Tag: antivirus
-
Free Antivirus Software Face-Off: Which One Protects Best in 2026?
Find the best free antivirus software of 2026. Compare Bitdefender, Avira, Kaspersky more for features, speed, and real-time defense. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/products/best-free-antivirus-software/
-
Technical Analysis of SnappyClient
Tags: access, antivirus, api, attack, browser, chrome, cloud, communications, computer, control, credentials, crypto, data, defense, detection, encryption, endpoint, finance, framework, github, infection, injection, jobs, login, malicious, malware, network, password, software, startup, theft, threat, update, windowsIntroductionIn December 2025, Zscaler ThreatLabz identified a new command-and-control (C2) framework implant that we track as SnappyClient, which was delivered using HijackLoader. SnappyClient has an extended list of capabilities including taking screenshots, keylogging, a remote terminal, and data theft from browsers, extensions, and other applications. In this blog post, ThreatLabz provides a technical analysis of SnappyClient, including…
-
Zombie ZIP method can fool antivirus during the first scan
Researchers published about the Zombie ZIP vulnerability (or not a vulnerability, that’s up for debate) that can bypass a first AV inspection. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/zombie-zip-method-can-fool-antivirus-during-the-first-scan/
-
Hackers Use Cloudflare Human Check to Hide Microsoft 365 Phishing Pages
Scammers are hijacking popular security tools like Cloudflare to hide fake Microsoft 365 login pages. Learn how this new invisible phishing campaign bypasses antivirus software and how you can stay safe. First seen on hackread.com Jump to article: hackread.com/hackers-cloudflare-human-check-microsoft-365-phishing/
-
BlackSanta Malware Shuts Down Protections, Targets HR and Recruiting Operations
Russian threat actors for more than a year have targeted HR and recruiting operations in a sophisticated phishing and infostealing campaign that includes a component, dubbed BlackSanta, that can shut down antivirus tools and EDR protections before deploying the malware that exfiltrates data, Aryaka researchers say. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/blacksanta-malware-shuts-down-protections-targets-hr-and-recruiting-operations/
-
Header-Manipulationstechnik: Zombie Zip trickst fast alle Antivirus-Tools aus
Angreifer können Zip-verpackte Malware leicht an gängigen Antivirus-Lösungen vorbeischleusen. Eset-Nutzer kennen das Problem seit über 20 Jahren. First seen on golem.de Jump to article: www.golem.de/news/header-manipulationstechnik-zombie-zip-trickst-fast-alle-antivirus-tools-aus-2603-206357.html
-
New ‘Zombie ZIP’ technique lets malware slip past security tools
A new technique dubbed “Zombie ZIP” helps conceal payloads in compressed files specially created to avoid detection from security solutions such as antivirus and endpoint detection and response (EDR) products. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-zombie-zip-technique-lets-malware-slip-past-security-tools/
-
Attackers Use Malformed ZIP Archives to Evade Antivirus and EDR Tools
Cybersecurity researchers at the CERT Coordination Center (CERT/CC) have issued a warning regarding a newly disclosed evasion technique tracked as VU#976247. Threat actors are increasingly utilizing malformed ZIP archives to bypass Antivirus (AV) and Endpoint Detection and Response (EDR) scanning engines. By manipulating the internal headers of these archives, attackers can successfully hide malicious payloads,…
-
State-affiliated hackers set up for critical OT attacks that operators may not detect
Tags: access, antivirus, attack, conference, control, credentials, cyberattack, cybersecurity, data, data-breach, defense, detection, exploit, firmware, fortinet, group, hacker, incident response, infrastructure, Internet, Intruder, lessons-learned, malware, mfa, monitoring, network, password, penetration-testing, phishing, regulation, russia, service, spear-phishing, supply-chain, threat, tool, ukraine, update, vulnerabilityRussia’s OT attack teams expand beyond Ukraine: The Russia-linked pair Kamacite and Electrum, which Dragos has tracked since the mid-2010s and is responsible for the 2015 and 2016 cyberattacks that took down parts of Ukraine’s power grid, expanded operations into NATO territory in 2025 after years focused almost exclusively on Ukrainian targets.Kamacite, which serves as…
-
State-affiliated hackers set up for critical OT attacks that operators may not detect
