Collecting Cyber-News from over 60 sources

Tag: infection

Keenadu: Android malware that comes preinstalled and can’t be removed by users

Feb 18, 2026 1:58 PM

Tags: access, ai, android, backdoor, banking, browser, cctv, chrome, control, credentials, data, endpoint, firmware, governance, identity, infection, kaspersky, malware, mitigation, mobile, network, risk, software, update

Embedded in core system apps: Keenadu can control legitimate system applications on affected devices. Kaspersky observed it inside critical components such as face unlock applications, raising the possibility that attackers could access biometric data. The malware was also found operating within the home screen app that controls the device’s primary interface.The researchers warned that the…
Fake CAPTCHA Attack Chain Triggers Enterprise-Wide Malware Infection in Organizations

Feb 18, 2026 12:58 PM

Tags: attack, captcha, cyber, infection, malware, social-engineering, threat

Fake CAPTCHA (ClickFix) pages are enabling threat actors to turn a single user click into an enterprise”‘wide compromise, as seen in a recent incident affecting a major Polish organization. The campaign chained social engineering, DLL side”‘loading, and dual malware families (Latrodectus and Supper) to gain persistence, perform reconnaissance, and prepare the environment for potential follow”‘on…
Fake CAPTCHA Attack Chain Triggers Enterprise-Wide Malware Infection in Organizations

Feb 18, 2026 12:58 PM

Tags: attack, captcha, cyber, infection, malware, social-engineering, threat

Fake CAPTCHA (ClickFix) pages are enabling threat actors to turn a single user click into an enterprise”‘wide compromise, as seen in a recent incident affecting a major Polish organization. The campaign chained social engineering, DLL side”‘loading, and dual malware families (Latrodectus and Supper) to gain persistence, perform reconnaissance, and prepare the environment for potential follow”‘on…
China-linked snoops have been exploiting Dell 0-day since mid-2024, using ‘ghost NICs’ to avoid detection

Feb 18, 2026 1:58 AM

Tags: china, detection, exploit, infection, zero-day

Full scale of infections remains ‘unknown’ First seen on theregister.com Jump to article: www.theregister.com/2026/02/18/dell_0day_brickstorm_campaign/
ZeroDayRAT spyware targets Android and iOS devices via commercial toolkit

Feb 17, 2026 2:58 PM

Tags: android, control, detection, edr, email, exploit, infection, malicious, mobile, software, spyware, threat, unauthorized, vulnerability

Reliance on deception and not exploits: Despite the name, ZeroDayRAT does not depend on undisclosed operating system vulnerabilities to infect devices. Instead, the primary infection vector is social engineering. Victims are persuaded to install a malicious application or configuration profile disguised as legitimate software, often delivered through links shared via SMS, email, or messaging platforms.While…
Threat Actors Target OpenClaw Configurations to Steal Login Credentials

Feb 17, 2026 6:58 AM

Tags: ai, credentials, crypto, cyber, infection, login, malware, theft, threat

A new wave of infostealer activity targeting OpenClaw, an emerging AI assistant platform. The discovery marks a major turning point in the behavior of infostealer malware moving beyond browser and cryptocurrency theft to focus on AI configuration environments that hold deep digital identities and sensitive metadata. Hudson Rock detected a live infection where an infostealer successfully…
Washington Hotel in Japan discloses ransomware infection incident

Feb 16, 2026 10:58 PM

Tags: attack, business, infection, ransomware

The Washington Hotel brand in Japan has announced that that its servers were compromised in a ransomware attack, exposing various business data. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/washington-hotel-in-japan-discloses-ransomware-infection-incident/
Infostealer Steals OpenClaw AI Agent Configuration Files and Gateway Tokens

Feb 16, 2026 8:58 PM

Tags: ai, credentials, cybersecurity, infection

Cybersecurity researchers disclosed they have detected a case of an information stealer infection successfully exfiltrating a victim’s OpenClaw (formerly Clawdbot and Moltbot) configuration environment.”This finding marks a significant milestone in the evolution of infostealer behavior: the transition from stealing browser credentials to harvesting the ‘souls’ and identities of personal AI [ First seen on thehackernews.com…
OysterLoader Evolves With New C2 Infrastructure and Obfuscation

