Malware

Hackers hijacked CPUID downloads, served STX RAT to victims

Hackers hijacked CPUID downloads, served STX RAT to victims 2026-04-13 at 16:08 By Zeljka Zorz If you tried to download software from CPUID’s website late last week, you might have downloaded malware instead. “Investigations are still ongoing, but it appears that a secondary feature (basically a side API) was compromised for approximately six hours between […]

Hackers hijacked CPUID downloads, served STX RAT to victims Read More »

CPUID Hacked to Serve Trojanized CPU-Z and HWMonitor Downloads

CPUID Hacked to Serve Trojanized CPU-Z and HWMonitor Downloads 2026-04-13 at 15:44 By Eduard Kovacs Download links were replaced by a Russian-speaking threat actor to distribute a recently emerged malware named STX RAT. The post CPUID Hacked to Serve Trojanized CPU-Z and HWMonitor Downloads appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

CPUID Hacked to Serve Trojanized CPU-Z and HWMonitor Downloads Read More »

ClickFix campaign delivers Mac malware via fake Apple page

ClickFix campaign delivers Mac malware via fake Apple page 2026-04-10 at 17:22 By Zeljka Zorz Security researchers at Jamf have uncovered a new ClickFix-style attack targeting Mac users via a fake Apple-themed webpage offering instructions on how to “reclaim disk space on your Mac”. The malicious page (Source: Jamf) ClickFix for everybody ClickFix is a

ClickFix campaign delivers Mac malware via fake Apple page Read More »

To counter cookie theft, Chrome ships device-bound session credentials

To counter cookie theft, Chrome ships device-bound session credentials 2026-04-10 at 14:45 By Mirko Zorz Cookie theft follows a well-established pattern. Infostealer malware infiltrates a device, extracts authentication cookies, and exfiltrates them to an attacker-controlled server. Because cookies often have extended lifetimes, attackers can access accounts without passwords, then bundle and sell the stolen credentials.

To counter cookie theft, Chrome ships device-bound session credentials Read More »

Chaos malware expands from routers to Linux cloud servers

Chaos malware expands from routers to Linux cloud servers 2026-04-08 at 12:47 By Mirko Zorz Chaos, Go-based malware first documented by Lumen’s Black Lotus Labs, has historically targeted routers and edge devices. A new variant observed in March 2026 shows the malware operating against misconfigured Linux cloud servers, a category of infrastructure the botnet had

Chaos malware expands from routers to Linux cloud servers Read More »

Claude Code source leak exploited to spread malware

Claude Code source leak exploited to spread malware 2026-04-03 at 14:30 By Sinisa Markovic A source code leak involving Anthropic’s Claude Code tool quickly escalated into a cybersecurity threat, as attackers seized on the exposed files to lure developers into downloading malware disguised as “unlocked” versions of the software. Leaked Claude Code source code used

Claude Code source leak exploited to spread malware Read More »

Software supply chain hacks trigger wave of intrusions, data theft

Software supply chain hacks trigger wave of intrusions, data theft 2026-04-02 at 18:58 By Zeljka Zorz After linking the Axios npm supply chain attack to North Korean hackers, Google researchers warned that “hundreds of thousands of stolen secrets could potentially be circulating” as a result of this and the Trivy, KICS, LiteLLM, and Telnyx supply

Software supply chain hacks trigger wave of intrusions, data theft Read More »

TrueConf zero-day vulnerability exploited to target government networks

TrueConf zero-day vulnerability exploited to target government networks 2026-04-02 at 12:02 By Sinisa Markovic Suspected China-nexus attackers have leveraged a zero-day vulnerability (CVE-2026-3502) in the TrueConf client application to distribute malware within government networks in Southeast Asia, Check Point researchers discovered. Malicious client update attack chain (Source: Check Point) Trusted update mechanism turned into attack

TrueConf zero-day vulnerability exploited to target government networks Read More »

New DeepLoad Malware Dropped in ClickFix Attacks

New DeepLoad Malware Dropped in ClickFix Attacks 2026-04-01 at 18:46 By Ionut Arghire The malware steals credentials, installs a malicious browser extension, and can spread via USB drives. The post New DeepLoad Malware Dropped in ClickFix Attacks appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

New DeepLoad Malware Dropped in ClickFix Attacks Read More »

Stolen Logins Are Fueling Everything From Ransomware to Nation-State Cyberattacks

Stolen Logins Are Fueling Everything From Ransomware to Nation-State Cyberattacks 2026-03-31 at 18:47 By Kevin Townsend Report shows how industrialized credential theft underpins ransomware, SaaS breaches, and geopolitical attacks, shifting security focus from prevention to detecting misuse of legitimate access. The post Stolen Logins Are Fueling Everything From Ransomware to Nation-State Cyberattacks appeared first on

