Tag: malware
-
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 71
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter 9 Malicious NuGet Packages Deliver Time-Delayed Destructive Payloads GlassWorm Returns: New Wave Strikes as We Expose Attacker Infrastructure Gootloader Returns: What Goodies Did They Bring? Active Water Saci Campaign Spreading Via WhatsApp Features Multi-Vector…
-
Decades-old ‘Finger’ protocol abused in ClickFix malware attacks
The decades-old “finger” command is making a comeback,, with threat actors using the protocol to retrieve remote commands to execute on Windows devices. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/decades-old-finger-protocol-abused-in-clickfix-malware-attacks/
-
RondoDox Exploits Unpatched XWiki Servers to Pull More Devices Into Its Botnet
The botnet malware known as RondoDox has been observed targeting unpatched XWiki instances against a critical security flaw that could allow attackers to achieve arbitrary code execution.The vulnerability in question is CVE-2025-24893 (CVSS score: 9.8), an eval injection bug that could allow any guest user to perform arbitrary remote code execution through a request to…
-
Malware, Betrug, Scams und Datendiebstahl: Massive Sicherheitslücken
Cybersicherheitsverhalten, KI-Bedenken und Risiken von Verbrauchern weltweit. 14 Prozent der Befragten fielen im letzten Jahr digitalem Betrug zum Opfer. Soziale Medien überholen E-Mail als bevorzugten Angriffsvektor von Cyberkriminellen. KI-Betrug wird zur wachsenden Sorge der Verbraucher. Die neue 2025 Consumer Cybersecurity Survey von Bitdefender gibt Einblicke in zentrale Verhaltensweisen, Praktiken und Bedenken im Bereich der… First…
-
Worm flooding npm registry with token stealers still isn’t under control
Tags: access, antivirus, attack, authentication, blockchain, breach, control, credentials, crypto, detection, edr, exploit, finance, firewall, governance, identity, login, malicious, malware, mfa, monitoring, network, open-source, pypi, risk, software, supply-chain, threat, tool, wormCSO that number has now grown to 153,000.”It’s unfortunate that the worm isn’t under control yet,” said Sonatype CTO Brian Fox.And while this payload merely steals tokens, other threat actors are paying attention, he predicted.”I’m sure somebody out there in the world is looking at this massively replicating worm and wondering if they can ride…
-
New Security Tools Target Growing macOS Threats
A public dataset and platform-agnostic analysis tool aim to help organizations in the fight against Apple-targeted malware, which researchers say has lacked proper attention. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/new-security-tools-target-growing-macos-threats
-
Crims poison 150K+ npm packages with token-farming malware
Tags: malwareAmazon spilled the TEA First seen on theregister.com Jump to article: www.theregister.com/2025/11/14/selfreplicating_supplychain_attack_poisons_150k/
-
North Korean Hackers Turn JSON Services into Covert Malware Delivery Channels
The North Korean threat actors behind the Contagious Interview campaign have once again tweaked their tactics by using JSON storage services to stage malicious payloads.”The threat actors have recently resorted to utilizing JSON storage services like JSON Keeper, JSONsilo, and npoint.io to host and deliver malware from trojanized code projects, with the lure,” NVISO researchers…
-
Cybersecurity Snapshot: Refresh Your Akira Defenses Now, CISA Says, as OWASP Revamps Its App Sec Top 10 Risks
Tags: access, advisory, ai, antivirus, application-security, attack, authentication, backup, business, chatgpt, cisa, ciso, cloud, compliance, control, corporate, cve, cyber, cybersecurity, data, defense, detection, encryption, endpoint, exploit, finance, firewall, flaw, framework, germany, group, guide, healthcare, infrastructure, injection, Internet, iot, law, malware, mfa, mitigation, phishing, privacy, programming, ransomware, resilience, risk, service, soc, software, supply-chain, tactics, technology, threat, tool, update, vulnerabilityLearn why you should revise your Akira ransomware protection plans. Plus, find out what’s new in OWASP’s revamped Top 10 Web Application Risks list. Also, find out about agentic AI’s cognitive degradation risk. And get the latest on AI security trends and CISO compensation. Key takeaways CISA and other agencies are urging organizations, especially in…
-
Cybersecurity Snapshot: Refresh Your Akira Defenses Now, CISA Says, as OWASP Revamps Its App Sec Top 10 Risks
