Malware & Threats

Threat Actors Deploy WordPress Malware in ‘mu-plugins’ Directory

Malware & Threats, mu-plugins, Sucuri, Vulnerabilities, WordPress, WordPress plugin /

Threat Actors Deploy WordPress Malware in ‘mu-plugins’ Directory 2025-03-31 at 18:07 By Ionut Arghire Sucuri has discovered multiple malware families deployed in the WordPress mu-plugins directory to evade routine security checks. The post Threat Actors Deploy WordPress Malware in ‘mu-plugins’ Directory appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source […]

React to this headline:

Loading spinner

Threat Actors Deploy WordPress Malware in ‘mu-plugins’ Directory Read More »

‘Crocodilus’ Android Banking Trojan Allows Device Takeover, Data Theft

Android malware, Banking Trojan, Crocodilus, Malware, Malware & Threats /

‘Crocodilus’ Android Banking Trojan Allows Device Takeover, Data Theft 2025-03-31 at 14:05 By Ionut Arghire The newly identified Android banking trojan Crocodilus takes over devices, enabling overlay attacks, remote control, and keylogging. The post ‘Crocodilus’ Android Banking Trojan Allows Device Takeover, Data Theft appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View

React to this headline:

Loading spinner

‘Crocodilus’ Android Banking Trojan Allows Device Takeover, Data Theft Read More »

CISA Analyzes Malware Used in Ivanti Zero-Day Attacks

CISA, exploit, Ivanti, Malware, Malware & Threats, Resurge /

CISA Analyzes Malware Used in Ivanti Zero-Day Attacks 2025-03-31 at 13:37 By Ionut Arghire CISA has published its analysis of Resurge, a SpawnChimera malware variant used in attacks targeting a recent Ivanti Connect Secure zero-day. The post CISA Analyzes Malware Used in Ivanti Zero-Day Attacks appeared first on SecurityWeek. This article is an excerpt from

React to this headline:

Loading spinner

CISA Analyzes Malware Used in Ivanti Zero-Day Attacks Read More »

9-Year-Old NPM Crypto Package Hijacked for Information Theft

Cryptocurrency, hijacking, Malware & Threats, NPM /

9-Year-Old NPM Crypto Package Hijacked for Information Theft 2025-03-28 at 14:32 By Ionut Arghire Nearly a dozen crypto packages on NPM, including one published 9 years ago, have been hijacked to deliver infostealers. The post 9-Year-Old NPM Crypto Package Hijacked for Information Theft appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View

React to this headline:

Loading spinner

9-Year-Old NPM Crypto Package Hijacked for Information Theft Read More »

Fresh Grandoreiro Banking Trojan Campaigns Target Latin America, Europe

Banking Trojan, Grandoreiro, Malware, Malware & Threats, trojan /

Fresh Grandoreiro Banking Trojan Campaigns Target Latin America, Europe 2025-03-28 at 12:33 By Ionut Arghire The Grandoreiro banking trojan has reemerged in new campaigns targeting users in Latin America and Europe. The post Fresh Grandoreiro Banking Trojan Campaigns Target Latin America, Europe appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original

React to this headline:

Loading spinner

Fresh Grandoreiro Banking Trojan Campaigns Target Latin America, Europe Read More »

Russian Ransomware Gang Exploited Windows Zero-Day Before Patch

CVE-2025-26633, EncryptHub, Malware & Threats, Microsoft, MMC, Ransomware, Trend Micro, Vulnerabilities /

Russian Ransomware Gang Exploited Windows Zero-Day Before Patch 2025-03-26 at 18:26 By Ryan Naraine Exploitation of Windows MMC zero-day is being pinned on a ransomware gang known as EncryptHub (an affiliate of RansomHub) The post Russian Ransomware Gang Exploited Windows Zero-Day Before Patch appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View

React to this headline:

Loading spinner

Russian Ransomware Gang Exploited Windows Zero-Day Before Patch Read More »

AMTSO Releases Sandbox Evaluation Framework

AMTSO, framework, Malware & Threats, sandbox, testing /

AMTSO Releases Sandbox Evaluation Framework 2025-03-26 at 17:31 By Eduard Kovacs AMTSO has developed a Sandbox Evaluation Framework to standardize the testing of malware analysis solutions.  The post AMTSO Releases Sandbox Evaluation Framework appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source React to this headline:

