Malware & Threats

Chinese Espionage Crews Circle SentinelOne in Year-Long Reconnaissance Campaign

APT41, China, Incident Response, Malware & Threats, Nation-State, PurpleHaze, SentinelLabs, SentinelOne, Shadowpad /

Chinese Espionage Crews Circle SentinelOne in Year-Long Reconnaissance Campaign 2025-06-09 at 20:58 By Ryan Naraine Anti-malware vendor said it spent the past twelve months deflecting a stream of network reconnaissance probes from China-nexus threat actors The post Chinese Espionage Crews Circle SentinelOne in Year-Long Reconnaissance Campaign appeared first on SecurityWeek. This article is an excerpt […]

React to this headline:

Loading spinner

Chinese Espionage Crews Circle SentinelOne in Year-Long Reconnaissance Campaign Read More »

Mirai Botnets Exploiting Wazuh Security Platform Vulnerability 

botnet, exploited, Malware & Threats, Wazuh /

Mirai Botnets Exploiting Wazuh Security Platform Vulnerability  2025-06-09 at 17:22 By Eduard Kovacs CVE-2025-24016, a critical remote code execution vulnerability affecting Wazuh servers, has been exploited by Mirai botnets. The post Mirai Botnets Exploiting Wazuh Security Platform Vulnerability  appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source React to this

React to this headline:

Loading spinner

Mirai Botnets Exploiting Wazuh Security Platform Vulnerability  Read More »

React Native Aria Packages Backdoored in Supply Chain Attack

backdoor, Malware & Threats, NPM, supply chain, Supply Chain Security /

React Native Aria Packages Backdoored in Supply Chain Attack 2025-06-09 at 17:22 By Ionut Arghire A threat actor published backdoored versions of 17 NPM packages from GlueStack in a fresh supply chain attack. The post React Native Aria Packages Backdoored in Supply Chain Attack appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

React to this headline:

Loading spinner

React Native Aria Packages Backdoored in Supply Chain Attack Read More »

Malicious NPM Packages Disguised as Express Utilities Allow Attackers to Wipe Systems

destructive, Malware, Malware & Threats, NPM, wiper /

Malicious NPM Packages Disguised as Express Utilities Allow Attackers to Wipe Systems 2025-06-09 at 16:35 By Ionut Arghire Two malicious NPM packages contain code that would delete production systems when triggered with the right credentials. The post Malicious NPM Packages Disguised as Express Utilities Allow Attackers to Wipe Systems appeared first on SecurityWeek. This article

React to this headline:

Loading spinner

Malicious NPM Packages Disguised as Express Utilities Allow Attackers to Wipe Systems Read More »

Destructive ‘PathWiper’ Targeting Ukraine’s Critical Infrastructure

Featured, Malware, Malware & Threats, PathWiper, Russia, Ukraine, wiper /

Destructive ‘PathWiper’ Targeting Ukraine’s Critical Infrastructure 2025-06-06 at 13:21 By Ionut Arghire A Russia-linked threat actor has used the destructive malware dubbed PathWiper against a critical infrastructure organization in Ukraine. The post Destructive ‘PathWiper’ Targeting Ukraine’s Critical Infrastructure appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source React to this

React to this headline:

Loading spinner

Destructive ‘PathWiper’ Targeting Ukraine’s Critical Infrastructure Read More »

Backdoored Open Source Malware Repositories Target Novice Cybercriminals

backdoor, Malware, Malware & Threats /

Backdoored Open Source Malware Repositories Target Novice Cybercriminals 2025-06-05 at 16:32 By Ionut Arghire A threat actor has been creating backdoored open source malware repositories to target novice cybercriminals and game cheaters. The post Backdoored Open Source Malware Repositories Target Novice Cybercriminals appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original

React to this headline:

Loading spinner

Backdoored Open Source Malware Repositories Target Novice Cybercriminals Read More »

ClickFix Attack Exploits Fake Cloudflare Turnstile to Deliver Malware

ClickFix, Cloudflare, Malware & Threats /

ClickFix Attack Exploits Fake Cloudflare Turnstile to Deliver Malware 2025-06-05 at 14:47 By Kevin Townsend Researchers have discovered and analyzed a ClickFix attack that uses a fake Cloudflare ‘humanness’ check. The post ClickFix Attack Exploits Fake Cloudflare Turnstile to Deliver Malware appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

React to this headline:

Loading spinner

ClickFix Attack Exploits Fake Cloudflare Turnstile to Deliver Malware Read More »

