Collecting Cyber-News from over 60 sources

Tag: malware

Check Point belegt ersten Platz im Hybrid-Mesh-NetworkBenchmark von Miercom

Apr 23, 2026 2:39 PM

Tags: ai, malware, network, phishing, software

Check Point Software Technologies, gibt bekannt, dass man im <> den ersten Platz belegt hat. Dieser bedeutsame Erfolg markiert für Check Point das vierte Jahr in Folge die branchenweite Spitzenposition. Check Point erreichte mit einer Phishing-Erkennungsrate von 100 Prozent und einer KI-gestützten Malware-Abwehr von 99,9 Prozent den Spitzenwert […] First seen on netzpalaver.de Jump to…
If malware via monitor cables is a matter of national security, this might be the gadget for you

Apr 23, 2026 1:39 PM

Tags: cyber, malware

Orgs can now buy UK cyber agency engineered commercial gadget, but details are slim First seen on theregister.com Jump to article: www.theregister.com/2026/04/23/ncscs_first_foray_into_commercial/
Malicious npm Package Hijacks Hugging Face for Malware Delivery

Apr 23, 2026 1:39 PM

Tags: ai, breach, cyber, data, malicious, malware

Malicious npm package js-logger-pack is now abusing Hugging Face not just as a malware CDN, but also as a live exfiltration backend for stolen data, turning a popular AI platform into part of a full-featured cross”‘platform implant chain. Earlier campaign phases already used Hugging Face as a simple hosting point for those binaries, but the latest builds…
Unwary Chinese Hackers Hardcoded Credentials into Backdoors

Apr 23, 2026 12:39 PM

Tags: backdoor, china, control, credentials, cyberespionage, government, group, hacker, malware

Eset Researchers Discover Trove of Go-Based Malware. Researchers uncovered a Chinese-linked cyberespionage group after attackers left command and control credentials embedded in malware, exposing internal operations, testing environments and thousands of messages tied to campaigns targeting a Mongolia government agency. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/unwary-chinese-hackers-hardcoded-credentials-into-backdoors-a-31487
Outlook Mailboxes Used to Conceal Linux GoGra Backdoor Traffic

Apr 23, 2026 12:39 PM

Tags: backdoor, cyber, espionage, group, linux, malware, threat

A newly discovered Linux variant of the GoGra backdoor is being used by the Harvester advanced persistent threat (APT) group to conduct stealthy cyber espionage operations. Harvester, a suspected nation-state-backed group active since at least 2021, is known for targeting South Asia with custom malware and espionage campaigns. The discovery of a Linux version of…
Lazarus Lures Developers With Backdoored Coding Tests

Apr 23, 2026 11:39 AM

Tags: ai, crypto, cyber, data, group, hacker, korea, lazarus, malware, north-korea

North Korea-linked hackers are using AI-assisted malware and backdoored coding challenges to quietly loot millions in cryptocurrency from Web3 developers. Expel assesses with high confidence that HexagonalRodent is a DPRK state-sponsored subgroup that likely evolved from fraudulent IT worker operations before pivoting fully to malware-driven theft. In just three months, the group exfiltrated data from…
Microsoft Graph API misused by new GoGra Linux malware for hidden communication

Apr 23, 2026 10:39 AM

Tags: api, backdoor, cyberespionage, group, linux, malicious, malware, microsoft

A new GoGra Linux malware uses Microsoft Graph API and an Outlook inbox to deliver payloads, making it stealthy and hard to detect. A new Linux version of the GoGra backdoor uses Microsoft’s Graph API and an Outlook inbox to deliver malicious payloads stealthily. The malware is linked to the Harvester cyberespionage group, which is…
Fake Wallpaper App, YouTube Channel Used to Spread notnullOSX Malware

Apr 23, 2026 10:39 AM

Tags: crypto, cyber, hacker, macOS, malware

Hackers are abusing a fake macOS wallpaper app and a hijacked YouTube channel to quietly deliver notnullOSX, a new crypto-focused stealer that targets Macs via ClickFix commands and weaponized DMG installers. The campaign is highly selective, going after victims with crypto holdings above 10,000 USD and using polished lures that closely mimic legitimate apps and workflows.…
Fake TradingView AI Site Spreads Needle Stealer Through Phony TradingClaw App

Apr 23, 2026 9:39 AM

Tags: ai, cyber, finance, malware, strategy

A fake TradingView AI agent website is delivering Needle Stealer malware through a bogus “TradingClaw” assistant that can hijack victims’ browsers, drain financial accounts, and enable follow”‘on attacks. The campaign targets traders seeking automated strategies on TradingView, capitalizing on the current hype around AI trading bots and browser”‘based investing tools. The site imitates legitimate trading…
Fake TradingView AI Site Spreads Needle Stealer Through Phony TradingClaw App

