Skip to main content
COSMICBYTEZLABS
NewsSecurityHOWTOsToolsTraining
StudyProjectsNewsletterHire MeAbout
Subscribe

Press Enter to search or Esc to close

News
Security
HOWTOs
Tools
Training
Study
Projects
Newsletter
Hire Me
About
RSS Feed
Reading List
Subscribe

Stay in the Loop

Get the latest security alerts, tutorials, and tech insights delivered to your inbox.

Subscribe NowFree forever. No spam.
COSMICBYTEZLABS

Your trusted source for IT intelligence, cybersecurity insights, and hands-on technical guides.

1941+ Articles
150+ Guides

CONTENT

  • Latest News
  • Security Alerts
  • HOWTOs
  • Checklists
  • Projects
  • Exam Prep

RESOURCES

  • Search
  • Browse Tags
  • Newsletter Archive
  • Reading List
  • RSS Feed

COMPANY

  • About Us
  • Contact
  • Privacy Policy
  • Terms of Service

© 2026 CosmicBytez Labs. All rights reserved.

System Status: Operational
All tags
153 articles

#Malware

All CosmicBytez Labs articles tagged #Malware, across news, security advisories, how-to guides, and projects.

  • NewsJul 17, 2026

    In Other News: Iran Tracks US Military Phones, CrashStealer macOS Malware, CVD Blueprint

    This week's security roundup covers Iranian threat actors tracking US military personnel's phones, the newly discovered CrashStealer macOS infostealer, a coordinated vulnerability disclosure blueprint, ransomware targeting naval defense firm TKMS, and more.

  • NewsJul 17, 2026

    ClickLock: New macOS Infostealer Kills Apps Every 210ms to Force Password Entry

    Group-IB researchers discovered ClickLock, a new macOS infostealer distributed via ClickFix lures that terminates all visible system processes in a loop until the victim surrenders their login password — with zero AV detections at discovery.

  • NewsJul 17, 2026

    Seven Malicious Vite npm Packages Use Blockchain C2 to Deliver a RAT

    Checkmarx researchers uncovered ViteVenom — seven malicious npm packages impersonating the Vite ecosystem that use blockchain-based command-and-control infrastructure to deploy a remote access trojan. The campaign is an expansion of the ChainVeil threat actor.

  • NewsJul 16, 2026

    ClickLock: New macOS Stealer Kills Every App Until You Type Your Password

    Group-IB researchers discovered ClickLock, a macOS infostealer that uses ClickFix social engineering to install a kill loop firing pkill every 210ms — trapping victims into surrendering their system password to restore their desktop.

  • NewsJul 15, 2026

    Google Gemini CLI Jailbroken and Used as a Hacking Agent to Run a Malware Botnet

    Trend Micro researchers discovered a Russian-speaking threat actor named 'bandcampro' who jailbroke Google's open-source Gemini CLI to operate an 8-machine botnet inside a dental clinic, including autonomously migrating C2 infrastructure in just 6 minutes.

  • NewsJul 14, 2026

    U.S. Sanctions First VPN Service and Malware Cryptor Seller Over Ransomware Support

    The U.S. Treasury's OFAC has designated two individuals and a VPN service provider for enabling ransomware actors and other cybercriminals — marking a significant escalation in targeting the infrastructure that makes ransomware operations possible.

  • NewsJul 13, 2026

    Google and Microsoft Pull ModHeader After Hidden Tracker Found in 1.6M-Install Extension

    Google and Microsoft have removed ModHeader — a popular HTTP header editor with 1.6 million installs across Chrome and Edge — after researchers discovered a dormant browsing-history collector hidden inside the extension's official store version.

  • NewsJul 13, 2026

    US Treasury Sanctions 1VPNS: The VPN Service Favored by Ransomware Groups

    The US Treasury's OFAC sanctioned First VPN Service (1VPNS) and its Ukrainian administrator for providing anonymization cover to ransomware groups attacking US critical infrastructure, causing billions in losses. Action is coordinated with the UK and follows a May 2026 European infrastructure takedown.

  • NewsJul 12, 2026

    RedHook Android Malware Now Uses Wireless ADB for Shell Access

    A new RedHook variant abuses Android's Wireless Debugging feature to gain shell-level privileges without a USB connection — a novel technique that bypasses traditional physical access requirements.

  • NewsJul 11, 2026

    Compromised jscrambler 8.14.0 npm Release Drops Rust Infostealer During Install

    The popular jscrambler npm package was hijacked in version 8.14.0, silently dropping and executing a cross-platform Rust-based infostealer via a malicious...

  • NewsJul 10, 2026

    Exposed Hacker Server Reveals WP-SHELLSTORM Backdooring Thousands of WordPress Sites

    An unprotected 800MB server left open for three weeks exposed the full toolkit of a webshell access brokerage operation targeting 1.4 million domains....

  • NewsJul 9, 2026

    GodDamn Ransomware Deploys Microsoft-Signed PoisonX Driver to Kill EDR Tools

    GodDamn ransomware — a rebrand of Beast/Monster — uses PoisonX, a malicious kernel driver that passed Microsoft's signing process, to terminate 400+...

