Malware & Threats

In Other News: N8n Flaw Exploited, Slopoly Malware, Interpol Cybercrime Crackdown

In Other News, Malware & Threats /

In Other News: N8n Flaw Exploited, Slopoly Malware, Interpol Cybercrime Crackdown 2026-03-13 at 16:29 By SecurityWeek News Other noteworthy stories that might have slipped under the radar: Telus Digital data breach, vulnerabilities in Linux AppArmor allow root privileges, US defense contractor behind Coruna exploits. The post In Other News: N8n Flaw Exploited, Slopoly Malware, Interpol […]

In Other News: N8n Flaw Exploited, Slopoly Malware, Interpol Cybercrime Crackdown Read More »

Authorities Disrupt SocksEscort Proxy Service Powered by AVrecon Botnet

AVrecon, botnet, cybercrime, law enforcement, Malware, Malware & Threats, SocksEscort, takedown, Tracking & Law Enforcement /

Authorities Disrupt SocksEscort Proxy Service Powered by AVrecon Botnet 2026-03-13 at 10:31 By Eduard Kovacs Law enforcement agencies in the US and Europe targeted the cybercrime service that has impacted 360,000 devices since 2020. The post Authorities Disrupt SocksEscort Proxy Service Powered by AVrecon Botnet appeared first on SecurityWeek. This article is an excerpt from

Authorities Disrupt SocksEscort Proxy Service Powered by AVrecon Botnet Read More »

Polyfill Supply Chain Attack Impacting 100k Sites Linked to North Korea

cybercrime, infostealer, Malware, Malware & Threats, North Korea, Polyfill /

Polyfill Supply Chain Attack Impacting 100k Sites Linked to North Korea 2026-03-12 at 11:48 By Eduard Kovacs The 2024 incident was initially linked to China, but an infostealer infection has now revealed North Korean involvement. The post Polyfill Supply Chain Attack Impacting 100k Sites Linked to North Korea appeared first on SecurityWeek. This article is

Polyfill Supply Chain Attack Impacting 100k Sites Linked to North Korea Read More »

‘BlackSanta’ Malware Activates EDR and AV Killer Before Detonating Payload

Endpoint Security, Featured, Malware, Malware & Threats /

‘BlackSanta’ Malware Activates EDR and AV Killer Before Detonating Payload 2026-03-11 at 11:42 By Kevin Townsend The malware disables antivirus and EDR protections at the kernel level, clearing the path for credential harvesting, system reconnaissance, and eventual data exfiltration. The post ‘BlackSanta’ Malware Activates EDR and AV Killer Before Detonating Payload appeared first on SecurityWeek.

‘BlackSanta’ Malware Activates EDR and AV Killer Before Detonating Payload Read More »

ClickFix Attack Uses Windows Terminal to Evade Detection

Malware, Malware & Threats /

ClickFix Attack Uses Windows Terminal to Evade Detection 2026-03-09 at 15:37 By Ionut Arghire Fake CAPTCHA pages instruct victims to paste malicious commands in the Windows Terminal instead of the Run dialog. The post ClickFix Attack Uses Windows Terminal to Evade Detection appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original

ClickFix Attack Uses Windows Terminal to Evade Detection Read More »

Cloned AI Tool Sites Distribute Malware in ‘InstallFix’ Campaign

ClickFix, infostealer, InstallFix, Malware, Malware & Threats /

Cloned AI Tool Sites Distribute Malware in ‘InstallFix’ Campaign 2026-03-09 at 13:50 By Ionut Arghire Threat actors replace legitimate commands on the cloned installation webpages with malicious commands. The post Cloned AI Tool Sites Distribute Malware in ‘InstallFix’ Campaign appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Cloned AI Tool Sites Distribute Malware in ‘InstallFix’ Campaign Read More »

Over 100 GitHub Repositories Distributing BoryptGrab Stealer

BoryptGrab, infostealer, Malware, Malware & Threats /

Over 100 GitHub Repositories Distributing BoryptGrab Stealer 2026-03-07 at 14:46 By Ionut Arghire The malware targets browser and cryptocurrency wallet data, along with system information and user files. The post Over 100 GitHub Repositories Distributing BoryptGrab Stealer appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Over 100 GitHub Repositories Distributing BoryptGrab Stealer Read More »