Ramnit Malware Infections Spike in OT as Evidence Suggests ICS Shift

Featured, Honeywell, ICS, ICS/OT, Malware, Malware & Threats, OT, Ramnit, report /

Ramnit Malware Infections Spike in OT as Evidence Suggests ICS Shift 2025-06-04 at 14:17 By Eduard Kovacs Industrial giant Honeywell has published its 2025 Cybersecurity Threat Report with information on the latest trends. The post Ramnit Malware Infections Spike in OT as Evidence Suggests ICS Shift appeared first on SecurityWeek. This article is an excerpt

React to this headline:

Loading spinner

Ramnit Malware Infections Spike in OT as Evidence Suggests ICS Shift Read More »

Microsoft, CrowdStrike Lead Effort to Map Threat Actor Names

APT, CrowdStrike, Featured, Malware & Threats, Management & Strategy, Microsoft, naming /

Microsoft, CrowdStrike Lead Effort to Map Threat Actor Names 2025-06-03 at 11:33 By Eduard Kovacs Microsoft and CrowdStrike are running a project that aims to align threat actor names, and Google and Palo Alto Networks will also contribute. The post Microsoft, CrowdStrike Lead Effort to Map Threat Actor Names appeared first on SecurityWeek. This article

React to this headline:

Loading spinner

Microsoft, CrowdStrike Lead Effort to Map Threat Actor Names Read More »

Cryptojackers Caught Mining Monero via Exposed DevOps Infrastructure

Cryptocurrency, cybercrime, HashiCorp Nomad, Malware & Threats, Monero, Wiz, XMLRig /

Cryptojackers Caught Mining Monero via Exposed DevOps Infrastructure 2025-06-02 at 19:02 By Ryan Naraine Cryptocurrency mining operation hits exposed Consul dashboards, Docker Engine APIs and Gitea code-hosting instances to push Monero miner. The post Cryptojackers Caught Mining Monero via Exposed DevOps Infrastructure appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original

React to this headline:

Loading spinner

Cryptojackers Caught Mining Monero via Exposed DevOps Infrastructure Read More »

Qualcomm Flags Exploitation of Adreno GPU Flaws, Urges OEMs to Patch Urgently

CVE-2025-21479, CVE-2025-21480, CVE-2025-27038, Google TAG, Malware & Threats, Qualcomm, Vulnerabilities /

Qualcomm Flags Exploitation of Adreno GPU Flaws, Urges OEMs to Patch Urgently 2025-06-02 at 18:02 By Ryan Naraine Chipmaker says there are indications from Google Threat Analysis Group that a trio of flaws “may be under limited, targeted exploitation.” The post Qualcomm Flags Exploitation of Adreno GPU Flaws, Urges OEMs to Patch Urgently appeared first

React to this headline:

Loading spinner

Qualcomm Flags Exploitation of Adreno GPU Flaws, Urges OEMs to Patch Urgently Read More »

In Other News: PoC for Fortinet Bug, AI Model Subverts Shutdown, RAT Source Code Leaked

In Other News, Malware & Threats /

In Other News: PoC for Fortinet Bug, AI Model Subverts Shutdown, RAT Source Code Leaked 2025-06-02 at 11:17 By SecurityWeek News Noteworthy stories that might have slipped under the radar: simple PoC code released for Fortinet zero-day, OpenAI O3 disobeys shutdown orders, source code of SilverRAT emerges online. The post In Other News: PoC for

React to this headline:

Loading spinner

In Other News: PoC for Fortinet Bug, AI Model Subverts Shutdown, RAT Source Code Leaked Read More »

Firebase, Google Apps Script Abused in Fresh Phishing Campaigns

Cofense, ESET, Firebase, Fraud & Identity Theft, Google, Malware & Threats, Trellix /

Firebase, Google Apps Script Abused in Fresh Phishing Campaigns 2025-05-30 at 18:01 By Ionut Arghire Security researchers flag two phishing campaigns abusing Firebase and Google Apps Script to host malware and fake login pages. The post Firebase, Google Apps Script Abused in Fresh Phishing Campaigns appeared first on SecurityWeek. This article is an excerpt from

React to this headline:

Loading spinner

Firebase, Google Apps Script Abused in Fresh Phishing Campaigns Read More »

GreyNoise Flags 9,000 ASUS Routers Backdoored Via Patched Vulnerability

Asus, botnet, Censys, CVE-2023-39780, GreyNoise, IoT Security, Malware & Threats, ORB, Vulnerabilities /

