Tag: malicious

KadNap Malware Infects 14,000+ Edge Devices to Power Stealth Proxy Botnet

Mar 10, 2026 5:47 PM

Tags: botnet, cybersecurity, malicious, malware, router

Cybersecurity researchers have discovered a new malware called KadNap that’s primarily targeting Asus routers to enlist them into a botnet for proxying malicious traffic.The malware, first detected in the wild in August 2025, has expanded to over 14,000 infected devices, with more than 60% of victims located in the U.S., according to the Black Lotus…
Messenger can warn you about sketchy links without knowing what you clicked

Mar 10, 2026 4:46 PM

Tags: malicious

Meta’s Advanced browsing protection (ABP) helps Messenger identify and warn users about potentially harmful websites they open from a chat. Malicious sites can try to steal … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/03/10/messenger-advanced-browsing-protection/
New KadNap botnet hijacks ASUS routers to fuel cybercrime proxy network

Mar 10, 2026 4:46 PM

Tags: botnet, cybercrime, malicious, malware, network, router

A newly discovered botnet malware called KadNap is targeting ASUS routers and other edge networking devices to turn them into proxies for malicious traffic. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-kadnap-botnet-hijacks-asus-routers-to-fuel-cybercrime-proxy-network/
The Economic Argument: The Real Cost of Insecure APIs in the AI Era

Mar 10, 2026 3:48 PM

Tags: access, ai, api, application-security, attack, business, compliance, control, corporate, cybersecurity, data, defense, exploit, finance, flaw, framework, governance, identity, injection, international, jobs, malicious, privacy, regulation, risk, threat, tool, vulnerability

When cybersecurity teams talk about risk, they usually speak in technical terms like vulnerabilities, exploits, and attack vectors. But when they walk into the boardroom, they need to speak a different language. They need to speak about cost. In the era of AI, the cost of insecure APIs has shifted from a potential liability to…
Fake Claude Code Install Pages Spread Infostealer Malware

Mar 10, 2026 3:48 PM

Tags: malicious, malware

Fake Claude Code install pages are spreading infostealer malware through malicious search ads. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/artificial-intelligence/fake-claude-code-install-pages-spread-infostealer-malware/
Signal and WhatsApp accounts targeted in phishing campaign

Mar 10, 2026 2:47 PM

Tags: intelligence, malicious, phishing

Dutch intelligence warns that attackers are hijacking Signal and WhatsApp accounts by tricking users into sharing verification codes or linking a malicious device. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/signal-and-whatsapp-accounts-targeted-in-phishing-campaign/
LeakyLooker: Hacking Google Cloud’s Data via Dangerous Looker Studio Vulnerabilities

Mar 10, 2026 2:47 PM

Tags: access, api, attack, authentication, breach, business, cloud, control, credentials, data, data-breach, email, exploit, flaw, google, group, guide, hacking, identity, infrastructure, injection, intelligence, jobs, leak, malicious, mitigation, monitoring, network, oracle, password, programming, service, sql, tool, unauthorized, update, vulnerability

Tenable Research revealed “LeakyLooker,” a set of nine novel cross-tenant vulnerabilities in Google Looker Studio. These flaws could have let attackers exfiltrate or modify data across Google services like BigQuery and Google Sheets. Google has since remediated all identified issues. We discovered and disclosed nine novel cross-tenant vulnerabilities in Google Looker Studio (formerly Data Studio).…
Attackers Use Malformed ZIP Archives to Evade Antivirus and EDR Tools

Mar 10, 2026 2:47 PM

Tags: antivirus, cyber, cybersecurity, detection, edr, endpoint, malicious, threat, tool

Cybersecurity researchers at the CERT Coordination Center (CERT/CC) have issued a warning regarding a newly disclosed evasion technique tracked as VU#976247. Threat actors are increasingly utilizing malformed ZIP archives to bypass Antivirus (AV) and Endpoint Detection and Response (EDR) scanning engines. By manipulating the internal headers of these archives, attackers can successfully hide malicious payloads,…
When AI safety constrains defenders more than attackers

