Tag: malware

New .NET AOT Malware Hides Code as a Black Box to Evade Detection

Mar 18, 2026 2:10 PM

Tags: detection, malware

Researchers at Howler Cell have discovered a new .NET AOT malware campaign that uses a clever scoring system… First seen on hackread.com Jump to article: hackread.com/net-aot-malware-code-black-box-evade-detection/
Adaptability, Not Novelty: The Next Evolution of Malware

Mar 18, 2026 1:09 PM

Tags: ai, cloud, exploit, identity, malware

AI-enabled malware like VoidLink adapts to cloud misconfigurations in real time, showing how attackers exploit identity sprawl and configuration drift. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/adaptability-not-novelty-the-next-evolution-of-malware/
Vidar Stealer 2.0 Exploits GitHub, Reddit to Deliver Malware via Fake Game Cheats

Mar 18, 2026 1:09 PM

Tags: exploit, github, malware

The Vidar 2.0 infostealers is deployed through fake free game cheats on GitHub and Reddit First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/vidar-stealer-exploits-github/
Transparent COM instrumentation for malware analysis

Mar 18, 2026 12:09 PM

Tags: malware, open-source, tool

In this article, Cisco Talos presents DispatchLogger, a new open-source tool that delivers high visibility into late-bound IDispatch COM object interactions via transparent proxy interception. First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/transparent-com-instrumentation-for-malware-analysis/
Deepfakes und KI-Malware verändern Bedrohungslage – Sieben Strategien gegen KI-gesteuerte Cyberangriffe

Mar 18, 2026 12:09 PM

Tags: ai, cyberattack, deep-fake, malware

First seen on security-insider.de Jump to article: www.security-insider.de/ki-gesteuerte-cyberangriffe-deepfakes-strategien-abwehr-a-27f61a93f3d15d088f8737b65fff2151/
ClickFix treibt neue Infostealer-Kampagnen an

Mar 18, 2026 11:11 AM

Tags: api, captcha, control, cyberattack, encryption, exploit, framework, github, infrastructure, intelligence, lazarus, login, malware, microsoft, powershell, rat, social-engineering, threat, windows, wordpress

ClickFix-Kampagnen werden immer raffinierter und zielen verstärkt auf WordPress-Webseiten.Cyberkriminelle kombinieren kompromittierte Websites mit immer raffinierteren Social-Engineering-Köder-Methoden, um neue Infostealer-Malware zu verbreiten. Bekannt ist das Ganze unter dem Namen ClickFix und zudem effektiv: In einer einzigen Kampagne wurden über 250 WordPress-Websites in zwölf Ländern infiziert.Während diese Kampagne zu unauffälligen, im Arbeitsspeicher ausgeführten Schadprogrammen führt, beobachtete Microsoft…
Fake Telegram Download Site Delivers Stealthy In-Memory Malware Loader

Mar 18, 2026 8:09 AM

Tags: attack, cyber, exploit, malicious, malware

A newly discovered malware campaign is exploiting user trust in Telegram by distributing a trojanized installer through a typosquatted website, telegrgam[.]com. The site closely mimics the official Telegram download portal and delivers a malicious executable named tsetup-x64.6.exe, making it appear legitimate to unsuspecting users. Once downloaded and executed, the installer initiates a multi-stage attack chain while…
prompted: Key Insights from the AI Security Practitioners Conference FireTail Blog

Mar 18, 2026 5:10 AM

Tags: ai, api, application-security, attack, automation, conference, cybersecurity, data, defense, detection, exploit, google, infrastructure, injection, LLM, malicious, malware, monitoring, openai, risk, strategy, theft, threat, tool, training, update, vulnerability, zero-day

Mar 17, 2026 – Jeremy Snyder – The State of AI Security: Moving Beyond TheoryThe biggest shift evident at the [un]prompted AI Security Practitioners Conference was the move from purely theoretical discussions about “what could go wrong” to concrete, battle-tested methodologies for “what is going wrong and how we fix it.” It’s clear that AI…
prompted: Key Insights from the AI Security Practitioners Conference FireTail Blog

Mar 18, 2026 5:10 AM

Tags: ai, api, application-security, attack, automation, conference, cybersecurity, data, defense, detection, exploit, google, infrastructure, injection, LLM, malicious, malware, monitoring, openai, risk, strategy, theft, threat, tool, training, update, vulnerability, zero-day

Mar 17, 2026 – Jeremy Snyder – The State of AI Security: Moving Beyond TheoryThe biggest shift evident at the [un]prompted AI Security Practitioners Conference was the move from purely theoretical discussions about “what could go wrong” to concrete, battle-tested methodologies for “what is going wrong and how we fix it.” It’s clear that AI…
FAQ on CVE-2026-21514: OLE bypass N-Day in Microsoft Word