How Pirated Software Turns Helpful Employees Into Malware Delivery Agents

Malware, Malware & Threats /

How Pirated Software Turns Helpful Employees Into Malware Delivery Agents 2026-03-04 at 14:48 By Kevin Townsend Employees seeking free versions of paid software may unknowingly install malware-laced “cracked” apps that can steal credentials, deploy cryptominers, or open the door to ransomware. The post How Pirated Software Turns Helpful Employees Into Malware Delivery Agents appeared first

How Pirated Software Turns Helpful Employees Into Malware Delivery Agents Read More »

North Korean APT Targets Air-Gapped Systems in Recent Campaign

air gap, APT37, Malware & Threats, North Korea /

North Korean APT Targets Air-Gapped Systems in Recent Campaign 2026-03-02 at 13:47 By Ionut Arghire Using Windows shortcut files, the APT deployed a new implant, a loader, a propagation tool, and two backdoors. The post North Korean APT Targets Air-Gapped Systems in Recent Campaign appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

North Korean APT Targets Air-Gapped Systems in Recent Campaign Read More »

In Other News: ATT&CK Advisory Council, Russian Cyberattacks Aid Missile Strikes, Predator Bypasses iOS Indicators

In Other News, Malware & Threats /

In Other News: ATT&CK Advisory Council, Russian Cyberattacks Aid Missile Strikes, Predator Bypasses iOS Indicators 2026-02-28 at 07:07 By SecurityWeek News Other noteworthy stories that might have slipped under the radar: cyber valuations surge, OpenAI disrupts malicious AI use, ShinyHunters claims Odido breach. The post In Other News: ATT&CK Advisory Council, Russian Cyberattacks Aid Missile

In Other News: ATT&CK Advisory Council, Russian Cyberattacks Aid Missile Strikes, Predator Bypasses iOS Indicators Read More »

Aeternum Botnet Loader Employs Polygon Blockchain C&C to Boost Resilience

Aeternum, botnet, Malware, Malware & Threats /

Aeternum Botnet Loader Employs Polygon Blockchain C&C to Boost Resilience 2026-02-27 at 14:30 By Ionut Arghire Aeternum operates on smart contracts, making its command-and-control (C&C) infrastructure difficult to disrupt. The post Aeternum Botnet Loader Employs Polygon Blockchain C&C to Boost Resilience appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Aeternum Botnet Loader Employs Polygon Blockchain C&C to Boost Resilience Read More »

Cisco Patches Catalyst SD-WAN Zero-Day Exploited by Highly Sophisticated Hackers

Catalyst, Cisco, exploited, Featured, Malware & Threats, SD-WAN, Vulnerabilities, vulnerability, Zero-Day /

Cisco Patches Catalyst SD-WAN Zero-Day Exploited by Highly Sophisticated Hackers 2026-02-26 at 11:52 By Ionut Arghire Already added to CISA’s KEV catalog, the flaw allows attackers to bypass authentication and gain administrative privileges. The post Cisco Patches Catalyst SD-WAN Zero-Day Exploited by Highly Sophisticated Hackers appeared first on SecurityWeek. This article is an excerpt from

Cisco Patches Catalyst SD-WAN Zero-Day Exploited by Highly Sophisticated Hackers Read More »

Google Disrupts Chinese Cyberespionage Campaign Targeting Telecoms, Governments

China APT, cyberespionage, disrupted, espionage, GridTide, Malware, Malware & Threats, Nation-State, telecoms /

Google Disrupts Chinese Cyberespionage Campaign Targeting Telecoms, Governments 2026-02-25 at 18:01 By Eduard Kovacs The UNC2814 threat actor has been active since at least 2017, targeting organizations across 42 countries.  The post Google Disrupts Chinese Cyberespionage Campaign Targeting Telecoms, Governments appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Google Disrupts Chinese Cyberespionage Campaign Targeting Telecoms, Governments Read More »

