Malware

SURXRAT: From ArsinkRAT roots to LLM Module Downloads Signaling Capability Expansion

SURXRAT: From ArsinkRAT roots to LLM Module Downloads Signaling Capability Expansion 2026-02-24 at 09:07 By rohansinhacyblecom Executive Summary SURXRAT is an actively developed Android Remote Access Trojan (RAT) commercially distributed through a Telegram-based malware-as-a-service (MaaS) ecosystem under the SURXRAT V5 branding. The malware is marketed using structured reseller and partner licensing tiers, allowing affiliates to […]

SURXRAT: From ArsinkRAT roots to LLM Module Downloads Signaling Capability Expansion Read More »

Poland’s energy control systems were breached through exposed VPN access

Poland’s energy control systems were breached through exposed VPN access 2026-02-06 at 16:27 By Sinisa Markovic On 29 December 2025, coordinated cyberattacks unfolded across Poland’s critical infrastructure, targeting energy and industrial organizations. The attackers struck numerous wind and solar farms, a private manufacturing company, and a heat and power (CHP) plant, but failed to negatively

Poland’s energy control systems were breached through exposed VPN access Read More »

SystemBC Infects 10,000 Devices After Defying Law Enforcement Takedown

SystemBC Infects 10,000 Devices After Defying Law Enforcement Takedown 2026-02-05 at 14:21 By Ionut Arghire The malware is known for dropping ransomware and other payloads, and for abusing infected machines to proxy traffic. The post SystemBC Infects 10,000 Devices After Defying Law Enforcement Takedown appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

SystemBC Infects 10,000 Devices After Defying Law Enforcement Takedown Read More »

Open VSX Publisher Account Hijacked in Fresh GlassWorm Attack

Open VSX Publisher Account Hijacked in Fresh GlassWorm Attack 2026-02-02 at 16:18 By Ionut Arghire A hacker published malicious versions of four established VS Code extensions to distribute a GlassWorm malware loader. The post Open VSX Publisher Account Hijacked in Fresh GlassWorm Attack appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View

Open VSX Publisher Account Hijacked in Fresh GlassWorm Attack Read More »

Cyber Insights 2026: Malware and Cyberattacks in the Age of AI

Cyber Insights 2026: Malware and Cyberattacks in the Age of AI 2026-02-02 at 14:03 By Kevin Townsend Security leaders share how artificial intelligence is changing malware, ransomware, and identity-led intrusions, and how defenses must evolve. The post Cyber Insights 2026: Malware and Cyberattacks in the Age of AI appeared first on SecurityWeek. This article is

Cyber Insights 2026: Malware and Cyberattacks in the Age of AI Read More »

eScan Antivirus Delivers Malware in Supply Chain Attack

eScan Antivirus Delivers Malware in Supply Chain Attack 2026-01-31 at 17:24 By Ionut Arghire Hackers compromised a MicroWorld Technologies update server and fed a malicious file to eScan customers. The post eScan Antivirus Delivers Malware in Supply Chain Attack appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

eScan Antivirus Delivers Malware in Supply Chain Attack Read More »

Hugging Face Abused to Deploy Android RAT

Hugging Face Abused to Deploy Android RAT 2026-01-30 at 13:38 By Ionut Arghire Android users were lured to applications that served a malicious payload hosted in a Hugging Face repository. The post Hugging Face Abused to Deploy Android RAT appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Hugging Face Abused to Deploy Android RAT Read More »

ShadowHS: A Fileless Linux Post‑Exploitation Framework Built on a Weaponized hackshell

ShadowHS: A Fileless Linux Post‑Exploitation Framework Built on a Weaponized hackshell 2026-01-30 at 07:09 By rohansinhacyblecom Executive Summary Cyble Research & Intelligence Labs (CRIL) has identified a Linux intrusion chain leveraging a highly obfuscated, fileless loader that deploys a weaponized variant of hackshell entirely from memory. Cyble tracks this activity under the name ShadowHS, reflecting

ShadowHS: A Fileless Linux Post‑Exploitation Framework Built on a Weaponized hackshell Read More »

eScan AV supply chain compromise: Users targeted with malicious updates

eScan AV supply chain compromise: Users targeted with malicious updates 2026-01-29 at 17:29 By Zeljka Zorz The update infrastructure for eScan antivirus, a product of Indian cybersecurity company MicroWorld Technologies, has been compromised by unknown attackers to deliver a persistent downloader to enterprise and consumer endpoints. The supply chain compromise also resulted in the eScan

eScan AV supply chain compromise: Users targeted with malicious updates Read More »

Open-source malware zeroes in on developer environments

Open-source malware zeroes in on developer environments 2026-01-29 at 08:36 By Anamarija Pogorelec Open source malware activity during 2025 concentrated on a single objective: executing code inside developer environments, according to Sonatype. The focus reflected a broader shift in supply chain attacks away from end users and toward the tools, machines, and pipelines used to

