Cybersecurity
Apple App Store Hit With 26 Fake Crypto Wallet Apps
Cybersecurity researchers have discovered a set of malicious apps on the Apple App Store that impersonate popular cryptocurrency wallets in an attempt to steal
#malware
68 articles
Cybersecurity
Chinese Hackers Target Users With Trojanized PDF Reader
Chinese-speaking individuals are the target of a new campaign that uses a trojanized version of SumatraPDF reader to deploy the AdaptixC2 Beacon post-exploitati
Cybersecurity
New Threat Group UNC6692 Exploits Teams for Malware Distribution
A previously undocumented threat activity cluster known as UNC6692 has been observed leveraging social engineering tactics via Microsoft Teams to deploy a custo
Cybersecurity
VECT 2.0 Ransomware Flaw Destroys Large Files Instead of Encrypting
Researchers are warning that the VECT 2.0 ransomware has a problem in the way it handles encryption nonces that leads to permanently destroying larger files rat
Cybersecurity
Supply Chain Vulnerabilities Persist as Attackers Exploit Familiar Flaws
You scroll past one incident and see another that feels familiar, like it should have been fixed years ago, but it still works with small changes. Same bugs. Sa
Cybersecurity
Bitwarden CLI Targeted in Major Supply Chain Security Breach
Bitwarden CLI has been compromised as part of the newly discovered and ongoing Checkmarx supply chain campaign, according to new findings from Socket. "The affe
Cybersecurity
China-Linked Hackers Target Mongolia Government with Go Backdoors
Mongolian governmental institutions have emerged as the target of a previously undocumented China-aligned advanced persistent threat (APT) group tracked as Goph
Cybersecurity
Threat Actors Publishing Structured OPSEC Playbooks
Threat actors are now publishing structured OPSEC playbooks to stay undetected. Flare reveals how these guides outline layered infrastructure, identity separati
Cybersecurity
Malicious Docker Images Target Checkmarx KICS Supply Chain
Cybersecurity researchers have warned of malicious images pushed to the official "checkmarx/kics" Docker Hub repository. In an alert published today, software s
Cybersecurity
Self-Propagating Worm Targets npm Packages, Steals Developer Tokens
Cybersecurity researchers have flagged a fresh set of packages that have been compromised by bad actors to deliver a self-propagating worm that spreads through
Cybersecurity
Harvester's Linux GoGra Backdoor Targets South Asia
The threat actor known as Harvester has been attributed to a new Linux version of its GoGra backdoor deployed as part of attacks likely targeting entities in So
Cybersecurity
73 Malicious Extensions Hide in OpenVSX Ecosystem
A new wave of the Glassworm campaign is targeting the OpenVSX ecosystem with 73 "sleeper" extensions that turn malicious after an update. [...]
Cybersecurity
Lotus Wiper Malware Strikes Venezuelan Energy Infrastructure
Cybersecurity researchers have discovered a previously undocumented data wiper that has been used in attacks targeting Venezuela at the end of last year and the
Cybersecurity
New LOTUSLITE Malware Variant Targets Indian Banks
Cybersecurity researchers have discovered a new variant of a known malware called LOTUSLITE that's distributed via a theme related to India's banking sector. "T
Cybersecurity
Popular Python Package Compromised in Data Theft Attack
An attacker pushed a malicious version of the popular elementary-data package Python Package Index (PyPI) to steal sensitive developer data and cryptocurrency w
Cybersecurity
Ransomware Gang Deploys Proxy Malware to 1,570+ Victims
Threat actors associated with The Gentlemen ransomware‑as‑a‑service (RaaS) operation have been observed attempting to deploy a known proxy malware called System
Cybersecurity
NGate Malware Evolves: Hijacks HandyPay App to Steal NFC Data
Cybersecurity researchers have discovered a new iteration of an Android malware family calledNGate that has been found to abuse a legitimate application called&
Cybersecurity
Microsoft Teams Exploited to Distribute Custom Snow Malware
A threat group tracked as UNC6692 uses social engineering to deploy a new, custom malware suite named 'Snow' which includes a browser extension, a tunneler, and
Cybersecurity
Attackers Exploit Trusted Tools to Breach Systems
Monday’s recap shows the same pattern in different places. A third-party tool becomes a way in, then leads to internal access. A trusted download path is briefl
Cybersecurity
Firestarter Malware Persists Despite Cisco Security Patches
Cybersecurity agencies in the U.S. and U.K. are warning about a custom malware called Firestarter persisting on Cisco Firepower and Secure Firewall devices runn
Cybersecurity
ZionSiphon Malware Targets Israeli Water Infrastructure
Cybersecurity researchers have flagged a new malware called ZionSiphon that appears to be specifically designed to target Israeli water treatment and desalinati
Cybersecurity
Microsoft Defender Zero-Days Under Active Attack
Huntress is warning that threat actors are exploiting three recently disclosed security flaws in Microsoft Defender to gain elevated privileges in compromised s
Cybersecurity
Trigona Ransomware Gang Deploys Custom Tool for Rapid Data Theft
Recently observed Trigona ransomware attacks are using a custom, command-line tool to steal data from compromised environments faster and more efficiently. [...
