Malware

GoBruteforcer Botnet Targeting Crypto, Blockchain Projects

GoBruteforcer Botnet Targeting Crypto, Blockchain Projects 2026-01-13 at 20:08 By Ionut Arghire The botnet’s propagation is fueled by the AI-generated server deployments that use weak credentials, and legacy web stacks. The post GoBruteforcer Botnet Targeting Crypto, Blockchain Projects appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

GoBruteforcer Botnet Targeting Crypto, Blockchain Projects Read More »

Fake Booking.com emails and BSODs used to infect hospitality staff

Fake Booking.com emails and BSODs used to infect hospitality staff 2026-01-07 at 13:06 By Zeljka Zorz Suspected Russian attackers are targeting the hospitality sector with fake Booking.com emails and a fake “Blue Screen of Death” to deliver the DCRat malware. The malware delivery campaign starts with phishing emails that feature room charge details in euros,

Fake Booking.com emails and BSODs used to infect hospitality staff Read More »

Dozens of Major Data Breaches Linked to Single Threat Actor

Dozens of Major Data Breaches Linked to Single Threat Actor 2026-01-06 at 14:32 By Ionut Arghire The initial access broker (IAB) relies on credentials exfiltrated using information stealers to hack organizations. The post Dozens of Major Data Breaches Linked to Single Threat Actor appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View

Dozens of Major Data Breaches Linked to Single Threat Actor Read More »

Chinese APT Mustang Panda Caught Using Kernel-Mode Rootkit

Chinese APT Mustang Panda Caught Using Kernel-Mode Rootkit 2025-12-30 at 12:25 By Ionut Arghire The threat actor uses a signed driver file containing two user-mode shellcodes to execute its ToneShell backdoor. The post Chinese APT Mustang Panda Caught Using Kernel-Mode Rootkit appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Chinese APT Mustang Panda Caught Using Kernel-Mode Rootkit Read More »

Infostealer Malware Delivered in EmEditor Supply Chain Attack

Infostealer Malware Delivered in EmEditor Supply Chain Attack 2025-12-29 at 13:40 By Eduard Kovacs The ‘download’ button on the official EmEditor website served a malicious installer. The post Infostealer Malware Delivered in EmEditor Supply Chain Attack appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Infostealer Malware Delivered in EmEditor Supply Chain Attack Read More »

Budding infosec pros and aspiring cyber crooks targeted with fake PoC exploits

Budding infosec pros and aspiring cyber crooks targeted with fake PoC exploits 2025-12-23 at 14:47 By Zeljka Zorz Malware peddlers are targeting infosec enthusiasts, budding security professionals, and aspiring hackers with the Webrat malware, masquerading the threat as proof-of-concept (PoC) exploits for known vulnerabilities. Delivering the malware The recently uncovered Webrat can steal data from

Budding infosec pros and aspiring cyber crooks targeted with fake PoC exploits Read More »

NPM Package With 56,000 Downloads Steals WhatsApp Credentials, Data

NPM Package With 56,000 Downloads Steals WhatsApp Credentials, Data 2025-12-23 at 13:16 By Ionut Arghire The package provides legitimate functionality to evade detection, while stealing users’ data and deploying a backdoor. The post NPM Package With 56,000 Downloads Steals WhatsApp Credentials, Data appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original

NPM Package With 56,000 Downloads Steals WhatsApp Credentials, Data Read More »

54 Charged in US Over ATM Attacks Involving ‘Ploutus’ Malware

54 Charged in US Over ATM Attacks Involving ‘Ploutus’ Malware 2025-12-22 at 16:14 By Eduard Kovacs The suspects are leaders and members of the Venezuelan crime syndicate Tren de Aragua. The post 54 Charged in US Over ATM Attacks Involving ‘Ploutus’ Malware appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original

54 Charged in US Over ATM Attacks Involving ‘Ploutus’ Malware Read More »

Stealth in Layers: Unmasking the Loader used in Targeted Email Campaigns

Stealth in Layers: Unmasking the Loader used in Targeted Email Campaigns 2025-12-19 at 14:43 By rohansinhacyblecom Executive Summary CRIL (Cyble Research and Intelligence Labs) has been tracking a sophisticated commodity loader utilized by multiple high-capability threat actors. The campaign demonstrates a high degree of regional and sectoral specificity, primarily targeting Manufacturing and Government organizations across

Stealth in Layers: Unmasking the Loader used in Targeted Email Campaigns Read More »

Group Policy abuse reveals China-aligned espionage group targeting governments

Group Policy abuse reveals China-aligned espionage group targeting governments 2025-12-18 at 13:42 By Anamarija Pogorelec ESET Research has identified a previously undocumented China-aligned advanced persistent threat group that uses Windows Group Policy to deploy malware and move through victim networks. The group, tracked as LongNosedGoblin, has targeted government institutions in Southeast Asia and Japan with

Group Policy abuse reveals China-aligned espionage group targeting governments Read More »

France Probes ‘Foreign Interference’ After Remote Control Malware Found on Passenger Ferry