  • NewsJul 9, 2026

    'GodDamn' Ransomware Uses BYOVD Technique to Kill Security Software at US Companies

    A new ransomware strain dubbed 'GodDamn' is leveraging a Microsoft-signed malicious kernel driver through the Bring Your Own Vulnerable Driver technique...

  • NewsJul 9, 2026

    GigaWiper: New Windows Backdoor Bundles Disk Wiping, Fake Ransomware, and Spyware

    Microsoft has dissected GigaWiper, a destructive Windows backdoor that combines three distinct destructive capabilities — full disk wiping, fake...

  • NewsJul 8, 2026

    China-Linked UAT-7810 Expands ORB Network With New LONGLEASH Malware

    Cisco Talos researchers have identified new LONGLEASH malware deployed by Chinese APT group UAT-7810 to expand its Operational Relay Box network,...

  • NewsJul 8, 2026

    SCMBANKER Malware Uses ClickFix Lures to Target Mexican Banking Users

    A new banking fraud campaign tracked as REF6045 is deploying SCMBANKER malware through fake CAPTCHA ClickFix lures to steal credentials from customers of...

  • NewsJul 7, 2026

    RedWing MaaS Packages Android Bank Fraud as a Telegram Rental Service

    A new Android malware operation called RedWing is being rented out on Telegram as a ready-made bank-fraud service, letting even low-skill criminals take...

  • NewsJul 6, 2026

    Armored Likho APT Targeting Government and Electric Power Entities

    Kaspersky researchers have detailed a new campaign by Armored Likho — a threat actor overlapping with Eagle Werewolf — deploying modular RATs and the...

  • NewsJul 6, 2026

    North Korean Hackers Target Open Source Developers in Supply Chain Attacks

    The PolinRider campaign has compromised more than 100 legitimate open source packages and repositories to deliver a backdoor and information stealer...

  • NewsJul 6, 2026

    Weekly Recap: Proxy Botnets, Browser Ransomware, AI Agent Tricks, Fake PoC Malware

    This week's threat roundup covers residential proxy botnets hiding in streaming boxes, browser-based ransomware campaigns, AI agent abuse techniques, and...

  • NewsJul 4, 2026

    North Korea-Linked npm Packages Mimic Rollup Polyfills to Steal Developer Secrets

    JFrog researchers attribute a fresh npm supply chain campaign to North Korea's Lazarus Group. Malicious packages impersonating Rollup polyfill tooling...

  • NewsJul 4, 2026

    PamStealer Uses Fake Maccy Sites and PAM Checks to Steal Mac Login Passwords

    Jamf Threat Labs has discovered PamStealer, a sophisticated two-stage macOS infostealer that impersonates the Maccy clipboard manager, delivers a...

  • NewsJul 3, 2026

    New Avalon Malware Framework Packs CrownX Ransomware Capabilities

    Blackpoint Cyber researchers have uncovered Avalon, an AI-assisted modular malware framework that chains phishing, credential theft, lateral movement, and...

  • NewsJul 2, 2026

    AI-Generated Browser Ransomware Abuses Chromium API on Windows, Linux, macOS, Android

    Researchers have uncovered a novel malware artifact generated using DeepSeek that weaponizes the Chromium File System Access API to encrypt files entirely...

  • NewsJul 1, 2026

    Fake Perplexity Extension on Chrome Web Store Tracked Searches and Harvested Browsing Data

    A malicious extension masquerading as the Perplexity AI answer engine was discovered on the Chrome Web Store, intercepting search traffic and collecting...

  • NewsJun 29, 2026

    Critical SimpleHelp Flaw Exploited to Deploy Djinn Infostealer

    Hackers are actively exploiting CVE-2026-48558 in SimpleHelp remote support software to deploy Djinn Stealer, a previously undocumented cross-platform...

  • NewsJun 29, 2026

    Gamaredon Expands Ukraine Attacks with New Malware and Cloud Abuse

    Russian FSB-linked APT group Gamaredon has mounted 35 distinct spear-phishing campaigns against Ukrainian targets in 2025, deploying an expanded malware...

  • NewsJun 29, 2026

    Malicious Perplexity Chrome Extension Intercepted Searches and Address Bar Input

    Microsoft uncovered a fake Perplexity AI Chrome extension that silently captured every search query and address bar keystroke, routing the data to an...

  • NewsJun 29, 2026

    Hijacked npm and Go Packages Use VS Code Tasks to Deploy Python Infostealer

    Attackers poisoned at least 18 npm and Go packages with a novel technique: hiding malware in .vscode/tasks.json auto-run tasks, bypassing npm v12's...

  • NewsJun 29, 2026

    In a First, a Court Takedown Goes After Two Cybercrime Tools at Once

    Microsoft and Europol dismantled both StealC and Amadey simultaneously in a single RICO filing — the first time a court-authorized takedown has targeted...

  • NewsJun 27, 2026

    Clean GitHub Repo Tricks AI Coding Agents Into Running Malware

    Researchers demonstrate how a seemingly clean, scanner-safe GitHub repository can silently execute a malicious payload when an AI coding agent clones and...

  • NewsJun 26, 2026

    Miasma Malware Targets npm Packages and GitHub Actions in Supply Chain Attack

    The Miasma supply chain malware family — an evolution of Mini Shai-Hulud and linked to the Hades worm — has compromised hundreds of npm packages, abused...

