Malware & Threats - Security Ticks

Microsoft Disrupts Malware-Signing Service Run by ‘Fox Tempest’

Featured, Fox Tempest, Malware, Malware & Threats, Microsoft, takedown, Vanilla Tempest / SecurityTicks

Microsoft Disrupts Malware-Signing Service Run by ‘Fox Tempest’ 2026-05-19 at 19:07 By Eduard Kovacs  Fox Tempest provides a service that cybercriminals use to distribute ransomware and other malware disguised as legitimate software. The post Microsoft Disrupts Malware-Signing Service Run by ‘Fox Tempest’ appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original […]

Microsoft Disrupts Malware-Signing Service Run by ‘Fox Tempest’ Read More »

Legacy Windows Tool MSHTA Fuels Surge in Silent Malware Attacks

Endpoint Security, Malware, Malware & Threats, mshta, Windows / SecurityTicks

Legacy Windows Tool MSHTA Fuels Surge in Silent Malware Attacks 2026-05-19 at 16:58 By Kevin Townsend Attackers are increasingly abusing Microsoft’s decades-old MSHTA utility to stealthily deliver stealers, loaders, and persistent malware through phishing, fake software downloads, and LOLBIN-based attack chains. The post Legacy Windows Tool MSHTA Fuels Surge in Silent Malware Attacks appeared first

Legacy Windows Tool MSHTA Fuels Surge in Silent Malware Attacks Read More »

First Shai-Hulud Worm Clones Emerge

Malware, Malware & Threats, Shai-Hulud, source code, worm / SecurityTicks

First Shai-Hulud Worm Clones Emerge 2026-05-18 at 12:57 By Ionut Arghire At least one threat actor has adopted the recently released malware source code in attacks against NPM developers. The post First Shai-Hulud Worm Clones Emerge appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

First Shai-Hulud Worm Clones Emerge Read More »

In Other News: Big Tech vs Canada Encryption Bill, Cisco’s Free AI Security Spec, Audi App Flaws

Artificial Intelligence, Government, In Other News, Malware & Threats / SecurityTicks

In Other News: Big Tech vs Canada Encryption Bill, Cisco’s Free AI Security Spec, Audi App Flaws 2026-05-15 at 18:30 By SecurityWeek News Other noteworthy stories that might have slipped under the radar: Nvidia cloud gaming data breach, Android 17 security upgrades, FBI warning after ShinyHunters hacks Canvas. The post In Other News: Big Tech

In Other News: Big Tech vs Canada Encryption Bill, Cisco’s Free AI Security Spec, Audi App Flaws Read More »

TeamPCP Ups the Game, Releases Shai-Hulud Worm’s Source Code

Malware, Malware & Threats, Shai-Hulud, source code, Supply Chain Security, TeamPCP, worm / SecurityTicks

TeamPCP Ups the Game, Releases Shai-Hulud Worm’s Source Code 2026-05-15 at 14:32 By Ionut Arghire The hacking group is encouraging miscreants to use the code in supply chain attacks, promising monetary rewards. The post TeamPCP Ups the Game, Releases Shai-Hulud Worm’s Source Code appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View

TeamPCP Ups the Game, Releases Shai-Hulud Worm’s Source Code Read More »

Chinese APTs Expand Targets, Update Backdoors in Recent Campaigns

China, China APT, Malware & Threats, Nation-State, Salt Typhoon, Twill Typhoon / SecurityTicks

Chinese APTs Expand Targets, Update Backdoors in Recent Campaigns 2026-05-14 at 18:25 By Ionut Arghire Salt Typhoon has hit an energy entity in Azerbaijan. Twill Typhoon has targeted Asian entities with an updated RAT. The post Chinese APTs Expand Targets, Update Backdoors in Recent Campaigns appeared first on SecurityWeek. This article is an excerpt from

Chinese APTs Expand Targets, Update Backdoors in Recent Campaigns Read More »

