Tag: malware
-
Another Credential Leak, Another Dollar
A 149M-credential breach shows why encryption alone isn’t enough. Infostealer malware bypasses cloud security by stealing passwords at the endpoint”, where encryption offers no protection. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/01/another-credential-leak-another-dollar/
-
Another Credential Leak, Another Dollar
A 149M-credential breach shows why encryption alone isn’t enough. Infostealer malware bypasses cloud security by stealing passwords at the endpoint”, where encryption offers no protection. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/01/another-credential-leak-another-dollar/
-
Another Credential Leak, Another Dollar
A 149M-credential breach shows why encryption alone isn’t enough. Infostealer malware bypasses cloud security by stealing passwords at the endpoint”, where encryption offers no protection. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/01/another-credential-leak-another-dollar/
-
‘Stanley’ Toolkit Turns Chrome Into Undetectable Phishing Vector
The malware-as-a-service kit enables malicious extensions to overlay pages on real websites without changing the visible URL, signaling a fresh challenge for enterprise security. First seen on darkreading.com Jump to article: www.darkreading.com/remote-workforce/stanley-toolkit-chrome-undetectable-phishing
-
Android Adds ‘Accountability Layer’ to Third-Party Apps
Android is adding new verification steps to sideloaded apps, introducing friction for advanced users while aiming to reduce malware, fraud, and scams. The post Android Adds ‘Accountability Layer’ to Third-Party Apps appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-android-sideloading-verification-update/
-
APT Attacks Target Indian Government Using SHEETCREEP, FIREPOWER, and MAILCREEP – Part 2
Tags: access, ai, api, apt, attack, backdoor, backup, cloud, control, credentials, data, dns, email, exploit, github, google, government, group, india, infection, infrastructure, Internet, linux, malicious, malware, microsoft, monitoring, network, phishing, powershell, programming, service, tactics, threat, tool, update, windowsThis is Part 2 of our two-part technical analysis on the Gopher Strike and Sheet Attack campaigns. For details on the Gopher Strike campaign, go to Part 1.IntroductionIn September 2025, Zscaler ThreatLabz uncovered three additional backdoors, SHEETCREEP, FIREPOWER, and MAILCREEP, used to power the Sheet Attack campaign. In Part 2 of this series, ThreatLabz will…
-
US charges 31 more suspects linked to ATM malware attacks
A Nebraska federal grand jury charged 31 additional defendants for their involvement in an ATM jackpotting operation allegedly orchestrated by members of the Venezuelan gang Tren de Aragua. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/us-charges-31-more-suspects-linked-to-atm-malware-attacks/
-
Living Off the Web: How Fake Captcha Turned Trust Into a Malware Delivery Channel
Fake Captcha abuses trusted web interactions to deliver malware and evade traditional detection. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/living-off-the-web-how-fake-captcha-turned-trust-into-a-malware-delivery-channel/
-
Attackers Hijack GitHub Desktop Repo to Spread Malware via Official Installer
Threat actors have successfully exploited a design flaw in GitHub’s fork architecture to distribute malware disguised as the legitimate GitHub Desktop installer. The attack chain begins with a deceptively simple but effective technique. Attackers create throwaway GitHub accounts and fork the official GitHub Desktop repository. They then modify the download link in the README file…
-
G_Wagon NPM Package Exploits Users to Steal Browser Credentials with Obfuscated Payload
A highly sophisticated infostealer malware disguised as a legitimate npm UI component library has been targeting developers through the ansi-universal-ui package. The malware, internally identified as >>G_Wagon,<>a lightweight, modular UI component […] The post G_Wagon NPM Package Exploits Users to Steal Browser Credentials with Obfuscated Payload appeared first on GBHackers Security | #1 Globally Trusted…
-
Hackers Exploit SEO Poisoning to Target Users Seeking Legitimate Tools
Search engine optimization (SEO) poisoning techniques to trick users into downloading malicious software disguised as legitimate tools. This attack campaign involves manipulating search results to promote fake repositories and archives containing BAT executable files that impersonate popular applications. Once users execute these files, the malware establishes contact with command-and-control (C2) servers to deliver secondary payloads,…
-
Attackers use Windows App-V scripts to slip infostealer past enterprise defenses
A malware delivery campaign detailed by Blackpoint researchers employs an impressive array of tricks to deliver an infostealer to employees without triggering enterprise … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/01/27/malware-delivery-via-windows-app-v-lolbin/
-
149 Millionen gestohlenen Benutzernamen Es reicht nicht Passwörter zu ändern. Vielmehr muss der Zugriff kontrolliert und reduziert werden.
