Tag: malware
-
âš¡ Weekly Recap: CI/CD Backdoor, FBI Buys Location Data, WhatsApp Ditches Numbers & More
Another week, another reminder that the internet is still a mess. Systems people thought were secure are being broken in simple ways, showing many still ignore basic advisories.This edition covers a mix of issues: supply chain attacks hitting CI/CD setups, long-abused IoT devices being shut down, and exploits moving quickly from disclosure to real attacks.…
-
âš¡ Weekly Recap: CI/CD Backdoor, FBI Buys Location Data, WhatsApp Ditches Numbers & More
Another week, another reminder that the internet is still a mess. Systems people thought were secure are being broken in simple ways, showing many still ignore basic advisories.This edition covers a mix of issues: supply chain attacks hitting CI/CD setups, long-abused IoT devices being shut down, and exploits moving quickly from disclosure to real attacks.…
-
Supply-Chain-Attacke: Trivy-Scanner und 140 NPM-Pakete kompromittiert
Ein Angreifer hat Malware in den Schwachstellenscanner Trivy sowie über 140 NPM-Pakete eingeschleust. Er sammelt Daten und richtet Backdoors ein. First seen on golem.de Jump to article: www.golem.de/news/supply-chain-attacke-trivy-scanner-und-140-npm-pakete-kompromittiert-2603-206808.html
-
Chrome ABE bypass discovered: New VoidStealer malware steals passwords and cookies
Malware with many tricks: VoidStealer is part of a broader shift in how infostealers are evolving post-ABE. The malware already supports multiple bypass techniques, falling back to older injection-based methods if needed, but clearly prioritizing stealth where possible.Krejsa also warned of its development pace. Since first appearing in December 2025, the malware has evolved quickly…
-
Microsoft Warns IRS Phishing Hits 29,000 Users, Deploys RMM Malware
Microsoft has warned of fresh campaigns that are capitalizing on the upcoming tax season in the U.S. to harvest credentials and deliver malware.The email campaigns take advantage of the urgency and time-sensitive nature of emails to send phishing messages masquerading as refund notices, payroll forms, filing reminders, and requests from tax professionals to deceive recipients…
-
Iran-linked actors use Telegram as C2 in malware attacks on dissidents
Iran-linked actors use Telegram as C2 to spread malware targeting dissidents and journalists, enabling surveillance and data theft. The FBI warns that Iran’s Ministry of Intelligence and Security (MOIS) runs cyber campaigns using Telegram as a command-and-control infrastructure to deliver malware. Threat actors target Iranian dissidents, journalists, and opposition groups worldwide. Once deployed, the malware…
-
FBI warns of Handala hackers using Telegram in malware attacks
The U.S. Federal Bureau of Investigation (FBI) warned network defenders that Iranian hackers linked to the country’s Ministry of Intelligence and Security (MOIS) are using Telegram in malware attacks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/fbi-warns-of-handala-hackers-using-telegram-in-malware-attacks/
-
Oblivion RAT Masquerades as Play Store Update to Spy on Android Users
A newly discovered Android remote access trojan (RAT) called Oblivion RAT is raising concerns across the mobile threat landscape. Marketed as a malware-as-a-service (MaaS) platform, it is sold on cybercrime forums with subscription plans starting at $300 per month. Unlike typical mobile malware, Oblivion RAT comes with a web-based APK builder, a dropper generator, and…
-
Oblivion RAT Masquerades as Play Store Update to Spy on Android Users
A newly discovered Android remote access trojan (RAT) called Oblivion RAT is raising concerns across the mobile threat landscape. Marketed as a malware-as-a-service (MaaS) platform, it is sold on cybercrime forums with subscription plans starting at $300 per month. Unlike typical mobile malware, Oblivion RAT comes with a web-based APK builder, a dropper generator, and…
-
Oblivion RAT Masquerades as Play Store Update to Spy on Android Users
A newly discovered Android remote access trojan (RAT) called Oblivion RAT is raising concerns across the mobile threat landscape. Marketed as a malware-as-a-service (MaaS) platform, it is sold on cybercrime forums with subscription plans starting at $300 per month. Unlike typical mobile malware, Oblivion RAT comes with a web-based APK builder, a dropper generator, and…
-