France Probes ‘Foreign Interference’ After Remote Control Malware Found on Passenger Ferry 2025-12-18 at 13:42 By Associated Press France’s counterespionage agency is investigating a suspected cyberattack plot targeting an international passenger ferry The post France Probes ‘Foreign Interference’ After Remote Control Malware Found on Passenger Ferry appeared first on SecurityWeek. This article is an excerpt

France Probes ‘Foreign Interference’ After Remote Control Malware Found on Passenger Ferry Read More »

GhostPoster Firefox Extensions Hide Malware in Icons

GhostPoster Firefox Extensions Hide Malware in Icons 2025-12-17 at 12:47 By Ionut Arghire The malware hijacks purchase commissions, tracks users, removes security headers, injects hidden iframes, and bypasses CAPTCHA. The post GhostPoster Firefox Extensions Hide Malware in Icons appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

GhostPoster Firefox Extensions Hide Malware in Icons Read More »

Google Sees 5 Chinese Groups Exploiting React2Shell for Malware Delivery

Google Sees 5 Chinese Groups Exploiting React2Shell for Malware Delivery 2025-12-15 at 16:01 By Eduard Kovacs Google has also mentioned seeing React2Shell attacks conducted by Iranian threat actors. The post Google Sees 5 Chinese Groups Exploiting React2Shell for Malware Delivery appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Google Sees 5 Chinese Groups Exploiting React2Shell for Malware Delivery Read More »

Wide Range of Malware Delivered in React2Shell Attacks

Wide Range of Malware Delivered in React2Shell Attacks 2025-12-11 at 14:54 By Eduard Kovacs Cybersecurity companies have been seeing a wide range of malware being delivered in attacks exploiting the critical React vulnerability dubbed React2Shell. A researcher discovered recently that React, the popular open source library for creating application user interfaces, is affected by a

Wide Range of Malware Delivered in React2Shell Attacks Read More »

V3G4 Botnet Evolves: From DDoS to Covert Cryptomining

V3G4 Botnet Evolves: From DDoS to Covert Cryptomining 2025-12-10 at 08:53 By rohansinhacyblecom Executive Summary Cyble Research & Intelligence Labs (CRIL) has identified an active Linux-targeting campaign that deploys a Mirai-derived botnet, paired with a stealthy, fileless-configured cryptominer. The threat actor employs a multi-stage infection chain starting with a downloader that delivers architecture-specific V3G4 binaries

V3G4 Botnet Evolves: From DDoS to Covert Cryptomining Read More »

US Organizations Warned of Chinese Malware Used for Long-Term Persistence

US Organizations Warned of Chinese Malware Used for Long-Term Persistence 2025-12-05 at 16:35 By Ionut Arghire Warp Panda has been using the BrickStorm, Junction, and GuestConduit malware in attacks against US organizations. The post US Organizations Warned of Chinese Malware Used for Long-Term Persistence appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

US Organizations Warned of Chinese Malware Used for Long-Term Persistence Read More »

MuddyWater cyber campaign adds new backdoors in latest wave of attacks

MuddyWater cyber campaign adds new backdoors in latest wave of attacks 2025-12-02 at 15:15 By Sinisa Markovic ESET researchers say an Iran aligned threat group is refining its playbook again, and the latest activity shows how much its tactics have shifted. MuddyWater is a long running cyberespionage group, and new findings points to a campaign

MuddyWater cyber campaign adds new backdoors in latest wave of attacks Read More »

Fake “Windows Update” screens fuels new wave of ClickFix attacks

Fake “Windows Update” screens fuels new wave of ClickFix attacks 2025-11-25 at 15:02 By Zeljka Zorz A convincing (but fake) “Windows Update” screen can be the perfect lure for tricking users into infecting their computers with malware. Add a multi-stage delivery chain with some offbeat techniques, and infostealer operators have everything they need to slip

Fake “Windows Update” screens fuels new wave of ClickFix attacks Read More »

640 NPM Packages Infected in New ‘Shai-Hulud’ Supply Chain Attack

640 NPM Packages Infected in New ‘Shai-Hulud’ Supply Chain Attack 2025-11-25 at 12:58 By Ionut Arghire The new self-replicating worm iteration has destructive capabilities, erasing home directory contents if it cannot spread to more repositories. The post 640 NPM Packages Infected in New ‘Shai-Hulud’ Supply Chain Attack appeared first on SecurityWeek. This article is an

640 NPM Packages Infected in New ‘Shai-Hulud’ Supply Chain Attack Read More »

Chinese Cyberspies Deploy ‘BadAudio’ Malware via Supply Chain Attacks

Chinese Cyberspies Deploy ‘BadAudio’ Malware via Supply Chain Attacks 2025-11-21 at 13:46 By Ionut Arghire APT24 has been relying on various techniques to drop the BadAudio downloader and then deploy additional payloads. The post Chinese Cyberspies Deploy ‘BadAudio’ Malware via Supply Chain Attacks appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View

Chinese Cyberspies Deploy ‘BadAudio’ Malware via Supply Chain Attacks Read More »

Scroll to Top