Malware

Stryker Says Malicious File Found During Probe Into Iran-Linked Attack

Stryker Says Malicious File Found During Probe Into Iran-Linked Attack 2026-03-24 at 11:30 By Eduard Kovacs The FBI has published an alert describing the malware used by Iranian government hackers. The post Stryker Says Malicious File Found During Probe Into Iran-Linked Attack appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original […]

Stryker Says Malicious File Found During Probe Into Iran-Linked Attack Read More »

Iranian Hackers Likely Used Malware-Stolen Credentials in Stryker Breach

Iranian Hackers Likely Used Malware-Stolen Credentials in Stryker Breach 2026-03-18 at 14:49 By Eduard Kovacs The medtech giant has been working on restoring systems affected by the cyberattack conducted by the Handala hackers. The post Iranian Hackers Likely Used Malware-Stolen Credentials in Stryker Breach appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

Iranian Hackers Likely Used Malware-Stolen Credentials in Stryker Breach Read More »

Threat Actor Targeting VPN Users in New Credential Theft Campaign

Threat Actor Targeting VPN Users in New Credential Theft Campaign 2026-03-16 at 14:28 By Ionut Arghire Storm-2561 is distributing fake VPN clients through SEO poisoning, deploying trojans, and stealing login information. The post Threat Actor Targeting VPN Users in New Credential Theft Campaign appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View

Threat Actor Targeting VPN Users in New Credential Theft Campaign Read More »

ForceMemo: Python Repositories Compromised in GlassWorm Aftermath

ForceMemo: Python Repositories Compromised in GlassWorm Aftermath 2026-03-16 at 13:51 By Ionut Arghire Hundreds of GitHub accounts were accessed using credentials stolen in the VS Code GlassWorm campaign. The post ForceMemo: Python Repositories Compromised in GlassWorm Aftermath appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

ForceMemo: Python Repositories Compromised in GlassWorm Aftermath Read More »

The Ultimate Guide to Dark Web Monitoring in 2026: Protect Your Data Before Attackers Strike

The Ultimate Guide to Dark Web Monitoring in 2026: Protect Your Data Before Attackers Strike 2026-03-13 at 16:29 By Ashish Khaitan In 2026, cyber threats are originating on the dark web, where stolen credentials, exploit kits, and attack plans are bought and sold before they ever reach corporate networks. Organizations are turning to dark web

The Ultimate Guide to Dark Web Monitoring in 2026: Protect Your Data Before Attackers Strike Read More »

Authorities Disrupt SocksEscort Proxy Service Powered by AVrecon Botnet

Authorities Disrupt SocksEscort Proxy Service Powered by AVrecon Botnet 2026-03-13 at 10:31 By Eduard Kovacs Law enforcement agencies in the US and Europe targeted the cybercrime service that has impacted 360,000 devices since 2020. The post Authorities Disrupt SocksEscort Proxy Service Powered by AVrecon Botnet appeared first on SecurityWeek. This article is an excerpt from

Authorities Disrupt SocksEscort Proxy Service Powered by AVrecon Botnet Read More »

Polyfill Supply Chain Attack Impacting 100k Sites Linked to North Korea

Polyfill Supply Chain Attack Impacting 100k Sites Linked to North Korea 2026-03-12 at 11:48 By Eduard Kovacs The 2024 incident was initially linked to China, but an infostealer infection has now revealed North Korean involvement. The post Polyfill Supply Chain Attack Impacting 100k Sites Linked to North Korea appeared first on SecurityWeek. This article is

Polyfill Supply Chain Attack Impacting 100k Sites Linked to North Korea Read More »

‘BlackSanta’ Malware Activates EDR and AV Killer Before Detonating Payload

‘BlackSanta’ Malware Activates EDR and AV Killer Before Detonating Payload 2026-03-11 at 11:42 By Kevin Townsend The malware disables antivirus and EDR protections at the kernel level, clearing the path for credential harvesting, system reconnaissance, and eventual data exfiltration. The post ‘BlackSanta’ Malware Activates EDR and AV Killer Before Detonating Payload appeared first on SecurityWeek.

‘BlackSanta’ Malware Activates EDR and AV Killer Before Detonating Payload Read More »

HR, recruiters targeted in year-long malware campaign

HR, recruiters targeted in year-long malware campaign 2026-03-10 at 15:39 By Zeljka Zorz An attack campaign targeting HR departments and job recruiters has been stealthily compromising systems, Aryaka researchers have discovered. By avoiding analysis environments and leveraging a specialized module designed to kill antivirus and endpoint detection software, the Russian-speaking attacker(s) behind this campaign have

HR, recruiters targeted in year-long malware campaign Read More »

ClickFix Attack Uses Windows Terminal to Evade Detection

ClickFix Attack Uses Windows Terminal to Evade Detection 2026-03-09 at 15:37 By Ionut Arghire Fake CAPTCHA pages instruct victims to paste malicious commands in the Windows Terminal instead of the Run dialog. The post ClickFix Attack Uses Windows Terminal to Evade Detection appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original

ClickFix Attack Uses Windows Terminal to Evade Detection Read More »