Oblivion RAT Masquerades as Play Store Update to Spy on Android Users
A newly discovered Android remote access trojan (RAT) called Oblivion RAT is raising concerns across the mobile threat landscape. Marketed as a malware-as-a-service (MaaS) platform, it is sold on cybercrime forums with subscription plans starting at $300 per month. Unlike typical mobile malware, Oblivion RAT comes with a web-based APK builder, a dropper generator, and…
-
We Know You Can Pay a Million by Anja Shortland review the terrifying new world of ransomware
Criminals extorting money online have created huge businesses, complete with branding and HRThe birth of ransomware was a stunt that got out of hand. In 1989, an evolutionary biologist called Joseph L Popp Jr was working part time for the World Health Organisation on the Aids epidemic. He was a difficult man. When he was…
-
VoidStealer Steals Chrome Secrets Without Injection or Privilege Escalation
A new variant of the MaaS infostealer VoidStealer has become the first malware observed in the wild to weaponize a debugger”‘based bypass for Google Chrome’s Application”‘Bound Encryption (ABE), using hardware breakpoints to steal Chrome’s v20_master_key directly from browser memory. Unlike previous ABE bypasses, this method requires neither SYSTEM”‘level privilege escalation nor code injection into the…
-
When Data Mining Conti Leaks Leads to Actual Binaries and to a Hardcoded C2 With an Encryption Key on Tripod.com Part Three
Dear blog readers, Continuing the “When Data Mining Conti Leaks Leads to Actual Binaries and to a Hardcoded C2 With an Encryption Key on Tripod.com – Part Two” blog post series in this post I’ll continue analyzing the next malicious software binary which I obtained by data mining Conti Leaks with a lot of success. …
-
VoidStealer malware steals Chrome master key via debugger trick
An information stealer called VoidStealer uses a new approach to bypass Chrome’s Application-Bound Encryption (ABE) and extract the master key for decrypting sensitive data stored in the browser. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/voidstealer-malware-steals-chrome-master-key-via-debugger-trick/
-
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 89
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter New Payload ransomware malware analysis DRILLAPP: new backdoor targeting Ukrainian entities with possible links to Laundry Bear When Trusted Websites Turn Malicious: WordPress Compromises Advance Global Stealer Operation AI Coding Tools Under Fire: […]…
-
Zimperium warnt vor neuer BankingWelle: 1.243 Apps kompromittiert
First seen on datensicherheit.de Jump to article: www.datensicherheit.de/zimperium-warnung-neu-banking-malware-welle-1243-apps-kompromittierung
-
Malware auf Steam: FBI sucht Gamer hast du eines dieser Spiele gespielt?
Tags: malwareFirst seen on t3n.de Jump to article: t3n.de/news/malware-steam-fbi-sucht-gamer-infizierte-spiele-1734132/
-
Trivy vulnerability scanner breach pushed infostealer via GitHub Actions
The Trivy vulnerability scanner was compromised in a supply-chain attack by threat actors known as TeamPCP, which distributed credential-stealing malware through official releases and GitHub Actions. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/trivy-vulnerability-scanner-breach-pushed-infostealer-via-github-actions/
-
Trivy vulnerability scanner breach pushed infostealer via GitHub Actions
The Trivy vulnerability scanner was compromised in a supply-chain attack by threat actors known as TeamPCP, which distributed credential-stealing malware through official releases and GitHub Actions. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/trivy-vulnerability-scanner-breach-pushed-infostealer-via-github-actions/
-
Diese neue Version einer Android-Malware scannt deine Notizen: Warum das gefährlich ist
First seen on t3n.de Jump to article: t3n.de/news/android-malware-scannt-notizen-1735042/
-
Trivy Supply Chain Attack Triggers Self-Spreading CanisterWorm Across 47 npm Packages
The threat actors behind the supply chain attack targeting the popular Trivy scanner are suspected to be conducting follow-on attacks that have led to the compromise of a large number of npm packages with a previously undocumented self-propagating worm dubbed CanisterWorm.The name is a reference to the fact that the malware uses an ICP canister,…
-
Trivy vulnerability scanner backdoored with credential stealer in supply chain attack