Apr 23, 2026 9:39 AM

Tags: ai, cyber, finance, malware, strategy

A fake TradingView AI agent website is delivering Needle Stealer malware through a bogus “TradingClaw” assistant that can hijack victims’ browsers, drain financial accounts, and enable follow”‘on attacks. The campaign targets traders seeking automated strategies on TradingView, capitalizing on the current hype around AI trading bots and browser”‘based investing tools. The site imitates legitimate trading…
Tropic Trooper Pivots to AdaptixC2 and Custom Beacon Listener

Apr 23, 2026 5:39 AM

Tags: access, api, attack, backdoor, china, cloud, control, data, detection, github, infection, intelligence, korea, login, malicious, malware, military, monitoring, network, open-source, service, tactics, threat, tool, windows

IntroductionOn March 12, 2026, Zscaler ThreatLabz discovered a malicious ZIP archive containing military-themed document lures targeting Chinese-speaking individuals. Our analysis of this sample uncovered a campaign leveraging a multi-stage attack chain where a trojanized SumatraPDF reader deploys an AdaptixC2 Beacon agent, ultimately leading to the download and abuse of Visual Studio (VS) Code tunnels for…
Malicious pgserve, automagik developer tools found in npm registry

Apr 23, 2026 5:39 AM

Tags: access, attack, breach, cloud, control, corporate, credentials, crypto, data, firewall, github, infrastructure, least-privilege, malicious, malware, network, open-source, password, radius, risk, service, software, tactics, theft, threat, tool, worm

Advice to victimized developers: Developers who have downloaded the malicious versions of pgserver and automagik need to act fast, says Tanya Janca, head of Canadian secure coding consultancy SheHacksPurple.”Rotate every credential you can think of, right now, before you do anything else,” she said. “Then harden your CI/CD network egress controls so your build runners…
North Korean hackers siphon more than $12 million from crypto users in sprawling campaign

Apr 22, 2026 11:39 PM

Tags: attack, crypto, group, hacker, malware, north-korea

Researchers said the group stole up to $12 million in cryptocurrency in the first three months of 2026 through malware attacks on personal devices. First seen on therecord.media Jump to article: therecord.media/north-korean-hackers-siphon-12-million-from-crypto-users
New Mirai campaign exploits RCE flaw in EoL D-Link routers

Apr 22, 2026 10:39 PM

Tags: cve, exploit, flaw, injection, malware, rce, remote-code-execution, router, vulnerability

A new Mirai-based malware campaign is actively exploiting CVE-2025-29635, a high-severity command-injection vulnerability affecting D-Link DIR-823X routers, to enlist devices into the botnet. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-mirai-campaign-exploits-rce-flaw-in-eol-d-link-routers/
Hackers deployed wiper malware in destructive attacks on Venezuela’s energy sector

Apr 22, 2026 9:39 PM

Tags: attack, hacker, malware

Hackers deployed a previously unknown wiper malware against Venezuela’s energy and utilities sector in an attack that appears to have been designed to destroy systems. First seen on therecord.media Jump to article: therecord.media/hackers-venezuela-wiper-malware-oil
Fake Google Antigravity Installer Can Steal Accounts in Minutes

Apr 22, 2026 9:39 PM

Tags: breach, google, malware

Fake Antigravity downloads are enabling fast account takeovers using hidden malware and stolen session cookies. The post Fake Google Antigravity Installer Can Steal Accounts in Minutes appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-fake-google-antigravity-downloads-steal-accounts-minutes/
Schatten-KI zwingt Sicherheitsverantwortliche zum Handeln

Apr 22, 2026 6:40 PM

Tags: ai, cloud, malware, phishing, security-incident

Der nächste große Sicherheitsvorfall beginnt möglicherweise nicht mit Malware oder einer Phishing-Mail. Er könnte mit einer Eingabeaufforderung starten und damit enden, dass ein KI-Agent Maßnahmen ergreift, die nie genehmigt wurden. Seit Jahren hält das Problem der Schatten-IT Sicherheitsverantwortliche auf Trab: Mitarbeitende setzen Cloud-Anwendungen ein, ohne dass diese von der IT-Abteilung genehmigt wurden. Die Schatten-KI folgt…
AI Tools Are Helping Mediocre North Korean Hackers Steal Millions

Apr 22, 2026 6:40 PM

Tags: ai, group, hacker, malware, north-korea, tool

One group of hackers used AI for everything from vibe coding their malware to creating fake company websites”, and stole as much as $12 million in three months. First seen on wired.com Jump to article: www.wired.com/story/ai-tools-are-helping-mediocre-north-korean-hackers-steal-millions/
Harvester Deploys Linux GoGra Backdoor in South Asia Using Microsoft Graph API

Apr 22, 2026 6:40 PM

Tags: api, attack, backdoor, control, defense, linux, malware, microsoft, network, threat

The threat actor known as Harvester has been attributed to a new Linux version of its GoGra backdoor deployed as part of attacks likely targeting entities in South Asia.”The malware uses the legitimate Microsoft Graph API and Outlook mailboxes as a covert command-and-control (C2) channel, allowing it to bypass traditional perimeter network defenses,” the Symantec…
Harvester Deploys Linux GoGra Backdoor in South Asia Using Microsoft Graph API

