Tag: malware
-
Cybercriminals Exploit Tax Season With New Phishing Tactics
Tax-season phishing floods deliver RMM malware, credential theft, BEC and tax-form scams First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/tax-season-new-phishing-tactics/
-
Popular AI gateway startup LiteLLM ditches controversial startup Delve
LiteLLM had obtained two security compliance certifications via Delve and fell victim to some horrific credential-stealing malware last week. First seen on techcrunch.com Jump to article: techcrunch.com/2026/03/30/popular-ai-gateway-startup-litellm-ditches-controversial-startup-delve/
-
AI-Powered ‘DeepLoad’ Malware Steals Credentials, Evades Detection
The massive amount of junk code that hides the malware’s logic from security scans was almost certainly generated by AI, researchers say. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/ai-powered-deepload-steals-credentials-evades-detection
-
China-Linked groups target Southeast Asian government with advanced malware in 2025
China-linked groups hit a Southeast Asian government in 2025, deploying multiple malware families in a sophisticated cyber campaign. In 2025, three China-linked threat clusters targeted a Southeast Asian government in a complex, well-funded cyber operation. Threat actors deployed numerous malware types, including HIUPAN, PUBLOAD, EggStremeFuel/Loader, MASOL RAT, PoshRAT, TrackBak Stealer, Hypnosis Loader, and FluffyGh0st, showing…
-
Newly observed malware campaign likely combines AI and ClickFix
Using the techniques in tandem helps hackers evade detection, a security firm said. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/ai-malware-clickfix-deepload/816086/
-
Russian Hackers Deploy “CTRL” for RDP Hijacking
Russian hackers are using a new remote access toolkit called “CTRL” to silently hijack Remote Desktop Protocol (RDP) sessions via FRP-based reverse tunnels, enabling stealthy, hands-on access to compromised Windows systems. The toolkit blends credential theft, keylogging, and RDP abuse into a cohesive post-exploitation framework that currently flies under the radar of public malware scanners…
-
CrySome RAT: Stealthy .NET Malware Adds AV Killer, HVNC Features
CrySome RAT is a newly observed, advanced .NET remote access trojan that combines full”‘featured post”‘exploitation tooling with unusually hardened persistence, AV-killing, and anti”‘removal logic, making it a serious long”‘term threat to Windows environments. The client component (Crysome.Client.exe) communicates with a TCP”‘based C2 operated by CrySome.Server.exe, with debug logging falling back to a Crysome_debug.log path if…
-
DeepLoad Malware Combines ClickFix With AI-Generated Code to Avoid Detection
Researchers at ReliaQuest warn of persistent malware campaign targeting enterprise credentials First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/deepload-malware-clickfix-ai-code/
-
Three China-Linked Clusters Target Southeast Asian Government in 2025 Cyber Campaign
Three threat activity clusters aligned with China have targeted a government organization in Southeast Asia as part of what has been described as a “complex and well-resourced operation.”The campaigns have led to the deployment of various malware families, including HIUPAN (aka USBFect, MISTCLOAK, or U2DiskWatch), PUBLOAD, EggStremeFuel (aka RawCookie), EggStremeLoader (aka Gorem RAT), MASOL First…
-
VoidLink Proves AI-Assisted Malware Is No Longer Experimental
VoidLink shows that AI-assisted malware is now a mature, operational tool rather than a lab experiment, compressing what once required a full team into days of work by a single developer. At the same time, threat actors are cautiously testing self-hosted models, abusing agentic AI architectures, and probing enterprise GenAI usage as a fresh attack…
-
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 90
Tags: attack, browser, chrome, cyber, docker, government, international, iran, malware, software, supply-chainSecurity Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape New Malware Targets Users of Cobra DocGuard Software Government of Iran Cyber Actors Deploy Telegram C2 to Push Malware to Identified Targets Trivy Supply Chain Attack Expands to Compromised Docker Images VoidStealer: Debugging Chrome to Steal…
-
AI Threat Landscape Digest January-February 2026
EY FINDINGS AI-assisted malware development has reached operational maturity.VoidLink framework, which is modular, professionally engineered, and fully functional,was built by a single developer using a commercial AI-powered IDE within a compressedtimeframe. AI-assisted development is no longer experimental but produces deploymentreadyoutput. AI-assisted development is not always obvious from the final product.VoidLink was initially assessed as the…
-
New Infinity Stealer malware grabs macOS data via ClickFix lures
A new info-stealing malware named Infinity Stealer is targeting macOS systems with a Python payload packaged as an executable using the open-source Nuitka compiler. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-infinity-stealer-malware-grabs-macos-data-via-clickfix-lures/
-
Fake Certificate Loader Hides BlankGrabber Malware Chain
BlankGrabber’s operators are now abusing a fake “certificate” loader to hide a multi”‘stage Rust and Python infection chain, making this commodity stealer significantly harder to spot on Windows endpoints. The new technique relies on built”‘in tools such as certutil.exe, heavily obfuscated PyInstaller stubs, and stealthy exfiltration via Telegram and public web services to evade both…