Mar 10, 2026 8:47 AM

Tags: access, ai, attack, authentication, awareness, business, chatgpt, ciso, control, defense, detection, email, exploit, framework, LLM, malicious, malware, marketplace, microsoft, offense, open-source, openai, penetration-testing, phishing, RedTeam, service, social-engineering, spear-phishing, strategy, threat, tool, training, usa, vulnerability

The attacker advantage: Threat actors operate under no such constraints. They simply use jailbroken models, locally hosted open-source alternatives, or purpose-built malicious tools that have proliferated across underground markets.WormGPT, originally shut down in 2023, has reappeared largely as a recycled brand name for uncensored AI tools. New variants posted on underground marketplace BreachForums between October…
When AI safety constrains defenders more than attackers

Mar 10, 2026 8:47 AM

Tags: access, ai, attack, authentication, awareness, business, chatgpt, ciso, control, defense, detection, email, exploit, framework, LLM, malicious, malware, marketplace, microsoft, offense, open-source, openai, penetration-testing, phishing, RedTeam, service, social-engineering, spear-phishing, strategy, threat, tool, training, usa, vulnerability

The attacker advantage: Threat actors operate under no such constraints. They simply use jailbroken models, locally hosted open-source alternatives, or purpose-built malicious tools that have proliferated across underground markets.WormGPT, originally shut down in 2023, has reappeared largely as a recycled brand name for uncensored AI tools. New variants posted on underground marketplace BreachForums between October…
GhostClaw Masquerades as OpenClaw in Bid to Plunder Developer Data

Mar 10, 2026 7:47 AM

Tags: ai, cloud, credentials, cyber, data, malicious, rat, social-engineering, threat

A malicious npm package, @openclaw-ai/openclawai, that impersonates the legitimate OpenClaw CLI while quietly deploying a full-featured infostealer and RAT against developers’ machines. Internally branded “GhostLoader,” this threat combines polished social engineering, encrypted payload delivery, and long”‘term persistence to exfiltrate almost every valuable secret a developer holds from SSH keys and cloud credentials to AI agent […]…
President Trump’s Cyber Strategy for America: What It Means for the U.S. and Why It Matters Globally

Mar 9, 2026 11:48 PM

Tags: access, ai, awareness, business, ceo, cloud, compliance, computing, cryptography, cyber, cybercrime, cybersecurity, data, defense, exploit, governance, government, healthcare, incident response, infrastructure, intelligence, international, malicious, network, regulation, resilience, risk, skills, startup, strategy, supply-chain, technology, threat, tool, training, usa, vulnerability, zero-trust

President Trump’s Cyber Strategy for America signals a shift toward risk-based security and cooperation across emerging technologies. While centered on U.S. interests, the strategy provides a blueprint to collectively strengthen global cyber resilience. Key takeaways Cybersecurity as a global security imperative: The strategy signals that cybersecurity has evolved beyond a mere “IT issue” to become…
Malicious Chrome Extension Targets imToken Wallet Users

Mar 9, 2026 11:48 PM

Tags: browser, chrome, crypto, malicious, phishing

A fake Chrome extension impersonating imToken redirects users to phishing pages to steal crypto wallet keys. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/malicious-chrome-extension-targets-imtoken-wallet-users/
Malicious npm Package Posing as OpenClaw Installer Deploys RAT, Steals macOS Credentials

Mar 9, 2026 8:48 PM

Tags: access, credentials, cybersecurity, data, macOS, malicious, rat

Cybersecurity researchers have discovered a malicious npm package that masquerades as an OpenClaw installer to deploy a remote access trojan (RAT) and steal sensitive data from compromised hosts.The package, named “@openclaw-ai/openclawai,” was uploaded to the registry by a user named “openclaw-ai” on March 3, 2026. It has been downloaded 178 times to date. The library…
APT36 unleashes AI-generated ‘vibeware’ to flood targets

Mar 9, 2026 3:48 PM

Tags: ai, detection, group, malicious, programming, threat

The Pakistani threat group has been using AI to rewrite malicious code across multiple programming languages, prioritising scale over sophistication to evade detection, security researchers have found First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366639830/APT36-unleashes-AI-generated-vibeware-to-flood-targets
Chrome Extension Turns Malicious After Ownership Transfer, Enabling Code Injection and Data Theft

