Tag: malware
-
Microsoft disrupts Fox Tempest malware-signing-asservice platform tied to ransomware gangs
The company unsealed a legal case in U.S. District Court on Tuesday detailing the disruption of Fox Tempest, a popular service that has operated since May 2025 and provides cybercriminals with code signing tools. First seen on therecord.media Jump to article: therecord.media/microsoft-disrupts-fox-tempest-malware-signing-service
-
Mini Shai-Hulud returns, compromising hundreds of npm packages
Another malware wave is washing through open-source software repos, stealing publishing tokens, installing OS”‘level backdoors and persisting in developer tools and CI pipelines. First seen on cyberscoop.com Jump to article: cyberscoop.com/mini-shai-hulud-malware-npm-packages-compromised-again/
-
Microsoft disrupts cybercrime service that abused software verification systems en masse
Fox Tempest, a financially-motivated threat group, allowed ransomware operators and other cybercriminals to slip malware-laced software past security controls. First seen on cyberscoop.com Jump to article: cyberscoop.com/microsoft-digital-crimes-unit-disrupts-fox-tempest/
-
6 Milliarden gestohlene Passwörter Warum Unternehmen 2026 noch immer dieselben Fehler machen
Trotz jahrelanger Security-Awareness-Kampagnen, komplexer Passwortregeln und wachsender MFA-Verbreitung bleibt eine der ältesten Schwachstellen der IT erschreckend aktuell: schwache und wiederverwendete Passwörter. Der aktuelle ‘2026 Breached Password Report” von Specops Software analysiert mehr als sechs Milliarden durch Malware gestohlene Zugangsdaten und zeichnet ein alarmierendes Bild moderner Identitätssicherheit. Die zentrale Erkenntnis: Nicht Brute-Force-Angriffe sind heute das […]…
-
Malware-Kampagnen in Windows über das Legacy-Internet-Tool MSHTA von Microsoft
Cyberkriminelle nutzen legitime und mit Vorliebe veraltete Betriebssystemtools, um sie für ihre Zwecke zu missbrauchen und Angriffe zu tarnen. Je vertrauenswürdiger ein Dienstprogramm, umso besser. So beobachten die Bitdefender Labs den kontinuierlichen Exploit des Microsoft-HTML-Application-Host (MSHTA) und verzeichneten in den letzten Monaten eine höhere Frequenz von Angriffsketten, in denen die ausführbare Datei mshta.exe eine Rolle…
-
Legacy Microsoft Utility Fuels New Wave of Malware
Researchers Link MSHTA Windows Utility to Lumma Stealer, ClickFix Campaigns. Cybercriminals continue abusing Microsoft’s legacy MSHTA utility to deliver malware, with researchers saying that the default-enabled Windows component remains a favored living-off-the-land tool for PowerShell attacks, info stealers and multi-stage malware loaders. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/legacy-microsoft-utility-fuels-new-wave-malware-a-31716
-
New Shai-Hulud malware wave compromises 600 npm packages
Threat actors earlier today published more than 600 malicious packages to the Node Package Manager (npm) index as part of a new Shai-Hulud supply-chain campaign. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-shai-hulud-malware-wave-compromises-600-npm-packages/
-
Internet Explorer may be dead, but its ghost still runs malware
A legacy Windows tool that refuses to die: Bitdefender’s findings suggest MSHTA remains attractive because it checks several boxes attackers like. These include it being Microsoft-signed, preinstalled on Windows, capable of in-memory execution, and still implicitly trusted in many environments.Other sophisticated campaigns picked it up too. Bitdefender detailed PurpleFox using MSHTA to launch ‘msiexec’ commands…
-
VoidStealer Malware Targets Chrome Data Despite Built-In Browser Protections
A newly discovered infostealer called VoidStealer is raising concerns after researchers revealed it can bypass Google Chrome’s App-Bound Encryption (ABE), a security feature designed to protect sensitive browser data. The malware introduces a novel technique that allows attackers to extract encryption keys directly from memory, enabling session hijacking and credential theft even on updated systems. VoidStealer Malware…
-
UAC-0184 Uses Bitsadmin and HTA Files to Deliver Gated Malware
UAC-0184 uses a multi”‘stage malware chain that abuses bitsadmin and HTA loaders to reach a heavily obfuscated payload bundle, ultimately hiding behind signed binaries such as VSLauncher.exe and PassMark Endpoint to gain stealthy network access on Ukrainian military networks. CERT”‘UA reporting through 20242025 highlights a focus on accounts belonging to the Armed Forces of Ukraine,…
