Malware & Threats

Chrome Extensions With 900,000 Downloads Caught Stealing AI Chats

browser extension, Chrome, data theft, extension, Malware & Threats /

Chrome Extensions With 900,000 Downloads Caught Stealing AI Chats 2026-01-07 at 17:35 By Ionut Arghire Impersonating a legitimate extension from AITOPIA, the two malicious extensions were also exfiltrating users’ browser activity. The post Chrome Extensions With 900,000 Downloads Caught Stealing AI Chats appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original […]

Chrome Extensions With 900,000 Downloads Caught Stealing AI Chats Read More »

Hackers Exploit Zero-Day in Discontinued D-Link Devices

D-Link, exploited, Featured, Malware & Threats, Vulnerabilities, Zero-Day /

Hackers Exploit Zero-Day in Discontinued D-Link Devices 2026-01-07 at 14:34 By Ionut Arghire The critical-severity vulnerability allows unauthenticated, remote attackers to execute arbitrary shell commands. The post Hackers Exploit Zero-Day in Discontinued D-Link Devices appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Hackers Exploit Zero-Day in Discontinued D-Link Devices Read More »

Sophisticated ClickFix Campaign Targeting Hospitality Sector

BSOD, ClickFix, DCrat, hospitality, Malware & Threats, RAT /

Sophisticated ClickFix Campaign Targeting Hospitality Sector 2026-01-06 at 15:44 By Ionut Arghire Fake Booking reservation cancellations and fake BSODs trick victims into executing malicious code leading to RAT infections. The post Sophisticated ClickFix Campaign Targeting Hospitality Sector appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Sophisticated ClickFix Campaign Targeting Hospitality Sector Read More »

Dozens of Major Data Breaches Linked to Single Threat Actor

data breach, Data Breaches, infostealer, Malware, Malware & Threats, Sentap, Zestix /

Dozens of Major Data Breaches Linked to Single Threat Actor 2026-01-06 at 14:32 By Ionut Arghire The initial access broker (IAB) relies on credentials exfiltrated using information stealers to hack organizations. The post Dozens of Major Data Breaches Linked to Single Threat Actor appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View

Dozens of Major Data Breaches Linked to Single Threat Actor Read More »

Kimwolf Android Botnet Grows Through Residential Proxy Networks

botnet, DDoS, Kimwolf, Malware & Threats /

Kimwolf Android Botnet Grows Through Residential Proxy Networks 2026-01-05 at 14:53 By Ionut Arghire The 2-million-device-strong botnet allows monetization through DDoS attacks, app installs, and the selling of proxy bandwidth. The post Kimwolf Android Botnet Grows Through Residential Proxy Networks appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Kimwolf Android Botnet Grows Through Residential Proxy Networks Read More »

RondoDox Botnet Exploiting React2Shell Vulnerability

botnet, exploited, Malware & Threats, React2Shell, RondoDox /

RondoDox Botnet Exploiting React2Shell Vulnerability 2026-01-02 at 14:42 By Ionut Arghire In December, the botnet’s operators focused on weaponizing the flaw to compromise vulnerable Next.js servers. The post RondoDox Botnet Exploiting React2Shell Vulnerability appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

RondoDox Botnet Exploiting React2Shell Vulnerability Read More »

Chinese APT Mustang Panda Caught Using Kernel-Mode Rootkit

China APT, HoneyMyte, Malware, Malware & Threats, Mustang Panda, rootkit, ToneShell /

Chinese APT Mustang Panda Caught Using Kernel-Mode Rootkit 2025-12-30 at 12:25 By Ionut Arghire The threat actor uses a signed driver file containing two user-mode shellcodes to execute its ToneShell backdoor. The post Chinese APT Mustang Panda Caught Using Kernel-Mode Rootkit appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Chinese APT Mustang Panda Caught Using Kernel-Mode Rootkit Read More »

Infostealer Malware Delivered in EmEditor Supply Chain Attack

EmEditor, infostealer, Malware, Malware & Threats, supply chain attack, Supply Chain Security /

Infostealer Malware Delivered in EmEditor Supply Chain Attack 2025-12-29 at 13:40 By Eduard Kovacs The ‘download’ button on the official EmEditor website served a malicious installer. The post Infostealer Malware Delivered in EmEditor Supply Chain Attack appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Infostealer Malware Delivered in EmEditor Supply Chain Attack Read More »

NPM Package With 56,000 Downloads Steals WhatsApp Credentials, Data

Malware, Malware & Threats, NPM /

NPM Package With 56,000 Downloads Steals WhatsApp Credentials, Data 2025-12-23 at 13:16 By Ionut Arghire The package provides legitimate functionality to evade detection, while stealing users’ data and deploying a backdoor. The post NPM Package With 56,000 Downloads Steals WhatsApp Credentials, Data appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original

NPM Package With 56,000 Downloads Steals WhatsApp Credentials, Data Read More »

MacSync macOS Malware Distributed via Signed Swift Application

infostealer, Mac malware, MacSync Stealer, Malware & Threats /

MacSync macOS Malware Distributed via Signed Swift Application 2025-12-22 at 15:00 By Ionut Arghire A recent MacSync Stealer version no longer requires users to directly interact with the terminal for execution. The post MacSync macOS Malware Distributed via Signed Swift Application appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

MacSync macOS Malware Distributed via Signed Swift Application Read More »

Chinese APT ‘LongNosedGoblin’ Targeting Asian Governments

China, China APT, espionage, LongNosedGoblin, Malware & Threats, Nation-State /

Chinese APT ‘LongNosedGoblin’ Targeting Asian Governments 2025-12-19 at 16:42 By Ionut Arghire The hacking group has been using Group Policy to deploy cyberespionage tools on governmental networks. The post Chinese APT ‘LongNosedGoblin’ Targeting Asian Governments appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Chinese APT ‘LongNosedGoblin’ Targeting Asian Governments Read More »