Mar 9, 2026 12:47 PM

Tags: browser, chrome, data, google, injection, malicious, malware, theft

Two Google Chrome extensions have turned malicious after what appears to be a case of ownership transfer, offering attackers a way to push malware to downstream customers, inject arbitrary code, and harvest sensitive data.The extensions in question, both originally associated with a developer named “akshayanuonline@gmail.com” (BuildMelon), are listed below -QuickLens – Search Screen with First…
Rogues gallery: 15 worst ransomware groups active today

Mar 9, 2026 10:47 AM

Tags: access, ai, alphv, apt, attack, backup, breach, cloud, cyber, cybercrime, dark-web, data, data-breach, defense, detection, email, encryption, endpoint, exploit, extortion, finance, government, group, healthcare, infrastructure, insurance, intelligence, korea, law, leak, linux, lockbit, malicious, malware, moveIT, network, north-korea, organized, phishing, ransom, ransomware, russia, service, social-engineering, software, strategy, threat, tool, usa, vmware, vpn, vulnerability, windows, zero-day

Black Basta: History: Black Basta appeared on the ransomware scene in early 2022 and is believed to be a spin-off from Conti, a group notorious for attacking major organizations.How it works: Black Basta usually deploys malware through exploitation of known vulnerabilities and social engineering campaigns. “Employees in the target environment are email bombed and then…
1-Click ZITADEL Vulnerability Could Allow Full System Takeover

Mar 9, 2026 10:47 AM

Tags: access, cve, cyber, flaw, identity, login, malicious, open-source, vulnerability

A critical Cross-Site Scripting (XSS) vulnerability has been discovered in ZITADEL, a popular open-source identity and access management platform. Tracked as CVE-2026-29191 with a Critical severity rating, this flaw resides in the platform’s login V2 interface, specifically within the /saml-post endpoint. It allows unauthenticated remote attackers to execute malicious JavaScript directly within a user’s browser. With a…
ExifTool Vulnerability Lets Malicious Images Trigger macOS Code Execution

Mar 9, 2026 8:47 AM

Tags: computer, cyber, data, macOS, malicious, open-source, tool, vulnerability

ExifTool is a ubiquitous open-source solution for reading, writing, and editing image metadata. It’s the go-to tool for photographers and digital archivists, and is widely used in data analytics, digital forensics, and investigative journalism. Can a computer really get infected just by processing an image even on macOS, often (incorrectly) thought to be immune to…
Critical ExifTool Vulnerability Allows Malicious Images to Execute Code on macOS

Mar 9, 2026 7:47 AM

Tags: cve, cyber, flaw, kaspersky, macOS, malicious, malware, open-source, vulnerability

Many users believe macOS is inherently resistant to malware, but a newly discovered vulnerability proves otherwise. Kaspersky’s Global Research and Analysis Team (GReAT) recently uncovered a critical flaw, tracked as CVE-2026-3102, within ExifTool. ExifTool is a widely popular open-source application and library for extracting and editing file metadata. If a macOS user processes a specially…
Zero Tolerance for Malicious Intrusions”, NSFOCUS’s Full-Chain WEB Security Protection System

Mar 9, 2026 6:48 AM

Tags: cyber, government, malicious, military, network, service

As regional military conflicts escalate, cyberspace has become a critical battleground, with core WEB application systems frequently targeted by adversaries. Attackers tamper with application content and inject anti-social or anti-government rhetoric, disrupting cyberspace order and inciting public panic, severely damaging institutional credibility. WEB services serve as key platforms for information dissemination and core operations across…The…
Fake AI Extensions Breached Chat Histories in 20,000+ Enterprise Tenants

Mar 9, 2026 6:48 AM

Tags: ai, breach, browser, chrome, cyber, data, google, malicious, microsoft

Microsoft has issued an alert after uncovering a wave of malicious Chromium-based browser extensions masquerading as legitimate AI assistant tools. The extensions, available on the Chrome Web Store and compatible with both Google Chrome and Microsoft Edge, secretly collected private browser data and AI chat content. Microsoft found that stolen data included full URLs, internal site…
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 87

Mar 8, 2026 3:47 PM

Tags: credentials, google, international, malicious, malware, rat, reverse-engineering