React to this headline:

Loading spinner

AMTSO Releases Sandbox Evaluation Framework Read More »

macOS Users Warned of New Versions of ReaderUpdate Malware

adware, macOS malware, Malware, Malware & Threats, ReaderUpdate /

macOS Users Warned of New Versions of ReaderUpdate Malware 2025-03-26 at 13:51 By Ionut Arghire macOS users are targeted with multiple versions of the ReaderUpdate malware written in Crystal, Nim, Rust, and Go programming languages. The post macOS Users Warned of New Versions of ReaderUpdate Malware appeared first on SecurityWeek. This article is an excerpt

React to this headline:

Loading spinner

macOS Users Warned of New Versions of ReaderUpdate Malware Read More »

Chinese APT Weaver Ant Targeting Telecom Providers in Asia

APT, China APT, Malware & Threats, telecoms, Weaver Ant /

Chinese APT Weaver Ant Targeting Telecom Providers in Asia 2025-03-25 at 13:54 By Ionut Arghire Weaver Ant, a cyberespionage-focused APT operating out of China, is targeting telecom providers for persistent access. The post Chinese APT Weaver Ant Targeting Telecom Providers in Asia appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original

React to this headline:

Loading spinner

Chinese APT Weaver Ant Targeting Telecom Providers in Asia Read More »

Medusa Ransomware Uses Malicious Driver to Disable Security Tools

AbyssWorker, Malware, Malware & Threats, Medusa, Ransomware /

Medusa Ransomware Uses Malicious Driver to Disable Security Tools 2025-03-24 at 13:46 By Ionut Arghire The Medusa ransomware relies on a malicious Windows driver to disable the security tools running on the infected systems. The post Medusa Ransomware Uses Malicious Driver to Disable Security Tools appeared first on SecurityWeek. This article is an excerpt from

React to this headline:

Loading spinner

Medusa Ransomware Uses Malicious Driver to Disable Security Tools Read More »

300 Malicious ‘Vapor’ Apps Hosted on Google Play Had 60 Million Downloads

adware, Android, Android malware, Google Play, Malware & Threats, Vapor /

300 Malicious ‘Vapor’ Apps Hosted on Google Play Had 60 Million Downloads 2025-03-20 at 12:30 By Ionut Arghire Over 300 malicious applications displaying intrusive full-screen interstitial video ads amassed more than 60 million downloads on Google Play. The post 300 Malicious ‘Vapor’ Apps Hosted on Google Play Had 60 Million Downloads appeared first on SecurityWeek.

React to this headline:

Loading spinner

300 Malicious ‘Vapor’ Apps Hosted on Google Play Had 60 Million Downloads Read More »

Chinese Hacking Group MirrorFace Targeting Europe

China APT, Europe, Malware & Threats, MirrorFace /

Chinese Hacking Group MirrorFace Targeting Europe 2025-03-19 at 15:05 By Ionut Arghire Chinese hacking group MirrorFace has targeted a Central European diplomatic institute with the Anel backdoor and AsyncRAT. The post Chinese Hacking Group MirrorFace Targeting Europe appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source React to this headline:

React to this headline:

Loading spinner

Chinese Hacking Group MirrorFace Targeting Europe Read More »

Microsoft Warns of New StilachiRAT Malware

Malware, Malware & Threats, RAT, StilachiRAT /

Microsoft Warns of New StilachiRAT Malware 2025-03-19 at 12:00 By Eduard Kovacs Microsoft has shared details on StilachiRAT, an evasive and persistent piece of malware that facilitates sensitive data theft. The post Microsoft Warns of New StilachiRAT Malware appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source React to this

React to this headline:

Loading spinner

Microsoft Warns of New StilachiRAT Malware Read More »