Stolen Logins Are Fueling Everything From Ransomware to Nation-State Cyberattacks Read More »

Apple counters ClickFix attacks with macOS Terminal warning

Apple counters ClickFix attacks with macOS Terminal warning 2026-03-31 at 16:05 By Sinisa Markovic Apple has added a new security feature in macOS Tahoe 26.4 that warns users before they enter commands in Terminal that could cause harm. The goal is to stop ClickFix attacks, a social engineering trick that gets users to run malicious

Apple counters ClickFix attacks with macOS Terminal warning Read More »

Professional Networks Under Attack: Vietnam-Linked Actors Deploy PXA Stealer in Global Infostealer Campaign

Professional Networks Under Attack: Vietnam-Linked Actors Deploy PXA Stealer in Global Infostealer Campaign 2026-03-30 at 18:31 By rohansinhacyblecom Executive Summary CRIL has been actively tracking a surge in PXA Stealer activity deployed in a sophisticated, financially motivated threat campaign attributed with high confidence to a Vietnam-based cybercriminal group. The primary targets in this campaign are

Professional Networks Under Attack: Vietnam-Linked Actors Deploy PXA Stealer in Global Infostealer Campaign Read More »

TeamPCP strikes again: Backdoored Telnyx PyPI package delivers malware

TeamPCP strikes again: Backdoored Telnyx PyPI package delivers malware 2026-03-27 at 15:46 By Zeljka Zorz TeamPCP continues is supply chain compromise rampage, with telnyx on PyPI being the latest maliciously modified package. What happened? Telnyx is a widely used software development kit (SDK) for the Telnyx AI Voice Agent service. According to Endor Labs researchers,

TeamPCP strikes again: Backdoored Telnyx PyPI package delivers malware Read More »

Second RedLine infostealer operator ends up in US custody

Second RedLine infostealer operator ends up in US custody 2026-03-26 at 16:23 By Sinisa Markovic Hambardzum Minasyan, an Armenian man extradited to the United States, is accused of conspiring with others to develop and operate the RedLine infostealer malware used to steal sensitive data, including login credentials, from victims’ computers. Minasyan is charged with conspiracy

Second RedLine infostealer operator ends up in US custody Read More »

Researchers release tool to detect stealthy BPFDoor implants in critical infrastructure networks

Researchers release tool to detect stealthy BPFDoor implants in critical infrastructure networks 2026-03-26 at 15:52 By Zeljka Zorz Telecommunications providers around the world have been dealing with the burrowing efforts of the China-linked APTs for many years now. To help them identify hard-to-detect implants used by the China-based group dubbed Red Menshen, Rapid7 researchers have

Researchers release tool to detect stealthy BPFDoor implants in critical infrastructure networks Read More »

Chinese Hackers Caught Deep Within Telecom Backbone Infrastructure

Chinese Hackers Caught Deep Within Telecom Backbone Infrastructure 2026-03-26 at 15:52 By Ionut Arghire The state-sponsored threat actor deployed kernel implants and passive backdoors enabling long-term, high-level espionage. The post Chinese Hackers Caught Deep Within Telecom Backbone Infrastructure appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Chinese Hackers Caught Deep Within Telecom Backbone Infrastructure Read More »

Alleged RedLine Malware Administrator Extradited to US

Alleged RedLine Malware Administrator Extradited to US 2026-03-26 at 12:06 By Eduard Kovacs Hambardzum Minasyan of Armenia has been accused of being involved in the development and administration of the infostealer malware. The post Alleged RedLine Malware Administrator Extradited to US appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Alleged RedLine Malware Administrator Extradited to US Read More »

LiteLLM PyPI packages compromised in expanding TeamPCP supply chain attacks

LiteLLM PyPI packages compromised in expanding TeamPCP supply chain attacks 2026-03-25 at 14:01 By Zeljka Zorz A slew of supply chain attacks against popular open source tools and packages appears to have been orchestrated by TeamPCP, a cybercriminal group that rose to prominence in late 2025. The latest victim of the group is BerryAI’s popular

LiteLLM PyPI packages compromised in expanding TeamPCP supply chain attacks Read More »

GitHub-hosted malware campaign uses split payload to evade detection

GitHub-hosted malware campaign uses split payload to evade detection 2026-03-24 at 13:12 By Zeljka Zorz A large-scale malware delivery campaign has been targeting developers, gamers, and general users through fake tools hosted on GitHub, Netskope researchers have warned. These “lures” are highly polished and appear legitimate, occasionally mimicking real projects, thus making them difficult to

GitHub-hosted malware campaign uses split payload to evade detection Read More »

Scroll to Top