Malware

V3G4 Botnet Evolves: From DDoS to Covert Cryptomining

botnet, Cryptominer, Malware, Mirai, V3G4 /

V3G4 Botnet Evolves: From DDoS to Covert Cryptomining 2025-12-10 at 08:53 By rohansinhacyblecom Executive Summary Cyble Research & Intelligence Labs (CRIL) has identified an active Linux-targeting campaign that deploys a Mirai-derived botnet, paired with a stealthy, fileless-configured cryptominer. The threat actor employs a multi-stage infection chain starting with a downloader that delivers architecture-specific V3G4 binaries […]

V3G4 Botnet Evolves: From DDoS to Covert Cryptomining Read More »

US Organizations Warned of Chinese Malware Used for Long-Term Persistence

BrickStorm, China APT, CISA, Malware, Malware & Threats, Nation-State, Warp Panda /

US Organizations Warned of Chinese Malware Used for Long-Term Persistence 2025-12-05 at 16:35 By Ionut Arghire Warp Panda has been using the BrickStorm, Junction, and GuestConduit malware in attacks against US organizations. The post US Organizations Warned of Chinese Malware Used for Long-Term Persistence appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

US Organizations Warned of Chinese Malware Used for Long-Term Persistence Read More »

MuddyWater cyber campaign adds new backdoors in latest wave of attacks

backdoor, cybercrime, ESET, Iran, Malware, News /

MuddyWater cyber campaign adds new backdoors in latest wave of attacks 2025-12-02 at 15:15 By Sinisa Markovic ESET researchers say an Iran aligned threat group is refining its playbook again, and the latest activity shows how much its tactics have shifted. MuddyWater is a long running cyberespionage group, and new findings points to a campaign

MuddyWater cyber campaign adds new backdoors in latest wave of attacks Read More »

Fake “Windows Update” screens fuels new wave of ClickFix attacks

Don't miss, Hot stuff, Huntress, Malware, News, social engineering, Windows /

Fake “Windows Update” screens fuels new wave of ClickFix attacks 2025-11-25 at 15:02 By Zeljka Zorz A convincing (but fake) “Windows Update” screen can be the perfect lure for tricking users into infecting their computers with malware. Add a multi-stage delivery chain with some offbeat techniques, and infostealer operators have everything they need to slip

Fake “Windows Update” screens fuels new wave of ClickFix attacks Read More »

640 NPM Packages Infected in New ‘Shai-Hulud’ Supply Chain Attack

Malware, Malware & Threats, NPM, Shai-Hulud, supply chain /

640 NPM Packages Infected in New ‘Shai-Hulud’ Supply Chain Attack 2025-11-25 at 12:58 By Ionut Arghire The new self-replicating worm iteration has destructive capabilities, erasing home directory contents if it cannot spread to more repositories. The post 640 NPM Packages Infected in New ‘Shai-Hulud’ Supply Chain Attack appeared first on SecurityWeek. This article is an

640 NPM Packages Infected in New ‘Shai-Hulud’ Supply Chain Attack Read More »

Chinese Cyberspies Deploy ‘BadAudio’ Malware via Supply Chain Attacks

APT, BadAudio, China, China APT, Malware, Malware & Threats, Nation-State, supply chain /

Chinese Cyberspies Deploy ‘BadAudio’ Malware via Supply Chain Attacks 2025-11-21 at 13:46 By Ionut Arghire APT24 has been relying on various techniques to drop the BadAudio downloader and then deploy additional payloads. The post Chinese Cyberspies Deploy ‘BadAudio’ Malware via Supply Chain Attacks appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View

Chinese Cyberspies Deploy ‘BadAudio’ Malware via Supply Chain Attacks Read More »

New Sturnus Banking Trojan Targets WhatsApp, Telegram, Signal Messages

Android trojan, Banking Trojan, Malware, Malware & Threats, mobile malware, Sturnus /

New Sturnus Banking Trojan Targets WhatsApp, Telegram, Signal Messages 2025-11-20 at 17:56 By Eduard Kovacs The Android malware is in development and appears to be mainly aimed at users in Europe. The post New Sturnus Banking Trojan Targets WhatsApp, Telegram, Signal Messages appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original

New Sturnus Banking Trojan Targets WhatsApp, Telegram, Signal Messages Read More »

MacOS DigitStealer malware poses as DynamicLake, targets Apple Silicon M2/M3 devices

data theft, Don't miss, Hot stuff, Jamf, macOS, Malware, News, tips /

MacOS DigitStealer malware poses as DynamicLake, targets Apple Silicon M2/M3 devices 2025-11-20 at 15:03 By Zeljka Zorz A new infostealer is targeting macOS users by masquerading as the legitimate DynamicLake UI enhancement and productivity utility and possibly Google’s Drive for desktop app. Multi-stage delivery Dubbed DigitStealer by Jamf researchers, this threat is unusually sophisticated. Before

MacOS DigitStealer malware poses as DynamicLake, targets Apple Silicon M2/M3 devices Read More »

Rhadamanthys infostealer operation disrupted by law enforcement

Don't miss, Europol, Hot stuff, law enforcement, Malware, News, Shadowserver /

Rhadamanthys infostealer operation disrupted by law enforcement 2025-11-13 at 14:05 By Zeljka Zorz The rumors were true: Operation Endgame, a joint effort between law enforcement and judicial authorities of several European countries, Australia, Canada, the UK and the US, has disrupted the infrastructure supporting the operation of the Rhadamanthys infostealer. “Between 10 and 14 November

Rhadamanthys infostealer operation disrupted by law enforcement Read More »