Tags: access, attack, breach, cloud, control, credentials, crypto, data, detection, docker, email, exploit, github, kubernetes, malicious, malware, network, risk, supply-chain, vulnerabilityAttackers look for development secrets: On GitHub Actions runners, the credential stealer reads the process memory to extract secrets and searches the filesystem for SSH keys, cloud provider credentials, Kubernetes tokens, Docker registry configurations, and cryptocurrency wallets.The stolen data is encrypted and sent to a typosquatted domain that mimics Aqua Security’s legitimate site. If this…
-
Trivy vulnerability scanner backdoored with credential stealer in supply chain attack
Tags: access, attack, breach, cloud, control, credentials, crypto, data, detection, docker, email, exploit, github, kubernetes, malicious, malware, network, risk, supply-chain, vulnerabilityAttackers look for development secrets: On GitHub Actions runners, the credential stealer reads the process memory to extract secrets and searches the filesystem for SSH keys, cloud provider credentials, Kubernetes tokens, Docker registry configurations, and cryptocurrency wallets.The stolen data is encrypted and sent to a typosquatted domain that mimics Aqua Security’s legitimate site. If this…
-
Copyright Complaint Lures Linked to New PureLog Stealer Credential Theft Wave
Threat actors are actively distributing the PureLog Stealer through a sophisticated, multi-stage attack campaign disguised as legal copyright violation notices. This information-stealing malware is engineered to silently harvest sensitive data, including browser credentials, browser extensions, cryptocurrency wallets, and detailed system information. The campaign selectively targets organizations within the healthcare, government, hospitality, and education sectors across…
-
AI-Driven Offensive Security: The Current Landscape and What It Means for Defense
The capabilities of modern AI models have advanced far beyond what most people in the security industry have fully internalized. AI-generated phishing, script writing, and basic offensive automation are getting plenty of attention, but what happens when you apply agentic AI to the full lifecycle of building, testing, and refining custom malware and command-and-control (C2)……
-
TDL 018 – How To Think, Not What To Think – Mitch Prior
Tags: access, ai, apple, attack, backup, blockchain, business, cctv, china, ciso, cloud, computer, conference, control, credentials, cvss, cyber, cybersecurity, data, defense, detection, exploit, finance, firmware, google, infrastructure, intelligence, Internet, iot, jobs, law, mail, malware, military, network, phone, privacy, resilience, risk, router, software, strategy, switch, technology, threat, tool, vulnerability, wifi, zero-trustThe Human Algorithm in a Zero-Trust World In the latest episode of The Defender’s Log, host David Redekop sits down with cybersecurity expert Mitch Prior to discuss the intersection of high-tech security and human intuition. From their first meeting in 2018″, the early days of Zero Trust”, the duo explores why the “why” behind technical…
-
Trivy Security Scanner GitHub Actions Breached, 75 Tags Hijacked to Steal CI/CD Secrets
Trivy, a popular open-source vulnerability scanner maintained by Aqua Security, was compromised a second time within the span of a month to deliver malware that stole sensitive CI/CD secrets.The latest incident impacted GitHub Actions “aquasecurity/trivy-action” and “aquasecurity/setup-trivy,” which are used to scan Docker container images for vulnerabilities and set up GitHub Actions workflow First seen…
-
Trivy Security Scanner GitHub Actions Breached, 75 Tags Hijacked to Steal CI/CD Secrets
Trivy, a popular open-source vulnerability scanner maintained by Aqua Security, was compromised a second time within the span of a month to deliver malware that stole sensitive CI/CD secrets.The latest incident impacted GitHub Actions “aquasecurity/trivy-action” and “aquasecurity/setup-trivy,” which are used to scan Docker container images for vulnerabilities and set up GitHub Actions workflow First seen…
-
That “job brief” on Google Forms could infect your device
Fake job offers on Google Forms are spreading PureHVNC malware that can take over your device. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/that-job-brief-on-google-forms-could-infect-your-device/