  • NewsJun 25, 2026

    Chrome Ad Blocker with 10M+ Installs Found with Dormant Script Injection Capability

    Security researchers at Island discovered that 'Adblock for YouTube,' a Chrome extension with over 10 million installs and a Featured badge, contains a...

  • NewsJun 25, 2026

    Malicious Edge Extension "Edgecution" Abuses Native Messaging to Deploy Ransomware Backdoor

    Zscaler researchers exposed 'Edgecution', a rogue Microsoft Edge extension that exploits Chrome's Native Messaging protocol to escape the browser sandbox...

  • NewsJun 25, 2026

    More Malicious OpenClaw Skills Threaten AI Supply Chain

    Unit 42 researchers identified five persistent malicious skill packages on ClawHub — OpenClaw's AI agent marketplace — including infostealers disguised as...

  • NewsJun 25, 2026

    Russian APT Gamaredon Upgrades Its Arsenal, Requiring New Defenses

    ESET research reveals FSB-sponsored Gamaredon has significantly upgraded its C2 infrastructure obfuscation and malware delivery capabilities, running 35...

  • NewsJun 25, 2026

    Three 'Cybercrime-as-a-Service' Operations Undercut by Microsoft and Law Enforcement

    A two-week joint operation by Microsoft and Europol dismantled three major malware-as-a-service platforms — StealC, Amadey, and SocGholish — seizing 326...

  • NewsJun 24, 2026

    Amadey and StealC Malware Networks Disrupted, 27 Million Stolen Credentials Recovered

    A coordinated law enforcement operation backed by Bitdefender, Bitsight, ESET, and Microsoft has dismantled the infrastructure powering Amadey and StealC,...

  • NewsJun 24, 2026

    Amadey and StealC Malware Operations Disrupted in Operation Endgame Action

    Microsoft, Europol, and international law enforcement partners have dismantled infrastructure supporting the Amadey malware loader and StealC infostealer...

  • NewsJun 24, 2026

    Edgecution: Malicious Edge Extension Escapes Browser Sandbox via Native Messaging

    A malicious Microsoft Edge extension dubbed 'Edgecution' abused the Native Messaging API to escape the browser sandbox and deliver a Python backdoor used...

  • NewsJun 24, 2026

    Stealthy Mistic Backdoor Linked to Ransomware Access Broker KongTuke

    Security researchers have identified a new backdoor malware named Mistic being deployed by KongTuke, a ransomware initial access broker, in financially...

  • NewsJun 24, 2026

    Microsoft and Europol Dismantle Three Cybercrime-as-a-Service Operations

    Microsoft and Europol jointly targeted the full CaaS supply chain, seizing 300+ servers and disrupting SocGholish, Amadey, and StealC malware infrastructure.

  • NewsJun 23, 2026

    FortiBleed Attackers Turn Firewalls Into Credential Stealers as Heists Persist

    The FortiBleed campaign's operators weaponize Fortinet's own built-in diagnostic command to run a custom Golang sniffer that intercepts 24 authentication...

  • NewsJun 23, 2026

    New OXLOADER Loader Uses Malicious Google Ads to Deliver CastleStealer

    Elastic Security Labs has uncovered OXLOADER, a sophisticated new malware loader using malvertising via Google Ads to target developers searching for...

  • NewsJun 23, 2026

    WhatsApp VBScript Campaign Uses Fake Documents to Install ManageEngine RMM Tool

    Attackers are abusing compromised WhatsApp accounts to distribute malicious VBScript files disguised as financial documents, ultimately deploying a...

  • NewsJun 22, 2026

    AryStinger Malware Infects 4,300 Legacy Routers to Build Reconnaissance Proxy Network

    Researchers at QiAnXin's XLab have identified AryStinger, a novel malware targeting end-of-life D-Link routers and QNAP NAS devices to build a distributed...

  • NewsJun 22, 2026

    ShapedPlugin WordPress Pro Plugins Backdoored in Supply Chain Attack

    Multiple WordPress plugins from ShapedPlugin were compromised in a supply chain attack, with attackers injecting backdoor code into Pro plugin releases...

  • NewsJun 22, 2026

    Weekly Recap: Browser Bugs, EDR Killers, TV Botnet, OpenBSD Flaw, Android Trojan, and More

    This week's threat roundup covers the Usbliter8 iPhone boot exploit, NarwhalRAT spread via fake Microsoft alerts, The Gentlemen ransomware's GentleKiller...

  • NewsJun 22, 2026

    What the Latest ShinyHunters Breaches Reveal About Modern Cyberattacks

    Groups like ShinyHunters are demonstrating that attackers do not necessarily need malware or zero-day exploits to cause massive damage — identity-based...

  • NewsJun 22, 2026

    WhatsApp Phishing Attack Uses Fake Business Docs to Hack PCs

    An active malware campaign is targeting WhatsApp users across multiple countries with deceptive messages pushing VBScript-based droppers disguised as...

  • NewsJun 21, 2026

    AryStinger Botnet Infected Thousands of D-Link Routers Worldwide

    A previously undocumented malware botnet named AryStinger has compromised more than 4,000 outdated D-Link routers, converting them into malicious proxy...

