Malware & Threats

New ClickFix Malware Variant ‘LightPerlGirl’ Targets Users in Stealthy Hack

ClickFix, LightPerlGirl, Malware, Malware & Threats /

New ClickFix Malware Variant ‘LightPerlGirl’ Targets Users in Stealthy Hack 2025-06-17 at 23:52 By Kevin Townsend Researchers identify a previously unknown ClickFix variant exploiting PowerShell and clipboard hijacking to deliver the Lumma infostealer via a compromised travel site. The post New ClickFix Malware Variant ‘LightPerlGirl’ Targets Users in Stealthy Hack appeared first on SecurityWeek. This […]

React to this headline:

Loading spinner

New ClickFix Malware Variant ‘LightPerlGirl’ Targets Users in Stealthy Hack Read More »

Recent Langflow Vulnerability Exploited by Flodrix Botnet

AI, botnet, exploited, Langflow, Malware & Threats /

Recent Langflow Vulnerability Exploited by Flodrix Botnet 2025-06-17 at 11:46 By Eduard Kovacs A critical Langflow vulnerability tracked as CVE-2025-3248 has been exploited to ensnare devices in the Flodrix botnet. The post Recent Langflow Vulnerability Exploited by Flodrix Botnet appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source React to

React to this headline:

Loading spinner

Recent Langflow Vulnerability Exploited by Flodrix Botnet Read More »

TeamFiltration Abused in Entra ID Account Takeover Campaign

EntraID, Malware & Threats, Teamfiltration /

TeamFiltration Abused in Entra ID Account Takeover Campaign 2025-06-13 at 15:22 By Ionut Arghire Threat actors have abused the TeamFiltration pentesting framework to target over 80,000 Entra ID user accounts. The post TeamFiltration Abused in Entra ID Account Takeover Campaign appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source React

React to this headline:

Loading spinner

TeamFiltration Abused in Entra ID Account Takeover Campaign Read More »

SimpleHelp Vulnerability Exploited Against Utility Billing Software Users

CISA, exploited, Malware & Threats, SimpleHelp /

SimpleHelp Vulnerability Exploited Against Utility Billing Software Users 2025-06-13 at 13:56 By Ionut Arghire CISA warns that vulnerable SimpleHelp RMM instances have been exploited against a utility billing software provider’s customers. The post SimpleHelp Vulnerability Exploited Against Utility Billing Software Users appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

React to this headline:

Loading spinner

SimpleHelp Vulnerability Exploited Against Utility Billing Software Users Read More »

Paragon ‘Graphite’ Spyware Linked to Zero-Click Hacks on Newest iPhones

Citizen Lab, Government, Graphite, iOS 18.3.1, Malware & Threats, Paragon, spyware, surveillance, Tracking & Law Enforcement, Zero Click /

Paragon ‘Graphite’ Spyware Linked to Zero-Click Hacks on Newest iPhones 2025-06-12 at 18:31 By Ryan Naraine Citizen Lab publishes forensic proof that spyware maker Paragon can compromise up-to-date iPhones. Journalists in Europe among victims. The post Paragon ‘Graphite’ Spyware Linked to Zero-Click Hacks on Newest iPhones appeared first on SecurityWeek. This article is an excerpt

React to this headline:

Loading spinner

Paragon ‘Graphite’ Spyware Linked to Zero-Click Hacks on Newest iPhones Read More »

Recently Disrupted DanaBot Leaked Valuable Data for 3 Years

botnet, DanaBot, Malware & Threats /

Recently Disrupted DanaBot Leaked Valuable Data for 3 Years 2025-06-11 at 15:03 By Eduard Kovacs Investigators leveraged a vulnerability dubbed DanaBleed to obtain insights into the internal operations of the DanaBot botnet. The post Recently Disrupted DanaBot Leaked Valuable Data for 3 Years appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View

React to this headline:

Loading spinner

Recently Disrupted DanaBot Leaked Valuable Data for 3 Years Read More »

Microsoft Patch Tuesday Covers WebDAV Flaw Marked as ‘Already Exploited’

CVE-2025-33053, Incident Response, Malware & Threats, Microsoft, Microsoft Office, Patch Tuesday, Vulnerabilities, WebDAV, Zero-Day /

Microsoft Patch Tuesday Covers WebDAV Flaw Marked as ‘Already Exploited’ 2025-06-10 at 21:20 By Ryan Naraine Redmond warns that external control of a file name or path in WebDAV “allows an unauthorized attacker to execute code over a network.” The post Microsoft Patch Tuesday Covers WebDAV Flaw Marked as ‘Already Exploited’ appeared first on SecurityWeek.