Mar 18, 2026 5:10 AM

Tags: access, ai, apt, attack, awareness, backdoor, cctv, cisa, cloud, control, cve, cyber, cyberattack, data, data-breach, detection, email, endpoint, exploit, flaw, fortinet, google, government, group, healthcare, identity, infrastructure, intelligence, Internet, iran, kev, malicious, malware, microsoft, mitigation, network, office, phishing, remote-code-execution, risk, technology, theft, threat, training, unauthorized, update, vulnerability, windows, zero-day

An N-day vulnerability in Microsoft Word exposes nearly 14 million assets. Attackers can exploit this flaw to bypass security prompts, enabling deployment of malware and establishing persistent access without triggering user warnings. Key takeaways: CVE-2026-21514 is a Microsoft Word n-day that bypasses OLE and Mark-of-the-Web protections, executing payloads silently without triggering user security prompts Tenable’s…
FAQ on CVE-2026-21514: OLE bypass N-Day in Microsoft Word

Mar 18, 2026 5:10 AM

Tags: access, ai, apt, attack, awareness, backdoor, cctv, cisa, cloud, control, cve, cyber, cyberattack, data, data-breach, detection, email, endpoint, exploit, flaw, fortinet, google, government, group, healthcare, identity, infrastructure, intelligence, Internet, iran, kev, malicious, malware, microsoft, mitigation, network, office, phishing, remote-code-execution, risk, technology, theft, threat, training, unauthorized, update, vulnerability, windows, zero-day

An N-day vulnerability in Microsoft Word exposes nearly 14 million assets. Attackers can exploit this flaw to bypass security prompts, enabling deployment of malware and establishing persistent access without triggering user warnings. Key takeaways: CVE-2026-21514 is a Microsoft Word n-day that bypasses OLE and Mark-of-the-Web protections, executing payloads silently without triggering user security prompts Tenable’s…
Operation Epic Fury: Why exposure data changes everything about Iran’s cyber-kinetic campaign

Mar 18, 2026 5:10 AM

Tags: access, ai, api, apt, attack, backdoor, breach, cctv, cisa, cloud, country, cve, cvss, cyber, cybersecurity, data, data-breach, ddos, detection, dns, espionage, exploit, firewall, flaw, fortinet, government, group, healthcare, identity, infrastructure, intelligence, Internet, iot, iran, kev, malware, microsoft, military, network, office, phishing, radius, remote-code-execution, risk, strategy, supply-chain, technology, threat, unauthorized, update, vpn, vulnerability, warfare, windows

Iran’s retaliatory campaign following Operation Epic Fury has collapsed the boundary between physical and digital warfare. Tenable’s exposure data analysis across seven target countries reveals that the largest exploitable attack surface isn’t the headline threat, it’s a Microsoft Word N-day affecting nearly 14 million assets. Key takeaways: Exposure data rebalances the threat picture. A Microsoft…
Operation Epic Fury: Why exposure data changes everything about Iran’s cyber-kinetic campaign

Mar 18, 2026 5:10 AM

Tags: access, ai, api, apt, attack, backdoor, breach, cctv, cisa, cloud, country, cve, cvss, cyber, cybersecurity, data, data-breach, ddos, detection, dns, espionage, exploit, firewall, flaw, fortinet, government, group, healthcare, identity, infrastructure, intelligence, Internet, iot, iran, kev, malware, microsoft, military, network, office, phishing, radius, remote-code-execution, risk, strategy, supply-chain, technology, threat, unauthorized, update, vpn, vulnerability, warfare, windows

Iran’s retaliatory campaign following Operation Epic Fury has collapsed the boundary between physical and digital warfare. Tenable’s exposure data analysis across seven target countries reveals that the largest exploitable attack surface isn’t the headline threat, it’s a Microsoft Word N-day affecting nearly 14 million assets. Key takeaways: Exposure data rebalances the threat picture. A Microsoft…
FBI seeks victims of Steam games used to spread malware

Mar 18, 2026 5:10 AM

Tags: malware

First seen on thesecurityblogger.com Jump to article: www.thesecurityblogger.com/fbi-seeks-victims-of-steam-games-used-to-spread-malware/
Hijacked npm Packages Deliver Malware via Solana, Linked to Glassworm

Mar 18, 2026 12:11 AM

Tags: malicious, malware

<div cla Sonatype Security Research has identified two hijacked npm packages in the React Native ecosystem that receive more than 30,000 downloads collectively per week and were modified to deliver multi-stage malware. Sonatype is tracking the malicious packages as sonatype-2026-001153. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/hijacked-npm-packages-deliver-malware-via-solana-linked-to-glassworm/
More Attackers Are Logging In, Not Breaking In

