Tag: malware

Contagious Interview campaign expands with 197 npm Ppackages spreading new OtterCookie malware

Nov 30, 2025 5:49 AM

Tags: cybersecurity, korea, malicious, malware, north-korea, threat

North Korea-linked actors behind Contagious Interview uploaded 197 new malicious npm packages to distribute a new OtterCookie malware version. North Korea-linked threat actors added 197 new malicious npm packages to spread updated OtterCookie malware as part of the ongoing Contagious Interview campaign, cybersecurity firm Socket warns. TheContagious Interviewcampaign, active since November 2023 and linked to…
G DATA prognostiziert neue Dynamik der Cyberkriminalität: KI-Malware und Insider-Bedrohungen bestimmen 2026 die Bedrohungslage

Nov 30, 2025 12:49 AM

Tags: ai, cybercrime, data, malware

First seen on datensicherheit.de Jump to article: www.datensicherheit.de/g-data-prognose-dynamik-cyberkriminalitaet-ki-malware-insider-bedrohungen-2026-bedrohungslage
G DATA prognostiziert neue Dynamik der Cyberkriminalität: KI-Malware und Insider-Bedrohungen bestimmen 2026 die Bedrohungslage

Nov 30, 2025 12:49 AM

Tags: ai, cybercrime, data, malware

First seen on datensicherheit.de Jump to article: www.datensicherheit.de/g-data-prognose-dynamik-cyberkriminalitaet-ki-malware-insider-bedrohungen-2026-bedrohungslage
Albiriox Malware Emerges, Targeting Android Users for Full Device Takeover

Nov 29, 2025 4:49 PM

Tags: access, android, banking, crypto, cyber, cybercrime, hacking, intelligence, malware, mobile, service, threat, tool

A dangerous new Android malware called Albiriox has been discovered by security researchers, posing a serious threat to mobile banking and cryptocurrency users worldwide. The malware operates as a Malware-as-a-Service (MaaS), allowing cybercriminals to rent access to this powerful hacking tool for monthly fees ranging from $650 to $720. The Cleafy Threat Intelligence team first identified Albiriox…
North Korean Hackers Deploy 197 npm Packages to Spread Updated OtterCookie Malware

Nov 28, 2025 6:49 PM

Tags: hacker, malicious, malware, north-korea, threat

The North Korean threat actors behind the Contagious Interview campaign have continued to flood the npm registry with 197 more malicious packages since last month.According to Socket, these packages have been downloaded over 31,000 times, and are designed to deliver a variant of OtterCookie that brings together the features of BeaverTail and prior versions of…
Threat Actors Exploit Calendar Subscriptions for Phishing and Malware Delivery

Nov 28, 2025 4:49 PM

Tags: attack, exploit, malware, phishing, social-engineering, threat

BitSight research has revealed how threat actors exploit calendar subscriptions to deliver phishing links, malware and social engineering attacks through hijacked domains First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/threat-actors-exploit-calendar-subs/
Threat Actors Exploit Calendar Subscriptions for Phishing and Malware Delivery

Nov 28, 2025 4:49 PM

Tags: attack, exploit, malware, phishing, social-engineering, threat

BitSight research has revealed how threat actors exploit calendar subscriptions to deliver phishing links, malware and social engineering attacks through hijacked domains First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/threat-actors-exploit-calendar-subs/
Werbefreies Youtube-Streaming: Smarttube-App mutiert durch Leak zur Malware-Gefahr

Nov 28, 2025 11:49 AM

Tags: google, leak, malware

Eine Signatur des Entwicklers von Smarttube ist geleakt. Anwendern drohen manipulierte Updates. Google Play Protect blockiert daher die App. First seen on golem.de Jump to article: www.golem.de/news/werbefreies-youtube-streaming-signatur-leak-macht-smarttube-zur-malware-bedrohung-2511-202694.html
Werbefreies Youtube-Streaming: Signatur-Leak macht Smarttube zur Malware-Bedrohung

Nov 28, 2025 9:49 AM

Tags: google, leak, malware

Eine Signatur des Entwicklers von Smarttube ist geleakt. Anwendern drohen manipulierte Updates. Google Play Protect blockiert daher die App. First seen on golem.de Jump to article: www.golem.de/news/werbefreies-youtube-streaming-signatur-leak-macht-smarttube-zur-malware-bedrohung-2511-202694.html
New Mirai variant ShadowV2 tests IoT exploits amid AWS disruption

Nov 28, 2025 9:49 AM

Tags: botnet, exploit, iot, malware, vulnerability

ShadowV2, a new Mirai-based botnet, briefly targeted vulnerable IoT devices during October’s AWS outage, likely as a test run. During the late-October AWS disruption, FortiGuard Labs researchers observed the Mirai-based ‘ShadowV2’ malware exploiting IoT vulnerabilities across multiple countries and industries. The botnet was active only during the outage, suggesting a test run for future attacks.…
KI-Malware: Robuste Cyberabwehr braucht moderne Technik und Awareness Trainings