-
Operation Ramz Dismantles 53 Servers Used in Scam and Malware Campaigns
Tags: cyber, cybercrime, international, interpol, law, malicious, malware, middle-east, phishing, scamA large-scale international cybercrime operation led by INTERPOL has resulted in 201 arrests and the takedown of 53 malicious servers linked to phishing, malware, and online scam campaigns across the Middle East and North Africa (MENA) region. DubbedOperation Ramz, the initiative ran from October 2025 to February 2026 and involved law enforcement agencies from 13…
-
macOS Malware Abuses Fake Google Update for Persistence
A newly observed variant of the SHub macOS infostealer, dubbed “Reaper,” is expanding its capabilities with stealthier delivery, enhanced data theft, and a persistence mechanism disguised as a legitimate Google software update. The Reaper variant continues SHub’s use of fake application installers, notably masquerading as WeChat and Miro downloads. However, its infection chain stands out…
-
From PDB strings to MaaS: Tracking a commodity BadIIS ecosystem used by Chinese-speaking threat
Cisco Talos has uncovered a BadIIS variant, identifiable by its embedded “demo.pdb” strings, that functions as commodity malware, likely sold or shared among multiple Chinese-speaking cyber crime groups operating under a malware-as-a-service (MaaS) model for continuous monetization. First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/from-pdb-strings-to-maas-tracking-a-commodity-badiis-ecosystem/
-
Mini-Shai-Hulud: Erneut millionenfach genutzte NPM-Pakete kompromittiert
Der Shai-Hulud-Angriff geht in die nächste Runde. Wieder wurde Malware in Hunderte NPM-Pakete eingeschleust. Entwickler sollten handeln. First seen on golem.de Jump to article: www.golem.de/news/mini-shai-hulud-erneut-millionenfach-genutzte-npm-pakete-kompromittiert-2605-208817.html
-
7 tips for accelerating cyber incident recovery
Tags: attack, awareness, backup, breach, business, ceo, cio, ciso, cloud, communications, control, cyber, cybersecurity, data, defense, finance, framework, governance, incident, incident response, infection, insurance, international, lessons-learned, malicious, malware, monitoring, nist, risk, service, technology, threat, updateEmphasize scoping and containment from the outset: Because you can’t recover from what you can’t stop, scoping and containment should be the absolute first priority during incident recovery, says Amit Basu, CIO and CISO at freight shipping firm International Seaway.”Before anything else, you must stop the bleeding,” he says. This means understanding the true scope…
-
Shai-Hulud worm copycats emerge after source code leak
Shai-Hulud worm copycats are already attacking NPM developers after its source code leaked, enabling fast supply chain exploitation. The first copycats of the Shai-Hulud worm have already started showing up online, only a few days after the malware’s source code was dumped on GitHub. Researchers had warned this would happen almost immediately, and they were…
-
JavaScript Malware Campaign Drops Crypto Clipper via PowerShell
A large-scale CountLoader campaign that uses layered obfuscation, multi-stage payload delivery, and covert command-and-control (C2) communication to deploy cryptocurrency clipper malware. The campaign stands out for its complex infection chain, combining JavaScript, PowerShell, and in-memory shellcode execution to evade detection and maintain persistence across infected systems. The attack begins with a malicious executable that launches…
-
Mini Shai-Hulud Attack Hits @antv npm Packages
A large-scale npm supply chain attack has compromised multiple widely used packages within the @antv ecosystem, to investigate what appears to be an active and rapidly evolving campaign linked to the Mini Shai-Hulud malware family. The attack centers on the compromise of the npm maintainer account “atool,” which is associated with several popular JavaScript libraries.…
-
Mini Shai-Hulud Attack Hits @antv npm Packages
A large-scale npm supply chain attack has compromised multiple widely used packages within the @antv ecosystem, to investigate what appears to be an active and rapidly evolving campaign linked to the Mini Shai-Hulud malware family. The attack centers on the compromise of the npm maintainer account “atool,” which is associated with several popular JavaScript libraries.…
-
INTERPOL ‘Operation Ramz’ seizes 53 malware, phishing servers
