Collecting Cyber-News from over 60 sources

Tag: malware

Pre-Stuxnet Sabotage Malware ‘Fast16’ Linked to US-Iran Cyber Tensions

Apr 27, 2026 6:38 AM

Tags: attack, cyber, iran, leak, malware, software, stuxnet

What happened SentinelOne has uncovered Fast16, a Lua-based sabotage malware developed and deployed years before Stuxnet that was designed to tamper with high-precision calculation software used in civil engineering, physics, and physical process simulations. The malware was used in an attack in 2005 and was referenced in the ShadowBrokers’ 2016 leak of NSA offensive tools….The…
GopherWhisper: new China-linked APT targets Mongolia with Go-based malware

Apr 26, 2026 4:39 PM

Tags: apt, china, government, group, malware, tool

ESET found a new China-linked APT, tracked as GopherWhisper, targeting Mongolia using Go-based malware, loaders, and backdoors. ESET researchers uncovered a new China-aligned APT group called GopherWhisper, targeting government institutions in Mongolia. The group’s arsenal includes a range of tools mainly written in Go, such as loaders and injectors, which are used to deploy multiple…
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 94

Apr 26, 2026 2:38 PM

Tags: intelligence, international, iphone, malware, spyware, threat

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Morpheus: A new Spyware linked to IPS Intelligence The iPhone, invincible no more: a look at DarkSword and Coruna Lotus Wiper: a new threat targeting the energy and utilities sector New NGate variant hides in […]…
Threat actor uses Microsoft Teams to deploy new “Snow” malware

Apr 25, 2026 6:40 PM

Tags: group, malware, microsoft, social-engineering, threat

A threat group tracked as UNC6692 uses social engineering to deploy a new, custom malware suite named ‘Snow’ which includes a browser extension, a tunneler, and a backdoor. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/threat-actor-uses-microsoft-teams-to-deploy-new-snow-malware/
Crime crew impersonates help desk, abuses Microsoft Teams to steal your data

Apr 25, 2026 12:39 PM

Tags: crime, data, malware, microsoft

Coming in cold with custom Snow malware First seen on theregister.com Jump to article: www.theregister.com/2026/04/25/new_crime_crew_impersonates_help_desks/
Researchers Uncover Pre-Stuxnet ‘fast16’ Malware Targeting Engineering Software

Apr 25, 2026 12:39 PM

Tags: cyber, cybersecurity, framework, iran, malware, software, stuxnet, worm

Cybersecurity researchers have discovered a new Lua-based malware created years before the notorious Stuxnet worm that aimed to sabotage Iran’s nuclear program by destroying uranium enrichment centrifuges.According to a new report published by SentinelOne, the previously undocumented cyber sabotage framework dates back to 2005, primarily targeting high-precision calculation software to tamper First seen on thehackernews.com…
CISA reports persistent FIRESTARTER backdoor on Cisco ASA device in federal network

Apr 25, 2026 5:39 AM

Tags: backdoor, cisa, cisco, malware, network, software

CISA said a federal Cisco Firepower ASA device was infected with the FIRESTARTER backdoor in Sept 2025, and it survived security patches. CISA revealed that a U.S. federal civilian agency’s Cisco Firepower device running ASA software was compromised in September 2025 by the FIRESTARTER backdoor. The malware reportedly persisted even after security patches were applied,…
CISA reports persistent FIRESTARTER backdoor on Cisco ASA device in federal network

Apr 25, 2026 5:39 AM

Tags: backdoor, cisa, cisco, malware, network, software

CISA said a federal Cisco Firepower ASA device was infected with the FIRESTARTER backdoor in Sept 2025, and it survived security patches. CISA revealed that a U.S. federal civilian agency’s Cisco Firepower device running ASA software was compromised in September 2025 by the FIRESTARTER backdoor. The malware reportedly persisted even after security patches were applied,…
CISA reports persistent FIRESTARTER backdoor on Cisco ASA device in federal network

Apr 25, 2026 5:39 AM

Tags: backdoor, cisa, cisco, malware, network, software

CISA said a federal Cisco Firepower ASA device was infected with the FIRESTARTER backdoor in Sept 2025, and it survived security patches. CISA revealed that a U.S. federal civilian agency’s Cisco Firepower device running ASA software was compromised in September 2025 by the FIRESTARTER backdoor. The malware reportedly persisted even after security patches were applied,…
Firestarter malware survives Cisco firewall updates, security patches

Apr 24, 2026 11:39 PM

Tags: cisco, cybersecurity, defense, firewall, malware, threat, update

Cybersecurity agencies in the U.S. and U.K. are warning about a custom malware called Firestarter persisting on Cisco Firepower and Secure Firewall devices running Adaptive Security Appliance (ASA) or Firepower Threat Defense (FTD) software. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/firestarter-malware-survives-cisco-firewall-updates-security-patches/
Firestarter malware survives Cisco firewall updates, security patches