  • NewsJun 21, 2026

    USB Worm Spreads Crypto-Stealing Malware via Windows Shortcut Files

    A self-spreading USB worm active since February 2026 hides real files behind malicious .lnk shortcuts, hijacks clipboard cryptocurrency addresses, hunts...

  • NewsJun 19, 2026

    CryptoBandits Malware Doubles as a Backdoor, Abuses Tor for Stealthy C2

    A newly detailed malware family called CryptoBandits routes all traffic through a local SOCKS5 proxy and the Tor network, blending credential theft with...

  • NewsJun 19, 2026

    Microsoft Details Windows Clipper Malware Campaign Using USB LNK Worm and Tor-Based C2

    Microsoft Threat Intelligence has exposed a cryptocurrency clipboard-hijacking campaign active since February 2026 that spreads via malicious USB LNK...

  • NewsJun 19, 2026

    Operation Endgame Disrupts SocGholish Servers, Cleans 14,971 WordPress Sites

    A joint law enforcement operation led by Dutch authorities and including partners from Canada, Germany, and the US has disrupted SocGholish malware...

  • NewsJun 18, 2026

    Gentlemen Ransomware Uses Multiple EDR Killers to Disable Defenses

    The Gentlemen ransomware-as-a-service operation is actively developing and maintaining a suite of EDR killer tools to help affiliates evade detection and...

  • NewsJun 18, 2026

    Police Cleans Nearly 15,000 SocGholish-Infected Sites Tied to Evil Corp

    International law enforcement cleaned nearly 15,000 malware-infected WordPress websites and took down more than 100 servers linked to the SocGholish...

  • NewsJun 18, 2026

    ShapedPlugin Update Flow Hacked to Infect WordPress Sites

    Multiple WordPress plugins from ShapedPlugin were compromised in a supply chain attack that distributed infected releases to paying customers via the...

  • NewsJun 17, 2026

    Malicious JetBrains Plugins Steal AI API Keys as Chrome Extensions Capture Chatbot Chats

    Researchers have uncovered a coordinated malware campaign involving 15 malicious JetBrains Marketplace plugins posing as DeepSeek-powered AI coding...

  • NewsJun 16, 2026

    Fake Microsoft Security Alerts Used to Deploy North Korean NarwhalRAT Malware

    North Korean state-sponsored group APT37 (ScarCruft) is conducting spear-phishing campaigns impersonating Microsoft Account security notifications to...

  • NewsJun 16, 2026

    'Lorem Ipsum' Malware Pivots to ClickFix Delivery via WordPress

    New analysis reveals the 'Lorem Ipsum' malware campaign has adopted ClickFix social engineering as its primary delivery mechanism, leveraging compromised...

  • NewsJun 16, 2026

    DragonForce Ransomware Hides C2 Traffic Inside Microsoft Teams Relays

    DragonForce ransomware operators deployed a custom implant called Backdoor.Turn to camouflage command-and-control communications inside legitimate...

  • NewsJun 15, 2026

    Chinese Hackers Breach REDCap Servers, Steal Medical Research Data

    A China-linked espionage campaign targeted exposed REDCap servers, deploying the InfiniteRed malware to steal sensitive medical research data from a North...

  • NewsJun 14, 2026

    'Hades' Campaign Against PyPI Puts New Spin on Shai-Hulud

    The latest supply chain attacks against PyPI, which hit 37 wheels and 19 code packages, show a continued evolution of the persistent Shai-Hulud software...

  • NewsJun 14, 2026

    Rust-Written IronWorm Hits NPM Supply Chain

    IronWorm, a self-propagating supply chain worm written in Rust, is targeting npm developers to steal credentials and reuse them to spread across the...

  • NewsJun 11, 2026

    The Gentlemen Ransomware Claims 478 Victims, Can Spread Like a Worm

    A new analysis of The Gentlemen ransomware operation reveals the financially motivated group has claimed 478 victims and evolved a worm-like...

  • NewsJun 11, 2026

    ThreatsDay Bulletin: Worm Code Leaked, AI Agent Phished, Claude Code Patch + 28 New Stories

    This week's threat intelligence roundup covers a supply chain attack kit posted publicly, a $5,000-per-month RAT that clones browser sessions, AI agents...

  • NewsJun 10, 2026

    Infostealers Turn Millions of Devices Into Credential Theft Machines

    Attackers increasingly favor stolen credentials over exploits, and infostealers have become the primary access broker feeding ransomware and cybercrime...

  • NewsJun 10, 2026

    The Miasma Worm Source Code Briefly Leaked on GitHub

    The Miasma credential-stealing worm framework was briefly open-sourced on GitHub before removal, potentially enabling copycat attacks against open-source...