-
Backdoored Telnyx PyPI package pushes malware hidden in WAV audio
TeamPCP hackers compromised the Telnyx package on the Python Package Index today, uploading malicious versions that deliver credential-stealing malware hidden inside a WAV file. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/backdoored-telnyx-pypi-package-pushes-malware-hidden-in-wav-audio/
-
Phishing ZIP Files Used to Deploy PXA Stealer Targeting Financial Firms
A sharp rise in PXA Stealer campaigns targeting global financial institutions during the first quarter of 2026. The activity marks a notable shift in the infostealer landscape, with PXA Stealer filling the gap left by the takedowns of major malware families such as Lumma, Rhadamanthys, and RedLine in 2025. Researchers estimate that PXA Stealer activity…
-
Hackers Implant Stealthy BPFdoor Backdoors in Telecom Networks for Persistent Access
A China-nexus threat actor known as Red Menshen is planting stealthy backdoors deep inside global telecommunications networks. According to a recent investigation by Rapid7 Labs, this long-term espionage campaign utilises a highly evasive Linux kernel malware called BPFdoor. Instead of launching noisy, disruptive attacks, these hackers are building dormant sleeper cells in the telecom backbone.…
-
China Upgrades the Backdoor It Uses to Spy on Telcos Globally
Chinese APT Red Menshen’s super-advanced BPFdoor malware defeats traditional cybersecurity protections. All telcos can do, really, is try hunting it down. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/china-upgrades-backdoor-spy-telcos
-
Coruna, DarkSword & Democratizing Nation-State Exploit Kits
Nation-state malware is being sold on the Dark Web and leaked to GitHub; and ordinary organizations might not stand much of a chance of defending themselves. First seen on darkreading.com Jump to article: www.darkreading.com/endpoint-security/coruna-darksword-democratizing-nation-state-exploit-kits
-
AitM Phishing Targets TikTok Business Accounts Using Cloudflare Turnstile Evasion
Threat actors are using adversary-in-the-middle (AitM) phishing pages to seize control of TikTok for Business accounts in a new campaign, according to a report from Push Security.Business accounts associated with social media platforms are a lucrative target, as they can be weaponized by bad actors for malvertising and distributing malware.”TikTok has been historically abused to…
-
AitM Phishing Targets TikTok Business Accounts Using Cloudflare Turnstile Evasion
Threat actors are using adversary-in-the-middle (AitM) phishing pages to seize control of TikTok for Business accounts in a new campaign, according to a report from Push Security.Business accounts associated with social media platforms are a lucrative target, as they can be weaponized by bad actors for malvertising and distributing malware.”TikTok has been historically abused to…
-
TeamPCP Targets Telnyx Package in Latest PyPI Software Supply Chain Attack
Socket and Endor Labs discovered a new TeamPCP campaign leading to the delivery of credential-stealing malware First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/teampcp-targets-telnyx-pypi-package/
-
Hochentwickelte PlugX-Malware nutzt Nahostkonflikt als Lockmittel
Seit dem 1. März 2026 beobachten die Zscaler Sicherheitsexperten von ThreatLabz eine neue Angriffswelle mit einer Variante der berüchtigten PlugX-Backdoor Malware First seen on infopoint-security.de Jump to article: www.infopoint-security.de/hochentwickelte-plugx-malware-nutzt-nahostkonflikt-als-lockmittel/a44369/
-
PlugX-Malware nutzt geopolitische Spannungen aus
Seit Anfang März 2026 beobachten Sicherheitsexperten von ThreatLabz eine neue Welle gezielter Malware-Angriffe in der Golfregion. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/plugx-malware-geopolitische-spannungen
-
Digitale Schläferzellen: Versteckte Linux-Malware in Telko-Netzwerken entdeckt
Forscher haben Netze von Telko-Providern untersucht und eine versteckte Backdoor-Malware gefunden. Hacker sollen damit Spionage betreiben. First seen on golem.de Jump to article: www.golem.de/news/digitale-schlaeferzellen-versteckte-linux-malware-in-telko-netzwerken-entdeckt-2603-207004.html
-
Iran-Krieg als Aufhänger: Cyberkriminelle missbrauchen geopolitische Ereignisse für Malware-Attacken auf Geschäftskommunikation
First seen on datensicherheit.de Jump to article: www.datensicherheit.de/iran-krieg-aufhaenger-cyberkriminell-missbrauch-geopolitik-ereignis-malware-attacken-geschaeftskommunikation
-
New AITM phishing wave hijacks TikTok Business accounts
A new AITM phishing campaign targets TikTok Business accounts to hijack them for malvertising, continuing tactics seen in earlier Google-themed scams. Push Security researchers uncovered a new wave of AITM phishing pages targeting TikTok for Business accounts, aiming to hijack them for malvertising. The campaign includes TikTok and Google-themed fake pages, showing links to previous…
-
TeamPCP strikes again: Backdoored Telnyx PyPI package delivers malware
TeamPCP continues is supply chain compromise rampage, with telnyx on PyPI being the latest maliciously modified package. What happened? Telnyx is a widely used software … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/03/27/teampcp-telnyx-supply-chain-compromise/