Apr 24, 2026 11:39 PM

Tags: cisco, cybersecurity, defense, firewall, malware, threat, update

Cybersecurity agencies in the U.S. and U.K. are warning about a custom malware called Firestarter persisting on Cisco Firepower and Secure Firewall devices running Adaptive Security Appliance (ASA) or Firepower Threat Defense (FTD) software. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/firestarter-malware-survives-cisco-firewall-updates-security-patches/
FIRESTARTER Backdoor Hit Federal Cisco Firepower Device, Survives Security Patches

Apr 24, 2026 8:39 PM

Tags: access, backdoor, cisa, cisco, cyber, cybersecurity, infrastructure, malware, software

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has revealed that an unnamed federal civilian agency’s Cisco Firepower device running Adaptive Security Appliance (ASA) software was compromised in September 2025 with malware called FIRESTARTER.FIRESTARTER, per CISA and the U.K.’s National Cyber Security Centre (NCSC), is assessed to be a backdoor designed for remote access and…
TeamPCP Hijacks Bitwarden CLI, Uses Dependabot to Deploy Shai-Hulud Malware

Apr 24, 2026 4:39 PM

Tags: ai, attack, github, malware

GitGuardian uncovers TeamPCP attack on Bitwarden CLI, abusing GitHub Dependabot to spread Shai-Hulud and poison AI coding tools. First seen on hackread.com Jump to article: hackread.com/teampcp-bitwarden-cli-dependabot-shai-hulud-malware/
The Cyber Express Weekly Roundup: Data Breaches, Malware Campaigns, and Cyber Fraud Investigations

Apr 24, 2026 2:39 PM

Tags: breach, cyber, cybersecurity, data, fraud, law, malware

In this week’s edition of The Cyber Express weekly roundup, we explore the latest developments in the world of cybersecurity, focusing on high-profile data breaches, growing malware campaigns, and law enforcement actions against cybercriminals. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/tce-weekly-roundup-april-2026/
New Cisco firewall malware can only be killed by pulling the plug

Apr 24, 2026 12:39 PM

Tags: backdoor, cisa, cisco, cyber, firewall, malware

Suspected state-sponsored attackers are using a custom backdoor to persistently compromise Cisco security devices (firewalls), the US CISA and the UK National Cyber Security … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/24/cisco-firepower-firestarter-backdoor/
Void Dokkaebi Hackers Spread Malware Through Fake Job Interviews

Apr 24, 2026 12:39 PM

Tags: ai, crypto, cyber, hacker, jobs, malware

Void Dokkaebi, also known as Famous Chollima, is expanding its cyber operations by turning fake job interviews into a large-scale malware distribution campaign targeting developers. The campaign begins with attackers posing as recruiters from cryptocurrency or AI companies. Developers are invited to complete coding tests that require cloning and running seemingly legitimate repositories from platforms…
UNC6692 Impersonates IT Help Desk via Microsoft Teams to Deploy SNOW Malware

Apr 24, 2026 12:39 PM

Tags: malware, microsoft, social-engineering, tactics, threat

A previously undocumented threat activity cluster known as UNC6692 has been observed leveraging social engineering tactics via Microsoft Teams to deploy a custom malware suite on compromised hosts.”As with many other intrusions in recent years, UNC6692 relied heavily on impersonating IT help desk employees, convincing their victim to accept a Microsoft Teams chat invitation from…
Npm Supply Chain Malware Attack Targets Developers With Worm-Like Propagation

Apr 24, 2026 10:38 AM

Tags: attack, credentials, malicious, malware, supply-chain, worm

Malicious npm packages spread via worm-like propagation and steal developer credentials First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/npm-supply-chain-worm-canister/
Hackers Impersonate IT Helpdesk Staff to Breach Firms via Microsoft Teams

Apr 24, 2026 7:38 AM

Tags: attack, breach, corporate, cyber, group, hacker, malware, microsoft, social-engineering, threat

A newly identified cyber threat group, UNC6692, is using a clever mix of social engineering and custom malware to infiltrate corporate networks. By impersonating IT helpdesk personnel on Microsoft Teams, these hackers trick employees into downloading a sophisticated malware suite that steals sensitive company data. The Social Engineering Trap The attack begins with an aggressive…
Newly Deciphered Sabotage Malware May Have Targeted Iran’s Nuclear Program”, and Predates Stuxnet

Apr 24, 2026 12:38 AM

Tags: iran, malware, stuxnet

Researchers have finally cracked Fast16, mysterious code capable of silently tampering with calculation and simulation software. It was created in 2005″, and likely deployed by the US or an ally. First seen on wired.com Jump to article: www.wired.com/story/fast16-malware-stuxnet-precursor-iran-nuclear-attack/
US, UK agencies warn hackers were hiding on Cisco firewalls long after patches were applied

Apr 23, 2026 11:38 PM

Tags: cisco, firewall, hacker, malware, network

Investigators found the malware, dubbed Firestarter, on a federal agency’s network in a campaign dating back to at least September 2025. First seen on cyberscoop.com Jump to article: cyberscoop.com/cisco-firestarter-malware-cisa-warning/
Dragos: Despite AI use, new malware targeting water plants is ‘hype’