Feb 16, 2026 5:58 PM

Tags: infection, infrastructure, malware

OysterLoader malware evolves into 2026, refining C2 infrastructure, obfuscation & infection stages First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/oysterloader-new-c2-infrastructure/
New ClickFix Attack Wave Targets Windows Systems to Deploy StealC Stealer

Feb 13, 2026 7:58 AM

Tags: attack, captcha, credentials, crypto, cyber, email, infection, malicious, powershell, windows

A new wave of ClickFix attacks is targeting Windows users with fake Cloudflare-style CAPTCHA verification pages that trick victims into executing malicious PowerShell commands. This campaign delivers a multi-stage, fileless infection chain that ends with StealC, a powerful information stealer capable of harvesting credentials, cryptocurrency wallets, gaming accounts, emails, and detailed system fingerprints. The operation…
Fake CAPTCHA Attacks Exploit Key Entry Point for LummaStealer Malware

Feb 12, 2026 7:58 AM

Tags: attack, captcha, credentials, crypto, cyber, data, exploit, infection, law, malware

Fake CAPTCHA attacks are now a key entry point for a new wave of LummaStealer infections, with CastleLoader loaders turning simple web clicks into full system compromise. Less than a year after a major law-enforcement takedown, the infostealer’s operators have rebuilt at scale and are again harvesting credentials, crypto wallets, and personal data worldwide. LummaStealer…
LummaStealer infections surge after CastleLoader malware campaigns

Feb 11, 2026 6:22 PM

Tags: infection, malware, social-engineering

A surge in LummaStealer infections has been observed, driven by social engineering campaigns leveraging the ClickFix technique to deliver the CastleLoader malware. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/lummastealer-infections-surge-after-castleloader-malware-campaigns/
10,000+ Active Infections Traced to SystemBC Botnet

Feb 5, 2026 11:17 PM

Tags: botnet, infection

Researchers identified over 10,000 active infections linked to the SystemBC proxy malware. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/10000-active-infections-traced-to-systembc-botnet/
New DesckVB RAT Unveiled with Multi-Stage Infection Chain and Plugin-Based Architecture

Feb 5, 2026 8:13 AM

Tags: access, cyber, infection, malware, rat

A sophisticated strain of the DeskVB Remote Access Trojan (RAT) has been identified in the wild, showcasing a highly modular architecture and a complex, multi-stage infection chain. While the malware family itself is not entirely new, this latest iteration (v2.9.0.0) stands out for its operational stability and >>plugin-based<< design, which allow attackers to deploy capabilities…
Russian hackers exploited a critical Office bug within days of disclosure

Feb 4, 2026 2:13 PM

Tags: access, attack, cisa, cloud, control, cve, data, data-breach, detection, email, espionage, exploit, flaw, framework, github, group, hacker, infection, intelligence, kev, malicious, malware, microsoft, mitigation, office, risk, russia, update, vulnerability, windows

One campaign, two infection paths: ZScaler found that exploitation of CVE-2026-21509 did not lead to a single uniform payload. Instead, the initial RTF-based exploit branched into two distinct infection paths, each serving a different operational purpose. The choice of dropper reportedly determined whether the attackers prioritized near-term intelligence collection or longer-term access to compromised systems.In…
Russian Hackers Weaponize Microsoft Office Bug in Just 3 Days

Feb 4, 2026 12:13 AM

Tags: attack, hacker, infection, malicious, microsoft, office, russia

APT28’s attacks rely on specially crafted Microsoft Rich Text Format (RTF) documents to kick off a multistage infection chain to deliver malicious payloads. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/russian-hackers-weaponize-office-bug-within-days
APT28 Leverages CVE-2026-21509 in Operation Neusploit

Feb 3, 2026 8:13 AM

Tags: access, api, attack, backdoor, cloud, communications, control, cve, data, detection, email, encryption, endpoint, exploit, github, group, infection, malicious, malware, microsoft, office, open-source, phishing, russia, service, startup, threat, tool, ukraine, update, vulnerability, windows

