Tag: malware
-
Iranian APT Uses SEO Poisoning to Spread Fake SQL Developer Malware
A newly observed cyber campaign linked to the Iranian IRGC-affiliated threat group Nimbus Manticore (also tracked as UNC1549) highlights an evolution in both delivery tactics and malware sophistication. The activity, uncovered during the ongoing geopolitical conflict tied to Operation Epic Fury launched on February 28, 2026, shows the group adopting SEO poisoning malware for the…
-
Kazuar Malware Becomes Modular Spyware for Secret Blizzard Ops
A major evolution in the Kazuar malware family, a long-standing cyber espionage tool linked to the Russian state-sponsored threat group Secret Blizzard, also known as Turla and Venomous Bear. Kazuar historically supported espionage campaigns targeting government, diplomatic, and defense sectors. Its latest iteration introduces a modular architecture composed of three key components: Kernel, Bridge, and…
-
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 98
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter Popular node-ipc npm Package Infected with Credential Stealer New Actors Deploy Shai-Hulud Clones: TeamPCP Copycats Are Here Active Supply Chain Attack Compromises @antv Packages on npm actions-cool/issues-helper GitHub Action Compromised: All Tags Point to…
-
Laravel Lang packages hijacked to deploy credential-stealing malware
A supply chain attack targeting the Laravel Lang localization packages has exposed developers to a sophisticated credential-stealing malware campaign after attackers abused GitHub version tags to distribute malicious code through Composer packages. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/laravel-lang-packages-hijacked-to-deploy-credential-stealing-malware/
-
Packagist Supply Chain Attack Infects 8 Packages Using GitHub-Hosted Linux Malware
A new “coordinated” supply chain attack campaign has impacted eight packages on Packagist including malicious code designed to run a Linux binary retrieved from a GitHub Releases URL.”Although the affected packages were all Composer packages, the malicious code was not added to composer.json,” Socket said. “Instead, it was inserted into package.json, targeting projects that ship…
-
Ghostwriter Is Back, Using a Ukrainian Learning Platform as Bait to Hit Government Targets
Ghostwriter targeted Ukrainian government agencies with phishing emails delivering malware and Cobalt Strike payloads. The Belarus-nexus APT group Ghostwriter (also tracked as UAC-0057 and UNC1151) has resurfaced with a new phishing campaign targeting Ukrainian government organizations. This time the lure is Prometheus, a legitimate Ukrainian online learning platform that many government employees actually use. Using…
-
Kash Patel’s merchandise site hacked to distribute malware
Tags: malwareFirst seen on scworld.com Jump to article: www.scworld.com/brief/kash-patels-merchandise-site-hacked-to-distribute-malware
-
New Linux malware ‘Showboat’ targets Middle East telecom provider
First seen on scworld.com Jump to article: www.scworld.com/brief/new-linux-malware-showboat-targets-middle-east-telecom-provider
-
Teenager from Odesa suspected of running infostealer malware operation
Tags: malwareFirst seen on scworld.com Jump to article: www.scworld.com/brief/teenager-from-odesa-suspected-of-running-infostealer-malware-operation
-
FBI Director’s Former Apparel Brand Hit by Malware
Malware Targeted macOS Users Visiting Patel Foundation Merchandise Page. Two months after Iran-linked hackers exfiltrated FBI Director Kash Patel’s personal email, the government official’s name is tangled up in another cyber incident, this time through a MAGA swag shop he co-founded. ClickFix malware on the site tried to trick shoppers into running a malicious command.…
-
New Telecom Espionage Campaign Tied to China
Researchers Trace Linux and Windows Toolsets to Suspected PRC Espionage Activity. Newly discovered malware tied to China-linked actors breached telecom providers across Asia and the Middle East, highlighting growing efforts to gain persistent access into interconnected communications infrastructure. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/new-telecom-espionage-campaign-tied-to-china-a-31763
-
Iranian Hackers Using Fake Job Sites to Breach Defense Firms
Unit 42 Says Iranian Operators Target Aerospace and Government Staff. Palo Alto Networks’ Unit 42 said Iran-linked operators tied to Screening Serpens are using fake recruiting campaigns, cloned aerospace hiring portals and malware-laced job materials to infiltrate defense, satellite communications and government networks. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/iranian-hackers-using-fake-job-sites-to-breach-defense-firms-a-31762
-
Microsoft disrupts Fox Tempest malware-signing service
First seen on scworld.com Jump to article: www.scworld.com/brief/microsoft-disrupts-fox-tempest-malware-signing-service
-
Ghostwriter Targets Ukraine Government Entities with Prometheus Phishing Malware
The Belarus-aligned threat actor known as Ghostwriter (aka UAC-0057 and UNC1151Ukraine’s National Security and Defense Council) has been observed using lures related to Prometheus, a Ukrainian online learning platform, to target government organizations in the country.The activity, per the Computer Emergency Response Team of Ukraine (CERT-UA), involves sending phishing emails to government First seen on…
-
Steam-Malware: Gratis-Horror-Spiel kapert Passwörter und Krypto-Wallets
