#malware

#malware

Four SAP NPM packages were compromised with malicious code, targeting cloud application workflows and stealing sensitive credentials.

A Brazilian cybercrime group targets Minecraft players with LofyStealer malware disguised as a hack called 'Slinky'.

Over 70 extensions in the Open VSX marketplace are likely linked to GlassWorm malware, designed to steal sensitive information and deploy malware.

GopherWhisper is a newly identified APT using legitimate services for command-and-control communication and data exfiltration, primarily targeting a Mongolian government entity.

A US federal agency was infected with malware due to vulnerabilities in Cisco firewalls linked to a China-backed espionage campaign.

Vercel experienced a data breach affecting customer accounts, with evidence of prior compromises suggesting broader security implications.

Vercel identified additional compromised customer accounts linked to a security incident involving unauthorized access to its internal systems.

Browser extensions disguised as TikTok video downloaders are compromising user data, highlighting vulnerabilities in enterprise security.

Google Antigravity's vulnerabilities have attracted both security researchers and cybercriminals, leading to risks of remote code execution and malware delivery.

A new variant of LOTUSLITE malware targets India's banking sector, focusing on espionage rather than financial gain.

Gmail users are warned about fake alerts designed to hijack phones and steal personal information.

A ClickFix campaign targets macOS users with an AppleScript infostealer that collects sensitive data from various browsers and cryptocurrency wallets.

Over two dozen fake cryptocurrency apps targeting iOS users have been found in the Apple App Store, aimed at stealing recovery phrases and private keys.

Hackers exploit Android's overlay feature to capture PINs and monitor user interactions across over 800 apps using banking trojans.

Threat actors are exploiting QEMU for ransomware and remote access tool deployment, with increased activity observed since late 2025.

Kubernetes faces a surge in cyberattacks, with a 282% increase in attempts, particularly targeting the IT sector and crypto exchanges.

ZionSiphon malware targets Israeli water treatment systems, showcasing a trend in politically motivated attacks on critical infrastructure.

Threat actors exploit vulnerabilities in TBK DVR and TP-Link routers to deploy Mirai-botnet variants, targeting IoT devices for large-scale attacks.

A social engineering campaign exploits Obsidian to distribute PHANTOMPULSE trojan targeting financial and cryptocurrency sectors.

Adobe patched a critical vulnerability in Acrobat DC and Reader DC that allowed hackers to remotely install malware via malicious PDF files.

JanelaRAT malware targets financial institutions in Latin America, stealing sensitive data and employing advanced infection techniques.

A fake Anthropic Claude website distributed a remote access trojan disguised as a legitimate application download.

OpenAI's macOS apps were affected by a supply chain attack, but no user data or internal systems were compromised.

A critical flaw in the EngageLab SDK allowed malicious apps to exploit trusted permissions, affecting over 50 million Android users.

CPUID's website was compromised, redirecting users to malware-laden downloads for several hours.

Google's Device Bound Session Credentials enhance security for Chrome users by tying authentication sessions to specific devices, combating session theft.

A new variant of the Phorpiex botnet combines traditional and peer-to-peer communication, facilitating sophisticated malware operations and high-volume spam.

NoVoice malware infiltrated Google Play Store, downloaded over 2.3 million times, exposing sensitive data on millions of devices.

Apple's macOS update introduces a warning system to prevent users from executing potentially harmful commands in Terminal.

Apple has released critical iOS updates to protect against the DarkSword cyberattack method targeting vulnerable devices.