Malware & Threats

Multiple Jscrambler Packages Impacted by Supply Chain Attack

Multiple Jscrambler Packages Impacted by Supply Chain Attack 2026-07-14 at 12:04 By Ionut Arghire A threat actor poisoned several Jscrambler NPM package versions to drop a cross-platform credential stealer. The post Multiple Jscrambler Packages Impacted by Supply Chain Attack appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Multiple Jscrambler Packages Impacted by Supply Chain Attack Read More »

Ghost Accounts Abuse GitHub API in Mass Recon Campaign

Ghost Accounts Abuse GitHub API in Mass Recon Campaign 2026-07-11 at 20:30 By Ionut Arghire Multiple campaigns are using ghost accounts to map GitHub organizations, including their repositories and members. The post Ghost Accounts Abuse GitHub API in Mass Recon Campaign appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Ghost Accounts Abuse GitHub API in Mass Recon Campaign Read More »

In Other News: DHS Database Hacked, Adobe Boosts Patch Cadence, Canada Disrupts Ransomware Ops

In Other News: DHS Database Hacked, Adobe Boosts Patch Cadence, Canada Disrupts Ransomware Ops 2026-07-10 at 18:01 By SecurityWeek News Other noteworthy stories that might have slipped under the radar: Abnormal AI sued by Anthropic, AssuranceAmerica data breach affects 7 million people, NSA brings back TAO. The post In Other News: DHS Database Hacked, Adobe

In Other News: DHS Database Hacked, Adobe Boosts Patch Cadence, Canada Disrupts Ransomware Ops Read More »

GigaWiper Combines Multiple Malware for System-Level Sabotage

GigaWiper Combines Multiple Malware for System-Level Sabotage 2026-07-10 at 12:12 By Ionut Arghire The backdoor’s destructive capabilities include a standalone wiper, ransomware encryption, and a multi-pass wiping command. The post GigaWiper Combines Multiple Malware for System-Level Sabotage appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

GigaWiper Combines Multiple Malware for System-Level Sabotage Read More »

Network of 200 GitHub Repositories Used for Malware Infection

Network of 200 GitHub Repositories Used for Malware Infection 2026-07-10 at 11:00 By Ionut Arghire A Go module is used to load PowerShell code that fetches a resolver from public dead drops to execute Windows malware. The post Network of 200 GitHub Repositories Used for Malware Infection appeared first on SecurityWeek. This article is an

Network of 200 GitHub Repositories Used for Malware Infection Read More »

Blogspot-Hosted Payloads Delivered in ‘Veil#Drop’ Attacks

Blogspot-Hosted Payloads Delivered in ‘Veil#Drop’ Attacks 2026-07-06 at 22:14 By Ionut Arghire Securonix says the sophisticated framework abuses compromised websites, Blogspot, PowerShell, and fileless techniques to evade detection and deploy the PureLog information stealer. The post Blogspot-Hosted Payloads Delivered in ‘Veil#Drop’ Attacks appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original

Blogspot-Hosted Payloads Delivered in ‘Veil#Drop’ Attacks Read More »

Critical SimpleHelp Vulnerability Exploited for Malware Delivery

Critical SimpleHelp Vulnerability Exploited for Malware Delivery 2026-06-30 at 11:43 By Ionut Arghire The threat actor is focused on collecting credentials, SSH keys, cryptocurrency wallets, and development tooling. The post Critical SimpleHelp Vulnerability Exploited for Malware Delivery appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Critical SimpleHelp Vulnerability Exploited for Malware Delivery Read More »

Russian APT Deploys ‘StockStay’ Backdoor Against Ukrainian Targets

Russian APT Deploys ‘StockStay’ Backdoor Against Ukrainian Targets 2026-06-26 at 11:55 By Ionut Arghire Turla has been using the backdoor against government and military organizations in Ukraine for espionage. The post Russian APT Deploys ‘StockStay’ Backdoor Against Ukrainian Targets appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Russian APT Deploys ‘StockStay’ Backdoor Against Ukrainian Targets Read More »

Microsoft and Allies Smash Shared Infrastructure of Amadey and StealC Malware

Microsoft and Allies Smash Shared Infrastructure of Amadey and StealC Malware 2026-06-24 at 18:02 By Eduard Kovacs Hundreds of C&C servers were disrupted in an operation involving law enforcement and several cybersecurity companies. The post Microsoft and Allies Smash Shared Infrastructure of Amadey and StealC Malware appeared first on SecurityWeek. This article is an excerpt

Microsoft and Allies Smash Shared Infrastructure of Amadey and StealC Malware Read More »

New ‘Mistic’ RAT Opens Door to Several Ransomware Families

New ‘Mistic’ RAT Opens Door to Several Ransomware Families 2026-06-24 at 14:42 By Ionut Arghire Mistic is used by Woodgnat, an initial access broker working with Qilin, Interlock, Rhysida, Akira, 8Base, and Black Basta. The post New ‘Mistic’ RAT Opens Door to Several Ransomware Families appeared first on SecurityWeek. This article is an excerpt from

New ‘Mistic’ RAT Opens Door to Several Ransomware Families Read More »