Steam-Malware alarmiert Gamer: Das Horror-Spiel ‘Beyond The Dark” griff offenbar Passwörter, Browserdaten und Krypto-Wallets ab. First seen on tarnkappe.info Jump to article: tarnkappe.info/artikel/gaming/steam-malware-gratis-horror-spiel-kapert-passwoerter-krypto-wallets-329341.html
-
Steam-Malware: Gratis-Horror-Spiel kapert Passwörter und Krypto-Wallets
Steam-Malware alarmiert Gamer: Das Horror-Spiel ‘Beyond The Dark” griff offenbar Passwörter, Browserdaten und Krypto-Wallets ab. First seen on tarnkappe.info Jump to article: tarnkappe.info/artikel/gaming/steam-malware-gratis-horror-spiel-kapert-passwoerter-krypto-wallets-329341.html
-
Android Malware Secretly Signs Users Up for Premium Services
Android users are being targeted by a large-scale malware campaign that silently subscribes victims to premium mobile services without their knowledge. The malware campaign focuses on carrier billing fraud, abusing premium SMS services to generate revenue for attackers. What makes this operation particularly dangerous is its ability to target victims based on their mobile operator…
-
One Telecom Provider Hosted Most of the Middle East ‘s Active C2 Infrastructure
Hunt.io mapped 1,350+ C2 servers across the Middle East, revealing how a small group of providers quietly supports major malware activity. For years, threat intelligence focused mostly on malware families, phishing domains, and individual indicators. But a new report from Hunt.io shows why defenders may need to pay closer attention to something more boring, hosting…
-
Megalodon Malware Rapidly Infects Over 5,500 GitHub Repositories
A newly identified malware campaign dubbed “Megalodon” has compromised more than 5,500 GitHub repositories, raising serious concerns about the security of open-source ecosystems. Security researchers from SafeDep report that the malware spreads through malicious code injections hidden inside seemingly legitimate projects, targeting developers who unknowingly download and execute infected files. Megalodon Malware Infects Github Repo…
-
Hackers Abuse Hugging Face to Deliver npm Malware
A newly uncovered supply chain attack targeting the npm ecosystem has been linked to North Korean (DPRK)-aligned threat actors. The campaign centers around a malicious npm package named terminal-logger-utils, which embeds a sophisticated multi-stage malware capable of keylogging, data exfiltration, and remote system control. The package was distributed through three dependent libraries pretty-logger-utils, ts-logger-pack, and pinno-loggers which automatically…
-
Breach Roundup: Shai-Hulud Copycat Hits npm
Also, YellowKey Gets CVE, 7-Eleven Breach, Linux Maintainers Warn on AI Bug Spam. This week, more incidents that we can here list. Among them: cloned Shai-Hulud malware, a new maximum CVSS Cisco flaw. Edge to stop loading passwords in plaintext. Tycoon 2FA offers a way around Microsoft multifactor. Convenience, taquitos and data breach: The 7-Eleven…
-
CISA chief frets about open-source vulnerabilities, delayed security improvements
Acting director Nick Andersen’s comments came as a wave of malware attacks hit tech that’s publicly available for collaboration. First seen on cyberscoop.com Jump to article: cyberscoop.com/cisa-chief-frets-about-open-source-vulnerabilities-delayed-security-improvements/
-
Showboat Linux Malware Hits Middle East Telecom with SOCKS5 Proxy Backdoor
Cybersecurity researchers have disclosed details of a new Linux malware dubbed Showboat that has been put to use in a campaign targeting a telecommunications provider in the Middle East since at least mid-2022.”Showboat is a modular post-exploitation framework designed for Linux systems, capable of spawning a remote shell, transferring files, and functioning as a SOCKS5…
-
Modulare Malware macht Tech-Support-Scams besonders gefährlich
Zu Beginn des Angriffs wird der Posteingang des ausgemachten Opfers wie so oft mit einer Flut von Spam-E-Mails attackiert. Kurz darauf kontaktiert dann der Angreifer First seen on infopoint-security.de Jump to article: www.infopoint-security.de/modulare-malware-macht-tech-support-scams-besonders-gefaehrlich/a45252/
-
Microsoft Disrupts Malware-Signing Service Used by Ransomware Gangs
Microsoft disrupted Fox Tempest, a malware-signing service accused of abusing Azure certificates to disguise ransomware and malware as trusted software. The post Microsoft Disrupts Malware-Signing Service Used by Ransomware Gangs appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-microsoft-fox-tempest-malware-signing-service/
-
Chinese hackers target telcos with new Linux, Windows malware
A Chinese cyber-espionage campaign has been targeting telecommunications providers with newly discovered Linux and Windows malware dubbed Showboat and JFMBackdoor, respectively. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/chinese-hackers-target-telcos-with-new-linux-windows-malware/
-
Android Malware Spotted Subscribing Victims to Paid Services Without Consent
Cybersecurity researchers expose a 10-month global Android malware campaign using fake apps to secretly charge users through premium SMS bills. First seen on hackread.com Jump to article: hackread.com/android-malware-subscribe-services-without-consent/
-
Microsoft’s Retired IE Tool MSHTA Now Being Used in Fileless Malware Attacks
Despite Internet Explorer’s retirement, hackers are abusing the legacy MSHTA utility in stealthy fileless malware attacks targeting Windows users. First seen on hackread.com Jump to article: hackread.com/microsoft-retired-ie-tool-mshta-fileless-malware-attack/