IntroductionIn January 2026, Zscaler ThreatLabz identified a new campaign in-the-wild, tracked as Operation Neusploit, targeting countries in the Central and Eastern European region. In this campaign, the threat actor leveraged specially crafted Microsoft RTF files to exploit CVE-2026-21509 and deliver malicious backdoors in a multi-stage infection chain. Due to significant overlaps in tools, techniques, and procedures (TTPs)…
Zero-Day in Microsoft Office Enables Stealthy Malware Infections

Feb 2, 2026 11:14 PM

Tags: cve, cyber, exploit, government, infection, infrastructure, malicious, malware, microsoft, office, vulnerability, zero-day

Microsoft disclosed a critical zero-day vulnerability in Office products on January 26, 2026, tracked as CVE-2026-21509, with active exploitation in the wild confirmed. The vulnerability enables attackers to deploy sophisticated malware through malicious document files, targeting government organizations and critical infrastructure. Indicator Type Value CVE CVE-2026-21509 Malicious Domains freefoodaid[.]com, wellnesscaremed[.]com, wellnessmedcare[.]org C2 Infrastructure *.filen.net, *.filen.io…
Pulsar RAT Targets Windows Systems via Per-User Run Key, Exfiltrates Sensitive Data

Feb 2, 2026 11:14 PM

Tags: access, attack, control, cyber, data, infection, malware, rat, windows

A sophisticated multi-stage malware campaign leveraging living-off-the-land techniques and in-memory payload delivery has been discovered targeting Windows systems. The attack employs Pulsar RAT, a full-featured remote access trojan combined with advanced stealer capabilities, using evasion techniques designed to bypass traditional security controls and maintain persistent access. The infection chain begins with a hidden batch file…
Not a Kids Game: From Roblox Mod to Compromising Your Company

Jan 29, 2026 5:25 PM

Tags: corporate, infection, malware

Seemingly harmless game mods can hide infostealer malware that quietly steals identities. Flare shows how Roblox mods can turn a home PC infection into corporate compromise. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/not-a-kids-game-from-roblox-mod-to-compromising-your-company/
A fake romance turns into an Android spyware infection

Jan 29, 2026 5:21 AM

Tags: android, infection, malicious, scam, spyware, tactics

ESET researchers have identified an Android spyware campaign that uses romance scam tactics to target individuals in Pakistan. The operation relies on a malicious app … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/01/29/ghostchat-android-romance-spyware/
APT Attacks Target Indian Government Using SHEETCREEP, FIREPOWER, and MAILCREEP – Part 2

Jan 27, 2026 6:24 PM

Tags: access, ai, api, apt, attack, backdoor, backup, cloud, control, credentials, data, dns, email, exploit, github, google, government, group, india, infection, infrastructure, Internet, linux, malicious, malware, microsoft, monitoring, network, phishing, powershell, programming, service, tactics, threat, tool, update, windows

This is Part 2 of our two-part technical analysis on the Gopher Strike and Sheet Attack campaigns. For details on the Gopher Strike campaign, go to Part 1.IntroductionIn September 2025, Zscaler ThreatLabz uncovered three additional backdoors, SHEETCREEP, FIREPOWER, and MAILCREEP, used to power the Sheet Attack campaign. In Part 2 of this series, ThreatLabz will…
APT Attacks Target Indian Government Using GOGITTER, GITSHELLPAD, and GOSHELL – Part 1

Jan 26, 2026 9:21 PM

Tags: access, adobe, ai, antivirus, api, apt, attack, authentication, backdoor, backup, cloud, control, data, data-breach, detection, email, endpoint, github, google, government, group, india, infection, infrastructure, injection, Internet, malicious, malware, microsoft, network, phishing, service, spear-phishing, threat, tool, update, windows

IntroductionIn September 2025, Zscaler ThreatLabz identified two campaigns, tracked as Gopher Strike and Sheet Attack, by a threat actor that operates in Pakistan and primarily targets entities in the Indian government. In both campaigns, ThreatLabz identified previously undocumented tools, techniques, and procedures (TTPs). While these campaigns share some similarities with the Pakistan-linked Advanced Persistent Threat (APT) group, APT36, we…
Judge awards British critic of Saudis $4.1 million, finds the regime hacked his devices

