Researchers release tool to detect stealthy BPFDoor implants in critical infrastructure networks 2026-03-26 at 15:52 By Zeljka Zorz Telecommunications providers around the world have been dealing with the burrowing efforts of the China-linked APTs for many years now. To help them identify hard-to-detect implants used by the China-based group dubbed Red Menshen, Rapid7 researchers have […]
Chinese Hackers Caught Deep Within Telecom Backbone Infrastructure 2026-03-26 at 15:52 By Ionut Arghire The state-sponsored threat actor deployed kernel implants and passive backdoors enabling long-term, high-level espionage. The post Chinese Hackers Caught Deep Within Telecom Backbone Infrastructure appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source
Chinese Hackers Caught Deep Within Telecom Backbone Infrastructure Read More »
Alleged RedLine Malware Administrator Extradited to US 2026-03-26 at 12:06 By Eduard Kovacs Hambardzum Minasyan of Armenia has been accused of being involved in the development and administration of the infostealer malware. The post Alleged RedLine Malware Administrator Extradited to US appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source
Alleged RedLine Malware Administrator Extradited to US Read More »
LiteLLM PyPI packages compromised in expanding TeamPCP supply chain attacks 2026-03-25 at 14:01 By Zeljka Zorz A slew of supply chain attacks against popular open source tools and packages appears to have been orchestrated by TeamPCP, a cybercriminal group that rose to prominence in late 2025. The latest victim of the group is BerryAI’s popular
LiteLLM PyPI packages compromised in expanding TeamPCP supply chain attacks Read More »
GitHub-hosted malware campaign uses split payload to evade detection 2026-03-24 at 13:12 By Zeljka Zorz A large-scale malware delivery campaign has been targeting developers, gamers, and general users through fake tools hosted on GitHub, Netskope researchers have warned. These “lures” are highly polished and appear legitimate, occasionally mimicking real projects, thus making them difficult to
GitHub-hosted malware campaign uses split payload to evade detection Read More »
Stryker Says Malicious File Found During Probe Into Iran-Linked Attack 2026-03-24 at 11:30 By Eduard Kovacs The FBI has published an alert describing the malware used by Iranian government hackers. The post Stryker Says Malicious File Found During Probe Into Iran-Linked Attack appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original
Stryker Says Malicious File Found During Probe Into Iran-Linked Attack Read More »
Iranian Hackers Likely Used Malware-Stolen Credentials in Stryker Breach 2026-03-18 at 14:49 By Eduard Kovacs The medtech giant has been working on restoring systems affected by the cyberattack conducted by the Handala hackers. The post Iranian Hackers Likely Used Malware-Stolen Credentials in Stryker Breach appeared first on SecurityWeek. This article is an excerpt from SecurityWeek
Iranian Hackers Likely Used Malware-Stolen Credentials in Stryker Breach Read More »
Threat Actor Targeting VPN Users in New Credential Theft Campaign 2026-03-16 at 14:28 By Ionut Arghire Storm-2561 is distributing fake VPN clients through SEO poisoning, deploying trojans, and stealing login information. The post Threat Actor Targeting VPN Users in New Credential Theft Campaign appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View
Threat Actor Targeting VPN Users in New Credential Theft Campaign Read More »
ForceMemo: Python Repositories Compromised in GlassWorm Aftermath 2026-03-16 at 13:51 By Ionut Arghire Hundreds of GitHub accounts were accessed using credentials stolen in the VS Code GlassWorm campaign. The post ForceMemo: Python Repositories Compromised in GlassWorm Aftermath appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source
ForceMemo: Python Repositories Compromised in GlassWorm Aftermath Read More »
The Ultimate Guide to Dark Web Monitoring in 2026: Protect Your Data Before Attackers Strike 2026-03-13 at 16:29 By Ashish Khaitan In 2026, cyber threats are originating on the dark web, where stolen credentials, exploit kits, and attack plans are bought and sold before they ever reach corporate networks. Organizations are turning to dark web
Authorities Disrupt SocksEscort Proxy Service Powered by AVrecon Botnet 2026-03-13 at 10:31 By Eduard Kovacs Law enforcement agencies in the US and Europe targeted the cybercrime service that has impacted 360,000 devices since 2020. The post Authorities Disrupt SocksEscort Proxy Service Powered by AVrecon Botnet appeared first on SecurityWeek. This article is an excerpt from
Authorities Disrupt SocksEscort Proxy Service Powered by AVrecon Botnet Read More »
Polyfill Supply Chain Attack Impacting 100k Sites Linked to North Korea 2026-03-12 at 11:48 By Eduard Kovacs The 2024 incident was initially linked to China, but an infostealer infection has now revealed North Korean involvement. The post Polyfill Supply Chain Attack Impacting 100k Sites Linked to North Korea appeared first on SecurityWeek. This article is
Polyfill Supply Chain Attack Impacting 100k Sites Linked to North Korea Read More »
‘BlackSanta’ Malware Activates EDR and AV Killer Before Detonating Payload 2026-03-11 at 11:42 By Kevin Townsend The malware disables antivirus and EDR protections at the kernel level, clearing the path for credential harvesting, system reconnaissance, and eventual data exfiltration. The post ‘BlackSanta’ Malware Activates EDR and AV Killer Before Detonating Payload appeared first on SecurityWeek.