Free OnlyFans Lure Used to Spread Cross-Platform CRPx0 Malware

CRPx0, Malware, Malware & Threats / SecurityTicks

Free OnlyFans Lure Used to Spread Cross-Platform CRPx0 Malware 2026-05-12 at 17:34 By Kevin Townsend CRPx0 is a complex, stealthy malware campaign that targets macOS and Windows systems, and appears to have Linux capabilities in development. The post Free OnlyFans Lure Used to Spread Cross-Platform CRPx0 Malware appeared first on SecurityWeek. This article is an

Free OnlyFans Lure Used to Spread Cross-Platform CRPx0 Malware Read More »

TanStack, Mistral AI, UiPath Hit in Fresh Supply Chain Attack

Featured, Malware & Threats, Mini Shai-Hulud, supply chain attack, Supply Chain Security, TeamPCP / SecurityTicks

TanStack, Mistral AI, UiPath Hit in Fresh Supply Chain Attack 2026-05-12 at 13:20 By Ionut Arghire Over 400 malicious versions of 170 packages were published as part of the new Mini Shai-Hulud campaign. The post TanStack, Mistral AI, UiPath Hit in Fresh Supply Chain Attack appeared first on SecurityWeek. This article is an excerpt from

TanStack, Mistral AI, UiPath Hit in Fresh Supply Chain Attack Read More »

In Other News: Train Hacker Arrested, PamDOORa Linux Backdoor, New CISA Director Frontrunner

In Other News, Malware & Threats / SecurityTicks

In Other News: Train Hacker Arrested, PamDOORa Linux Backdoor, New CISA Director Frontrunner 2026-05-08 at 18:03 By SecurityWeek News Other noteworthy stories that might have slipped under the radar: US gov targets 72-hour patch cycles, malware uses Windows Phone Link to steal OTPs, spy operation targets Eurasian drone industry. The post In Other News: Train

In Other News: Train Hacker Arrested, PamDOORa Linux Backdoor, New CISA Director Frontrunner Read More »

‘PCPJack’ Worm Removes TeamPCP Infections, Steals Credentials

Malware, Malware & Threats, PCPJack, TeamPCP, worm / SecurityTicks

‘PCPJack’ Worm Removes TeamPCP Infections, Steals Credentials 2026-05-08 at 11:32 By Ionut Arghire The malware framework targets web applications and cloud environments, including AWS, Docker, Kubernetes, and more. The post ‘PCPJack’ Worm Removes TeamPCP Infections, Steals Credentials appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

‘PCPJack’ Worm Removes TeamPCP Infections, Steals Credentials Read More »

Vendor Says Daemon Tools Supply Chain Attack Contained

Daemon Tools, Malware, Malware & Threats, supply chain attack, Supply Chain Security / SecurityTicks

Vendor Says Daemon Tools Supply Chain Attack Contained 2026-05-07 at 17:33 By Ionut Arghire The software developer has identified the impacted systems, removed potentially compromised files, and validated installation packages. The post Vendor Says Daemon Tools Supply Chain Attack Contained appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Vendor Says Daemon Tools Supply Chain Attack Contained Read More »

Sophisticated Quasar Linux RAT Targets Software Developers

Linux malware, Malware, Malware & Threats, QLNX, Quasar Linux / SecurityTicks

Sophisticated Quasar Linux RAT Targets Software Developers 2026-05-06 at 13:00 By Ionut Arghire The persistent, evasive implant provides remote access, surveillance, and credential exfiltration capabilities. The post Sophisticated Quasar Linux RAT Targets Software Developers appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Sophisticated Quasar Linux RAT Targets Software Developers Read More »

Government, Scientific Entities Hit via Daemon Tools Supply Chain Attack

Daemon Tools, Malware & Threats, supply chain attack, Supply Chain Security / SecurityTicks

Government, Scientific Entities Hit via Daemon Tools Supply Chain Attack 2026-05-06 at 12:03 By Ionut Arghire While trojanized Daemon Tools versions were installed worldwide, a sophisticated backdoor was dropped only on a dozen systems. The post Government, Scientific Entities Hit via Daemon Tools Supply Chain Attack appeared first on SecurityWeek. This article is an excerpt

Government, Scientific Entities Hit via Daemon Tools Supply Chain Attack Read More »

