Malware

Threat actors weaponize OAuth redirection logic to deliver malware

Don't miss, Government, Hot stuff, Malware, Microsoft, News, OAuth, phishing, public sector, social engineering /

Threat actors weaponize OAuth redirection logic to deliver malware 2026-03-03 at 19:46 By Zeljka Zorz An ongoing phishing campaign is abusing the OAuth authentication redirection mechanism to avoid triggering conventional email and browser defenses, Microsoft researchers have revealed. The attackers are targeting government and public-sector organizations, and redirecting unsuspecting users from trusted login pages to […]

Threat actors weaponize OAuth redirection logic to deliver malware Read More »

Aeternum Botnet Loader Employs Polygon Blockchain C&C to Boost Resilience

Aeternum, botnet, Malware, Malware & Threats /

Aeternum Botnet Loader Employs Polygon Blockchain C&C to Boost Resilience 2026-02-27 at 14:30 By Ionut Arghire Aeternum operates on smart contracts, making its command-and-control (C&C) infrastructure difficult to disrupt. The post Aeternum Botnet Loader Employs Polygon Blockchain C&C to Boost Resilience appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Aeternum Botnet Loader Employs Polygon Blockchain C&C to Boost Resilience Read More »

Google Disrupts Chinese Cyberespionage Campaign Targeting Telecoms, Governments

China APT, cyberespionage, disrupted, espionage, GridTide, Malware, Malware & Threats, Nation-State, telecoms /

Google Disrupts Chinese Cyberespionage Campaign Targeting Telecoms, Governments 2026-02-25 at 18:01 By Eduard Kovacs The UNC2814 threat actor has been active since at least 2017, targeting organizations across 42 countries.  The post Google Disrupts Chinese Cyberespionage Campaign Targeting Telecoms, Governments appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Google Disrupts Chinese Cyberespionage Campaign Targeting Telecoms, Governments Read More »

‘Arkanix Stealer’ Malware Disappears Shortly After Debut

Arkanix, infostealer, Malware, Malware & Threats /

‘Arkanix Stealer’ Malware Disappears Shortly After Debut 2026-02-24 at 17:53 By Ionut Arghire Written in C++ and Python, the malware exfiltrates system information, browser data, and steals files. The post ‘Arkanix Stealer’ Malware Disappears Shortly After Debut appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

‘Arkanix Stealer’ Malware Disappears Shortly After Debut Read More »

Self-spreading npm malware targets developers in new supply chain attack

data theft, Don't miss, Hot stuff, JavaScript, Malware, News, Node.js, Socket, software development, worms /

Self-spreading npm malware targets developers in new supply chain attack 2026-02-24 at 15:10 By Zeljka Zorz Security researchers have uncovered another supply chain attack targeting developers: 19 typosquatting npm packages published on npmjs.com that steal credentials, infect projects, and propagate themselves across developer environments. The operation, dubbed “SANDWORM_MODE,” represents a (still) rare example of worm-like

Self-spreading npm malware targets developers in new supply chain attack Read More »

SURXRAT: From ArsinkRAT roots to LLM Module Downloads Signaling Capability Expansion

AI, Android, Malware, RAT, Remote Access Trojan /

SURXRAT: From ArsinkRAT roots to LLM Module Downloads Signaling Capability Expansion 2026-02-24 at 09:07 By rohansinhacyblecom Executive Summary SURXRAT is an actively developed Android Remote Access Trojan (RAT) commercially distributed through a Telegram-based malware-as-a-service (MaaS) ecosystem under the SURXRAT V5 branding. The malware is marketed using structured reseller and partner licensing tiers, allowing affiliates to

SURXRAT: From ArsinkRAT roots to LLM Module Downloads Signaling Capability Expansion Read More »

Poland’s energy control systems were breached through exposed VPN access

APT, attacks, CERT-PL, disruption, Don't miss, energy sector, EU, Europe, Malware, News, poland, Russian Federation /