11 State-Sponsored APTs Exploiting LNK Files for Espionage, Data Theft

APT, LNK, Malware, Malware & Threats, ZDI /

11 State-Sponsored APTs Exploiting LNK Files for Espionage, Data Theft 2025-03-18 at 16:02 By Eduard Kovacs ZDI has uncovered 1,000 malicious .lnk files used by state-sponsored and cybercrime threat actors to execute malicious commands. The post 11 State-Sponsored APTs Exploiting LNK Files for Espionage, Data Theft appeared first on SecurityWeek. This article is an excerpt

React to this headline:

Loading spinner

11 State-Sponsored APTs Exploiting LNK Files for Espionage, Data Theft Read More »

Exploit Code for Apache Tomcat RCE Vulnerability Published on Chinese Forum

Apache, Apache Tomcat, CVE-2025-24813, Malware & Threats, Network Security, remote code execution /

Exploit Code for Apache Tomcat RCE Vulnerability Published on Chinese Forum 2025-03-17 at 20:29 By Ryan Naraine Exploits swirling for remote code execution vulnerability (CVE-2025-24813) in open-source Apache Tomcat web server. The post Exploit Code for Apache Tomcat RCE Vulnerability Published on Chinese Forum appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

React to this headline:

Loading spinner

Exploit Code for Apache Tomcat RCE Vulnerability Published on Chinese Forum Read More »

100 Car Dealerships Hit by Supply Chain Attack

ClickFix, Malware, Malware & Threats, supply chain, Supply Chain Security /

100 Car Dealerships Hit by Supply Chain Attack 2025-03-17 at 14:17 By Ionut Arghire The websites of over 100 auto dealerships were found serving malicious ClickFix code in a supply chain compromise. The post 100 Car Dealerships Hit by Supply Chain Attack appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original

React to this headline:

Loading spinner

100 Car Dealerships Hit by Supply Chain Attack Read More »

In Other News: Swiss Breach Disclosure Rules, ESP32 Chip Backdoor Disputed, MassJacker

In Other News, Malware & Threats /

In Other News: Swiss Breach Disclosure Rules, ESP32 Chip Backdoor Disputed, MassJacker 2025-03-14 at 14:48 By SecurityWeek News Noteworthy stories that might have slipped under the radar: Switzerland requires disclosure of critical infrastructure attacks, ESP32 chips don’t contain a backdoor, MassJacker cryptojacking malware. The post In Other News: Swiss Breach Disclosure Rules, ESP32 Chip Backdoor

React to this headline:

Loading spinner

In Other News: Swiss Breach Disclosure Rules, ESP32 Chip Backdoor Disputed, MassJacker Read More »

ClickFix Widely Adopted by Cybercriminals, APT Groups

ClickFix, Malware & Threats /

ClickFix Widely Adopted by Cybercriminals, APT Groups 2025-03-14 at 14:30 By Ionut Arghire The ClickFix technique has been employed by cybercrime and APT groups for information stealer and other malware deployment. The post ClickFix Widely Adopted by Cybercriminals, APT Groups appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source React

React to this headline:

Loading spinner

ClickFix Widely Adopted by Cybercriminals, APT Groups Read More »

Unpatched Edimax Camera Flaw Exploited Since at Least May 2024

botnet, Edimax, exploited, Malware & Threats /

Unpatched Edimax Camera Flaw Exploited Since at Least May 2024 2025-03-13 at 21:08 By Eduard Kovacs A recently disclosed Edimax zero-day vulnerability has been exploited in the wild by Mirai botnets for nearly a year. The post Unpatched Edimax Camera Flaw Exploited Since at Least May 2024 appeared first on SecurityWeek. This article is an

React to this headline:

Loading spinner

Unpatched Edimax Camera Flaw Exploited Since at Least May 2024 Read More »

FreeType Zero-Day Being Exploited in the Wild

CVE-2025-27363, Facebook, FreeType, Malware & Threats, Meta, Vulnerabilities, Zero-Day /

FreeType Zero-Day Being Exploited in the Wild 2025-03-13 at 19:24 By Ryan Naraine Meta’s Facebook security team warns of live exploitation of a zero-day vulnerability in the open-source FreeType library.  The post FreeType Zero-Day Being Exploited in the Wild appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source React to

React to this headline:

Loading spinner

FreeType Zero-Day Being Exploited in the Wild Read More »

Scroll to Top