React to this headline:

Loading spinner

Microsoft Patch Tuesday Covers WebDAV Flaw Marked as ‘Already Exploited’ Read More »

Chinese Espionage Crews Circle SentinelOne in Year-Long Reconnaissance Campaign

APT41, China, Incident Response, Malware & Threats, Nation-State, PurpleHaze, SentinelLabs, SentinelOne, Shadowpad /

Chinese Espionage Crews Circle SentinelOne in Year-Long Reconnaissance Campaign 2025-06-09 at 20:58 By Ryan Naraine Anti-malware vendor said it spent the past twelve months deflecting a stream of network reconnaissance probes from China-nexus threat actors The post Chinese Espionage Crews Circle SentinelOne in Year-Long Reconnaissance Campaign appeared first on SecurityWeek. This article is an excerpt

React to this headline:

Loading spinner

Chinese Espionage Crews Circle SentinelOne in Year-Long Reconnaissance Campaign Read More »

Mirai Botnets Exploiting Wazuh Security Platform Vulnerability 

botnet, exploited, Malware & Threats, Wazuh /

Mirai Botnets Exploiting Wazuh Security Platform Vulnerability  2025-06-09 at 17:22 By Eduard Kovacs CVE-2025-24016, a critical remote code execution vulnerability affecting Wazuh servers, has been exploited by Mirai botnets. The post Mirai Botnets Exploiting Wazuh Security Platform Vulnerability  appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source React to this

React to this headline:

Loading spinner

Mirai Botnets Exploiting Wazuh Security Platform Vulnerability  Read More »

React Native Aria Packages Backdoored in Supply Chain Attack

backdoor, Malware & Threats, NPM, supply chain, Supply Chain Security /

React Native Aria Packages Backdoored in Supply Chain Attack 2025-06-09 at 17:22 By Ionut Arghire A threat actor published backdoored versions of 17 NPM packages from GlueStack in a fresh supply chain attack. The post React Native Aria Packages Backdoored in Supply Chain Attack appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

React to this headline:

Loading spinner

React Native Aria Packages Backdoored in Supply Chain Attack Read More »

Malicious NPM Packages Disguised as Express Utilities Allow Attackers to Wipe Systems

destructive, Malware, Malware & Threats, NPM, wiper /

Malicious NPM Packages Disguised as Express Utilities Allow Attackers to Wipe Systems 2025-06-09 at 16:35 By Ionut Arghire Two malicious NPM packages contain code that would delete production systems when triggered with the right credentials. The post Malicious NPM Packages Disguised as Express Utilities Allow Attackers to Wipe Systems appeared first on SecurityWeek. This article

React to this headline:

Loading spinner

Malicious NPM Packages Disguised as Express Utilities Allow Attackers to Wipe Systems Read More »

Destructive ‘PathWiper’ Targeting Ukraine’s Critical Infrastructure

Featured, Malware, Malware & Threats, PathWiper, Russia, Ukraine, wiper /

Destructive ‘PathWiper’ Targeting Ukraine’s Critical Infrastructure 2025-06-06 at 13:21 By Ionut Arghire A Russia-linked threat actor has used the destructive malware dubbed PathWiper against a critical infrastructure organization in Ukraine. The post Destructive ‘PathWiper’ Targeting Ukraine’s Critical Infrastructure appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source React to this

React to this headline:

Loading spinner

Destructive ‘PathWiper’ Targeting Ukraine’s Critical Infrastructure Read More »

Backdoored Open Source Malware Repositories Target Novice Cybercriminals

backdoor, Malware, Malware & Threats /

Backdoored Open Source Malware Repositories Target Novice Cybercriminals 2025-06-05 at 16:32 By Ionut Arghire A threat actor has been creating backdoored open source malware repositories to target novice cybercriminals and game cheaters. The post Backdoored Open Source Malware Repositories Target Novice Cybercriminals appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original

React to this headline:

Loading spinner

Backdoored Open Source Malware Repositories Target Novice Cybercriminals Read More »

ClickFix Attack Exploits Fake Cloudflare Turnstile to Deliver Malware

ClickFix, Cloudflare, Malware & Threats /

ClickFix Attack Exploits Fake Cloudflare Turnstile to Deliver Malware 2025-06-05 at 14:47 By Kevin Townsend Researchers have discovered and analyzed a ClickFix attack that uses a fake Cloudflare ‘humanness’ check. The post ClickFix Attack Exploits Fake Cloudflare Turnstile to Deliver Malware appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