Poland’s energy control systems were breached through exposed VPN access 2026-02-06 at 16:27 By Sinisa Markovic On 29 December 2025, coordinated cyberattacks unfolded across Poland’s critical infrastructure, targeting energy and industrial organizations. The attackers struck numerous wind and solar farms, a private manufacturing company, and a heat and power (CHP) plant, but failed to negatively

Poland’s energy control systems were breached through exposed VPN access Read More »

SystemBC Infects 10,000 Devices After Defying Law Enforcement Takedown

botnet, Loader, Malware, Malware & Threats, SystemBC /

SystemBC Infects 10,000 Devices After Defying Law Enforcement Takedown 2026-02-05 at 14:21 By Ionut Arghire The malware is known for dropping ransomware and other payloads, and for abusing infected machines to proxy traffic. The post SystemBC Infects 10,000 Devices After Defying Law Enforcement Takedown appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

SystemBC Infects 10,000 Devices After Defying Law Enforcement Takedown Read More »

Open VSX Publisher Account Hijacked in Fresh GlassWorm Attack

GlassWorm, Mac malware, Malware, Malware & Threats, Supply Chain Security /

Open VSX Publisher Account Hijacked in Fresh GlassWorm Attack 2026-02-02 at 16:18 By Ionut Arghire A hacker published malicious versions of four established VS Code extensions to distribute a GlassWorm malware loader. The post Open VSX Publisher Account Hijacked in Fresh GlassWorm Attack appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View

Open VSX Publisher Account Hijacked in Fresh GlassWorm Attack Read More »

Cyber Insights 2026: Malware and Cyberattacks in the Age of AI

AI, CyberInsights2026, Malware, Malware & Threats /

Cyber Insights 2026: Malware and Cyberattacks in the Age of AI 2026-02-02 at 14:03 By Kevin Townsend Security leaders share how artificial intelligence is changing malware, ransomware, and identity-led intrusions, and how defenses must evolve. The post Cyber Insights 2026: Malware and Cyberattacks in the Age of AI appeared first on SecurityWeek. This article is

Cyber Insights 2026: Malware and Cyberattacks in the Age of AI Read More »

eScan Antivirus Delivers Malware in Supply Chain Attack

antivirus, eScan, Featured, Malware, Malware & Threats, supply chain, supply chain attack, Supply Chain Security /

eScan Antivirus Delivers Malware in Supply Chain Attack 2026-01-31 at 17:24 By Ionut Arghire Hackers compromised a MicroWorld Technologies update server and fed a malicious file to eScan customers. The post eScan Antivirus Delivers Malware in Supply Chain Attack appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

eScan Antivirus Delivers Malware in Supply Chain Attack Read More »

Hugging Face Abused to Deploy Android RAT

Android trojan, Hugging Face, Malware, Malware & Threats, RAT /

Hugging Face Abused to Deploy Android RAT 2026-01-30 at 13:38 By Ionut Arghire Android users were lured to applications that served a malicious payload hosted in a Hugging Face repository. The post Hugging Face Abused to Deploy Android RAT appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Hugging Face Abused to Deploy Android RAT Read More »

ShadowHS: A Fileless Linux Post‑Exploitation Framework Built on a Weaponized hackshell

exploit, Malware, vulnerability /

ShadowHS: A Fileless Linux Post‑Exploitation Framework Built on a Weaponized hackshell 2026-01-30 at 07:09 By rohansinhacyblecom Executive Summary Cyble Research & Intelligence Labs (CRIL) has identified a Linux intrusion chain leveraging a highly obfuscated, fileless loader that deploys a weaponized variant of hackshell entirely from memory. Cyble tracks this activity under the name ShadowHS, reflecting