  • NewsJun 5, 2026

    Adaptive, Agentic AI Worms Loom as the Next Major Enterprise Threat

    Security researchers warn that adaptive agentic AI worms — described as 'viruses with wings and brains' — will likely strike enterprise environments within a…

  • NewsJun 5, 2026

    Chinese APT UNC5221 Deploys Three New Malware Families to Maintain M365 Access

    Chinese espionage group UNC5221 is actively using the Brickstorm backdoor alongside two newly discovered malware families — Plenet and AgentPSD — to maintain…

  • NewsJun 5, 2026

    Hola Browser for Windows Compromised to Deliver Cryptominer

    The Windows version of the Hola Browser has been hit by a supply chain attack that bundled a cryptocurrency miner with the official installer, silently…

  • NewsJun 5, 2026

    In Other News: Anthropic Maps AI Threats, Unpatched Comodo Flaw, Palantir Chief Eyed for CISA

    This week's cybersecurity roundup covers Anthropic's new AI threat taxonomy, an unpatched Comodo security flaw, Palantir's Alex Karp reportedly under…

  • NewsJun 5, 2026

    IronWorm and New Miasma Worm Variant Hit npm in Coordinated Supply Chain Attacks

    Two distinct malware campaigns have hit the npm ecosystem simultaneously — IronWorm deploys a Rust-based infostealer via 50+ poisoned packages, while a new…

  • SecurityJun 5, 2026

    CVE-2026-49777: CVSS 10 Flaw in WooCommerce Product Slider Pro Enables Malware Implantation

    A maximum-severity input validation vulnerability in Product Slider Pro for WooCommerce allows attackers to implant malicious software. Affects all versions…

  • NewsJun 4, 2026

    Fake Sites Mimicking Open-Source Tools Rank High on Google to Deliver Malware via TDS

    Researchers have uncovered a large-scale SEO poisoning campaign that uses fake open-source and freeware project sites to funnel victims through a Traffic…

  • NewsMay 31, 2026

    ChatGPT Share Links Abused to Host Fake Outage Pages Delivering Malware

    Threat actors are exploiting ChatGPT's content-sharing feature to publish fake OpenAI outage pages that trick users into downloading trojanized ChatGPT…

  • NewsMay 29, 2026

    Dutch Govt Disrupts Malware Botnet with 17 Million Infected Devices

    Dutch authorities took offline a massive botnet of 17 million infected devices and seized more than 200 servers from a local hosting provider that...

  • SecurityMay 28, 2026

    CVE-2026-8398: Daemon Tools Lite Embedded Malicious Code Vulnerability

    CISA adds CVE-2026-8398 to KEV — a high-severity embedded malicious-code flaw in Daemon Tools Lite impacting confidentiality, integrity, and availability.

  • NewsMay 27, 2026

    CrowdStrike Dismantles Glassworm Botnet Targeting Open-Source Supply Chain

    CrowdStrike, Google, and Shadowserver dismantled the Glassworm botnet, stripping operators of infrastructure used to inject malware into OSS packages.

  • NewsMay 27, 2026

    GlassWorm Malware Takedown Disrupts Developer Supply Chain Attack Infrastructure

    CrowdStrike, Google, and Shadowserver simultaneously disrupted GlassWorm C2 channels, ending a supply-chain campaign targeting developers via packages.

  • NewsMay 26, 2026

    Iranian APT Targets Aviation, Software Companies With

    Nimbus Manticore, an Iranian advanced persistent threat group, has continued operations targeting aviation and software companies during and after the US.

  • NewsMay 25, 2026

    TrapDoor Supply Chain Attack Spreads Credential-Stealing

    A coordinated cross-ecosystem supply chain attack campaign dubbed TrapDoor has compromised 34 packages across 384+ versions on npm, PyPI, and Crates.io.

  • NewsMay 24, 2026

    Ghostwriter Targets Ukraine Government Entities with Prometheus Phishing Malware

    The Belarus-aligned Ghostwriter APT (UAC-0057/UNC1151) has launched a new phishing campaign impersonating Prometheus, a Ukrainian e-learning platform, to...

  • NewsMay 24, 2026

    Megalodon GitHub Attack Targets 5,561 Repos with Malicious

    Cybersecurity researchers have uncovered Megalodon, an automated attack campaign that pushed 5,718 malicious commits to over 5,500 GitHub repositories in...

  • NewsMay 23, 2026

    Laravel Lang Packages Hijacked to Deploy

    A supply chain attack targeting Laravel Lang localization packages has exposed developers to credential-stealing malware after attackers abused GitHub...

  • NewsMay 23, 2026

    Laravel-Lang PHP Packages Compromised to Deliver

    Multiple PHP packages belonging to the Laravel-Lang organization have been poisoned in a software supply chain attack, delivering a cross-platform...

  • NewsMay 23, 2026

    Packagist Supply Chain Attack Infects 8 Packages Using

    A coordinated supply chain attack campaign has infected eight Packagist Composer packages with malicious code that downloads and executes a Linux binary...

  • NewsMay 20, 2026

    Ukraine Identifies Infostealer Operator Tied to 28,000

    Ukrainian cyberpolice, working with US law enforcement, identified an 18-year-old from Odesa suspected of running an infostealer malware operation that...

  • NewsMay 19, 2026

    Cybercrime Service Disrupted for Abusing Microsoft Platform

    Microsoft has disrupted a malware-signing-as-a-service operation that exploited the company's Artifact Signing service to produce fraudulent code-signing...

  • NewsMay 19, 2026

    Trapdoor Android Ad Fraud Scheme Hit 659 Million Daily Bid

    Researchers at HUMAN Security uncovered Trapdoor, a sophisticated Android ad fraud and malvertising operation that used 455 malicious apps and 183...

