Tag: malicious
-
Cyberattack Hits Poland’s Nuclear Research Center
Poland’s National Centre for Nuclear Research recently experienced a targeted cyberattack aimed at its IT infrastructure. Security teams successfully thwarted the intrusion before malicious actors could compromise critical systems or access sensitive data. The facility, which houses the country’s sole operational nuclear reactor, maintained full operational continuity throughout the entire security incident. As cyber threats…
-
GlassWorm Campaign Expands Through Malicious Open VSX Extensions
A large-scale malicious campaign tied to GlassWorm has expanded within the ecosystem of open VSX extensions, introducing a method of spreading malware through developer tools. Researchers identified at least 72 additional malicious open VSX extensions beginning January 31, 2026, including several that function as transitive GlassWorm loader extensions aimed at developers. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/glassworm-malicious-campaign/
-
Open VSX extensions hijacked: GlassWorm malware spreads via dependency abuse
Tags: ai, blockchain, control, exploit, infrastructure, malicious, malware, software, supply-chain, tool, updateThe evolving GlassWorm: Earlier research into the GlassWorm operation has revealed techniques such as heavy code obfuscation, the use of Unicode characters to hide malicious logic, and infrastructure that retrieves command-and-control servers through blockchain transactions, making the campaign more resilient to takedowns.The latest wave also mimics widely used developer tools to maximise installation chances. “The…
-
Open VSX extensions hijacked: GlassWorm malware spreads via dependency abuse
Tags: ai, blockchain, control, exploit, infrastructure, malicious, malware, software, supply-chain, tool, updateThe evolving GlassWorm: Earlier research into the GlassWorm operation has revealed techniques such as heavy code obfuscation, the use of Unicode characters to hide malicious logic, and infrastructure that retrieves command-and-control servers through blockchain transactions, making the campaign more resilient to takedowns.The latest wave also mimics widely used developer tools to maximise installation chances. “The…
-
Nine critical vulnerabilities in Linux AppArmor put over 12M enterprise systems at risk
From profile manipulation to root shell: The blog post detailed a full privilege escalation chain demonstrated on a default Ubuntu Server installation with the Postfix mail server. By loading a crafted security profile that blocks a specific privilege-dropping capability in Sudo, the researchers said they forced Sudo into a “fail-open” condition: unable to shed its…
-
Nine critical vulnerabilities in Linux AppArmor put over 12M enterprise systems at risk
From profile manipulation to root shell: The blog post detailed a full privilege escalation chain demonstrated on a default Ubuntu Server installation with the Postfix mail server. By loading a crafted security profile that blocks a specific privilege-dropping capability in Sudo, the researchers said they forced Sudo into a “fail-open” condition: unable to shed its…
-
Google Unveils Android 17 Advanced Protection Mode to Stop Malicious Services
Google is preparing to launch Android 17, introducing a comprehensive suite of new features aimed at fundamentally improving device security, user privacy, and performance debugging. At the forefront of this release is the highly anticipated Android Advanced Protection Mode (AAPM), a powerful new feature designed to safeguard users from increasingly sophisticated cyberattacks and stop malicious…
-
Google Unveils Android 17 Advanced Protection Mode to Stop Malicious Services
Google is preparing to launch Android 17, introducing a comprehensive suite of new features aimed at fundamentally improving device security, user privacy, and performance debugging. At the forefront of this release is the highly anticipated Android Advanced Protection Mode (AAPM), a powerful new feature designed to safeguard users from increasingly sophisticated cyberattacks and stop malicious…
-
45,000 malicious IP addresses taken down, 94 suspects arrested
An international law enforcement operation has taken down more than 45,000 malicious IP addresses and servers linked to phishing, malware, and ransomware activity. The action … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/03/16/interpol-operation-synergia-iii-cybercrime-infrastructure-takedown/
-
Konni Hijacks KakaoTalk Accounts in Spear-Phishing Malware Campaign