Cloned AI Tool Sites Distribute Malware in ‘InstallFix’ Campaign

Cloned AI Tool Sites Distribute Malware in ‘InstallFix’ Campaign 2026-03-09 at 13:50 By Ionut Arghire Threat actors replace legitimate commands on the cloned installation webpages with malicious commands. The post Cloned AI Tool Sites Distribute Malware in ‘InstallFix’ Campaign appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Cloned AI Tool Sites Distribute Malware in ‘InstallFix’ Campaign Read More »

Over 100 GitHub Repositories Distributing BoryptGrab Stealer

Over 100 GitHub Repositories Distributing BoryptGrab Stealer 2026-03-07 at 14:46 By Ionut Arghire The malware targets browser and cryptocurrency wallet data, along with system information and user files. The post Over 100 GitHub Repositories Distributing BoryptGrab Stealer appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Over 100 GitHub Repositories Distributing BoryptGrab Stealer Read More »

That attractive online ad might be a malware trap

That attractive online ad might be a malware trap 2026-03-05 at 14:46 By Anamarija Pogorelec Malware increasingly travels through the infrastructure that delivers online advertising. The Media Trust’s Global Report on Digital Trust, Ad Integrity, and the Protection of People describes a digital ad ecosystem where scam campaigns, malicious redirects, and malware delivery appear alongside

That attractive online ad might be a malware trap Read More »

ClipXDaemon: Autonomous X11 Clipboard Hijacker Delivered via Bincrypter-Based Loader

ClipXDaemon: Autonomous X11 Clipboard Hijacker Delivered via Bincrypter-Based Loader 2026-03-05 at 14:27 By rohansinhacyblecom Executive Summary In early February 2026, Cyble Research & Intelligence Labs (CRIL) identified a new Linux malware strain delivered through a loader structure previously associated with ShadowHS activity. While ShadowHS samples deployed post-exploitation tooling, the newly observed payload is operationally different.

ClipXDaemon: Autonomous X11 Clipboard Hijacker Delivered via Bincrypter-Based Loader Read More »

How Pirated Software Turns Helpful Employees Into Malware Delivery Agents

How Pirated Software Turns Helpful Employees Into Malware Delivery Agents 2026-03-04 at 14:48 By Kevin Townsend Employees seeking free versions of paid software may unknowingly install malware-laced “cracked” apps that can steal credentials, deploy cryptominers, or open the door to ransomware. The post How Pirated Software Turns Helpful Employees Into Malware Delivery Agents appeared first

How Pirated Software Turns Helpful Employees Into Malware Delivery Agents Read More »

Threat actors weaponize OAuth redirection logic to deliver malware

Threat actors weaponize OAuth redirection logic to deliver malware 2026-03-03 at 19:46 By Zeljka Zorz An ongoing phishing campaign is abusing the OAuth authentication redirection mechanism to avoid triggering conventional email and browser defenses, Microsoft researchers have revealed. The attackers are targeting government and public-sector organizations, and redirecting unsuspecting users from trusted login pages to

Threat actors weaponize OAuth redirection logic to deliver malware Read More »

Aeternum Botnet Loader Employs Polygon Blockchain C&C to Boost Resilience

Aeternum Botnet Loader Employs Polygon Blockchain C&C to Boost Resilience 2026-02-27 at 14:30 By Ionut Arghire Aeternum operates on smart contracts, making its command-and-control (C&C) infrastructure difficult to disrupt. The post Aeternum Botnet Loader Employs Polygon Blockchain C&C to Boost Resilience appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Aeternum Botnet Loader Employs Polygon Blockchain C&C to Boost Resilience Read More »

Google Disrupts Chinese Cyberespionage Campaign Targeting Telecoms, Governments

Google Disrupts Chinese Cyberespionage Campaign Targeting Telecoms, Governments 2026-02-25 at 18:01 By Eduard Kovacs The UNC2814 threat actor has been active since at least 2017, targeting organizations across 42 countries.  The post Google Disrupts Chinese Cyberespionage Campaign Targeting Telecoms, Governments appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Google Disrupts Chinese Cyberespionage Campaign Targeting Telecoms, Governments Read More »

‘Arkanix Stealer’ Malware Disappears Shortly After Debut

‘Arkanix Stealer’ Malware Disappears Shortly After Debut 2026-02-24 at 17:53 By Ionut Arghire Written in C++ and Python, the malware exfiltrates system information, browser data, and steals files. The post ‘Arkanix Stealer’ Malware Disappears Shortly After Debut appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

‘Arkanix Stealer’ Malware Disappears Shortly After Debut Read More »

Self-spreading npm malware targets developers in new supply chain attack

Self-spreading npm malware targets developers in new supply chain attack 2026-02-24 at 15:10 By Zeljka Zorz Security researchers have uncovered another supply chain attack targeting developers: 19 typosquatting npm packages published on npmjs.com that steal credentials, infect projects, and propagate themselves across developer environments. The operation, dubbed “SANDWORM_MODE,” represents a (still) rare example of worm-like

Self-spreading npm malware targets developers in new supply chain attack Read More »

Scroll to Top