Tags: access, advisory, ai, antivirus, application-security, attack, authentication, backup, business, chatgpt, cisa, ciso, cloud, compliance, control, corporate, cve, cyber, cybersecurity, data, defense, detection, encryption, endpoint, exploit, finance, firewall, flaw, framework, germany, group, guide, healthcare, infrastructure, injection, Internet, iot, law, malware, mfa, mitigation, phishing, privacy, programming, ransomware, resilience, risk, service, soc, software, supply-chain, tactics, technology, threat, tool, update, vulnerabilityLearn why you should revise your Akira ransomware protection plans. Plus, find out what’s new in OWASP’s revamped Top 10 Web Application Risks list. Also, find out about agentic AI’s cognitive degradation risk. And get the latest on AI security trends and CISO compensation. Key takeaways CISA and other agencies are urging organizations, especially in…
-
Millions of sites at risk from Imunify360 critical flaw exploit
A vulnerability affecting Imunify360 lets attackers run code via malicious file uploads, risking millions of websites. A vulnerability in ImunifyAV/Imunify360 allows attackers to upload malicious files to shared servers and execute arbitrary code, potentially exposing millions of websites, cybersecurity firm Patchstack warns. The flaw in Imunify360 AV before v32.7.4.0 lets attacker”‘supplied malware trigger dangerous PHP…
-
Cybercriminals Use Fake Invoices to Deploy XWorm and Steal Login Credentials
Cybercriminals are deploying sophisticated phishing campaigns that weaponize seemingly legitimate invoice emails to distribute Backdoor.XWorm is a dangerous remote-access trojan (RAT) capable of stealing sensitive credentials, recording keystrokes, and installing ransomware. Security researchers have uncovered an active malware distribution operation using Visual Basic Script attachments disguised as routine business correspondence, representing a dangerous evolution of social…
-
Cybercriminals Use Fake Invoices to Deploy XWorm and Steal Login Credentials
Cybercriminals are deploying sophisticated phishing campaigns that weaponize seemingly legitimate invoice emails to distribute Backdoor.XWorm is a dangerous remote-access trojan (RAT) capable of stealing sensitive credentials, recording keystrokes, and installing ransomware. Security researchers have uncovered an active malware distribution operation using Visual Basic Script attachments disguised as routine business correspondence, representing a dangerous evolution of social…
-
Cybercriminals Use Fake Invoices to Deploy XWorm and Steal Login Credentials
Cybercriminals are deploying sophisticated phishing campaigns that weaponize seemingly legitimate invoice emails to distribute Backdoor.XWorm is a dangerous remote-access trojan (RAT) capable of stealing sensitive credentials, recording keystrokes, and installing ransomware. Security researchers have uncovered an active malware distribution operation using Visual Basic Script attachments disguised as routine business correspondence, representing a dangerous evolution of social…
-
Formbook Malware Campaign Uses Malicious ZIP Files and Layered Scripting Techniques
A new campaign leveraging Formbook malware has emerged, showcasing sophisticated multi-stage infection tactics that underscore the importance of analyzing more than just executable files during malware investigations. When teaching malware reverse-engineering in courses like SANS FOR610, it’s critical to addressed that reverse engineering applies to every component in the infection chain, not just PE or…
-
Check Point deckt Malvertising-Netzwerk ‘Payroll Pirates” auf
Check Point hat seine Lösung SmartPhish bereits aktualisiert, um Meta-bezogene Phishing-Angriffe dieser Art zuverlässig zu erkennen und zu stoppen. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/check-point-deckt-malvertising-netzwerk-payroll-pirates-auf/a42825/
-
Android Photo Frame App Infects Devices With Malware, Allows Full Remote Takeover
A recent investigation has uncovered alarming security vulnerabilities in Android-powered digital photo frames, turning what should be a simple home or office gadget into a potent tool for cybercriminals. The findings reveal that apps preinstalled on these smart photo frames not only download and execute malware automatically but can also hand over complete device control…
-
Malvertising-Netzwerk namens Payroll Pirates entdeckt
Ein Forschungsteam von Check Point Software Technologies hat ein weit verzweigtes Cybercrime-Netzwerk aufgedeckt, das legitime Online-Werbeplattformen gezielt missbraucht. Die Gruppe, die unter dem Namen ‘Payroll Pirates” bekannt ist, hat sich seit Mitte 2023 darauf spezialisiert, Gehalts- und Finanzsysteme zu manipulieren. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/malvertising-netzwerk-payroll-pirates