ShadowHS: A Fileless Linux Post‑Exploitation Framework Built on a Weaponized hackshell Read More »

eScan AV supply chain compromise: Users targeted with malicious updates

antivirus, consumer, Don't miss, enterprise, Hot stuff, Malware, MicroWorld Technologies, Morphisec, News, supply chain compromise /

eScan AV supply chain compromise: Users targeted with malicious updates 2026-01-29 at 17:29 By Zeljka Zorz The update infrastructure for eScan antivirus, a product of Indian cybersecurity company MicroWorld Technologies, has been compromised by unknown attackers to deliver a persistent downloader to enterprise and consumer endpoints. The supply chain compromise also resulted in the eScan

eScan AV supply chain compromise: Users targeted with malicious updates Read More »

Open-source malware zeroes in on developer environments

cybersecurity, Don't miss, Malware, News, open source, report, Sonatype, vulnerability management /

Open-source malware zeroes in on developer environments 2026-01-29 at 08:36 By Anamarija Pogorelec Open source malware activity during 2025 concentrated on a single objective: executing code inside developer environments, according to Sonatype. The focus reflected a broader shift in supply chain attacks away from end users and toward the tools, machines, and pipelines used to

Open-source malware zeroes in on developer environments Read More »

A fake romance turns into an Android spyware infection

cybercrime, ESET, Malware, News, romance scams, scams /

A fake romance turns into an Android spyware infection 2026-01-29 at 02:20 By Anamarija Pogorelec ESET researchers have identified an Android spyware campaign that uses romance scam tactics to target individuals in Pakistan. The operation relies on a malicious app disguised as a chat service that routes conversations through WhatsApp. Behind the romance lure, the

A fake romance turns into an Android spyware infection Read More »

WinRAR vulnerability still a go-to tool for hackers, Mandiant warns

APT, BI.ZONE, cybercrime, Don't miss, exploit, Hot stuff, Malware, Mandiant, News, WinRAR /

WinRAR vulnerability still a go-to tool for hackers, Mandiant warns 2026-01-28 at 17:02 By Zeljka Zorz State-sponsored hackers and financially motivated attackers continue leveraging a critical WinRAR vulnerability (CVE-2025-8088) that’s been fixed over half a year ago. CVE-2025-8088 is a path traversal vulnerability that can be exploited via maliciously crafted RAR archives. “The exploit chain

WinRAR vulnerability still a go-to tool for hackers, Mandiant warns Read More »

Attackers use Windows App-V scripts to slip infostealer past enterprise defenses

Blackpoint Cyber, Don't miss, enterprise, Hot stuff, Malware, News, PowerShell, Windows, Windows Server /

Attackers use Windows App-V scripts to slip infostealer past enterprise defenses 2026-01-27 at 17:17 By Zeljka Zorz A malware delivery campaign detailed by Blackpoint researchers employs an impressive array of tricks to deliver an infostealer to employees without triggering enterprise defenses or close examination by security researchers. The attackers aim to get the Amatera Stealer

Attackers use Windows App-V scripts to slip infostealer past enterprise defenses Read More »

Poland repels data-wiping malware attack on energy systems

APT, cyber resilience, disruption, Don't miss, energy sector, ESET, EU, govern, Hot stuff, Malware, News, poland, Russian Federation /

Poland repels data-wiping malware attack on energy systems 2026-01-26 at 14:37 By Zeljka Zorz Suspected Russian cyber attackers tried to take down parts of Poland’s energy infrastructure with new data-wiping malware – and failed. According to information shared by the Polish government earlier this month, the attacks happened on 29 and 30 December 2025, and

Poland repels data-wiping malware attack on energy systems Read More »

‘Stanley’ Malware Toolkit Enables Phishing via Website Spoofing

Malware, Malware & Threats, phishing, spoofing, Stanley /

‘Stanley’ Malware Toolkit Enables Phishing via Website Spoofing 2026-01-26 at 14:37 By Ionut Arghire Priced $2,000 – $6,000 on a cybercrime forum, the MaaS toolkit promises publication on the Chrome Web Store. The post ‘Stanley’ Malware Toolkit Enables Phishing via Website Spoofing appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original

‘Stanley’ Malware Toolkit Enables Phishing via Website Spoofing Read More »

Scroll to Top