‘Arkanix Stealer’ Malware Disappears Shortly After Debut

Arkanix, infostealer, Malware, Malware & Threats /

‘Arkanix Stealer’ Malware Disappears Shortly After Debut 2026-02-24 at 17:53 By Ionut Arghire Written in C++ and Python, the malware exfiltrates system information, browser data, and steals files. The post ‘Arkanix Stealer’ Malware Disappears Shortly After Debut appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

‘Arkanix Stealer’ Malware Disappears Shortly After Debut Read More »

New ‘Sandworm_Mode’ Supply Chain Attack Hits NPM

Malware & Threats, NPM, Shai-Hulud, supply chain, supply chain attack, worm /

New ‘Sandworm_Mode’ Supply Chain Attack Hits NPM 2026-02-24 at 15:47 By Ionut Arghire The malicious code propagates like a worm, poisons AI assistants, exfiltrates secrets, and contains a destructive dead switch. The post New ‘Sandworm_Mode’ Supply Chain Attack Hits NPM appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

New ‘Sandworm_Mode’ Supply Chain Attack Hits NPM Read More »

‘DKnife’ Implant Used by Chinese Threat Actor for Adversary-in-the-Middle Attacks

AitM, backdoor, China, DKnife, framework, Malware & Threats /

‘DKnife’ Implant Used by Chinese Threat Actor for Adversary-in-the-Middle Attacks 2026-02-06 at 11:08 By Ionut Arghire Used since at least 2019, DKnife has been targeting the desktop, mobile, and IoT devices of Chinese users. The post ‘DKnife’ Implant Used by Chinese Threat Actor for Adversary-in-the-Middle Attacks appeared first on SecurityWeek. This article is an excerpt

‘DKnife’ Implant Used by Chinese Threat Actor for Adversary-in-the-Middle Attacks Read More »

SystemBC Infects 10,000 Devices After Defying Law Enforcement Takedown

botnet, Loader, Malware, Malware & Threats, SystemBC /

SystemBC Infects 10,000 Devices After Defying Law Enforcement Takedown 2026-02-05 at 14:21 By Ionut Arghire The malware is known for dropping ransomware and other payloads, and for abusing infected machines to proxy traffic. The post SystemBC Infects 10,000 Devices After Defying Law Enforcement Takedown appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

SystemBC Infects 10,000 Devices After Defying Law Enforcement Takedown Read More »

Cyberspy Group Hacked Governments and Critical Infrastructure in 37 Countries

China, China APT, critical infrastructure, Government, Malware & Threats, Nation-State, rootkit, Shadow Campaigns /

Cyberspy Group Hacked Governments and Critical Infrastructure in 37 Countries 2026-02-05 at 13:02 By Eduard Kovacs Palo Alto Networks has not attributed the APT activity to any specific country, but evidence points to China. The post Cyberspy Group Hacked Governments and Critical Infrastructure in 37 Countries appeared first on SecurityWeek. This article is an excerpt

Cyberspy Group Hacked Governments and Critical Infrastructure in 37 Countries Read More »

Critical React Native Vulnerability Exploited in the Wild

exploited, Malware & Threats, React, Vulnerabilities, vulnerability /

Critical React Native Vulnerability Exploited in the Wild 2026-02-03 at 16:01 By Ionut Arghire Albeit mainly considered a theoretical risk, the flaw has been exploited to disable protections and deliver malware. The post Critical React Native Vulnerability Exploited in the Wild appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Critical React Native Vulnerability Exploited in the Wild Read More »

Russia’s APT28 Rapidly Weaponizes Newly Patched Office Vulnerability 

APT, APT28, exploited, Featured, Malware & Threats, Nation-State, Office, Russia, Vulnerabilities /

Russia’s APT28 Rapidly Weaponizes Newly Patched Office Vulnerability  2026-02-03 at 15:15 By Eduard Kovacs The attacks targeting Europe were analyzed by Ukraine’s CERT-UA and the cybersecurity company Zscaler. The post Russia’s APT28 Rapidly Weaponizes Newly Patched Office Vulnerability  appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Russia’s APT28 Rapidly Weaponizes Newly Patched Office Vulnerability  Read More »

Scroll to Top