React to this headline:

Loading spinner

ClickFix Attack Exploits Fake Cloudflare Turnstile to Deliver Malware Read More »

Ramnit Malware Infections Spike in OT as Evidence Suggests ICS Shift

Featured, Honeywell, ICS, ICS/OT, Malware, Malware & Threats, OT, Ramnit, report /

Ramnit Malware Infections Spike in OT as Evidence Suggests ICS Shift 2025-06-04 at 14:17 By Eduard Kovacs Industrial giant Honeywell has published its 2025 Cybersecurity Threat Report with information on the latest trends. The post Ramnit Malware Infections Spike in OT as Evidence Suggests ICS Shift appeared first on SecurityWeek. This article is an excerpt

React to this headline:

Loading spinner

Ramnit Malware Infections Spike in OT as Evidence Suggests ICS Shift Read More »

Microsoft, CrowdStrike Lead Effort to Map Threat Actor Names

APT, CrowdStrike, Featured, Malware & Threats, Management & Strategy, Microsoft, naming /

Microsoft, CrowdStrike Lead Effort to Map Threat Actor Names 2025-06-03 at 11:33 By Eduard Kovacs Microsoft and CrowdStrike are running a project that aims to align threat actor names, and Google and Palo Alto Networks will also contribute. The post Microsoft, CrowdStrike Lead Effort to Map Threat Actor Names appeared first on SecurityWeek. This article

React to this headline:

Loading spinner

Microsoft, CrowdStrike Lead Effort to Map Threat Actor Names Read More »

Cryptojackers Caught Mining Monero via Exposed DevOps Infrastructure

Cryptocurrency, cybercrime, HashiCorp Nomad, Malware & Threats, Monero, Wiz, XMLRig /

Cryptojackers Caught Mining Monero via Exposed DevOps Infrastructure 2025-06-02 at 19:02 By Ryan Naraine Cryptocurrency mining operation hits exposed Consul dashboards, Docker Engine APIs and Gitea code-hosting instances to push Monero miner. The post Cryptojackers Caught Mining Monero via Exposed DevOps Infrastructure appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original

React to this headline:

Loading spinner

Cryptojackers Caught Mining Monero via Exposed DevOps Infrastructure Read More »

Qualcomm Flags Exploitation of Adreno GPU Flaws, Urges OEMs to Patch Urgently

CVE-2025-21479, CVE-2025-21480, CVE-2025-27038, Google TAG, Malware & Threats, Qualcomm, Vulnerabilities /

Qualcomm Flags Exploitation of Adreno GPU Flaws, Urges OEMs to Patch Urgently 2025-06-02 at 18:02 By Ryan Naraine Chipmaker says there are indications from Google Threat Analysis Group that a trio of flaws “may be under limited, targeted exploitation.” The post Qualcomm Flags Exploitation of Adreno GPU Flaws, Urges OEMs to Patch Urgently appeared first

React to this headline:

Loading spinner

Qualcomm Flags Exploitation of Adreno GPU Flaws, Urges OEMs to Patch Urgently Read More »

In Other News: PoC for Fortinet Bug, AI Model Subverts Shutdown, RAT Source Code Leaked

In Other News, Malware & Threats /

In Other News: PoC for Fortinet Bug, AI Model Subverts Shutdown, RAT Source Code Leaked 2025-06-02 at 11:17 By SecurityWeek News Noteworthy stories that might have slipped under the radar: simple PoC code released for Fortinet zero-day, OpenAI O3 disobeys shutdown orders, source code of SilverRAT emerges online. The post In Other News: PoC for

React to this headline:

Loading spinner

In Other News: PoC for Fortinet Bug, AI Model Subverts Shutdown, RAT Source Code Leaked Read More »

Firebase, Google Apps Script Abused in Fresh Phishing Campaigns

Cofense, ESET, Firebase, Fraud & Identity Theft, Google, Malware & Threats, Trellix /

Firebase, Google Apps Script Abused in Fresh Phishing Campaigns 2025-05-30 at 18:01 By Ionut Arghire Security researchers flag two phishing campaigns abusing Firebase and Google Apps Script to host malware and fake login pages. The post Firebase, Google Apps Script Abused in Fresh Phishing Campaigns appeared first on SecurityWeek. This article is an excerpt from

React to this headline:

Loading spinner

Firebase, Google Apps Script Abused in Fresh Phishing Campaigns Read More »

Scroll to Top