Malware

GigaWiper Combines Multiple Malware for System-Level Sabotage

GigaWiper Combines Multiple Malware for System-Level Sabotage 2026-07-10 at 12:12 By Ionut Arghire The backdoor’s destructive capabilities include a standalone wiper, ransomware encryption, and a multi-pass wiping command. The post GigaWiper Combines Multiple Malware for System-Level Sabotage appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

GigaWiper Combines Multiple Malware for System-Level Sabotage Read More »

Network of 200 GitHub Repositories Used for Malware Infection

Network of 200 GitHub Repositories Used for Malware Infection 2026-07-10 at 11:00 By Ionut Arghire A Go module is used to load PowerShell code that fetches a resolver from public dead drops to execute Windows malware. The post Network of 200 GitHub Repositories Used for Malware Infection appeared first on SecurityWeek. This article is an

Network of 200 GitHub Repositories Used for Malware Infection Read More »

SimpleHelp vulnerability exploited to deliver mighty Djinn Stealer (CVE-2026-48558)

SimpleHelp vulnerability exploited to deliver mighty Djinn Stealer (CVE-2026-48558) 2026-06-30 at 13:25 By Zeljka Zorz Attackers are exploiting CVE-2026-48558, a recently patched authentication bypass vulnerability in SimpleHelp RMM, to drop the novel Djinn Stealer malware on victim computers. The malware is capable of targeting Windows, macOS, and Linux systems, and “collects credentials associated with cloud

SimpleHelp vulnerability exploited to deliver mighty Djinn Stealer (CVE-2026-48558) Read More »

Glitch SPY: An Emerging Android RAT Distributed Through a Fake Polish Rental App

Glitch SPY: An Emerging Android RAT Distributed Through a Fake Polish Rental App 2026-06-30 at 12:58 By rohansinhacyblecom Executive Summary Cyble Research and Intelligence Labs identified an emerging Android malware family tracked as Glitch SPY, distributed through a fraudulent Polish apartment and house rental platform designed to lure users into downloading an Android APK. Based

Glitch SPY: An Emerging Android RAT Distributed Through a Fake Polish Rental App Read More »

Critical SimpleHelp Vulnerability Exploited for Malware Delivery

Critical SimpleHelp Vulnerability Exploited for Malware Delivery 2026-06-30 at 11:43 By Ionut Arghire The threat actor is focused on collecting credentials, SSH keys, cryptocurrency wallets, and development tooling. The post Critical SimpleHelp Vulnerability Exploited for Malware Delivery appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Critical SimpleHelp Vulnerability Exploited for Malware Delivery Read More »

Mystery hackers use novel SharkLoader dropper against governments, software devs

Mystery hackers use novel SharkLoader dropper against governments, software devs 2026-06-26 at 12:13 By Zeljka Zorz Kaspersky researchers have uncovered a previously unknown cyberattack campaign that has compromised government organizations and software development companies in multiple countries. They first stumbled onto the campaign while investigating an attack on a diplomatic organization in Indonesia. What initially

Mystery hackers use novel SharkLoader dropper against governments, software devs Read More »

Russian APT Deploys ‘StockStay’ Backdoor Against Ukrainian Targets

Russian APT Deploys ‘StockStay’ Backdoor Against Ukrainian Targets 2026-06-26 at 11:55 By Ionut Arghire Turla has been using the backdoor against government and military organizations in Ukraine for espionage. The post Russian APT Deploys ‘StockStay’ Backdoor Against Ukrainian Targets appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Russian APT Deploys ‘StockStay’ Backdoor Against Ukrainian Targets Read More »

Stealthy new backdoor surfaces in attacks on multiple sectors

Stealthy new backdoor surfaces in attacks on multiple sectors 2026-06-25 at 17:07 By Sinisa Markovic A relatively new backdoor called Mistic has been deployed in multiple attacks since April 2026 targeting organizations in the insurance, education, IT, and professional services sectors, according to Symantec. The malware appears to be associated with Woodgnat, also known as

Stealthy new backdoor surfaces in attacks on multiple sectors Read More »

Law enforcement hits StealC and Amadey malware networks

Law enforcement hits StealC and Amadey malware networks 2026-06-24 at 18:05 By Zeljka Zorz Operation Endgame, the largest international law enforcement operation aimed at disrupting ransomware and cybercrime infrastructure across the world, has claimed its latest targets: StealC and Amadey. The notice on disrupted websites (Source: Microsoft) While developed by separate criminal groups, those two

Law enforcement hits StealC and Amadey malware networks Read More »

Microsoft and Allies Smash Shared Infrastructure of Amadey and StealC Malware

Microsoft and Allies Smash Shared Infrastructure of Amadey and StealC Malware 2026-06-24 at 18:02 By Eduard Kovacs Hundreds of C&C servers were disrupted in an operation involving law enforcement and several cybersecurity companies. The post Microsoft and Allies Smash Shared Infrastructure of Amadey and StealC Malware appeared first on SecurityWeek. This article is an excerpt

Microsoft and Allies Smash Shared Infrastructure of Amadey and StealC Malware Read More »

