Malware

Cybercriminals mask malicious communications through Microsoft Teams relays

Cybercriminals mask malicious communications through Microsoft Teams relays 2026-06-16 at 17:22 By Sinisa Markovic The DragonForce ransomware group used a custom malware called Backdoor.Turn to hide command-and-control traffic inside Microsoft Teams relay infrastructure during an intrusion at a U.S. services company, according to Symantec. DragonForce is a ransomware-as-a-service operation that has been active since 2023. […]

Cybercriminals mask malicious communications through Microsoft Teams relays Read More »

Chinese hackers breached North American research institutions via REDCap servers

Chinese hackers breached North American research institutions via REDCap servers 2026-06-15 at 21:41 By Sinisa Markovic A China-linked cyber espionage operation targeted North American medical research institutions through compromised REDCap servers, using custom malware to gain persistent access and collect sensitive information, Google’s Threat Intelligence Group (GTIG) researchers found. UNC6508 exploits vulnerable REDCap servers GTIG

Chinese hackers breached North American research institutions via REDCap servers Read More »

OnyxC2 Stealer Offers Cybercriminals Enterprise-Grade Theft for $250 a Month

OnyxC2 Stealer Offers Cybercriminals Enterprise-Grade Theft for $250 a Month 2026-06-11 at 16:00 By Kevin Townsend Researchers say the OnyxC2 malware targets more than 200 applications and extensions while evading detection through encrypted payloads, DLL sideloading, and in-memory execution techniques. The post OnyxC2 Stealer Offers Cybercriminals Enterprise-Grade Theft for $250 a Month appeared first on

OnyxC2 Stealer Offers Cybercriminals Enterprise-Grade Theft for $250 a Month Read More »

Infostealers Turn Millions of Devices Into Credential Theft Machines

Infostealers Turn Millions of Devices Into Credential Theft Machines 2026-06-10 at 17:24 By Kevin Townsend As attackers increasingly favor stolen credentials over exploits, infostealers have become a primary source of access for ransomware and other cybercrime operations. The post Infostealers Turn Millions of Devices Into Credential Theft Machines appeared first on SecurityWeek. This article is

Infostealers Turn Millions of Devices Into Credential Theft Machines Read More »

Malware ships with bugs that defenders could use against it

Malware ships with bugs that defenders could use against it 2026-06-09 at 08:46 By Anamarija Pogorelec Static analysis tools have spent years scanning legitimate software for security bugs before it goes out the door. The same scanners work on malware, and malware carries a steady supply of its own bugs. Researchers ran four of these

Malware ships with bugs that defenders could use against it Read More »

52% of direct-to-IP threats are missing from intelligence feeds

52% of direct-to-IP threats are missing from intelligence feeds 2026-06-08 at 07:00 By Anamarija Pogorelec Security tools are good at inspecting websites, domains, URLs, and files, so attackers are moving lower in the stack and communicating directly with IP addresses, where visibility is limited. According to Palo Alto Networks’ report, this creates a visibility gap

52% of direct-to-IP threats are missing from intelligence feeds Read More »

Malware campaign targeting Minecraft users infects over 116,000 systems

Malware campaign targeting Minecraft users infects over 116,000 systems 2026-06-03 at 20:20 By Sinisa Markovic A Malware-as-a-Service (MaaS) operation named WeedHack is targeting Minecraft users and allows threat actors to gain remote access to victims’ screens, webcams, and files through a web-based dashboard, McAfee researchers found. Minecraft, developed by Mojang Studios and released in 2011,

Malware campaign targeting Minecraft users infects over 116,000 systems Read More »

Sophos uncovers AI-powered malware lab built for EDR evasion

Sophos uncovers AI-powered malware lab built for EDR evasion 2026-06-02 at 15:47 By Sinisa Markovic A threat actor used AI technologies to build a malware-testing framework for developing and refining endpoint detection and response (EDR) evasion techniques, according to Sophos. The investigation began after an anomalous endpoint in a customer environment triggered alerts tied to

Sophos uncovers AI-powered malware lab built for EDR evasion Read More »

Russia-Linked ‘GreyVibe’ Attackers Use AI to Supercharge Cyberattacks

Russia-Linked ‘GreyVibe’ Attackers Use AI to Supercharge Cyberattacks 2026-05-29 at 06:17 By Kevin Townsend Researchers warn GreyVibe’s extensive use of ChatGPT, Gemini, and other AI tools offers a glimpse into how future cybercriminal and state-aligned groups will operate. The post Russia-Linked ‘GreyVibe’ Attackers Use AI to Supercharge Cyberattacks appeared first on SecurityWeek. This article is

Russia-Linked ‘GreyVibe’ Attackers Use AI to Supercharge Cyberattacks Read More »

New BTMOB Android Malware Enables Full Device Takeover

New BTMOB Android Malware Enables Full Device Takeover 2026-05-28 at 16:05 By Ionut Arghire Delivered via phishing lures, the malware combines financial theft with data exfiltration and remote access. The post New BTMOB Android Malware Enables Full Device Takeover appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