Tags: access, antivirus, attack, conference, control, credentials, cyberattack, cybersecurity, data, data-breach, defense, detection, exploit, firmware, fortinet, group, hacker, incident response, infrastructure, Internet, Intruder, lessons-learned, malware, mfa, monitoring, network, password, penetration-testing, phishing, regulation, russia, service, spear-phishing, supply-chain, threat, tool, ukraine, update, vulnerabilityRussia’s OT attack teams expand beyond Ukraine: The Russia-linked pair Kamacite and Electrum, which Dragos has tracked since the mid-2010s and is responsible for the 2015 and 2016 cyberattacks that took down parts of Ukraine’s power grid, expanded operations into NATO territory in 2025 after years focused almost exclusively on Ukrainian targets.Kamacite, which serves as…
-
Fake Huorong Site Delivers ValleyRAT Backdoor in Targeted Malware Campaign
A typosquatted copy of the popular Huorong Security antivirus site is being used to deliver ValleyRAT, a modular remote access trojan (RAT) built on the Winos4.0 framework, to users who believe they are downloading legitimate protection software. The attackers registered huoronga[.]com adding a single “a” to the legitimate huorong.cn domain as part of a typosquatting strategy designed…
-
Hackers Hide Pulsar RAT Inside PNG Images in New NPM Supply Chain Attack
Cybersecurity researchers at Veracode reveal a typosquatting attack that disguises Pulsar RAT as images to bypass Windows security and antivirus programs. First seen on hackread.com Jump to article: hackread.com/hackers-pulsar-rat-png-images-npm-supply-chain-attack/
-
TDL 016 – Speed, Risk, and Responsibility in the Age of AI – Rafael Ramirez
Tags: access, ai, antivirus, automation, awareness, business, ciso, cloud, control, country, cyber, data, defense, detection, dns, firewall, governance, government, hacker, ibm, incident response, intelligence, Internet, law, linkedin, login, mfa, microsoft, network, risk, saas, service, skills, software, startup, strategy, technology, threat, tool, training, update, vulnerability, windows, zero-trustSummary In a recent episode of The Defenders Log, host David Redekop sat down with cyber security expert Rafael Ramirez to navigate the rapidly shifting landscape of AI security. As we move deeper into 2026, the duo explored how artificial intelligence has evolved from simple chatbots into powerful, autonomous “agentic” systems. The Double-Edged Sword of…
-
Fake ‘Antivirus’ App Spreads Android Malware, Steals Banking Credentials
A fake Android antivirus app called TrustBastion is spreading malware and stealing banking credentials. Here’s how it works and how to stay protected. The post Fake ‘Antivirus’ App Spreads Android Malware, Steals Banking Credentials appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-fake-android-antivirus-trustbastion-malware/
-
FileZen Flaw Allows Attackers to Execute Commands Remotely
A high-severity vulnerability in FileZen, a file transfer solution developed by Soliton Systems K.K., enables authenticated attackers to remotely execute arbitrary operating system commands on affected systems. The security flaw, tracked as CVE-2026-25108, poses a severe risk to organizations using vulnerable versions of the software, particularly those with the Antivirus Check Option enabled. The vulnerability…
-
FileZen Flaw Allows Attackers to Execute Commands Remotely
A high-severity vulnerability in FileZen, a file transfer solution developed by Soliton Systems K.K., enables authenticated attackers to remotely execute arbitrary operating system commands on affected systems. The security flaw, tracked as CVE-2026-25108, poses a severe risk to organizations using vulnerable versions of the software, particularly those with the Antivirus Check Option enabled. The vulnerability…
-
Node.js LTX Stealer Emerges as New Threat to Login Credentials
A new, sophisticated malware campaign dubbed >>LTX Stealer.<< This malware represents a shift in attacker techniques, utilizing legitimate software frameworks and cloud services to hide its activities and steal sensitive user data. By mimicking standard Windows processes, LTX Stealer is designed to operate quietly, making it difficult for traditional antivirus systems to detect. The malware…
-
DKnife targets network gateways in long running AitM campaign
