Malware & Threats

Chinese APT Exploits Unpatched Windows Flaw in Recent Attacks

China APT, Europe, exploited, LNK, Malware, Malware & Threats, Windows /

Chinese APT Exploits Unpatched Windows Flaw in Recent Attacks 2025-10-31 at 12:37 By Ionut Arghire The Windows shortcut vulnerability has been seen in attacks conducted by Mustang Panda to drop the PlugX malware. The post Chinese APT Exploits Unpatched Windows Flaw in Recent Attacks appeared first on SecurityWeek. This article is an excerpt from SecurityWeek […]

Chinese APT Exploits Unpatched Windows Flaw in Recent Attacks Read More »

136 NPM Packages Delivering Infostealers Downloaded 100,000 Times

infostealer, Malware, Malware & Threats, NPM /

136 NPM Packages Delivering Infostealers Downloaded 100,000 Times 2025-10-30 at 12:59 By Ionut Arghire The packages deployed malicious code harvesting system information, credentials, tokens, API keys, and other sensitive information. The post 136 NPM Packages Delivering Infostealers Downloaded 100,000 Times appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

136 NPM Packages Delivering Infostealers Downloaded 100,000 Times Read More »

XWiki Vulnerability Exploited in Cryptocurrency Mining Operation

crypto mining, Cryptocurrency, exploited, Malware & Threats, vulnerability, XWiki /

XWiki Vulnerability Exploited in Cryptocurrency Mining Operation 2025-10-29 at 12:54 By Ionut Arghire Exploits have been available publicly for over half a year, but the bug was previously targeted only for reconnaissance. The post XWiki Vulnerability Exploited in Cryptocurrency Mining Operation appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

XWiki Vulnerability Exploited in Cryptocurrency Mining Operation Read More »

TurboMirai-Class ‘Aisuru’ Botnet Blamed for 20+ Tbps DDoS Attacks

Aisuru, botnet, Malware & Threats, Mirai, TurboMirai /

TurboMirai-Class ‘Aisuru’ Botnet Blamed for 20+ Tbps DDoS Attacks 2025-10-28 at 16:27 By Ionut Arghire A new class of Mirai-based DDoS botnets have been launching massive attacks, but their inability to spoof traffic enables device remediation. The post TurboMirai-Class ‘Aisuru’ Botnet Blamed for 20+ Tbps DDoS Attacks appeared first on SecurityWeek. This article is an

TurboMirai-Class ‘Aisuru’ Botnet Blamed for 20+ Tbps DDoS Attacks Read More »

Cybercriminals Trade 183 Million Stolen Credentials on Telegram, Dark Forums

credentials, Data Breaches, Data leak, infostealer, Malware & Threats, password /

Cybercriminals Trade 183 Million Stolen Credentials on Telegram, Dark Forums 2025-10-28 at 15:11 By Ionut Arghire The email addresses were pulled from various sources and 16.4 million of them were not present in previous data breaches. The post Cybercriminals Trade 183 Million Stolen Credentials on Telegram, Dark Forums appeared first on SecurityWeek. This article is

Cybercriminals Trade 183 Million Stolen Credentials on Telegram, Dark Forums Read More »

Government, Industrial Servers Targeted in China-Linked ‘PassiveNeuron’ Campaign

China APT, Industrial, Malware & Threats, PassiveNeuron, Windows Server /

Government, Industrial Servers Targeted in China-Linked ‘PassiveNeuron’ Campaign 2025-10-21 at 17:34 By Ionut Arghire A threat actor has been infecting servers of high-profile entities with backdoors to exfiltrate information and deploy additional payloads. The post Government, Industrial Servers Targeted in China-Linked ‘PassiveNeuron’ Campaign appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View

Government, Industrial Servers Targeted in China-Linked ‘PassiveNeuron’ Campaign Read More »