New BTMOB Android Malware Enables Full Device Takeover Read More »

OverlayPhantom: The Android Banking Trojan Hiding in Plain Sight

OverlayPhantom: The Android Banking Trojan Hiding in Plain Sight 2026-05-27 at 09:24 By rohansinhacyblecom Executive Summary Cyble Research and Intelligence Labs (CRIL) has identified a novel Android banking trojan, dubbed OverlayPhantom, actively distributed in the wild via malicious URLs. The malware employs a two-stage infection chain, using a dropper application that impersonates trusted platforms, including

OverlayPhantom: The Android Banking Trojan Hiding in Plain Sight Read More »

Laravel-Lang Packages Poisoned for Malware Delivery

Laravel-Lang Packages Poisoned for Malware Delivery 2026-05-25 at 15:31 By Ionut Arghire Published within a 15-minute window, the malicious tags introduced backdoors to exfiltrate CI secrets. The post Laravel-Lang Packages Poisoned for Malware Delivery appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Laravel-Lang Packages Poisoned for Malware Delivery Read More »

JOMANGY: INJ3CTOR3’s Self-Healing FreePBX Toll Fraud Campaign

JOMANGY: INJ3CTOR3’s Self-Healing FreePBX Toll Fraud Campaign 2026-05-21 at 16:56 By rohansinhacyblecom Executive Summary Cyble Research & Intelligence Labs (CRIL) has identified an active FreePBX exploitation campaign, with high confidence tied to INJ3CTOR3, an actor with a documented history of targeting VoIP infrastructure for financial gain since 2019. The campaign deploys a multi-stage Bash dropper

JOMANGY: INJ3CTOR3’s Self-Healing FreePBX Toll Fraud Campaign Read More »

Microsoft Disrupts Malware-Signing Service Run by ‘Fox Tempest’ 

Microsoft Disrupts Malware-Signing Service Run by ‘Fox Tempest’  2026-05-19 at 19:07 By Eduard Kovacs  Fox Tempest provides a service that cybercriminals use to distribute ransomware and other malware disguised as legitimate software. The post Microsoft Disrupts Malware-Signing Service Run by ‘Fox Tempest’  appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original

Microsoft Disrupts Malware-Signing Service Run by ‘Fox Tempest’  Read More »

PureLogs infostealer is stealing credentials worldwide

PureLogs infostealer is stealing credentials worldwide 2026-05-19 at 16:58 By Zeljka Zorz A phishing campaign is smuggling the powerful PureLogs information stealer onto targets’ Windows machines by hiding encrypted malicious payloads inside cat photos, Fortinet researchers discovered. The attack The attack starts with a phishing email containing a TXZ archive and using an invoice-themed lure

PureLogs infostealer is stealing credentials worldwide Read More »

Legacy Windows Tool MSHTA Fuels Surge in Silent Malware Attacks

Legacy Windows Tool MSHTA Fuels Surge in Silent Malware Attacks 2026-05-19 at 16:58 By Kevin Townsend Attackers are increasingly abusing Microsoft’s decades-old MSHTA utility to stealthily deliver stealers, loaders, and persistent malware through phishing, fake software downloads, and LOLBIN-based attack chains. The post Legacy Windows Tool MSHTA Fuels Surge in Silent Malware Attacks appeared first

Legacy Windows Tool MSHTA Fuels Surge in Silent Malware Attacks Read More »

New macOS infostealer impersonates Apple, Microsoft, and Google in a single attack chain

New macOS infostealer impersonates Apple, Microsoft, and Google in a single attack chain 2026-05-19 at 15:35 By Sinisa Markovic A SHub macOS infostealer variant called Reaper impersonates Apple, Microsoft, and Google to trick users into executing malicious code, then targets browser data, password managers, and cryptocurrency wallets while establishing persistence for continued access, SentinelOne found.

New macOS infostealer impersonates Apple, Microsoft, and Google in a single attack chain Read More »

201 arrested in INTERPOL disruption of phishing and fraud networks

201 arrested in INTERPOL disruption of phishing and fraud networks 2026-05-18 at 12:08 By Anamarija Pogorelec Operation Ramz, a cybercrime initiative coordinated by INTERPOL across the MENA region, focused on disrupting phishing campaigns, malware activity, and cyber scams that caused substantial financial losses across the region. The operation resulted in the arrest of 201 individuals

201 arrested in INTERPOL disruption of phishing and fraud networks Read More »

TeamPCP Ups the Game, Releases Shai-Hulud Worm’s Source Code

TeamPCP Ups the Game, Releases Shai-Hulud Worm’s Source Code 2026-05-15 at 14:32 By Ionut Arghire The hacking group is encouraging miscreants to use the code in supply chain attacks, promising monetary rewards. The post TeamPCP Ups the Game, Releases Shai-Hulud Worm’s Source Code appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View

TeamPCP Ups the Game, Releases Shai-Hulud Worm’s Source Code Read More »

Scroll to Top