  • NewsMay 18, 2026

    Four Malicious npm Packages Deliver Infostealers and Phantom Bot DDoS Malware

    Researchers have uncovered four malicious npm packages embedding infostealer malware and a Phantom Bot DDoS payload — one of which is a direct clone of...

  • NewsMay 18, 2026

    Shai-Hulud Worm Clones Spread After Code Release

    The public release of the Shai-Hulud worm source code by TeamPCP has triggered a wave of copycat variants appearing across the npm ecosystem. Security...

  • NewsMay 17, 2026

    Inside the REMUS Infostealer: Session Theft, MaaS, and Rapid Evolution

    A Flare threat intelligence analysis breaks down the REMUS infostealer — a rapidly evolving credential theft tool built around stolen browser sessions and...

  • NewsMay 17, 2026

    Turla Turns Kazuar Backdoor Into Modular P2P Botnet for Persistent Access

    Russia's Turla APT has transformed its long-running Kazuar backdoor into a modular peer-to-peer botnet architecture engineered for stealth and deep...

  • NewsMay 16, 2026

    Russian Hackers Turn Kazuar Backdoor into Modular P2P Botnet

    Secret Blizzard, a Russian state-sponsored threat group, has evolved its long-running Kazuar backdoor into a sophisticated modular peer-to-peer botnet...

  • NewsMay 15, 2026

    Funnel Builder WordPress Plugin Bug Exploited to Steal

    A critical vulnerability in the Funnel Builder plugin for WordPress is being actively exploited to inject malicious JavaScript into WooCommerce checkout...

  • NewsMay 15, 2026

    Popular node-ipc npm Package Compromised to Steal

    Hackers have injected credential-stealing malware into newly published versions of node-ipc, a popular inter-process communication npm package, in a new...

  • NewsMay 15, 2026

    TeamPCP Ups the Game, Releases Shai-Hulud Worm's Source Code

    The hacking group TeamPCP has publicly released the source code for its Shai-Hulud supply chain worm, actively encouraging other threat actors to...

  • NewsMay 10, 2026

    Hackers Abuse Google Ads and Claude.ai Chats to Push Mac

    Attackers are running a sophisticated malvertising campaign that hijacks Google Ads and legitimate Claude.ai shared chat sessions to deliver Mac malware...

  • NewsMay 10, 2026

    Quasar Linux RAT Steals Developer Credentials for Software

    A newly discovered Linux implant called Quasar Linux RAT (QLNX) is silently targeting software developers to harvest credentials, log keystrokes, and...

  • NewsMay 9, 2026

    Fake Call History Apps Stole Payments From Users After 7.3

    Cybersecurity researchers discovered 28 fraudulent Android apps on Google Play claiming to offer call history lookups, which instead enrolled users in...

  • NewsMay 9, 2026

    Fake OpenAI Repository on Hugging Face Pushes Infostealer

    A malicious repository impersonating OpenAI's "Privacy Filter" project climbed to Hugging Face's trending list and delivered information-stealing malware...

  • NewsMay 9, 2026

    JDownloader Site Hacked to Replace Installers with Python

    The official website for JDownloader, one of the most widely-used open-source download managers, was compromised to distribute malicious Windows and Linux...

  • NewsApr 29, 2026

    SAP-Related npm Packages Compromised in Credential-Stealing

    Security researchers have uncovered a coordinated supply chain attack campaign dubbed 'mini Shai-H' targeting SAP-related npm packages, injecting...

  • NewsApr 27, 2026

    PhantomCore Exploits TrueConf Vulnerabilities to Breach

    Pro-Ukrainian hacktivist group PhantomCore has been attributed to a sustained campaign targeting TrueConf video conferencing servers across Russia since...

  • NewsApr 27, 2026

    Weekly Recap: Fast16 Malware, XChat Launch, Federal

    This week's cybersecurity roundup covers the discovery of pre-Stuxnet Fast16 malware targeting engineering software, the emergence of the XChat...

  • NewsApr 25, 2026

    FIRESTARTER Backdoor Hit Federal Cisco Firepower Device

    CISA and the UK's NCSC have revealed that a US federal civilian agency's Cisco Firepower device running ASA software was compromised in September 2025...

  • NewsApr 25, 2026

    Researchers Uncover Pre-Stuxnet 'fast16' Malware Targeting

    SentinelOne has discovered 'fast16', a 2005-era Lua-based cyber sabotage implant that predates Stuxnet by five years and targeted high-precision...

  • NewsApr 25, 2026

    Threat Actor Uses Microsoft Teams to Deploy New 'Snow'

    UNC6692 employs email bombing and Teams impersonation to deliver a three-component Snow malware suite — SnowBelt, SnowGlaze, and SnowBasin — enabling full...

  • NewsApr 25, 2026

    Tropic Trooper Uses Trojanized SumatraPDF and GitHub to Deploy AdaptixC2

    Zscaler ThreatLabz has uncovered a Tropic Trooper (APT23) campaign that delivers the AdaptixC2 post-exploitation beacon via trojanized SumatraPDF...

  • NewsApr 24, 2026

    Firestarter Malware Survives Cisco Firewall Updates and Security Patches

    US and UK cybersecurity agencies are warning about Firestarter, a custom implant that persists on Cisco Firepower and Secure Firewall devices running ASA...