Apr 23, 2026 10:39 PM

Tags: ai, malware

ZionSiphon was designed to find and sabotage Israelis’ water supply. An OT expert said it appears to be ineffective and the work of amateurs using AI. First seen on cyberscoop.com Jump to article: cyberscoop.com/dragos-zionsiphon-ai-malware-targeting-water-sector-hype/
US agency breached through Cisco vulnerability, FIRESTARTER backdoor allowed access through March

Apr 23, 2026 9:39 PM

Tags: access, backdoor, cisa, cisco, exploit, hacker, malware, vulnerability

CISA said the unnamed department was infected with malware called “FIRESTARTER” that allowed the hackers to return to the Cisco device in March without re-exploiting the original vulnerabilities. First seen on therecord.media Jump to article: therecord.media/cisa-us-agency-breached-cisco-vulnerability-backdoor
UNC6692 Impersonates IT Helpdesk via Microsoft Teams to Deploy SNOW Malware

Apr 23, 2026 9:39 PM

Tags: malware, microsoft, social-engineering, tactics, threat

A previously undocumented threat activity cluster known as UNC6692 has been observed leveraging social engineering tactics via Microsoft Teams to deploy a custom malware suite on compromised hosts.”As with many other intrusions in recent years, UNC6692 relied heavily on impersonating IT helpdesk employees, convincing their victim to accept a Microsoft Teams chat invitation from an…
Self-Propagating npm Malware Turns Trusted Packages Into Attack Paths

Apr 23, 2026 8:39 PM

Tags: access, api, attack, authentication, automation, breach, control, credentials, crypto, data, data-breach, endpoint, exploit, intelligence, malicious, malware, open-source, pypi, risk, service, software, supply-chain, theft, threat, unauthorized, worm

<div cla TL;DR An open source malware campaign dubbed CanisterSprawl has been observed in npm, stealing sensitive data from developer machines including tokens, API keys, and more. From there, the malware publishes additional compromised packages under hijacked credentials, abusing developer trust in open source ecosystems to spread. Impacted organizations should remove the malware immediately, examine…
Self-Propagating npm Malware Turns Trusted Packages Into Attack Paths

Apr 23, 2026 8:39 PM

Tags: access, api, attack, authentication, automation, breach, control, credentials, crypto, data, data-breach, endpoint, exploit, intelligence, malicious, malware, open-source, pypi, risk, service, software, supply-chain, theft, threat, unauthorized, worm

<div cla TL;DR An open source malware campaign dubbed CanisterSprawl has been observed in npm, stealing sensitive data from developer machines including tokens, API keys, and more. From there, the malware publishes additional compromised packages under hijacked credentials, abusing developer trust in open source ecosystems to spread. Impacted organizations should remove the malware immediately, examine…
Self-Propagating npm Malware Turns Trusted Packages Into Attack Paths

Apr 23, 2026 8:39 PM

Tags: access, api, attack, authentication, automation, breach, control, credentials, crypto, data, data-breach, endpoint, exploit, intelligence, malicious, malware, open-source, pypi, risk, service, software, supply-chain, theft, threat, unauthorized, worm

<div cla TL;DR An open source malware campaign dubbed CanisterSprawl has been observed in npm, stealing sensitive data from developer machines including tokens, API keys, and more. From there, the malware publishes additional compromised packages under hijacked credentials, abusing developer trust in open source ecosystems to spread. Impacted organizations should remove the malware immediately, examine…
Harvester APT Expands Spying Operations with New GoGra Linux Malware

Apr 23, 2026 7:39 PM

Tags: api, apt, linux, malware, microsoft

New GoGra Linux malware linked to Harvester APT targets systems in South Asia, using fake PDFs and Microsoft APIs for covert command and control. First seen on hackread.com Jump to article: hackread.com/harvester-apt-spying-new-gogra-linux-malware/
With AI’s help, North Korean hackers stumbled into a near-undetectable attack

Apr 23, 2026 5:39 PM

Tags: ai, attack, exploit, hacker, hacking, malware, north-korea, phishing, social-engineering

For many years, state-sponsored hacking was defined by human expertise in finding security holes, writing malware and exploits, pulling off social engineering and phishing … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/23/hexagonalrodent-north-korean-hackers-targeting-developers/
Malware-Kit Venom Stealer hebt ClickFix-Angriffe auf ein neues Niveau

Apr 23, 2026 3:39 PM

Tags: cyberattack, malware, social-engineering

Der Ansatz: Das Opfer wird durch geschickte Social-Engineering-Methoden dazu gebracht, einen bereitgestellten Befehl in die Zwischenablage zu kopieren… First seen on infopoint-security.de Jump to article: www.infopoint-security.de/malware-kit-venom-stealer-hebt-clickfix-angriffe-auf-ein-neues-niveau/a44750/