Lumma Stealer Activity Drops After Doxxing

disrupted, infostealer, Lumma Stealer, Malware & Threats /

Lumma Stealer Activity Drops After Doxxing 2025-10-20 at 16:07 By Ionut Arghire The identities of alleged core members of the Lumma Stealer group were exposed in an underground doxxing campaign. The post Lumma Stealer Activity Drops After Doxxing appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Lumma Stealer Activity Drops After Doxxing Read More »

Cisco Routers Hacked for Rootkit Deployment

Cisco, exploited, Malware & Threats, Operation ZeroDisco, rootkit /

Cisco Routers Hacked for Rootkit Deployment 2025-10-16 at 14:17 By Ionut Arghire Threat actors are exploiting CVE-2025-20352, a recent Cisco zero-day, to deploy a rootkit on older networking devices. The post Cisco Routers Hacked for Rootkit Deployment appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Cisco Routers Hacked for Rootkit Deployment Read More »

SonicWall SSL VPN Accounts in Attacker Crosshairs

Malware & Threats, SonicWall, SSL-VPN /

SonicWall SSL VPN Accounts in Attacker Crosshairs 2025-10-13 at 16:41 By Ionut Arghire Threat actors have rapidly compromised more than 100 SonicWall SSL VPN accounts pertaining to over a dozen entities. The post SonicWall SSL VPN Accounts in Attacker Crosshairs appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

SonicWall SSL VPN Accounts in Attacker Crosshairs Read More »

In Other News: Gladinet Flaw Exploitation, Attacks on ICS Honeypot, ClayRat Spyware

In Other News, Malware & Threats /

In Other News: Gladinet Flaw Exploitation, Attacks on ICS Honeypot, ClayRat Spyware 2025-10-10 at 17:26 By SecurityWeek News Other noteworthy stories that might have slipped under the radar: US universities targeted by payroll pirates, Zimbra vulnerability exploited, Mic-E-Mouse attack. The post In Other News: Gladinet Flaw Exploitation, Attacks on ICS Honeypot, ClayRat Spyware appeared first

In Other News: Gladinet Flaw Exploitation, Attacks on ICS Honeypot, ClayRat Spyware Read More »

Cisco, Fortinet, Palo Alto Networks Devices Targeted in Coordinated Campaign

Cisco, Fortinet, Malware & Threats, Palo Alto Networks /

Cisco, Fortinet, Palo Alto Networks Devices Targeted in Coordinated Campaign 2025-10-10 at 15:49 By Ionut Arghire GreyNoise has discovered that attacks exploiting Cisco, Fortinet, and Palo Alto Networks vulnerabilities are launched from the same infrastructure. The post Cisco, Fortinet, Palo Alto Networks Devices Targeted in Coordinated Campaign appeared first on SecurityWeek. This article is an

Cisco, Fortinet, Palo Alto Networks Devices Targeted in Coordinated Campaign Read More »

RondoDox Botnet Takes ‘Exploit Shotgun’ Approach

botnet, exploit, Malware & Threats, RondoDox /

RondoDox Botnet Takes ‘Exploit Shotgun’ Approach 2025-10-10 at 15:17 By Ionut Arghire The botnet packs over 50 exploits targeting unpatched routers, DVRs, NVRs, CCTV systems, servers, and other network devices. The post RondoDox Botnet Takes ‘Exploit Shotgun’ Approach appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

RondoDox Botnet Takes ‘Exploit Shotgun’ Approach Read More »

Sophisticated Malware Deployed in Oracle EBS Zero-Day Attacks

Cl0p, cybercrime, Malware, Malware & Threats, Oracle E-Business Suite, Oracle hack /

Sophisticated Malware Deployed in Oracle EBS Zero-Day Attacks 2025-10-10 at 10:46 By Eduard Kovacs Google researchers believe exploitation may have started as early as July 10 and the campaign hit dozens of organizations. The post Sophisticated Malware Deployed in Oracle EBS Zero-Day Attacks appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View