Konni APT recently ran a multi-stage malware operation that hijacked KakaoTalk accounts to spread remote access trojans (RATs) through highly targeted spear”‘phishing.”‹ The message used contextual content aligned with the victim’s role to build trust and trick them into opening an attached archive. That archive contained a malicious LNK shortcut masquerading as a document; once…
-
When insider risk is a wellbeing issue, not just a disciplinary one
Tags: access, breach, compliance, control, cyber, data, exploit, finance, group, malicious, monitoring, resilience, risk, risk-management, security-incident, threat, training, vulnerabilityWritten by Katie Barnett, Director of Cyber Security at Toro Solutions Insider risk is still often framed around intent, with the focus placed on malicious employees, disgruntled contractors, or deliberate misuse of access for personal gain.Those cases exist and they matter, but they are rarely where risk first begins, and they do not reflect how…
-
When insider risk is a wellbeing issue, not just a disciplinary one
Tags: access, breach, compliance, control, cyber, data, exploit, finance, group, malicious, monitoring, resilience, risk, risk-management, security-incident, threat, training, vulnerabilityWritten by Katie Barnett, Director of Cyber Security at Toro Solutions Insider risk is still often framed around intent, with the focus placed on malicious employees, disgruntled contractors, or deliberate misuse of access for personal gain.Those cases exist and they matter, but they are rarely where risk first begins, and they do not reflect how…
-
PDF Phishing: How Cybercriminals Exploit PDF Documents in Modern Email Attacks
Key Takeaways PDF phishing is a fast-growing email attack technique where cybercriminals hide malicious links, QR codes, or credential forms inside seemingly legitimate PDF attachments. Attackers exploit the trust people place in PDFs, disguising phishing documents as invoices, contracts, HR forms, or delivery notifications to trick users into interacting with them. Malicious elements inside PDFs,……
-
AppsFlyer Web SDK hijacked to spread crypto-stealing JavaScript code
The AppsFlyer Web SDK was temporarily hijacked this week with malicious code used to steal cryptocurrency in a supply-chain attack. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/appsflyer-web-sdk-used-to-spread-crypto-stealer-javascript-code/
-
AppsFlyer Web SDK used to spread crypto stealer JavaScript code
Malicious JavaScript code delivered by the AppsFlyer Web SDK hijacked cryptocurrency, potentially in a supply-chain attack. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/appsflyer-web-sdk-used-to-spread-crypto-stealer-javascript-code/
-
GlassWorm Supply-Chain Attack Abuses 72 Open VSX Extensions to Target Developers
Cybersecurity researchers have flagged a new iteration of the GlassWorm campaign that they say represents a “significant escalation” in how it propagates through the Open VSX registry.”Instead of requiring every malicious listing to embed the loader directly, the threat actor is now abusing extensionPack and extensionDependencies to turn initially standalone-looking extensions into transitive First seen…
-
Interpol Operation Synergia III leads to 45,000 malicious IPs dismantled and 94 arrests worldwide
INTERPOL dismantled 45,000 malicious IPs and servers and arrested 94 suspects in a global cybercrime operation. INTERPOL announced a global cybercrime operation (codenamed Operation Synergia III) involving 72 countries that dismantled 45,000 malicious IP addresses and servers linked to phishing, malware, and ransomware. The international law enforcement operation led to 94 arrests, 110 ongoing investigations,…
-
GlassWorm Spreads via 72 Malicious Open VSX Extensions Hidden in Transitive Dependencies
The GlassWorm malware campaign has evolved, significantly escalating its attacks on software developers. Instead of embedding malware directly into initial releases, the threat actors are now using transitive dependencies to sneak malicious code into developer environments. This stealthy approach allows a seemingly safe package to pull in a separate, infected extension only after establishing trust.…
-
Global Authorities Take Down 45,000 Malicious IPs Used in Ransomware Campaigns
Tags: cyber, cybercrime, infrastructure, international, interpol, law, malicious, malware, phishing, ransomwareAn unprecedented international law enforcement effort has successfully dismantled a massive cybercrime network. Coordinated by INTERPOL, the initiative targeted critical infrastructure used in phishing, malware, and ransomware campaigns worldwide. Operation Synergia III Dubbed >>Operation Synergia III,<< the global crackdown took place between July 18, 2025, and January 31, 2026. The operation brought together law enforcement…