‘Kimwolf’ Android Botnet Ensnares 1.8 Million Devices

Android botnet, botnet, DDoS, Kimwolf, Malware & Threats /

‘Kimwolf’ Android Botnet Ensnares 1.8 Million Devices 2025-12-19 at 13:49 By Ionut Arghire Linked to the Aisuru IoT botnet, Kimwolf was seen launching over 1.7 billion DDoS attack commands and increasing its C&C domain’s popularity. The post ‘Kimwolf’ Android Botnet Ensnares 1.8 Million Devices appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

‘Kimwolf’ Android Botnet Ensnares 1.8 Million Devices Read More »

France Probes ‘Foreign Interference’ After Remote Control Malware Found on Passenger Ferry

ferry, France, Malware, Malware & Threats, RAT, Russia /

France Probes ‘Foreign Interference’ After Remote Control Malware Found on Passenger Ferry 2025-12-18 at 13:42 By Associated Press France’s counterespionage agency is investigating a suspected cyberattack plot targeting an international passenger ferry The post France Probes ‘Foreign Interference’ After Remote Control Malware Found on Passenger Ferry appeared first on SecurityWeek. This article is an excerpt

France Probes ‘Foreign Interference’ After Remote Control Malware Found on Passenger Ferry Read More »

China-Linked Hackers Exploiting Zero-Day in Cisco Security Gear

China, China APT, Cisco, CVE-2025-20393, exploited, Malware & Threats, UAT-9686, Vulnerabilities, Zero-Day /

China-Linked Hackers Exploiting Zero-Day in Cisco Security Gear 2025-12-18 at 09:18 By Eduard Kovacs The critical zero-day is tracked as CVE-2025-20393 and it impacts Secure Email Gateway and Secure Email and Web Manager appliances. The post China-Linked Hackers Exploiting Zero-Day in Cisco Security Gear appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

China-Linked Hackers Exploiting Zero-Day in Cisco Security Gear Read More »

New $150 Cellik RAT Grants Android Control, Trojanizes Google Play Apps

Android malware, Cellik, Malware & Threats, Mobile & Wireless, RAT /

New $150 Cellik RAT Grants Android Control, Trojanizes Google Play Apps 2025-12-17 at 14:46 By Ionut Arghire The malware provides full device control and real-time surveillance capabilities like those of advanced spyware. The post New $150 Cellik RAT Grants Android Control, Trojanizes Google Play Apps appeared first on SecurityWeek. This article is an excerpt from

New $150 Cellik RAT Grants Android Control, Trojanizes Google Play Apps Read More »

GhostPoster Firefox Extensions Hide Malware in Icons

extension, Firefox, GhostPoster, Malware, Malware & Threats /

GhostPoster Firefox Extensions Hide Malware in Icons 2025-12-17 at 12:47 By Ionut Arghire The malware hijacks purchase commissions, tracks users, removes security headers, injects hidden iframes, and bypasses CAPTCHA. The post GhostPoster Firefox Extensions Hide Malware in Icons appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

GhostPoster Firefox Extensions Hide Malware in Icons Read More »

Amazon: Russian Hackers Now Favor Misconfigurations in Critical Infrastructure Attacks

Amazon, APT, critical infrastructure, Malware & Threats, Nation-State, Russia, Sandworm /

Amazon: Russian Hackers Now Favor Misconfigurations in Critical Infrastructure Attacks 2025-12-16 at 15:25 By Eduard Kovacs After years of exploiting zero-day and n-day vulnerabilities, Russian state-sponsored threat actors are shifting to misconfigured devices. The post Amazon: Russian Hackers Now Favor Misconfigurations in Critical Infrastructure Attacks appeared first on SecurityWeek. This article is an excerpt from

Amazon: Russian Hackers Now Favor Misconfigurations in Critical Infrastructure Attacks Read More »

Google Sees 5 Chinese Groups Exploiting React2Shell for Malware Delivery

China, China APT, exploited, Malware, Malware & Threats, React, React2Shell /

Google Sees 5 Chinese Groups Exploiting React2Shell for Malware Delivery 2025-12-15 at 16:01 By Eduard Kovacs Google has also mentioned seeing React2Shell attacks conducted by Iranian threat actors. The post Google Sees 5 Chinese Groups Exploiting React2Shell for Malware Delivery appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Google Sees 5 Chinese Groups Exploiting React2Shell for Malware Delivery Read More »

Notepad++ Patches Updater Flaw After Reports of Traffic Hijacking

China, Featured, Malware & Threats, Notepad++, supply chain, updater /

Notepad++ Patches Updater Flaw After Reports of Traffic Hijacking 2025-12-12 at 12:53 By Eduard Kovacs Notepad++ found a vulnerability in the way the software updater authenticates update files.  The post Notepad++ Patches Updater Flaw After Reports of Traffic Hijacking appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Notepad++ Patches Updater Flaw After Reports of Traffic Hijacking Read More »

Wide Range of Malware Delivered in React2Shell Attacks

Malware, Malware & Threats, React2Shell /

Wide Range of Malware Delivered in React2Shell Attacks 2025-12-11 at 14:54 By Eduard Kovacs Cybersecurity companies have been seeing a wide range of malware being delivered in attacks exploiting the critical React vulnerability dubbed React2Shell. A researcher discovered recently that React, the popular open source library for creating application user interfaces, is affected by a

Wide Range of Malware Delivered in React2Shell Attacks Read More »

Scroll to Top