More than 200 individuals were arrested for cybercrime activities during INTERPOL’s Operation Ramz, which focused on the Middle East and North Africa. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/interpol-operation-ramz-seizes-53-malware-phishing-servers/
-
Interpol leads cybercrime crackdown across 13 countries in Middle East, North Africa
Operation Ramz resulted in 201 arrests and disrupted phishing services, malware and financial scams. First seen on cyberscoop.com Jump to article: cyberscoop.com/interpol-operation-ramz-middle-east-north-africa/
-
New Reaper Malware Uses Fake Microsoft Domain to Steal macOS Passwords
The newly discovered Reaper malware bypasses Apple’s macOS Tahoe 26.4 security updates to steal passwords, crypto assets, and install a permanent backdoor. First seen on hackread.com Jump to article: hackread.com/reaper-malware-fake-microsoft-domain-macos-passwords/
-
Leaked Shai-Hulud malware fuels new npm infostealer campaign
The Shai-Hulud malware leaked last week is now used in new attacks on the Node Package Manager (npm) index, as infected packages emerged over the weekend. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/leaked-shai-hulud-malware-fuels-new-npm-infostealer-campaign/
-
Cyber attackers bypass traditional defences as ‘user-driven’ attacks surge, Bridewell warns
Cyber attackers are increasingly sidestepping traditional security tools by exploiting users themselves, according to Bridewell’s newly released Cyber Threat Intelligence Report 2026. The report highlights a significant shift in attacker behaviour, with threat actors moving away from malware-heavy campaigns towards identity-driven and socially engineered attacks that operate within trusted systems, often leaving little trace for…
-
Gamaredon Deploys GammaDrop, GammaLoad in Phishing Campaigns
Gamaredon Uses GammaDrop and GammaLoad Downloaders in Multi-Stage Phishing Attacks. A sustained cyber-espionage campaign linked to the Gamaredon threat group is actively targeting Ukrainian government entities using multi-stage phishing attacks and evolving malware loaders. Gamaredon, also known as UAC-0010 or Shuckworm, continues to exploit CVE-2025-8088, a directory traversal vulnerability in WinRAR that allows attackers to…
-
Gremlin Stealer Hides Payloads in .NET Resources to Evade Detection
A newly discovered variant of the Gremlin Stealer is raising concerns among security researchers by adopting stealth-focused techniques that significantly reduce its detection footprint. Gremlin Stealer is an information-stealing malware actively sold on Telegram. It targets a wide range of sensitive data from infected systems, including payment card details, browser cookies, session tokens, cryptocurrency wallets,…
-
Four Malicious npm Packages Deliver Infostealers and Phantom Bot DDoS Malware
Cybersecurity researchers have discovered four new npm packages containing information-stealing malware, one of which is a clone of the Shai-Hulud worm open-sourced by TeamPCP.The list of identified packages is below -chalk-tempalte (825 Downloads)@deadcode09284814/axios-util (284 Downloads)axois-utils (963 Downloads)color-style-utils (934 Downloads)”One of the packages (chalk-tempalte) First seen on thehackernews.com Jump to article: thehackernews.com/2026/05/four-malicious-npm-packages-deliver.html
-
201 arrested in INTERPOL disruption of phishing and fraud networks
Operation Ramz, a cybercrime initiative coordinated by INTERPOL across the MENA region, focused on disrupting phishing campaigns, malware activity, and cyber scams that caused … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/05/18/interpol-mena-cybercrime-operation-ramz-201-arrests/
-
Hackers Hide PureLogs Infostealer in PawsRunner Loader
Threat actors are increasingly hiding malware inside seemingly harmless files, and a new campaign shows just how effective this tactic has become. The attack begins with a phishing email carrying a TXZ archive attachment. Disguised as an urgent invoice, the file pressures victims into opening it quickly. Once extracted, the archive reveals a JavaScript file…
-
Pre-Stuxnet Fast16 Malware Tampered with Nuclear Weapons Simulations
A new analysis of the Lua-based fast16 malware has confirmed that it was a cyber sabotage tool designed to tamper with nuclear weapons testing simulations.According to Broadcom-owned Symantec and Carbon Black teams, the pre-Stuxnet tool was engineered to corrupt uranium-compression simulations that are central to nuclear weapon design.”Fast16’s hook engine is selectively interested in First…