GreyNoise Flags 9,000 ASUS Routers Backdoored Via Patched Vulnerability 2025-05-29 at 17:37 By Ryan Naraine Professional hackers have built a network of ASUS routers that can survive firmware upgrades, factory reboots and most anti-malware scans. The post GreyNoise Flags 9,000 ASUS Routers Backdoored Via Patched Vulnerability appeared first on SecurityWeek. This article is an excerpt

React to this headline:

Loading spinner

GreyNoise Flags 9,000 ASUS Routers Backdoored Via Patched Vulnerability Read More »

Vietnamese Hackers Distribute Malware via Fake AI-Themed Websites

Artificial Intelligence, Malware & Threats, Mandiant, UNC6032, Vietnam /

Vietnamese Hackers Distribute Malware via Fake AI-Themed Websites 2025-05-28 at 16:29 By Ionut Arghire Mandiant warns that a Vietnamese hacking group tracked as UNC6032 is distributing malware via fake AI video generator websites. The post Vietnamese Hackers Distribute Malware via Fake AI-Themed Websites appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View

React to this headline:

Loading spinner

Vietnamese Hackers Distribute Malware via Fake AI-Themed Websites Read More »

Ongoing Campaign Uses 60 NPM Packages to Steal Data

Info stealer, Malware & Threats, NPM, open source, Socket, Supply Chain Security /

Ongoing Campaign Uses 60 NPM Packages to Steal Data 2025-05-27 at 17:17 By Ionut Arghire Security firm Socket warns flags a campaign targeting NPM users with tens of malicious packages that can hijack system information. The post Ongoing Campaign Uses 60 NPM Packages to Steal Data appeared first on SecurityWeek. This article is an excerpt

React to this headline:

Loading spinner

Ongoing Campaign Uses 60 NPM Packages to Steal Data Read More »

Companies Warned of Commvault Vulnerability Exploitation

alert, CISA, Commvault, exploited, Malware & Threats, vulnerability /

Companies Warned of Commvault Vulnerability Exploitation 2025-05-23 at 13:48 By Ionut Arghire CISA warns companies of a widespread campaign targeting a Commvault vulnerability to hack Azure environments. The post Companies Warned of Commvault Vulnerability Exploitation appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source React to this headline:

React to this headline:

Loading spinner

Companies Warned of Commvault Vulnerability Exploitation Read More »

Cityworks Zero-Day Exploited by Chinese Hackers in US Local Government Attacks

China, CityWorks, exploited, Malware & Threats, Trimble, Zero-Day /

Cityworks Zero-Day Exploited by Chinese Hackers in US Local Government Attacks 2025-05-23 at 12:31 By Ionut Arghire A Chinese threat actor exploited a zero-day vulnerability in Trimble Cityworks to hack local government entities in the US. The post Cityworks Zero-Day Exploited by Chinese Hackers in US Local Government Attacks appeared first on SecurityWeek. This article

React to this headline:

Loading spinner

Cityworks Zero-Day Exploited by Chinese Hackers in US Local Government Attacks Read More »

DanaBot Botnet Disrupted, 16 Suspects Charged

botnet, DanaBot, Featured, law enforcement, Malware, Malware & Threats, takedown /

DanaBot Botnet Disrupted, 16 Suspects Charged 2025-05-23 at 12:03 By Eduard Kovacs The DanaBot botnet ensnared over 300,000 devices and caused more than $50 million in damages before being disrupted. The post DanaBot Botnet Disrupted, 16 Suspects Charged appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source React to this

React to this headline:

Loading spinner

DanaBot Botnet Disrupted, 16 Suspects Charged Read More »

Chinese Spies Exploit Ivanti Vulnerabilities Against Critical Sectors

China, critical infrastructure, cyberespionage, espionage, exploited, Ivanti, Malware & Threats /

Chinese Spies Exploit Ivanti Vulnerabilities Against Critical Sectors 2025-05-23 at 11:31 By Ionut Arghire A Chinese espionage group has been chaining two recent Ivanti EPMM vulnerabilities in attacks against organizations in multiple critical sectors. The post Chinese Spies Exploit Ivanti Vulnerabilities Against Critical Sectors appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

React to this headline:

Loading spinner

Chinese Spies Exploit Ivanti Vulnerabilities Against Critical Sectors Read More »

Scroll to Top