Tag: malware
-
That cheap KVM device could expose your network to remote compromise
Stealthy backdoors: A compromised KVM device can become a powerful backdoor in any environment. An attacker can inject keystrokes to execute commands or access UEFI settings to disable security features such as disk encryption and Secure Boot.Because the device operates outside the controlled system’s OS, endpoint detection tools and host firewalls cannot see it. These…
-
Speagle Malware Hijacks Cobra DocGuard to Steal Data via Compromised Servers
Cybersecurity researchers have flagged a new malware dubbed Speagle that hijacks the functionality and infrastructure of a legitimate program called Cobra DocGuard.”Speagle is designed to surreptitiously harvest sensitive information from infected computers and transmit it to a Cobra DocGuard server that has been compromised by the attackers, masking the data exfiltration process as legitimate First…
-
Ransomware group exploited Cisco firewall vulnerability as a zero day, weeks before a patch appeared
Tags: attack, cisco, cve, defense, exploit, firewall, government, group, healthcare, infrastructure, malicious, malware, ransom, ransomware, service, software, tool, update, vulnerability, zero-dayCSO that the “week’s head start” he referred to was the gap between the date of the first exploit that Amazon’s later analysis had unearthed and Cisco’s discovery of the bug.Amazon gained insight into the attacker’s infrastructure by using the honeypot to mimic a vulnerable firewall system. This resulted in an attack on the honeypot,…
-
New Android malware hiding in streaming apps to spy on users’ personal notes
A newly discovered Android malware is masking itself within television streaming apps in order to steal users’ passwords and banking data and spy on their personal notes, researchers have found. First seen on therecord.media Jump to article: therecord.media/malware-streaming-apps-android
-
FBI, CISA warn on Microsoft Intune risks after Iran-linked cyberattack on Stryker
The attackers behind a recent attack on Stryker did not use malware, instead breaking into a legitimate Microsoft device management system called Intune and wiping the company’s data that way. First seen on therecord.media Jump to article: therecord.media/fbi-cisa-warn-of-microsoft-intune-risks-stryker
-
FBI, CISA warn on Microsoft Intune risks after Iran-linked cyberattack on Stryker
The attackers behind a recent attack on Stryker did not use malware, instead breaking into a legitimate Microsoft device management system called Intune and wiping the company’s data that way. First seen on therecord.media Jump to article: therecord.media/fbi-cisa-warn-of-microsoft-intune-risks-stryker
-
FBI, CISA warn on Microsoft Intune risks after Iran-linked cyberattack on Stryker
The attackers behind a recent attack on Stryker did not use malware, instead breaking into a legitimate Microsoft device management system called Intune and wiping the company’s data that way. First seen on therecord.media Jump to article: therecord.media/fbi-cisa-warn-of-microsoft-intune-risks-stryker
-
5 Best Rootkit Scanners and Removers: Anti-Rootkit Tools in 2026
Rootkit scanners identify stealthy malware that hides by manipulating the operating system. Compare the top rootkit scanners for 2026. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/networks/rootkit-scanners/
-
Financial Brands Targeted in Global Mobile Banking Malware Surge
Mobile banking malware targets over 1200 financial apps globally, shifting fraud to user devices First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/financial-brands-mobile-banking/
-
New Perseus Android Banking Malware Monitors Notes Apps to Extract Sensitive Data
Cybersecurity researchers have disclosed a new Android malware family called Perseus that’s being actively distributed in the wild with an aim to conduct device takeover (DTO) and financial fraud.Perseus is built upon the foundations of Cerberus and Phoenix, at the same time evolving into a “more flexible and capable platform” for compromising Android devices through…
-
Fake Tools and CDNs Power New “Vibe-Coded” Malware Campaign
‘Vibe coding’ has moved from buzzword to battleground, and a new malware campaign shows how attackers are abusing AI-assisted development to scale their operations with minimal effort. Vibe coding, a term popularized in early 2025 to describe programming by prompting large language models instead of writing code manually, has rapidly spread across developer communities and…
-
Google limits Android accessibility API to curb malware abuse
Google is restricting how Android apps can use accessibility features after years of abuse by banking Trojans and mobile malware. The changes, introduced in Android 17.2, … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/03/19/google-android-accessibility-api-restrictions/
-
New ‘Perseus’ Android malware checks user notes for secrets
A new Android malware called Perseus is checking user-curated notes to steal sensitive information, like passwords, recovery phrases, or financial data. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-perseus-android-malware-checks-user-notes-for-secrets/
-
New ‘Perseus’ Android malware checks user notes for secrets
A new Android malware called Perseus is checking user-curated notes to steal sensitive information, like passwords, recovery phrases, or financial data. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-perseus-android-malware-checks-user-notes-for-secrets/
-
Exploit-Kette entdeckt: Hacker infiltrieren iPhones durch nur einen Klick
Eine Exploit-Kette namens Darksword gefährdet unzählige iPhone-Nutzer. Nur ein falscher Klick im Web lädt datensammelnde Malware auf das Gerät. First seen on golem.de Jump to article: www.golem.de/news/exploit-kette-entdeckt-hacker-infiltrieren-iphones-durch-nur-einen-klick-2603-206677.html
-
WaterPlum Unleashes “StoatWaffle” Malware in VSCode Supply Chain Attack