Sophisticated Malware Deployed in Oracle EBS Zero-Day Attacks Read More »

New XCSSET macOS Malware Variant Hijacks Cryptocurrency Transactions

cryptojacking, macOS malware, Malware, Malware & Threats, XCSSET /

New XCSSET macOS Malware Variant Hijacks Cryptocurrency Transactions 2025-09-26 at 14:50 By Ionut Arghire The malware now uses a four-stage infection chain, has an additional persistence mechanism, and also targets Firefox browser data. The post New XCSSET macOS Malware Variant Hijacks Cryptocurrency Transactions appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View

New XCSSET macOS Malware Variant Hijacks Cryptocurrency Transactions Read More »

SonicWall Updates SMA 100 Appliances to Remove Overstep Malware

Malware, Malware & Threats, Overstep, rootkit, SonicWall /

SonicWall Updates SMA 100 Appliances to Remove Overstep Malware 2025-09-24 at 12:17 By Ionut Arghire The software update includes additional file checks and helps users remove the known rootkit deployed in a recent campaign. The post SonicWall Updates SMA 100 Appliances to Remove Overstep Malware appeared first on SecurityWeek. This article is an excerpt from

SonicWall Updates SMA 100 Appliances to Remove Overstep Malware Read More »

ShadowV2 DDoS Service Lets Customers Self-Manage Attacks

botnet, DDoS, Malware & Threats, ShadowV2 /

ShadowV2 DDoS Service Lets Customers Self-Manage Attacks 2025-09-23 at 15:39 By Ionut Arghire The botnet’s operators provide customers with access to an infected network of Docker containers so they can conduct DDoS attacks. The post ShadowV2 DDoS Service Lets Customers Self-Manage Attacks appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original

ShadowV2 DDoS Service Lets Customers Self-Manage Attacks Read More »

Widespread Infostealer Campaign Targeting macOS Users

AMOS, Featured, infostealer, macOS malware, Malware & Threats /

Widespread Infostealer Campaign Targeting macOS Users 2025-09-22 at 13:01 By Ionut Arghire Threat actors rely on malicious GitHub repositories to infect LastPass’s macOS users with the Atomic infostealer. The post Widespread Infostealer Campaign Targeting macOS Users appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Widespread Infostealer Campaign Targeting macOS Users Read More »

Turla and Gamaredon Working Together in Fresh Ukrainian Intrusions

Gamaredon, Malware, Malware & Threats, Russia, Turla, Ukraine /

Turla and Gamaredon Working Together in Fresh Ukrainian Intrusions 2025-09-19 at 16:36 By Ionut Arghire Turla malware was deployed in February on select systems that Gamaredon had compromised in January. The post Turla and Gamaredon Working Together in Fresh Ukrainian Intrusions appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Turla and Gamaredon Working Together in Fresh Ukrainian Intrusions Read More »

CISA Analyzes Malware From Ivanti EPMM Intrusions

CISA, exploited, Ivanti, Malware, Malware & Threats /

CISA Analyzes Malware From Ivanti EPMM Intrusions 2025-09-19 at 14:30 By Ionut Arghire Hackers chained two Ivanti EPMM vulnerabilities to collect system information, dump credentials, and execute malware. The post CISA Analyzes Malware From Ivanti EPMM Intrusions appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

CISA Analyzes Malware From Ivanti EPMM Intrusions Read More »

FBI Shares IoCs for Recent Salesforce Intrusion Campaigns

FBI, IOC, Malware & Threats, Salesforce, Salesloft /

FBI Shares IoCs for Recent Salesforce Intrusion Campaigns 2025-09-15 at 16:06 By Ionut Arghire The cybercrime groups tracked as UNC6040 and UNC6395 have been extorting organizations after stealing data from their Salesforce instances. The post FBI Shares IoCs for Recent Salesforce Intrusion Campaigns appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View

FBI Shares IoCs for Recent Salesforce Intrusion Campaigns Read More »

Scroll to Top