Indicators point to China-Nexus development and targeting: Several aspects of DKnife’s design and operation suggested ties to China-aligned threat actors. Talos identified configuration data and code comments written in Simplified Chinese, as well as handling logic tailored for Chinese-language email providers and mobile applications.The framework was also found to enable credential collection from services used…
-
DKnife targets network gateways in long running AitM campaign
Indicators point to China-Nexus development and targeting: Several aspects of DKnife’s design and operation suggested ties to China-aligned threat actors. Talos identified configuration data and code comments written in Simplified Chinese, as well as handling logic tailored for Chinese-language email providers and mobile applications.The framework was also found to enable credential collection from services used…
-
eScan Antivirus Update Servers Compromised to Deliver Multi-Stage Malware
The update infrastructure for eScan antivirus, a security solution developed by Indian cybersecurity company MicroWorld Technologies, has been compromised by unknown attackers to deliver a persistent downloader to enterprise and consumer systems.”Malicious updates were distributed through eScan’s legitimate update infrastructure, resulting in the deployment of multi-stage malware to enterprise First seen on thehackernews.com Jump to…
-
eScan AV users targeted with malicious updates
The update infrastructure for eScan antivirus, a product of Indian cybersecurity company MicroWorld Technologies, has been compromised by unknown attackers to deliver a … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/01/29/escan-antivirus-update-supply-chain-compromised/
-
eScan AV supply chain compromise: Users targeted with malicious updates
The update infrastructure for eScan antivirus, a product of Indian cybersecurity company MicroWorld Technologies, has been compromised by unknown attackers to deliver a … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/01/29/escan-antivirus-update-supply-chain-compromised/
-
eScan Antivirus Update Server Breached to Deliver Malicious Software Updates
MicroWorld Technologies’ eScan antivirus platform fell victim to a sophisticated supply chain attack on January 20, 2026, when threat actors compromised legitimate update infrastructure to distribute multi-stage malware to enterprise and consumer endpoints worldwide. Security researchers immediately alerted the vendor, which isolated the affected infrastructure within one hour and took its global update system offline…
-
Virenschutz ade: Malware über Update-Server von Antivirus-Tool verteilt
Angreifer haben über das Antivirus-Tool eScan Malware auf Nutzersysteme geschleust. Ein Update-Server des Anbieters war kompromittiert. First seen on golem.de Jump to article: www.golem.de/news/von-wegen-virenschutz-malware-ueber-update-server-von-antivirus-tool-verteilt-2601-204754.html
-
Von wegen Virenschutz: Malware über Update-Server von Antivirus-Tool verteilt
Angreifer haben über das Antivirus-Tool eScan Malware auf Nutzersysteme geschleust. Ein Update-Server des Anbieters war kompromittiert. First seen on golem.de Jump to article: www.golem.de/news/von-wegen-virenschutz-malware-ueber-update-server-von-antivirus-tool-verteilt-2601-204754.html
-
APT Attacks Target Indian Government Using GOGITTER, GITSHELLPAD, and GOSHELL – Part 1
Tags: access, adobe, ai, antivirus, api, apt, attack, authentication, backdoor, backup, cloud, control, data, data-breach, detection, email, endpoint, github, google, government, group, india, infection, infrastructure, injection, Internet, malicious, malware, microsoft, network, phishing, service, spear-phishing, threat, tool, update, windowsIntroductionIn September 2025, Zscaler ThreatLabz identified two campaigns, tracked as Gopher Strike and Sheet Attack, by a threat actor that operates in Pakistan and primarily targets entities in the Indian government. In both campaigns, ThreatLabz identified previously undocumented tools, techniques, and procedures (TTPs). While these campaigns share some similarities with the Pakistan-linked Advanced Persistent Threat (APT) group, APT36, we…
-
eScan Antivirus Supply Chain Breach Delivers Signed Malware
Supply chain breach in eScan antivirus distributes multi-stage malware via legitimate updates First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/escan-antivirus-breach-delivers/
-
eScan Antivirus Supply Chain Breach Delivers Signed Malware
Supply chain breach in eScan antivirus distributes multi-stage malware via legitimate updates First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/escan-antivirus-breach-delivers/