-
FBI seeks victims of Steam games used to spread malware
The FBI is asking gamers who installed Steam titles containing malware to provide information as part of an ongoing investigation into eight malicious games uploaded to the gaming platform. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/fbi-seeks-victims-of-steam-games-used-to-spread-malware/
-
INTERPOL Operation Synergia III Shuts Down 45,000 Malicious IPs, 94 Arrested
INTERPOL’s Operation Synergia III led to 94 arrests and the takedown of 45,000 malicious IPs in 72 countries targeting phishing, malware, and fraud networks. First seen on hackread.com Jump to article: hackread.com/interpol-operation-synergia-iii-malicious-ip-94-arrest/
-
Critical Chrome Security Flaws Threaten Billions of Users Worldwide
Google patches two actively exploited Chrome vulnerabilities that could allow attackers to crash browsers or run malicious code. Billions of users urged to update. The post Critical Chrome Security Flaws Threaten Billions of Users Worldwide appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-chrome-zero-day-vulnerabilities-exploited-update/
-
Microsoft Authenticator Flaw on Android, iOS Could Leak Login Codes for Millions
A vulnerability in Microsoft Authenticator for Android and iOS could expose login codes to malicious apps on the same device. Microsoft has released a patch. The post Microsoft Authenticator Flaw on Android, iOS Could Leak Login Codes for Millions appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-microsoft-authenticator-vulnerability-android-ios-login-codes/
-
Interpol obliterates cyber criminal infrastructure
A major Interpol operation has resulted in the seizure of thousands of malicious cyber criminal IP addresses and servers, and multiple arrests. First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366640293/Interpol-obliterates-cyber-criminal-infrastructure
-
Interpol’s ‘Operation Synergia III’ Nets 94 Arrests in Major Cybercrime Sweep
A new law enforcement operation against phishing and ransomware operators led to the takedown of 45,000 malicious IP addresses First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/interpol-operation-synergia3-94/
-
US and European authorities disrupt socksEscort proxy service tied to AVrecon botnet
Authorities in the US and Europe disrupted the SocksEscort proxy service, which used the AVrecon botnet and infected about 360,000 devices since 2020. Law enforcement agencies in the US and Europe have disrupted SocksEscort, a malicious proxy service powered by the AVrecon botnet. Active since 2020, the service hijacked roughly 360,000 devices and allowed cybercriminals…
-
INTERPOL Dismantles 45,000 Malicious IPs, Arrests 94 in Global Cybercrime
Tags: cybercrime, international, interpol, law, malicious, malware, network, phishing, ransomware, threatINTERPOL on Friday announced the takedown of 45,000 malicious IP addresses and servers used in connection with phishing, malware, and ransomware campaigns, as part of the agency’s ongoing efforts to dismantle criminal networks, disrupt emerging threats, and safeguard victims from scams.The effort is part of an international law enforcement operation that involved 72 countries and…
-
Storm-2561 Spreads Trojan VPN Clients via SEO Poisoning to Steal Credentials
Microsoft has disclosed details of a credential theft campaign that employs fake virtual private network (VPN) clients distributed through search engine optimization (SEO) poisoning techniques.”The campaign redirects users searching for legitimate enterprise software to malicious ZIP files on attacker-controlled websites to deploy digitally signed trojans that masquerade as trusted VPN clients First seen on thehackernews.com…
-
Authorities Shut Down Proxy Service Linked to Malware Campaign Targeting Thousands of Users
A coordinated international law enforcement operation successfully dismantled SocksEscort, a massive malicious residential proxy network. Led by the U.S. Justice Department alongside several European allies, the operation disrupted a sophisticated infrastructure that compromised thousands of residential and small business routers globally. By executing seizure warrants against dozens of U.S.-registered domains, authorities effectively halted a criminal…
-
Veeam Fixes RCE Bugs in Critical Backup Replication Platform
An important Veeam security patch to address multiple vulnerabilities in its Backup & Replication platform that potentially allowed attackers to execute malicious code remotely, has been released. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/veeam-security-patch-for-backup-replication/