Nov 28, 2025 9:49 AM

Tags: ai, awareness, cyberattack, malware, training

In den kommenden Monaten werden Angriffe dynamischer, da Cyberkriminelle neue Technologien schnell adaptieren und Angriffsmethoden verfeinern. Allerdings werden Unternehmen lernfähiger und robuster. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/ki-malware-robuste-cyberabwehr-braucht-moderne-technik-und-awareness-trainings/a42994/
Black Friday Scammers Are Impersonating Major Brands to Steal Your Money

Nov 28, 2025 6:49 AM

Tags: cyber, malware, scam

Black Friday is supposed to be chaotic, sure, but not this chaotic. Amid genuine doorbusters and flash sales, a large-scale, highly polished scam campaign is hijacking web traffic and pushing shoppers to fake “survey reward” pages impersonating dozens of major brands all to steal payment card details and personal data. Security research into malvertising ahead…
Security researchers caution app developers about risks in using Google Antigravity

Nov 28, 2025 5:49 AM

Tags: access, ai, attack, backdoor, control, cybersecurity, data, email, flaw, framework, github, google, identity, infrastructure, injection, malicious, malware, risk, threat, tool, vulnerability

CSOonline that the nature of the flaw makes it difficult to mitigate. “Strong identity would not help mitigate this issue, because the actions undertaken by Antigravity are occurring with the identity of the user running the application,” he said. “As far as the operating system can tell, they are indistinguishable. Access management control could possibly…
Security researchers caution app developers about risks in using Google Antigravity

Nov 28, 2025 5:49 AM

Tags: access, ai, attack, backdoor, control, cybersecurity, data, email, flaw, framework, github, google, identity, infrastructure, injection, malicious, malware, risk, threat, tool, vulnerability

CSOonline that the nature of the flaw makes it difficult to mitigate. “Strong identity would not help mitigate this issue, because the actions undertaken by Antigravity are occurring with the identity of the user running the application,” he said. “As far as the operating system can tell, they are indistinguishable. Access management control could possibly…
Security researchers caution app developers about risks in using Google Antigravity

Nov 28, 2025 5:49 AM

Tags: access, ai, attack, backdoor, control, cybersecurity, data, email, flaw, framework, github, google, identity, infrastructure, injection, malicious, malware, risk, threat, tool, vulnerability

CSOonline that the nature of the flaw makes it difficult to mitigate. “Strong identity would not help mitigate this issue, because the actions undertaken by Antigravity are occurring with the identity of the user running the application,” he said. “As far as the operating system can tell, they are indistinguishable. Access management control could possibly…
Security researchers caution app developers about risks in using Google Antigravity

Nov 28, 2025 5:49 AM

Tags: access, ai, attack, backdoor, control, cybersecurity, data, email, flaw, framework, github, google, identity, infrastructure, injection, malicious, malware, risk, threat, tool, vulnerability

CSOonline that the nature of the flaw makes it difficult to mitigate. “Strong identity would not help mitigate this issue, because the actions undertaken by Antigravity are occurring with the identity of the user running the application,” he said. “As far as the operating system can tell, they are indistinguishable. Access management control could possibly…
Security researchers caution app developers about risks in using Google Antigravity

Nov 28, 2025 5:49 AM

Tags: access, ai, attack, backdoor, control, cybersecurity, data, email, flaw, framework, github, google, identity, infrastructure, injection, malicious, malware, risk, threat, tool, vulnerability

CSOonline that the nature of the flaw makes it difficult to mitigate. “Strong identity would not help mitigate this issue, because the actions undertaken by Antigravity are occurring with the identity of the user running the application,” he said. “As far as the operating system can tell, they are indistinguishable. Access management control could possibly…
Windows-Schwachstelle CVE-2025-59287 wird für ShadowPad-Malware-Verteilung per WSUS genutzt

Nov 28, 2025 12:49 AM

Tags: cve, cvss, malware, rce, remote-code-execution, vulnerability, windows

In Windows Server gab es eine mit einem CVSS Score von 9.8 bewertete kritische RCE-Schwachstelle CVE-2025-59287 im WSUS-Teil, mit dem sich die Systeme übernehmen lassen. Die Schwachstelle wurde im Oktober 2025 mit Sicherheitsupdates geschlossen. Nun gibt es Berichte, dass Angreifer … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/11/28/windows-schwachstelle-cve-2025-59287-wird-fuer-shadowpad-malware-verteilung-per-wsus-genutzt/
Quttera Launches >>Evidence-as-Code<< API to Automate Security Compliance for SOC 2 and PCI DSS v4.0

Nov 27, 2025 6:49 PM

Tags: ai, api, compliance, cyber, intelligence, malware, PCI, soc, threat, update

New API capabilities and AI-powered Threat Encyclopedia eliminate manual audit preparation, providing real-time compliance evidence and instant threat intelligence Quttera today announced major enhancements to its Web Malware Scanner API that transform static security scanning into automated compliance evidence. The update introduces real-time evidence streaming and compliance mapping, directly addressing the manual burden of audit…
“Dead Man’s Switch” Triggers Massive npm Supply Chain Malware Attack