‘BlackSanta’ Malware Activates EDR and AV Killer Before Detonating Payload Read More »
HR, recruiters targeted in year-long malware campaign 2026-03-10 at 15:39 By Zeljka Zorz An attack campaign targeting HR departments and job recruiters has been stealthily compromising systems, Aryaka researchers have discovered. By avoiding analysis environments and leveraging a specialized module designed to kill antivirus and endpoint detection software, the Russian-speaking attacker(s) behind this campaign have
HR, recruiters targeted in year-long malware campaign Read More »
ClickFix Attack Uses Windows Terminal to Evade Detection 2026-03-09 at 15:37 By Ionut Arghire Fake CAPTCHA pages instruct victims to paste malicious commands in the Windows Terminal instead of the Run dialog. The post ClickFix Attack Uses Windows Terminal to Evade Detection appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original
ClickFix Attack Uses Windows Terminal to Evade Detection Read More »
Cloned AI Tool Sites Distribute Malware in ‘InstallFix’ Campaign 2026-03-09 at 13:50 By Ionut Arghire Threat actors replace legitimate commands on the cloned installation webpages with malicious commands. The post Cloned AI Tool Sites Distribute Malware in ‘InstallFix’ Campaign appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source
Cloned AI Tool Sites Distribute Malware in ‘InstallFix’ Campaign Read More »
Over 100 GitHub Repositories Distributing BoryptGrab Stealer 2026-03-07 at 14:46 By Ionut Arghire The malware targets browser and cryptocurrency wallet data, along with system information and user files. The post Over 100 GitHub Repositories Distributing BoryptGrab Stealer appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source
Over 100 GitHub Repositories Distributing BoryptGrab Stealer Read More »
That attractive online ad might be a malware trap 2026-03-05 at 14:46 By Anamarija Pogorelec Malware increasingly travels through the infrastructure that delivers online advertising. The Media Trust’s Global Report on Digital Trust, Ad Integrity, and the Protection of People describes a digital ad ecosystem where scam campaigns, malicious redirects, and malware delivery appear alongside
That attractive online ad might be a malware trap Read More »
ClipXDaemon: Autonomous X11 Clipboard Hijacker Delivered via Bincrypter-Based Loader 2026-03-05 at 14:27 By rohansinhacyblecom Executive Summary In early February 2026, Cyble Research & Intelligence Labs (CRIL) identified a new Linux malware strain delivered through a loader structure previously associated with ShadowHS activity. While ShadowHS samples deployed post-exploitation tooling, the newly observed payload is operationally different.
ClipXDaemon: Autonomous X11 Clipboard Hijacker Delivered via Bincrypter-Based Loader Read More »
How Pirated Software Turns Helpful Employees Into Malware Delivery Agents 2026-03-04 at 14:48 By Kevin Townsend Employees seeking free versions of paid software may unknowingly install malware-laced “cracked” apps that can steal credentials, deploy cryptominers, or open the door to ransomware. The post How Pirated Software Turns Helpful Employees Into Malware Delivery Agents appeared first
How Pirated Software Turns Helpful Employees Into Malware Delivery Agents Read More »