Apr 22, 2026 6:40 PM

Tags: api, attack, backdoor, control, defense, linux, malware, microsoft, network, threat

The threat actor known as Harvester has been attributed to a new Linux version of its GoGra backdoor deployed as part of attacks likely targeting entities in South Asia.”The malware uses the legitimate Microsoft Graph API and Outlook mailboxes as a covert command-and-control (C2) channel, allowing it to bypass traditional perimeter network defenses,” the Symantec…
Malicious trading website drops malware that hands your browser to attackers

Apr 22, 2026 5:39 PM

Tags: ai, data, finance, malicious, malware

A fake TradingView AI agent site leads to malware that can take over your browser, steal your accounts and financial data, and open the door to further attacks. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/malicious-trading-website-drops-malware-that-hands-your-browser-to-attackers/
New Mirai variants target routers and DVRs in parallel campaigns

Apr 22, 2026 4:38 PM

Tags: botnet, malware, router

Hidden inside newly discovered botnet malware is an unusual message from its creator: >>AI.NEEDS.TO.DIE<>tuxnokill<< by researchers at Akamai, … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/22/new-mirai-variants-target-routers-and-dvrs-via-old-flaws/
109 Fake GitHub Repos Spread SmartLoader, StealC Malware

Apr 22, 2026 3:39 PM

Tags: blockchain, cyber, detection, github, infrastructure, malicious, malware, open-source

A coordinated malware operation is abusing fake GitHub repositories to distribute a LuaJIT-based loader, SmartLoader, and a follow-on StealC infostealer, with at least 109 malicious repos active across 103 accounts. The campaign blends cloned open source code, obfuscated Lua stages, and blockchain-backed C2 resolution to evade detection and keep infrastructure agile. Instead of relying on…
NFC tappay gets tapped by hackers

Apr 22, 2026 2:39 PM

Tags: ai, android, attack, detection, github, google, hacker, malicious, malware, mitre, network, nfc

AI was likely used: ESET researchers also spotted something unusual in the malware’s internals. Some traces suggested generative AI may have played a role in its development.Specifically, the injected malicious code contains emoji markers in debug logs, something more commonly associated with AI-generated output than human-written malware. The researchers noted that this isn’t definitive proof…
Lotus Wiper Malware Targets Venezuelan Energy Systems in Destructive Attack

Apr 22, 2026 2:39 PM

Tags: attack, cybersecurity, data, malware

Cybersecurity researchers have discovered a previously undocumented data wiper that has been used in attacks targeting Venezuela at the end of last year and the start of 2026.Dubbed Lotus Wiper, the novel file wiper has been used in a destructive campaign targeting the energy and utilities sector in Venezuela, per findings from Kaspersky.”Two batch scripts…
Neue NGate-Malware missbraucht HandyPay-App für NFC-Betrug

Apr 22, 2026 1:39 PM

Tags: android, fraud, hacker, malware, nfc

Sicherheitsforscher von ESET warnen vor einer Weiterentwicklung der NGate-Malware. Hacker nutzen eine manipulierte Version der seriösen App ‘HandyPay”, um kontaktlose Bezahldaten und PINs direkt von Android-Smartphones abzugreifen. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/ngate-malware-nfc-betrug
Lotus Wiper Hits Energy Sector in Destructive Cyberattack

Apr 22, 2026 1:39 PM

Tags: attack, cyber, cyberattack, data, extortion, hacker, malware

Hackers have deployed a new destructive malware, dubbed Lotus Wiper , in a targeted cyberattack against energy and utilities organizations in Venezuela, aiming not to extort money but to destroy data and disrupt operations permanently. Artifacts from the Lotus Wiper attack chain were uploaded to a public malware-sharing resource in mid-December 2025 from a machine in Venezuela,…
New GoGra malware for Linux uses Microsoft Graph API for comms

Apr 22, 2026 12:39 PM

Tags: api, backdoor, infrastructure, linux, malware, microsoft

A Linux variant of the GoGra backdoor uses legitimate Microsoft infrastructure, relying on an Outlook inbox for stealthy payload delivery. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-gogra-malware-for-linux-uses-microsoft-graph-api-for-comms/
26 gefälschte Krypto-Wallets im Apple App Store entdeckt

Apr 22, 2026 11:39 AM

Tags: apple, crypto, malware

Die unter dem Namen ‘FakeWallet” bekannte Malware nutzt raffinierte Täuschungen, um sowohl digitale als auch physische Wallets im Apple App Store zu plündern. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/apple-app-store-gefaelschte-wallets
Mustang Panda’s New LOTUSLITE Variant Targets India Banks, South Korea Policy Circles

Apr 22, 2026 11:39 AM

Tags: access, backdoor, banking, control, cybersecurity, dns, espionage, finance, india, korea, malware

Cybersecurity researchers have discovered a new variant of a known malware called LOTUSLITE that’s distributed via a theme related to India’s banking sector.”The backdoor communicates with a dynamic DNS-based command-and-control server over HTTPS and supports remote shell access, file operations, and session management, indicating a continued espionage-focused capability set rather than First seen on thehackernews.com…