Jan 26, 2026 6:21 PM

Tags: infection, spyware

A London judge said there was a “compelling basis” to conclude that Saudi Arabia was behind spyware infections aimed at YouTuber and regime critic Ghanem Al-Masarir. First seen on therecord.media Jump to article: therecord.media/london-judge-sides-with-saudi-critic-spyware-case
The cybercrime industry continues to challenge CISOs in 2026

Jan 23, 2026 8:30 PM

Tags: access, ai, attack, automation, backup, best-practice, breach, business, ciso, compliance, control, credentials, crime, crowdstrike, cyber, cybercrime, cybersecurity, data, data-breach, deep-fake, defense, detection, disinformation, espionage, exploit, extortion, fortinet, framework, fraud, governance, group, hacker, hacking, identity, incident response, infection, infrastructure, insurance, intelligence, malware, metric, network, phishing, ransom, ransomware, resilience, risk, saas, service, soar, social-engineering, sophos, strategy, supply-chain, technology, theft, threat, tool, training, update, usa, vpn, vulnerability

Evolution of the security strategy: Alessandro Armenia, global head of cybersecurity at ReeVo, believes that three key aspects are emerging in the current landscape: “First, attacks are no longer isolated events, but coordinated, in some cases automated, operations that often originate within the organizations themselves, for example, due to human error or exposed credentials. Second,…
The cybercrime industry continues to challenge CISOs in 2026

Jan 23, 2026 8:30 PM

Tags: access, ai, attack, automation, backup, best-practice, breach, business, ciso, compliance, control, credentials, crime, crowdstrike, cyber, cybercrime, cybersecurity, data, data-breach, deep-fake, defense, detection, disinformation, espionage, exploit, extortion, fortinet, framework, fraud, governance, group, hacker, hacking, identity, incident response, infection, infrastructure, insurance, intelligence, malware, metric, network, phishing, ransom, ransomware, resilience, risk, saas, service, soar, social-engineering, sophos, strategy, supply-chain, technology, theft, threat, tool, training, update, usa, vpn, vulnerability

Evolution of the security strategy: Alessandro Armenia, global head of cybersecurity at ReeVo, believes that three key aspects are emerging in the current landscape: “First, attacks are no longer isolated events, but coordinated, in some cases automated, operations that often originate within the organizations themselves, for example, due to human error or exposed credentials. Second,…
What are drive-by download attacks?

Jan 23, 2026 2:30 PM

Tags: attack, cyber, infection, malicious, malware, software, threat

A drive-by download attack is a type of cyber threat where malicious software is downloaded and installed on a user’s device without their knowledge or consent simply by visiting a compromised or malicious website. Unlike traditional malware attacks, users often do not have to click a link or open an attachment, the infection can… First…
Fortinet Firewalls Hit With Malicious Configuration Changes

Jan 22, 2026 11:30 PM

Tags: firewall, fortinet, infection, malicious, threat

Automated infections of potentially fully patched FortiGate devices are allowing threat actors to steal firewall configuration files. First seen on darkreading.com Jump to article: www.darkreading.com/cloud-security/fortinet-firewalls-malicious-configuration-changes
Hackers Exploit Visual Studio Code to Deploy Malicious Payloads on Victim Systems

Jan 21, 2026 8:32 AM

Tags: attack, cyber, exploit, github, gitlab, hacker, infection, malicious, microsoft

The attack arsenal by extensively abusing Microsoft Visual Studio Code configuration files to deliver and execute malicious payloads on compromised systems. This evolution in the Contagious Interview campaign represents a sophisticated shift toward weaponizing legitimate developer tools. The infection chain begins when victims clone and open malicious Git repositories hosted on GitHub or GitLab, typically…
CrashFix attack hijacks browser failures to deliver ModelRAT malware via fake Chrome extension

Jan 20, 2026 2:13 PM

Tags: access, attack, browser, chrome, control, detection, infection, malicious, malware

Payload delivery: When the user executes the supplied commands, a multistage infection process begins that ultimately deploys a previously undocumented Python-based remote access trojan, which the researchers dubbed ModelRAT. The malware establishes persistence and enables remote control of the infected system.Huntress’ telemetry suggested differing behavior based on the environment. Systems joined to a domain were…