Open-source malware zeroes in on developer environments Read More »

A fake romance turns into an Android spyware infection

A fake romance turns into an Android spyware infection 2026-01-29 at 02:20 By Anamarija Pogorelec ESET researchers have identified an Android spyware campaign that uses romance scam tactics to target individuals in Pakistan. The operation relies on a malicious app disguised as a chat service that routes conversations through WhatsApp. Behind the romance lure, the

A fake romance turns into an Android spyware infection Read More »

WinRAR vulnerability still a go-to tool for hackers, Mandiant warns

WinRAR vulnerability still a go-to tool for hackers, Mandiant warns 2026-01-28 at 17:02 By Zeljka Zorz State-sponsored hackers and financially motivated attackers continue leveraging a critical WinRAR vulnerability (CVE-2025-8088) that’s been fixed over half a year ago. CVE-2025-8088 is a path traversal vulnerability that can be exploited via maliciously crafted RAR archives. “The exploit chain

WinRAR vulnerability still a go-to tool for hackers, Mandiant warns Read More »

Attackers use Windows App-V scripts to slip infostealer past enterprise defenses

Attackers use Windows App-V scripts to slip infostealer past enterprise defenses 2026-01-27 at 17:17 By Zeljka Zorz A malware delivery campaign detailed by Blackpoint researchers employs an impressive array of tricks to deliver an infostealer to employees without triggering enterprise defenses or close examination by security researchers. The attackers aim to get the Amatera Stealer

Attackers use Windows App-V scripts to slip infostealer past enterprise defenses Read More »

Poland repels data-wiping malware attack on energy systems

Poland repels data-wiping malware attack on energy systems 2026-01-26 at 14:37 By Zeljka Zorz Suspected Russian cyber attackers tried to take down parts of Poland’s energy infrastructure with new data-wiping malware – and failed. According to information shared by the Polish government earlier this month, the attacks happened on 29 and 30 December 2025, and

Poland repels data-wiping malware attack on energy systems Read More »

‘Stanley’ Malware Toolkit Enables Phishing via Website Spoofing

‘Stanley’ Malware Toolkit Enables Phishing via Website Spoofing 2026-01-26 at 14:37 By Ionut Arghire Priced $2,000 – $6,000 on a cybercrime forum, the MaaS toolkit promises publication on the Chrome Web Store. The post ‘Stanley’ Malware Toolkit Enables Phishing via Website Spoofing appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original

‘Stanley’ Malware Toolkit Enables Phishing via Website Spoofing Read More »

Russian Sandworm Hackers Blamed for Cyberattack on Polish Power Grid

Russian Sandworm Hackers Blamed for Cyberattack on Polish Power Grid 2026-01-26 at 10:55 By Ionut Arghire 10 years after disrupting the Ukrainian power grid, the APT targeted Poland with data-wiping malware. The post Russian Sandworm Hackers Blamed for Cyberattack on Polish Power Grid appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View

Russian Sandworm Hackers Blamed for Cyberattack on Polish Power Grid Read More »

North Korean Hackers Target macOS Developers via Malicious VS Code Projects

North Korean Hackers Target macOS Developers via Malicious VS Code Projects 2026-01-21 at 15:23 By Ionut Arghire The hackers trick victims into accessing GitHub or GitLab repositories that are opened using Visual Studio Code. The post North Korean Hackers Target macOS Developers via Malicious VS Code Projects appeared first on SecurityWeek. This article is an

North Korean Hackers Target macOS Developers via Malicious VS Code Projects Read More »

Linux users targeted by crypto thieves via hijacked apps on Snap Store

Linux users targeted by crypto thieves via hijacked apps on Snap Store 2026-01-21 at 12:17 By Zeljka Zorz Cryptocurrency thieves have found a new way to turn trusted software packages for Linux on the Snap Store into crypto-stealing malware, Ubuntu contributor and former Canonical developer Alan Pope warned. SnapScope web app identifies malicious snaps (Source:

Linux users targeted by crypto thieves via hijacked apps on Snap Store Read More »

APT-Grade PDFSider Malware Used by Ransomware Groups

APT-Grade PDFSider Malware Used by Ransomware Groups 2026-01-20 at 14:24 By Ionut Arghire Providing cyberespionage and remote code execution capabilities, the malware is executed via DLL sideloading. The post APT-Grade PDFSider Malware Used by Ransomware Groups appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

APT-Grade PDFSider Malware Used by Ransomware Groups Read More »

‘SolyxImmortal’ Information Stealer Emerges

‘SolyxImmortal’ Information Stealer Emerges 2026-01-19 at 17:21 By Ionut Arghire The information stealer abuses legitimate APIs and libraries to exfiltrate data to Discord webhooks. The post ‘SolyxImmortal’ Information Stealer Emerges appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

‘SolyxImmortal’ Information Stealer Emerges Read More »

Scroll to Top