A North Korea-linked threat group known as WaterPlum has introduced a new malware strain called “StoatWaffle” as part of its ongoing Contagious Interview campaign. The activity has been attributed to Team 8, a subgroup within WaterPlum also tracked as the Moralis or Modilus cluster. This team was previously associated with the OtterCookie malware, but since…
-
SnappyClient Implant Blends Remote Access, Data Theft, and Stealth Evasion
A powerful new C2 implant called SnappyClient that blends remote access, credential theft, and stealthy evasion into a single, modular framework targeting Windows systems and cryptocurrency users.”‹ ThreatLabz first observed SnappyClient in December 2025, being deployed via the well-known HijackLoader malware family. SnappyClient is written in C++ and operates as a flexible command-and-control implant, supporting capabilities such…
-
SnappyClient Implant Blends Remote Access, Data Theft, and Stealth Evasion
A powerful new C2 implant called SnappyClient that blends remote access, credential theft, and stealthy evasion into a single, modular framework targeting Windows systems and cryptocurrency users.”‹ ThreatLabz first observed SnappyClient in December 2025, being deployed via the well-known HijackLoader malware family. SnappyClient is written in C++ and operates as a flexible command-and-control implant, supporting capabilities such…
-
SnappyClient Implant Blends Remote Access, Data Theft, and Stealth Evasion
A powerful new C2 implant called SnappyClient that blends remote access, credential theft, and stealthy evasion into a single, modular framework targeting Windows systems and cryptocurrency users.”‹ ThreatLabz first observed SnappyClient in December 2025, being deployed via the well-known HijackLoader malware family. SnappyClient is written in C++ and operates as a flexible command-and-control implant, supporting capabilities such…
-
State snoops and spyware vendors planting info-stealing malware on iPhones, Google warns
Darksword is the second iOS exploit chain in a month First seen on theregister.com Jump to article: www.theregister.com/2026/03/18/darksword_exploit_kit_steals_iphone/
-
C2 Implant ‘SnappyClient’ Targets Crypto Wallets
In addition to enabling remote access, the malware supports a wide range of capabilities including data theft and spying. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/new-c2-implant-snappyclient-targets-crypto-wallets
-
Russia-linked hackers use advanced iPhone exploit to target Ukrainians
The malware, dubbed DarkSword, allows attackers to break into iPhones with little to no user interaction, extract sensitive data within minutes, and then erase traces of the intrusion, researchers at cybersecurity firm Lookout said. First seen on therecord.media Jump to article: therecord.media/russia-linked-hackers-use-iphone-exploit-ukraine
-
Technical Analysis of SnappyClient
Tags: access, antivirus, api, attack, browser, chrome, cloud, communications, computer, control, credentials, crypto, data, defense, detection, encryption, endpoint, finance, framework, github, infection, injection, jobs, login, malicious, malware, network, password, software, startup, theft, threat, update, windowsIntroductionIn December 2025, Zscaler ThreatLabz identified a new command-and-control (C2) framework implant that we track as SnappyClient, which was delivered using HijackLoader. SnappyClient has an extended list of capabilities including taking screenshots, keylogging, a remote terminal, and data theft from browsers, extensions, and other applications. In this blog post, ThreatLabz provides a technical analysis of SnappyClient, including…
-
Claudy Day Forecast: Chat Data Theft
Researchers Detail Prompt Injection, API and Redirect Flaws. Oasis Security researchers found three bugs in Claude that attackers can chain to steal user chat data without malware or phishing. The Claudy Day attack links hidden prompt injection, Anthropic’s Files API and an open redirect. Anthropic has fixed the core flaw. First seen on govinfosecurity.com Jump…
-
Malware-Kampagne gegen Entwickler-Umgebungen
Hacker nutzen zunehmend Angebote für agentische, künstliche Intelligenz, um Nutzer mit hohen IT-Privilegien anzugreifen. Nach angeblich von Google gesponserten Suchergebnissen rund um den KI-gestützten Codierassistenten Claude-Code von Anthropic, warnen die Bitdefender Labs nun vor einer bösartigen, vermeintlichen Erweiterung der agentischen KI-IDE (Integrated-Development-Environment) Windsurf. Die Angriffe richten sich gezielt gegen Entwickler als attraktive Ziele: Diese verfügen…
-
Crypto Scam ShieldGuard Dismantled After Malware Discovery
ShieldGuard Chrome extension posed as a crypto security tool but stole wallets and drained user data First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/crypto-scam-shieldguard-dismantled/
-
New .NET AOT Malware Hides Code as a Black Box to Evade Detection
Researchers at Howler Cell have discovered a new .NET AOT malware campaign that uses a clever scoring system… First seen on hackread.com Jump to article: hackread.com/net-aot-malware-code-black-box-evade-detection/
-
Adaptability, Not Novelty: The Next Evolution of Malware
AI-enabled malware like VoidLink adapts to cloud misconfigurations in real time, showing how attackers exploit identity sprawl and configuration drift. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/adaptability-not-novelty-the-next-evolution-of-malware/
-
Vidar Stealer 2.0 Exploits GitHub, Reddit to Deliver Malware via Fake Game Cheats
The Vidar 2.0 infostealers is deployed through fake free game cheats on GitHub and Reddit First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/vidar-stealer-exploits-github/
-
Transparent COM instrumentation for malware analysis
In this article, Cisco Talos presents DispatchLogger, a new open-source tool that delivers high visibility into late-bound IDispatch COM object interactions via transparent proxy interception. First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/transparent-com-instrumentation-for-malware-analysis/