Eine öffentlich zugängliche Datenbank mit 149 Millionen gestohlenen Benutzernamen und Passwörtern wurde vom Netz genommen, nachdem ein Sicherheitsforscher die Sicherheitslücke entdeckt und den Hosting-Anbieter darüber informiert hatte. Die Datenbank scheint mithilfe von Infostealer-Malware zusammengestellt worden zu sein, die unbemerkt Anmeldedaten von infizierten Geräten abgreift. Ein Kommentar von Shane Barney, CISO bei Keeper Security. Die Zahlen…
-
Beauty in Destruction: Exploring Malware’s Impact Through Art
Artistic initiatives turn cybersecurity into immersive exhibits at the Museum of Malware Art, transforming digital threats into thought-provoking experiences. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/beauty-in-destruction-exploring-malware-impact-through-art
-
Botnet Spotlight: Pressure rises on botnets, but the fight is far from over
Momentum is building in the fight against botnets, as network operators and law enforcement ramp up crackdowns on botnet infrastructure, malware, and bulletproof hosting providers. While major takedowns show progress, cybercriminals are still adapting, learn more in this latest edition of the Botnet Spotlight. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/01/botnet-spotlight-pressure-rises-on-botnets-but-the-fight-is-far-from-over/
-
Sysdig entdeckt C2-kompilierte Kernel-Rootkits und neue Tarnmechanismen im LinuxFramework Voidlink
Sysdig hat Voidlink, ein in China entwickeltes Linux-Malware-Framework zur gezielten Attacke auf Cloud-Umgebungen, untersucht. Vorausgegangen war dieser technisch tiefgehenden Analyse die Aufdeckung von Voidlink durch Check Point Research am 13. Januar 2026. In der eigenen Analyse war es Sysdig möglich, Loader-Kette, Rootkit-Interna und Kontrollmechanismen detailliert unter die Lupe zu nehmen und zu dekonstruieren inklusive […]…
-
Poland Thwarts Russian Wiper Malware Attack on Power Plants
Poland blocked a Russian wiper malware attack on power and heating plants, officials say, avoiding outages during winter and prompting tighter cyber rules. First seen on hackread.com Jump to article: hackread.com/poland-thwarts-russian-wiper-malware-power-plants/
-
149 million compromised credentials expose growing infostealer malware crisis
A recently discovered online database containing 149 million stolen usernames and passwords has been taken offline after being identified by security researcher Jeremiah Fowler. While the exposure has now been addressed, the scale and nature of the data involved underline a far deeper and ongoing cybersecurity challenge: the industrialisation of credential theft through infostealing malware.…
-
Unplugged holes in the npm and yarn package managers could let attackers bypass defenses against Shai-Hulud
Tags: authentication, bug-bounty, control, corporate, defense, email, github, guide, hacker, malicious, malware, microsoft, vulnerabilitydisabling the ability to run lifecycle scripts, commands that run automatically during package installation,saving lockfile integrity checks (package-lock.json, pnpm-lock.yaml, and others) to version control (git). The lockfile records the exact version and integrity hash of every package in a dependency tree. On subsequent installs, the package manager checks incoming packages against these hashes, and if…
-
New malware service guarantees phishing extensions on Chrome web store
A new malware-as-a-service (MaaS) called ‘Stanley’ promises malicious Chrome extensions that can clear Google’s review process and publish them to the Chrome Web Store. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-malware-service-guarantees-phishing-extensions-on-chrome-web-store/
-
New ClickFix attacks abuse Windows App-V scripts to push malware
A new malicious campaign mixes the ClickFix method with fake CAPTCHA and a signed Microsoft Application Virtualization (App-V) script to ultimately deliver the Amatera infostealing malware. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-clickfix-attacks-abuse-windows-app-v-scripts-to-push-malware/
-
APT Attacks Target Indian Government Using GOGITTER, GITSHELLPAD, and GOSHELL – Part 1
Tags: access, adobe, ai, antivirus, api, apt, attack, authentication, backdoor, backup, cloud, control, data, data-breach, detection, email, endpoint, github, google, government, group, india, infection, infrastructure, injection, Internet, malicious, malware, microsoft, network, phishing, service, spear-phishing, threat, tool, update, windowsIntroductionIn September 2025, Zscaler ThreatLabz identified two campaigns, tracked as Gopher Strike and Sheet Attack, by a threat actor that operates in Pakistan and primarily targets entities in the Indian government. In both campaigns, ThreatLabz identified previously undocumented tools, techniques, and procedures (TTPs). While these campaigns share some similarities with the Pakistan-linked Advanced Persistent Threat (APT) group, APT36, we…
-
eScan Antivirus Supply Chain Breach Delivers Signed Malware
Supply chain breach in eScan antivirus distributes multi-stage malware via legitimate updates First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/escan-antivirus-breach-delivers/
-
eScan Antivirus Supply Chain Breach Delivers Signed Malware
Supply chain breach in eScan antivirus distributes multi-stage malware via legitimate updates First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/escan-antivirus-breach-delivers/
-
Wiper Malware Targeting Poland’s Power Grid Tied to Moscow
Signs Point to Long-Active ‘Sandworm’ Military Intelligence Hackers at Work. Russian cyberattacks in late December 2025 that attempted to disrupt Poland’s power grid have been attributed to Sandworm, the codename for an advanced persistent threat group tied to a Moscow military intelligence unit that repeatedly uses wiper malware, including in these attacks. First seen on…
-
Indian Users Targeted in Tax Phishing Campaign Delivering Blackmoon Malware
Cybersecurity researchers have discovered an ongoing campaign that’s targeting Indian users with a multi-stage backdoor as part of a suspected cyber espionage campaign.The activity, per the eSentire Threat Response Unit (TRU), involves using phishing emails impersonating the Income Tax Department of India to trick victims into downloading a malicious archive, ultimately granting the threat First…