  • NewsApr 22, 2026

    Hypersonic Supply Chain Attacks: AI Defense Stops Zero-Days

    SentinelOne's AI-driven behavioral defense stopped three recent zero-day supply chain attacks before any payload signatures existed — demonstrating how...

  • NewsApr 22, 2026

    New Mirai Campaign Exploits RCE Flaw in End-of-Life D-Link

    A new Mirai-based malware campaign is actively exploiting CVE-2025-29635, a high-severity command-injection vulnerability in end-of-life D-Link DIR-823X...

  • NewsApr 22, 2026

    New npm Supply Chain Attack Self-Spreads to Steal Developer

    A newly discovered supply chain attack targeting the npm ecosystem steals developer authentication tokens and uses compromised accounts to publish...

  • NewsApr 20, 2026

    Researchers Detect ZionSiphon Malware Targeting Israeli

    Cybersecurity researchers at Darktrace have identified ZionSiphon, a new malware specifically designed to target Israeli water treatment and desalination...

  • NewsApr 20, 2026

    The Gentlemen Ransomware Now Uses SystemBC for Bot-Powered

    Researchers have discovered a SystemBC proxy botnet of over 1,570 compromised hosts linked to Gentlemen ransomware operations. The gang's affiliate is...

  • NewsApr 20, 2026

    Vercel's Security Breach Started with Malware Disguised as

    The Vercel security breach originated at Context.ai after an employee downloaded Lumma Stealer disguised as Roblox cheat software. The incident exposes...

  • NewsApr 20, 2026

    Weekly Recap: Vercel Hack, Push Fraud, QEMU Abused, New

    This week's cybersecurity recap covers the Vercel supply chain breach via a compromised AI tool, push fraud campaigns, attackers abusing QEMU virtual...

  • NewsApr 9, 2026

    Russia's Forest Blizzard Harvests Logins via SOHO Router

    Russia's APT28 (Forest Blizzard) is conducting a malwareless espionage campaign by modifying a single DNS setting in vulnerable SOHO routers to silently...

  • NewsApr 8, 2026

    APT28 Deploys PRISMEX Malware in Campaign Targeting Ukraine

    Russian state-sponsored threat actor APT28 (Forest Blizzard / Pawn Storm) has launched a targeted spear-phishing campaign deploying a newly documented...

  • NewsApr 8, 2026

    Hackers Use Pixel-Large SVG Trick to Hide Credit Card

    A massive campaign targeting nearly 100 Magento e-commerce stores embeds credit card-stealing JavaScript inside a pixel-sized SVG image, bypassing visual...

  • NewsApr 5, 2026

    36 Malicious npm Packages Exploited Redis, PostgreSQL to Deploy Persistent Implants

    Cybersecurity researchers discovered 36 malicious npm packages disguised as Strapi CMS plugins that abused Redis and PostgreSQL connections to harvest...

  • NewsApr 2, 2026

    Claude Code Leak Used to Push Infostealer Malware on GitHub

    Threat actors are capitalising on the Claude Code source code leak by creating fake GitHub repositories that impersonate the leaked source to deliver...

  • NewsApr 1, 2026

    CERT-UA Impersonation Campaign Spread AGEWHEEZE Malware to 1 Million Emails

    Ukraine's Computer Emergency Response Team (CERT-UA) has disclosed a large-scale phishing campaign in which threat actor UAC-0255 impersonated the agency...

  • NewsApr 1, 2026

    ''NoVoice'' Android Malware on Google Play Infected 2.3

    A new Android malware named NoVoice was discovered hiding in over 50 apps on the Google Play Store, with a combined download count of at least 2.3...

  • NewsMar 31, 2026

    Axios Supply Chain Attack Pushes Cross-Platform RAT via Compromised npm Account

    Two newly published versions of the widely used Axios HTTP client library — v1.14.1 and v0.30.4 — were found to contain a malicious fake dependency that...

  • NewsMar 30, 2026

    DeepLoad Malware Uses ClickFix and WMI Persistence to Steal

    Researchers have identified DeepLoad, a previously undocumented malware loader that combines ClickFix social engineering with WMI-based persistence to...

  • NewsMar 30, 2026

    New RoadK1ll WebSocket Implant Used to Pivot on Breached

    Security researchers have identified a newly discovered malicious implant named RoadK1ll that leverages WebSocket connections to silently move from an...

  • NewsMar 30, 2026

    Three China-Linked Clusters Target Southeast Asian

    Three threat activity clusters aligned with China jointly targeted a Southeast Asian government organization in a complex, well-resourced espionage...

  • NewsMar 28, 2026

    Backdoored Telnyx PyPI Package Pushes Malware Hidden in WAV

    Threat actors known as TeamPCP compromised the Telnyx Python package on PyPI, uploading malicious versions that conceal credential-stealing malware inside...

  • NewsMar 28, 2026

    Cloudflare-Themed ClickFix Attack Drops Infiniti Stealer on Macs

    A newly observed ClickFix campaign impersonates Cloudflare's CAPTCHA verification pages to deliver the Python-based Infiniti Stealer to macOS users via a...