New ‘Mistic’ RAT Opens Door to Several Ransomware Families

New ‘Mistic’ RAT Opens Door to Several Ransomware Families 2026-06-24 at 14:42 By Ionut Arghire Mistic is used by Woodgnat, an initial access broker working with Qilin, Interlock, Rhysida, Akira, 8Base, and Black Basta. The post New ‘Mistic’ RAT Opens Door to Several Ransomware Families appeared first on SecurityWeek. This article is an excerpt from

New ‘Mistic’ RAT Opens Door to Several Ransomware Families Read More »

Cybercriminals abused GitHub, YouTube and VirusTotal to push crypto-stealing malware

Cybercriminals abused GitHub, YouTube and VirusTotal to push crypto-stealing malware 2026-06-19 at 15:11 By Sinisa Markovic A cryptocurrency-stealing malware campaign used inflated GitHub activity, software reviews, YouTube tutorials and favorable VirusTotal comments to make malicious trading and gambling tools appear trustworthy, Check Point researchers found. According to the researchers, the attackers packaged the malware as

Cybercriminals abused GitHub, YouTube and VirusTotal to push crypto-stealing malware Read More »

CryptoBandits Malware Doubles as a Backdoor, Abuses Tor

CryptoBandits Malware Doubles as a Backdoor, Abuses Tor 2026-06-19 at 14:19 By Ionut Arghire CryptoBandits uses a local SOCKS5 proxy for traffic routing, blending data theft with remote code execution. The post CryptoBandits Malware Doubles as a Backdoor, Abuses Tor appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

CryptoBandits Malware Doubles as a Backdoor, Abuses Tor Read More »

Law enforcement hits SocGholish: 106 servers down, 15,000 sites cleaned

Law enforcement hits SocGholish: 106 servers down, 15,000 sites cleaned 2026-06-18 at 17:21 By Zeljka Zorz SocGholish, an operation that’s been delivering malware to users via fake software updates, has suffered a major blow: the international law enforcement coalition behind Operation Endgame has taken down 106 of its servers and domains, and cleaned up nearly

Law enforcement hits SocGholish: 106 servers down, 15,000 sites cleaned Read More »

Malware attacks strip Roblox developers of entire games

Malware attacks strip Roblox developers of entire games 2026-06-18 at 15:41 By Sinisa Markovic Hackers who once focused on stealing valuable Roblox items are now taking over entire games. Although Roblox operates the service, users can create and publish their own games on it. Successful games can generate substantial revenue through in-game purchases. Some developers

Malware attacks strip Roblox developers of entire games Read More »

GentleKiller targets more than 400 security processes across 48 products

GentleKiller targets more than 400 security processes across 48 products 2026-06-18 at 12:00 By Anamarija Pogorelec Most ransomware operations leave the work of disabling endpoint security software to their affiliates. The ransomware-as-a-service gang Gentlemen runs a different model. Its operators develop and maintain a set of tools for shutting down endpoint detection and response (EDR)

GentleKiller targets more than 400 security processes across 48 products Read More »

Microsoft Teams Relay Servers Abused in DragonForce Ransomware Attack

Microsoft Teams Relay Servers Abused in DragonForce Ransomware Attack 2026-06-17 at 13:38 By Ionut Arghire The attackers deployed a new Go-based backdoor that uses Microsoft Teams servers for command-and-control. The post Microsoft Teams Relay Servers Abused in DragonForce Ransomware Attack appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Microsoft Teams Relay Servers Abused in DragonForce Ransomware Attack Read More »

Cybercriminals mask malicious communications through Microsoft Teams relays

Cybercriminals mask malicious communications through Microsoft Teams relays 2026-06-16 at 17:22 By Sinisa Markovic The DragonForce ransomware group used a custom malware called Backdoor.Turn to hide command-and-control traffic inside Microsoft Teams relay infrastructure during an intrusion at a U.S. services company, according to Symantec. DragonForce is a ransomware-as-a-service operation that has been active since 2023.

Cybercriminals mask malicious communications through Microsoft Teams relays Read More »

Chinese hackers breached North American research institutions via REDCap servers

Chinese hackers breached North American research institutions via REDCap servers 2026-06-15 at 21:41 By Sinisa Markovic A China-linked cyber espionage operation targeted North American medical research institutions through compromised REDCap servers, using custom malware to gain persistent access and collect sensitive information, Google’s Threat Intelligence Group (GTIG) researchers found. UNC6508 exploits vulnerable REDCap servers GTIG

Chinese hackers breached North American research institutions via REDCap servers Read More »

OnyxC2 Stealer Offers Cybercriminals Enterprise-Grade Theft for $250 a Month

OnyxC2 Stealer Offers Cybercriminals Enterprise-Grade Theft for $250 a Month 2026-06-11 at 16:00 By Kevin Townsend Researchers say the OnyxC2 malware targets more than 200 applications and extensions while evading detection through encrypted payloads, DLL sideloading, and in-memory execution techniques. The post OnyxC2 Stealer Offers Cybercriminals Enterprise-Grade Theft for $250 a Month appeared first on

OnyxC2 Stealer Offers Cybercriminals Enterprise-Grade Theft for $250 a Month Read More »

Scroll to Top