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter Malware Reverse Engineering is no longer a human problem! StegaBin: 26 Malicious npm Packages Use Pastebin Steganography to Deploy Multi-Stage Credential Stealer Inside a fake Google security check that becomes a browser RAT SloppyLemming…
Hackers abusing AI at every stage of cyberattacks

Mar 7, 2026 5:47 PM

Tags: ai, attack, cyberattack, hacker, intelligence, malicious, microsoft, threat

Microsoft says threat actors are increasingly using artificial intelligence in their operations to accelerate attacks, scale malicious activity, and lower technical barriers across all aspects of a cyberattack. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/microsoft-hackers-abusing-ai-at-every-stage-of-cyberattacks/
Hackers Spread Fake Red Alert Rocket Alert App to Spy on Israeli Users

Mar 7, 2026 2:47 PM

Tags: android, data, hacker, malicious, spy, spyware

Researchers at Acronis have discovered a malicious trojanized version of the Red Alert rocket warning app targeting Israeli Android users. Distributed via fake Home Front Command SMS messages, this spyware steals GPS data, SMS messages, and contact lists while maintaining full alert functionality. First seen on hackread.com Jump to article: hackread.com/hackers-fake-red-alert-rocket-alert-app-spy-israel-users/
Malicious Browser Add”‘on Targets imToken Users’ Private Keys

Mar 7, 2026 12:48 PM

Tags: browser, chrome, crypto, cyber, google, malicious, threat

Socket’s Threat Research Team has uncovered a highly deceptive Google Chrome extension designed to steal private keys and seed phrases from cryptocurrency users. The malicious add-on, named >>lmÎ¤oken Chromophore<< (extension ID bbhaganppipihlhjgaaeeeefbaoihcgi), disguises itself as a harmless hex color visualizer for developers and digital artists. However, its true purpose is to impersonate the widely used…
ClickFix attackers using new tactic to evade detection, says Microsoft

Mar 6, 2026 11:48 PM

Tags: access, attack, awareness, blockchain, ciso, computer, control, crypto, cybersecurity, defense, detection, email, endpoint, infosec, infrastructure, injection, login, malicious, malware, microsoft, phishing, powershell, risk, tactics, tool, training, windows

AppData\Local that is then invoked through cmd.exe to write a VBScript to %Temp%. The batch script is executed via cmd.exe with the /launched command-line argument, and is then executed again through MSBuild.exe, resulting in LOLBin abuse. The script connects to Crypto Blockchain RPC endpoints, indicating etherhiding technique, and also performs QueueUserAPC()-based code injection into chrome.exe…
Middle East Conflict Fuels Opportunistic Cyber Attacks

Mar 6, 2026 9:47 PM

Tags: access, advisory, api, apt, attack, authentication, awareness, backdoor, best-practice, breach, browser, business, chrome, cloud, crypto, cyber, cybercrime, cybersecurity, data, defense, endpoint, exploit, fraud, google, government, identity, infection, Internet, iran, iraq, malicious, malware, mfa, middle-east, military, monitoring, network, password, phishing, PurpleTeam, radius, risk, risk-assessment, scam, service, software, technology, theft, threat, training, unauthorized, update, vulnerability, windows, zero-day

IntroductionThreat actors often take advantage of major global events to fuel interest in their malicious activities. Zscaler ThreatLabz is diligently tracking a surge in cybercriminal activity that capitalizes on the elevated political climate in the Middle East. This increased malicious activity includes discoveries that are directly tied to the ongoing conflict, alongside other related findings. ThreatLabz…
Fake Claude Code install guides push infostealers in InstallFix attacks

Mar 6, 2026 4:48 PM

Tags: attack, guide, malicious, social-engineering, threat

Threat actors are employing a new variation of the ClickFix social engineering technique called InstallFix to convince users into running malicious commands under the pretext of installing legitimate command line interface (CLI) tools. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/fake-claude-code-install-guides-push-infostealers-in-installfix-attacks/
Microsoft spots ClickFix campaign getting users to self-pwn on Windows Terminal

Mar 6, 2026 3:48 PM

Tags: malicious, microsoft, windows

Crooks tweak familiar copy-paste ruse so that victims run malicious commands themselves First seen on theregister.com Jump to article: www.theregister.com/2026/03/06/microsoft_spots_clickfix_campaign_abusing/