  • NewsMar 28, 2026

    New Infinity Stealer Malware Grabs macOS Data via ClickFix

    A new info-stealing malware named Infinity Stealer is targeting macOS systems with a Python payload packaged as an executable using the open-source Nuitka...

  • NewsMar 26, 2026

    WebRTC Skimmer Bypasses CSP to Steal Payment Data from E-Commerce Sites

    Cybersecurity researchers have uncovered a sophisticated new payment skimmer that weaponises WebRTC data channels to exfiltrate stolen credit card data...

  • NewsMar 22, 2026

    CanisterWorm: First Blockchain-Powered Self-Spreading Worm

    A novel self-propagating malware dubbed CanisterWorm uses Internet Computer Protocol smart contracts as an untakedownable C2 channel, spreading...

  • NewsMar 22, 2026

    Trivy Vulnerability Scanner Breached to Push Infostealer

    The Trivy open-source vulnerability scanner was compromised in a supply chain attack by the threat group TeamPCP, which hijacked 75 release tags and...

  • NewsMar 22, 2026

    VoidStealer Malware Steals Chrome Master Key via Debugger

    A new infostealer named VoidStealer bypasses Chrome's Application-Bound Encryption by attaching a remote debugger to the browser process and using the...

  • NewsMar 21, 2026

    New Speagle Malware Hijacks Cobra DocGuard for State-Sponsored Espionage

    A newly discovered .NET infostealer dubbed Speagle repurposes compromised Cobra DocGuard servers for C2 and data exfiltration, targeting organizations...

  • NewsMar 20, 2026

    Trivy Security Scanner GitHub Actions Breached — 75 Tags

    Trivy, Aqua Security's widely used open-source vulnerability scanner, was compromised a second time in a month. Attackers hijacked 75 GitHub Actions tags...

  • NewsMar 17, 2026

    LeakNet Ransomware Weaponizes ClickFix and Deno Runtime for Stealthy Corporate Attacks

    The LeakNet ransomware gang is using ClickFix social engineering for initial access and a Deno-based malware loader to execute fileless payloads from...

  • NewsMar 16, 2026

    Android 17 Blocks Non-Accessibility Apps from Accessibility

    Google is testing a new Android Advanced Protection Mode enforcement in Android 17 Beta 2 that automatically strips non-accessibility apps of their...

  • NewsMar 16, 2026

    GlassWorm ForceMemo: Stolen GitHub Tokens Used to Poison

    The GlassWorm threat actor has launched a new sub-campaign called ForceMemo, using stolen GitHub tokens to silently force-push malware into hundreds of...

  • NewsMar 14, 2026

    GlassWorm Escalates: 72 Malicious Open VSX Extensions Use

    The GlassWorm self-propagating worm campaign has compromised 72 Open VSX extensions using invisible Unicode Private Use Area characters and a Solana...

  • NewsFeb 28, 2026

    Google Disrupts Massive Chinese Espionage Campaign

    Google's Threat Intelligence Group dismantles UNC2814, a China-linked operation that deployed a novel backdoor called GRIDTIDE abusing Google Sheets API...

  • NewsFeb 20, 2026

    PromptSpy: First Android Malware to Weaponize Generative AI

    ESET researchers discover PromptSpy, the first known Android malware family that abuses Google's Gemini AI at runtime to dynamically navigate device UIs...

  • NewsFeb 14, 2026

    Claude AI Artifacts Abused to Distribute macOS Infostealer

    Threat actors are abusing publicly shared Claude AI artifacts and Google Ads to deliver the MacSync infostealer to macOS users through ClickFix social...

  • NewsFeb 13, 2026

    Malicious Chrome Extension 'CL Suite' Steals Meta Business

    Security researchers have uncovered a malicious Chrome extension called CL Suite that steals TOTP 2FA seeds, Meta Business Manager data, and analytics,...

  • NewsFeb 13, 2026

    Russian-Linked CANFAIL Malware Targets Ukrainian Defense

    Google Threat Intelligence Group attributes a previously undocumented JavaScript malware called CANFAIL to a Russian-linked threat actor targeting...

  • NewsFeb 12, 2026

    Lazarus Group Plants 192 Malicious Packages in npm and PyPI

    North Korea's Lazarus Group is running a fake recruitment campaign codenamed Graphalgo, planting 192 malicious packages on npm and PyPI that target...

  • NewsFeb 11, 2026

    SSHStalker Linux Botnet Uses IRC Protocol for Command and Control

    Security researchers discover a new Linux botnet named SSHStalker that leverages the legacy IRC protocol for C2 operations, marking a return to old-school...

  • NewsFeb 9, 2026

    VoidLink: AI-Generated Cloud-Native Malware Framework

    Researchers uncover VoidLink, an 88,000-line Zig-based malware framework built with AI assistance that targets AWS, Azure, GCP, and Kubernetes environments.

  • NewsFeb 6, 2026

    DKnife: China-Linked AitM Framework Hijacks Router Traffic

    Cisco Talos uncovers a seven-component Linux framework called DKnife that compromises routers to intercept credentials, replace downloads with trojans,...

  • NewsJan 18, 2026

    Supply Chain Attack Discovered in Popular NPM Packages

    Security researchers have discovered malicious code injected into several popular NPM packages with millions of weekly downloads. Developers urged to...