GlassWorm Malware Returns to Open VSX, Emerges on GitHub

Application Security, GlassWorm, Malware, Open VSX, VS Code /

GlassWorm Malware Returns to Open VSX, Emerges on GitHub 2025-11-10 at 14:46 By Ionut Arghire Three more VS Code extensions were infected last week and the malware has emerged in GitHub repositories as well. The post GlassWorm Malware Returns to Open VSX, Emerges on GitHub appeared first on SecurityWeek. This article is an excerpt from

GlassWorm Malware Returns to Open VSX, Emerges on GitHub Read More »

Attackers upgrade ClickFix with tricks used by online stores

Don't miss, Hot stuff, Malware, News, Push Security, social engineering /

Attackers upgrade ClickFix with tricks used by online stores 2025-11-07 at 15:42 By Zeljka Zorz Attackers have taken the ClickFix technique further, with pages borrowing tricks from online sellers to pressure victims into performing the steps that will lead to a malware infection. Push Security has spotted one of these pages, showing an embedded tutorial

Attackers upgrade ClickFix with tricks used by online stores Read More »

Google uncovers malware using LLMs to operate and evade detection

APT, Artificial Intelligence, cybercriminals, data theft, Don't miss, Google, Hot stuff, LLMs, Malware, News, Threat Intelligence /

Google uncovers malware using LLMs to operate and evade detection 2025-11-05 at 20:53 By Zeljka Zorz PromptLock, the AI-powered proof-of-concept ransomware developed by researchers at NYU Tandon and initially mistaken for an active threat by ESET, is no longer an isolated example: Google’s latest report shows attackers are now creating and deploying other malware that

Google uncovers malware using LLMs to operate and evade detection Read More »

Malware Now Uses AI During Execution to Mutate and Collect Data, Google Warns

AI, AI malware, Artificial Intelligence, Featured, Malware, Malware & Threats /

Malware Now Uses AI During Execution to Mutate and Collect Data, Google Warns 2025-11-05 at 17:25 By Eduard Kovacs Google has released a report describing the novel ways in which malware has been using AI to adapt and evade detection. The post Malware Now Uses AI During Execution to Mutate and Collect Data, Google Warns

Malware Now Uses AI During Execution to Mutate and Collect Data, Google Warns Read More »

Chinese APT Uses ‘Airstalk’ Malware in Supply Chain Attacks

China APT, Featured, Malware, supply chain, Supply Chain Security /

Chinese APT Uses ‘Airstalk’ Malware in Supply Chain Attacks 2025-11-03 at 12:28 By Ionut Arghire PowerShell and .NET variants of the malware abuse AirWatch’s MDM API to establish a C&C communication channel. The post Chinese APT Uses ‘Airstalk’ Malware in Supply Chain Attacks appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View

Chinese APT Uses ‘Airstalk’ Malware in Supply Chain Attacks Read More »

Open VSX Downplays Impact From GlassWorm Campaign

GlassWorm, infostealer, Malware, Malware & Threats, Open VSX /

Open VSX Downplays Impact From GlassWorm Campaign 2025-10-31 at 19:32 By Ionut Arghire Open VSX fully contained the GlassWorm attacks and says it was not a self-replicating worm in the traditional sense. The post Open VSX Downplays Impact From GlassWorm Campaign appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Open VSX Downplays Impact From GlassWorm Campaign Read More »

Chinese APT Exploits Unpatched Windows Flaw in Recent Attacks

China APT, Europe, exploited, LNK, Malware, Malware & Threats, Windows /

Chinese APT Exploits Unpatched Windows Flaw in Recent Attacks 2025-10-31 at 12:37 By Ionut Arghire The Windows shortcut vulnerability has been seen in attacks conducted by Mustang Panda to drop the PlugX malware. The post Chinese APT Exploits Unpatched Windows Flaw in Recent Attacks appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

Chinese APT Exploits Unpatched Windows Flaw in Recent Attacks Read More »

Attackers exploiting WSUS vulnerability drop Skuld infostealer (CVE-2025-59287)

Darktrace, data theft, Don't miss, Eye Security, Hot stuff, Huntress, Malware, News, Palo Alto Networks, Sophos, Windows Server /

Attackers exploiting WSUS vulnerability drop Skuld infostealer (CVE-2025-59287) 2025-10-30 at 15:46 By Zeljka Zorz Attackers have been spotted exploiting the recently patched WSUS vulnerability (CVE-2025-59287) to deploy infostealer malware on unpatched Windows servers. An out-of-band update Last week’s release of an emergency fix for CVE-2025-59287, a Windows Server Update Services (WSUS) remote code execution vulnerability,

Attackers exploiting WSUS vulnerability drop Skuld infostealer (CVE-2025-59287) Read More »

136 NPM Packages Delivering Infostealers Downloaded 100,000 Times

infostealer, Malware, Malware & Threats, NPM /

136 NPM Packages Delivering Infostealers Downloaded 100,000 Times 2025-10-30 at 12:59 By Ionut Arghire The packages deployed malicious code harvesting system information, credentials, tokens, API keys, and other sensitive information. The post 136 NPM Packages Delivering Infostealers Downloaded 100,000 Times appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

136 NPM Packages Delivering Infostealers Downloaded 100,000 Times Read More »

Researchers expose large-scale YouTube malware distribution network

Check Point, Don't miss, Hot stuff, Malware, News, phishing, Youtube /

Researchers expose large-scale YouTube malware distribution network 2025-10-23 at 17:37 By Zeljka Zorz Check Point researchers have uncovered, mapped and helped set back a stealthy, large-scale malware distribution operation on YouTube they dubbed the “YouTube Ghost Network.” The network published more than 3,000 videos across compromised or fake channels, luring viewers with game cheats, cracked

Researchers expose large-scale YouTube malware distribution network Read More »

Scroll to Top