In Other News: Apple Patches Beats Eavesdropping Flaw, DOT Closes Delta CrowdStrike Probe, AWS Continuum

In Other News: Apple Patches Beats Eavesdropping Flaw, DOT Closes Delta CrowdStrike Probe, AWS Continuum 2026-06-19 at 18:23 By SecurityWeek News Other noteworthy stories that might have slipped under the radar: Android TV botnet Popa linked to Israeli firm, Velvet Ant maintained decade-long stealth, unpatched GCP Config Connector flaw enables takeover. The post In Other

In Other News: Apple Patches Beats Eavesdropping Flaw, DOT Closes Delta CrowdStrike Probe, AWS Continuum Read More »

CryptoBandits Malware Doubles as a Backdoor, Abuses Tor

CryptoBandits Malware Doubles as a Backdoor, Abuses Tor 2026-06-19 at 14:19 By Ionut Arghire CryptoBandits uses a local SOCKS5 proxy for traffic routing, blending data theft with remote code execution. The post CryptoBandits Malware Doubles as a Backdoor, Abuses Tor appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

CryptoBandits Malware Doubles as a Backdoor, Abuses Tor Read More »

FortiBleed: 86,000 Fortinet Device Credentials Compromised

FortiBleed: 86,000 Fortinet Device Credentials Compromised 2026-06-19 at 13:48 By Ionut Arghire The large-scale credential theft campaign hit roughly half of the internet-accessible Fortinet firewalls and VPNs. The post FortiBleed: 86,000 Fortinet Device Credentials Compromised appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

FortiBleed: 86,000 Fortinet Device Credentials Compromised Read More »

15,000 WordPress Websites Cleaned Up in SocGholish Botnet Takedown 

15,000 WordPress Websites Cleaned Up in SocGholish Botnet Takedown  2026-06-19 at 09:46 By Ionut Arghire Law enforcement and private partners took down 106 SocGholish C&C servers and domains as part of Operation Endgame. The post 15,000 WordPress Websites Cleaned Up in SocGholish Botnet Takedown  appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

15,000 WordPress Websites Cleaned Up in SocGholish Botnet Takedown  Read More »

Rokarolla Banking Trojan Targets 200 Applications

Rokarolla Banking Trojan Targets 200 Applications 2026-06-18 at 13:42 By Eduard Kovacs The Android malware allows its operators to take control of infected devices and harvest sensitive information. The post Rokarolla Banking Trojan Targets 200 Applications appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Rokarolla Banking Trojan Targets 200 Applications Read More »

Microsoft Teams Relay Servers Abused in DragonForce Ransomware Attack

Microsoft Teams Relay Servers Abused in DragonForce Ransomware Attack 2026-06-17 at 13:38 By Ionut Arghire The attackers deployed a new Go-based backdoor that uses Microsoft Teams servers for command-and-control. The post Microsoft Teams Relay Servers Abused in DragonForce Ransomware Attack appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Microsoft Teams Relay Servers Abused in DragonForce Ransomware Attack Read More »

Atomic Arch Supply Chain Attack Hits 1,500 AUR Packages

Atomic Arch Supply Chain Attack Hits 1,500 AUR Packages 2026-06-16 at 13:51 By Ionut Arghire Arch Linux suspended account registrations in response to the wave of malicious packages being uploaded to AUR. The post Atomic Arch Supply Chain Attack Hits 1,500 AUR Packages appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View

Atomic Arch Supply Chain Attack Hits 1,500 AUR Packages Read More »

OnyxC2 Stealer Offers Cybercriminals Enterprise-Grade Theft for $250 a Month

OnyxC2 Stealer Offers Cybercriminals Enterprise-Grade Theft for $250 a Month 2026-06-11 at 16:00 By Kevin Townsend Researchers say the OnyxC2 malware targets more than 200 applications and extensions while evading detection through encrypted payloads, DLL sideloading, and in-memory execution techniques. The post OnyxC2 Stealer Offers Cybercriminals Enterprise-Grade Theft for $250 a Month appeared first on

OnyxC2 Stealer Offers Cybercriminals Enterprise-Grade Theft for $250 a Month Read More »

Infostealers Turn Millions of Devices Into Credential Theft Machines

Infostealers Turn Millions of Devices Into Credential Theft Machines 2026-06-10 at 17:24 By Kevin Townsend As attackers increasingly favor stolen credentials over exploits, infostealers have become a primary source of access for ransomware and other cybercrime operations. The post Infostealers Turn Millions of Devices Into Credential Theft Machines appeared first on SecurityWeek. This article is

Infostealers Turn Millions of Devices Into Credential Theft Machines Read More »

Over 100 NPM, PyPI Packages Hit in New Shai-Hulud Supply Chain Attacks

Over 100 NPM, PyPI Packages Hit in New Shai-Hulud Supply Chain Attacks 2026-06-09 at 15:21 By Ionut Arghire The most recent variants of the self-propagating attacks are named Miasma and Hades. The post Over 100 NPM, PyPI Packages Hit in New Shai-Hulud Supply Chain Attacks appeared first on SecurityWeek. This article is an excerpt from

Over 100 NPM, PyPI Packages Hit in New Shai-Hulud Supply Chain Attacks Read More »

Scroll to Top