Nov 27, 2025 3:49 PM

Tags: attack, cyber, data, gitlab, malware, supply-chain, switch

GitLab’s security team has discovered a severe, ongoing attack spreading dangerous malware through npm, the world’s most extensive code library. The malware uses an alarming >>dead man’s switch,
Microsoft Teams Guest Chat Flaw Could Let Hackers Deliver Malware

Nov 27, 2025 3:49 PM

Tags: cyber, exploit, flaw, hacker, malicious, malware, microsoft, office, vulnerability

Security researchers have discovered a critical vulnerability in Microsoft Teams that allows attackers to bypass all Defender for Office 365 protections by inviting users into malicious tenant environments. The flaw exploits a fundamental architectural gap in how Teams handles cross-tenant collaboration and guest access. The vulnerability centers on a critical misunderstanding held by most security…
ThreatsDay Bulletin: AI Malware, Voice Bot Flaws, Crypto Laundering, IoT Attacks, and 20 More Stories

Nov 27, 2025 12:49 PM

Tags: ai, attack, crypto, cyber, data, flaw, government, hacker, iot, malware, scam

Hackers have been busy again this week. From fake voice calls and AI-powered malware to huge money-laundering busts and new scams, there’s a lot happening in the cyber world.Criminals are getting creative, using smart tricks to steal data, sound real, and hide in plain sight. But they’re not the only ones moving fast. Governments and…
Von LLM generierte Malware wird immer besser

Nov 27, 2025 5:49 AM

Tags: cloud, exploit, LLM, malware, openai, threat, vmware

Forscher tricksen Chatbots aus, stoßen aber auf unzuverlässige Ergebnisse.Cyberkriminelle versuchen bereits seit geraumer Zeit, mit Hilfe von Large Language Models (LLM) ihre dunklen Machenschaften zu automatisieren. Aber können sie schon bösartigen Code generieren, der ‘marktreif” und bereit für den operativen Einsatz ist? Das wollten die Forschenden von Netskope Threat Labs herausfinden, indem sie Chatbots dazu…
AI browsers can be tricked with malicious prompts hidden in URL fragments

Nov 27, 2025 1:49 AM

Tags: ai, attack, backdoor, browser, chrome, computer, email, finance, google, injection, malicious, malware, microsoft, openai, phishing, phone, risk, social-engineering, vulnerability

Tricking users into clicking poisoned links: HashJack is essentially a social engineering attack because it relies on tricking users to click on specially crafted URLs inside emails, chats, websites, or documents. However, this attack can be highly credible because it points to legitimate websites.For example, imagine a spoofed email that claims to be from a…
AI browsers can be tricked with malicious prompts hidden in URL fragments

Nov 27, 2025 1:49 AM

Tags: ai, attack, backdoor, browser, chrome, computer, email, finance, google, injection, malicious, malware, microsoft, openai, phishing, phone, risk, social-engineering, vulnerability

Tricking users into clicking poisoned links: HashJack is essentially a social engineering attack because it relies on tricking users to click on specially crafted URLs inside emails, chats, websites, or documents. However, this attack can be highly credible because it points to legitimate websites.For example, imagine a spoofed email that claims to be from a…
New ShadowV2 botnet malware used AWS outage as a test opportunity

Nov 26, 2025 11:49 PM

Tags: botnet, exploit, iot, malware

A new Mirai-based botnet malware named ‘ShadowV2’ has been observed targeting IoT devices from D-Link, TP-Link, and other vendors with exploits for known vulnerabilities. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-shadowv2-botnet-malware-used-aws-outage-as-a-test-opportunity/
For the first time, a RomCom payload has been observed being distributed via SocGholish

Nov 26, 2025 9:49 PM

Tags: exploit, malware, threat, update

RomCom malware used the SocGholish fake update loader to deliver Mythic Agent to a U.S. civil engineering firm. In September 2025, Arctic Wolf Labs observed RomCom threat actors delivering the Mythic Agent via SocGholish to a U.S. company. The researchers noticed that the payload executed about 10 minutes after initial exploitation, marking the first time…
How Malware Authors Are Incorporating LLMs to Evade Detection

Nov 26, 2025 7:50 PM

Tags: detection, LLM, malware

Cyberattackers are integrating large language models (LLMs) into the malware, running prompts at runtime to evade detection and augment their code on demand. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/malware-authors-incorporate-llms-evade-detection
How Malware Authors Are Incorporating LLMs to Evade Detection

Nov 26, 2025 7:50 PM

Tags: detection, LLM, malware

Cyberattackers are integrating large language models (LLMs) into the malware, running prompts at runtime to evade detection and augment their code on demand. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/malware-authors-incorporate-llms-evade-detection
Russian-Backed Threat Group Uses SocGholish to Target U.S. Company

Nov 26, 2025 5:49 PM

Tags: attack, group, malware, russia, threat, ukraine

The Russian state-sponsored group behind the RomCom malware family used the SocGholish loader for the first time to launch an attack on a U.S.-based civil engineering firm, continuing its targeting of organizations that offer support to Ukraine in its ongoing war with its larger neighbor. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/11/russian-backed-threat-group-uses-socgholish-to-target-u-s-company/