Sophisticated Deep#Door Backdoor Enables Espionage, Disruption

backdoor, Deep#Door, disruption, epsionage, Malware, Malware & Threats / SecurityTicks

Sophisticated Deep#Door Backdoor Enables Espionage, Disruption 2026-05-01 at 15:18 By Ionut Arghire The stealthy Python-based backdoor framework deploys a persistent Windows implant likely designed for espionage. The post Sophisticated Deep#Door Backdoor Enables Espionage, Disruption appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Sophisticated Deep#Door Backdoor Enables Espionage, Disruption Read More »

Hugging Face, ClawHub Abused for Malware Distribution

AI, Artificial Intelligence, ClawHub, Hugging Face, Malware, Malware & Threats / SecurityTicks

Hugging Face, ClawHub Abused for Malware Distribution 2026-05-01 at 11:41 By Ionut Arghire Threat actors are relying on social engineering to lure users into downloading files containing malicious instructions. The post Hugging Face, ClawHub Abused for Malware Distribution appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Hugging Face, ClawHub Abused for Malware Distribution Read More »

SAP NPM Packages Targeted in Supply Chain Attack

Malware & Threats, NPM, SAP, Shai-Hulud, supply chain attack, Supply Chain Security, TeamPCP / SecurityTicks

SAP NPM Packages Targeted in Supply Chain Attack 2026-04-30 at 17:35 By Ionut Arghire The Mini Shai-Hulud attack introduced a preinstall hook to fetch and execute a Bun binary and bypass security monitoring. The post SAP NPM Packages Targeted in Supply Chain Attack appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View

SAP NPM Packages Targeted in Supply Chain Attack Read More »

Dozens of Open VSX Extension Clones Linked to GlassWorm Malware

GlassWorm, Malware & Threats, Open VSX / SecurityTicks

Dozens of Open VSX Extension Clones Linked to GlassWorm Malware 2026-04-28 at 17:12 By Ionut Arghire Over 70 cloned Open VSX extensions are likely sleeper extensions designed to distribute malware. The post Dozens of Open VSX Extension Clones Linked to GlassWorm Malware appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original

Dozens of Open VSX Extension Clones Linked to GlassWorm Malware Read More »

UNC6692 Uses Email Bombing, Social Engineering to Deploy ‘Snow’ Malware

email bombing, email security, Malware, Malware & Threats, Snow, social engineering, UNC6692 / SecurityTicks

UNC6692 Uses Email Bombing, Social Engineering to Deploy ‘Snow’ Malware 2026-04-27 at 13:55 By Ionut Arghire The threat actor infected victims with the Snow malware family – Snowbelt, Snowglaze, and Snowbasin – for persistent access. The post UNC6692 Uses Email Bombing, Social Engineering to Deploy ‘Snow’ Malware appeared first on SecurityWeek. This article is an

UNC6692 Uses Email Bombing, Social Engineering to Deploy ‘Snow’ Malware Read More »

Easily Exploitable ‘Pack2TheRoot’ Linux Vulnerability Leads to Root Access

Endpoint Security, Linux, Malware & Threats, Pack2TheRoot, privilege escalation, Vulnerabilities / SecurityTicks

Easily Exploitable ‘Pack2TheRoot’ Linux Vulnerability Leads to Root Access 2026-04-27 at 13:18 By Ionut Arghire A race condition in PackageKit allows unprivileged users to escalate privileges when installing packages. The post Easily Exploitable ‘Pack2TheRoot’ Linux Vulnerability Leads to Root Access appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Easily Exploitable ‘Pack2TheRoot’ Linux Vulnerability Leads to Root Access Read More »

China-Linked APT GopherWhisper Abuses Legitimate Services in Government Attacks

China APT, GopherWhisper, Malware & Threats, Nation-State / SecurityTicks

China-Linked APT GopherWhisper Abuses Legitimate Services in Government Attacks 2026-04-25 at 14:57 By Ionut Arghire Dubbed GopherWhisper, the group relies on multiple Go-based backdoors alongside custom loaders and injectors. The post China-Linked APT GopherWhisper Abuses Legitimate Services in Government Attacks appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

China-Linked APT GopherWhisper Abuses Legitimate Services in Government Attacks Read More »