-
Malvertising-Netzwerk namens Payroll Pirates entdeckt
Ein Forschungsteam von Check Point Software Technologies hat ein weit verzweigtes Cybercrime-Netzwerk aufgedeckt, das legitime Online-Werbeplattformen gezielt missbraucht. Die Gruppe, die unter dem Namen ‘Payroll Pirates” bekannt ist, hat sich seit Mitte 2023 darauf spezialisiert, Gehalts- und Finanzsysteme zu manipulieren. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/malvertising-netzwerk-payroll-pirates
-
Operation Endgame Disrupts More Malware
Rhadamanthys, VenomRAT and Elysium Targeted in Operation. A multinational law enforcement operation resulted in the arrest of a remote access Trojan operator and the seizure of over 1,000 info stealer and botnet servers. Authorities took down 1,025 servers associated with the Rhadamanthys infostealer, the Venom RAT and a botnet dubbed Elysium. First seen on govinfosecurity.com…
-
Operation Endgame Dismantles 1,025 Malware Servers
Europol and Eurojust dismantled major criminal infrastructure powering widespread infostealer, RAT, and botnet operations. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/operation-endgame-dismantles-1025-malware-servers/
-
RCE flaw in ImunifyAV puts millions of Linux-hosted sites at risk
The ImunifyAV malware scanner for Linux server, used by tens of millions of websites, is vulnerable to a remote code execution vulnerability that could be exploited to compromise the hosting environment. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/rce-flaw-in-imunifyav-puts-millions-of-linux-hosted-sites-at-risk/
-
Operation Endgame Hits Rhadamanthys, VenomRAT, Elysium Malware, seize 1025 servers
Europol-led Operation Endgame seizes 1,025 servers and arrests a key suspect in Greece, disrupting three major global malware and hacking tools, including Rhadamanthys, VenomRAT and Elysium botnet. First seen on hackread.com Jump to article: hackread.com/operation-endgame-rhadamanthys-venomrat-elysium-malware/
-
Operation Endgame targets malware networks in global crackdown
Rhadamanthys, VenomRAT, and the Elysium botnet were targeted in the takedowns. First seen on cyberscoop.com Jump to article: cyberscoop.com/operation-endgame-disrupts-global-malware-networks-rhadamanthys-venomrat-elysium/
-
A new round of Europol’s Operation Endgame dismantled Rhadamanthys, Venom RAT, and Elysium botnet
Europol’s Operation Endgame dismantles Rhadamanthys, Venom RAT, and Elysium botnet in a global crackdown on cybercriminal infrastructures. Europol and Eurojust have launched a new phase of Operation Endgame, carried out between November 10 and 13, 2025, dismantling major malware families including Rhadamanthys Stealer, Venom RAT, and the Elysium botnet as part of a global effort…
-
Coyote, Maverick Banking Trojans Run Rampant in Brazil
South America’s largest country is notorious for banking malware attacks; Maverick self-terminates if its targeted user is based outside Brazil. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/coyote-maverick-banking-trojans-brazil
-
Threat Actors Use JSON Storage for Hosting and Delivering Malware via Trojanized Code
A sophisticated campaign attributed to North Korean-aligned threat actors is weaponizing legitimate JSON storage services as an effective vector for deploying advanced malware to software developers worldwide. The >>Contagious Interview
-
Operation Endgame: Polizei nimmt über 1.000 Malware-Server vom Netz
Mehr als 180 dieser Server wurden laut BKA in Deutschland betrieben. Sie dienten als Infrastruktur für mehrere Malware-Varianten. First seen on golem.de Jump to article: www.golem.de/news/operation-endgame-polizei-nimmt-ueber-1-000-malware-server-vom-netz-2511-202151.html
-
Operation Endgame schaltet Schadsoftware ab
Ermittler aus Deutschland sind gemeinsam mit internationalen Partnern erneut erfolgreich gegen Cyberkriminalität vorgegangen. BundeskriminalamtDank globaler Zusammenarbeit ist Ermittlern ein Schlag gegen die Verbreitung von Schadsoftware gelungen. Man habe “einen der gefährlichsten Stealer und einen der meistgenutzten Trojaner weltweit unschädlich gemacht”, teilten die Zentralstelle zur Bekämpfung der Internetkriminalität und das Bundeskriminalamt (BKA) mit. Solche Systeme nisten sich…
-
Popular Android-based photo frames download malware on boot
Uhale Android-based digital picture frames come with multiple critical security vulnerabilities and some of them download and execute malware at boot time. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/popular-android-based-photo-frames-download-malware-on-boot/