Cybersecurity
Checkmarx KICS Tool Compromised in Supply Chain Attack
Hackers have compromised Docker images, VSCode and Open VSX extensions for the Checkmarx KICS analysis tool to harvest sensitive data from developer environment
Cybersecurity
New PowMix Botnet Actively Targeting Czech Workers
Cybersecurity researchers have warned of an active malicious campaign that's targeting the workforce in the Czech Republic with a previously undocumented botnet
Cybersecurity
State-Backed Hackers Weaponize Outlook, Slack for Covert Attacks
A previously undocumented state-backed threat actor named GopherWhisper is using a Go-based custom toolkit and legitimate services like Microsoft 365 Outlook, S
Cybersecurity
New RAT Malware Targets Finance Sector via Obsidian
A "novel" social engineering campaign has been observed abusing Obsidian, a cross-platform note-taking application, as an initial access vector to distribute a
Cybersecurity
n8n Automation Platform Weaponized for Phishing Since October
Threat actors have been observed weaponizing n8n, a popular artificial intelligence (AI) workflow automation platform, to facilitate sophisticated phi
Cybersecurity
GoGra Linux Malware Exploits Microsoft Graph API for Covert Attacks
A Linux variant of the GoGra backdoor uses legitimate Microsoft infrastructure, relying on an Outlook inbox for stealthy payload delivery. [...]
Cybersecurity
Mirax Android RAT Hijacks 220K Devices via Meta Ads
A nascent Android remote access trojan called Mirax has been observed actively targeting Spanish-speaking countries, with campaigns reaching more than 220,
Cybersecurity
108 Malicious Chrome Extensions Target 20K Users
Cybersecurity researchers have discovered a new campaign in which a cluster of 108 Google Chrome extensions has been found to communicate with the same command-
Cybersecurity
New Lotus Malware Targets Venezuelan Energy Sector
A previously undocumented data-wiping malware dubbed Lotus was used last year in targeted attacks against energy and utilities organizations in Venezuela. [...]
Cybersecurity
JanelaRAT Malware Launches 14,739 Attacks on Brazilian Banks
Banks and financial institutions in Latin American countries like Brazil and Mexico have continued to be the target of a malware family called JanelaRAT. A modi
Cybersecurity
Critical PDF Zero-Day and State Infrastructure Threats Emerge
Monday is back, and the weekend’s backlog of chaos is officially hitting the fan. We are tracking a critical zero-day that has been quietly living in
Cybersecurity
NGate Android Malware Targets NFC Payments via HandyPay
A new variant of the NGate malware that steals NFC payment data is targeting Android users by hiding in a trojanized version of HandyPay, a legitimate mobile pa
Cybersecurity
North Korean Hackers Target Users Via Facebook Befriending Scam
The North Korean hacking group tracked as APT37 (aka ScarCruft) has been attributed to a fresh multi-stage, social engineering campaign in which threat act
Cybersecurity
CPUID Site Compromised to Distribute STX RAT Malware
Unknown threat actors compromised CPUID ("cpuid[.]com"), a website that hosts popular hardware monitoring tools like CPU-Z, HWMonitor, HWMonitor Pro, and P
Cybersecurity
Apple's Chinese App Store Hit by Crypto-Stealing Wallet Scams
A set of 26 malicious apps on Apple App Store impersonate popular wallets, such as Metamask, Coinbase, Trust Wallet, and OneKey, to steal recovery or seed phras
Cybersecurity
Gentlemen Ransomware Gang Deploys SystemBC Botnet in Corporate Attacks
A SystemBC proxy malware botnet of more than 1,570 hosts, believed to be corporate victims, has been discovered following an investigation into a Gentlemen rans
Science & Tech
WordPress Plugin Supply Chain Attack Hits Thousands of Sites
Dozens of WordPress plugins were allegedly hijacked to push malware after they were sold to a new corporate owner.
Cybersecurity
New LucidRook Malware Targets Taiwan NGOs
A previously undocumented threat cluster dubbed UAT-10362 has been attributed to spear-phishing campaigns targeting Taiwanese non-governmental organization
Cybersecurity
Cyber Criminals Deploy RATs and Miners via Fake Software
A financially motivated operation codenamed REF1695 has been observed leveraging fake installers to deploy remote access trojans (RATs) and
Cybersecurity
Ransomware Gangs Exploit Vulnerable Drivers to Disable EDR Tools
Threat actors associated with Qilin and Warlock ransomware operations have been observed using the bring your own vulnerable driver (BY
Cybersecurity
Payouts King Ransomware Deploys Hidden VMs to Evade Security
The Payouts King ransomware is using the QEMU emulator as a reverse SSH backdoor to run hidden virtual machines on compromised systems and bypass endpoint secur
Cybersecurity
SparkCat Malware Returns: New Variant Targets Crypto Wallets
Cybersecurity researchers have discovered a new version of the SparkCat malware on the Apple App Store and Google Play Store, more than a year after t
Cybersecurity
Chaos Malware Variant Now Targets Misconfigured Cloud Systems
Cybersecurity researchers have flagged a new variant ofmalware called Chaosthat'scapable of hitting misconfigured cloud deployments, marking an e
Cybersecurity
North Korean Hackers Distribute 1,700 Malicious Packages Across Developer Ecosystems
The North Korea-linked persistent campaign known as Contagious Interview has spread its tentacles by publishing malicious packages targeting the Go, R
Cybersecurity
Linux Servers Under Attack: PHP Web Shells Hide Commands in Cookies
Threat actors are increasingly using HTTP cookies as a control channel for PHP-based web shells on Linux servers and to achieve remote code execution, acco
Cybersecurity
Masjesu Botnet Emerges as Global DDoS-for-Hire Threat
Cybersecurity researchers have lifted the curtain on a stealthy botnet that's designed for distributed denial-of-service (DDoS) attacks. Called Masjesu, th
Cybersecurity
New ZionSiphon Malware Targets Critical Water Infrastructure
A new malware called ZionSiphon, specifically designed for operational technology, is targeting water treatment and desalination environments to sabotage their