.
#macos
fromThe Hacker News
1 month ago

New PHP-Based Interlock RAT Variant Uses FileFix Delivery Mechanism to Target Multiple Industries

Since May 2025, activity related to the Interlock RAT has been observed in connection with the LandUpdate808 (aka KongTuke) web-inject threat clusters.
Privacy technologies
Information security
fromThe Hacker News
2 months ago

Hackers Use Leaked Shellter Tool License to Spread Lumma Stealer and SectopRAT Malware

Hackers are exploiting Shellter, a red teaming tool, for malfeasance, distributing stealer malware following a leaked version.
[ Load more ]