Mar 18, 2026 12:11 AM

Tags: ai, credentials, malware, theft

Credential theft soared in the second half of 2025, thanks in part to the industrialization of infostealer malware and AI-enabled social engineering. First seen on darkreading.com Jump to article: www.darkreading.com/identity-access-management-security/more-attackers-logging-in-not-breaking-in
GlassWorm malware hits 400+ code repos on GitHub, npm, VSCode, OpenVSX

Mar 17, 2026 11:10 PM

Tags: attack, github, malware, supply-chain

The GlassWorm supply-chain campaign has returned with a new, coordinated attack that targeted hundreds of packages, repositories, and extensions on GitHub, npm, and VSCode/OpenVSX extensions. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/glassworm-malware-hits-400-plus-code-repos-on-github-npm-vscode-openvsx/
ClickFix Attack Targets Devs with MacSync Malware via Fake Claude Tools

Mar 17, 2026 5:10 PM

Tags: ai, attack, cybersecurity, data, fraud, google, hacker, malware, tool

Cybersecurity researchers at 7AI have revealed a new Claude Fraud campaign in which hackers use fake AI extensions and Google ads to steal data from tech professionals. First seen on hackread.com Jump to article: hackread.com/clickfix-attack-devs-macsync-malware-fake-claude-tools/
LeakNet ransomware uses ClickFix, Deno runtime in stealthy attacks

Mar 17, 2026 2:10 PM

Tags: access, attack, corporate, malware, open-source, ransomware

The LeakNet ransomware gang is now using the ClickFix technique for initial access into corporate environments and deploys a malware loader based on the open-source Deno runtime for JavaScript and TypeScript. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/leaknet-ransomware-uses-clickfix-and-deno-runtime-for-stealthy-attacks/
Chinesische APT-Gruppe Camaro Dragon nutzt Nahost-Konflikt für Malware-Kampagne gegen Katar aus

Mar 17, 2026 1:09 PM

Tags: apt, cyberattack, mail, malware, software

Check Point Research (CPR), die Sicherheitsforschungsabteilung von Check Point Software Technologies hat eine Malware-Kampagne beobachtet, die sich an Ziele in Katar richtet und Foto-Archive mit Bildern aus dem Konflikt in Nahost als Lockmittel nutzt, um Malware einzuschleusen. Kurz nach Beginn der Angriffe am 1. März beobachtete CPR gezielte, mutmaßlich per E-Mail durchgeführte Kampagnen gegen Einrichtungen…
Mysteriöse Malware: Angreifer kapern Github-Projekte und verbreiten Schadcode

Mar 17, 2026 1:09 PM

Tags: exploit, github, malware

Eine Kampagne mit verschlüsselter Malware hat es auf Python-Entwickler abgesehen – allerdings nur, wenn die nicht in Russland sitzen. First seen on golem.de Jump to article: www.golem.de/news/mysterioese-malware-angreifer-kapern-github-projekte-und-verbreiten-schadcode-2603-206592.html
Konni Deploys EndRAT Through Phishing, Uses KakaoTalk to Propagate Malware

Mar 17, 2026 12:11 PM

Tags: access, email, group, hacking, intelligence, malicious, malware, north-korea, phishing, spear-phishing, threat

North Korean threat actors have been observed sending phishing to compromise targets and obtain access to a victim’s KakaoTalk desktop application to distribute malicious payloads to certain contacts.The activity has been attributed by South Korean threat intelligence firm Genians to a hacking group referred to as Konni.”Initial access was achieved through a spear-phishing email disguised…
Google cracks down on Android apps abusing accessibility

Mar 17, 2026 12:11 PM

Tags: android, google, malware

Malware has been abusing Android’s accessibility features for years. Google just made that a lot harder. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/google-cracks-down-on-android-apps-abusing-accessibility/
Google cracks down on Android apps abusing accessibility

Mar 17, 2026 12:11 PM

Tags: android, google, malware

Malware has been abusing Android’s accessibility features for years. Google just made that a lot harder. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/google-cracks-down-on-android-apps-abusing-accessibility/
Glassworm Malware Infects Popular React Native npm Packages

Mar 17, 2026 12:11 PM

Tags: attack, country, credentials, cyber, international, malicious, malware, phone, supply-chain, windows

A new Glassworm-linked supply chain attack has briefly turned two popular React Native npm packages into delivery vehicles for Windows credential-stealing malware. On March 16, 2026, malicious versions of AstrOOnauta’s react-native-country-select@0.3.91 and react-native-international-phone-number@0.11.8 were published to npm, each embedding an identical staged loader that executes during a routine npm install. Together, these packages account for…
Glassworm Malware Infects Popular React Native npm Packages

Mar 17, 2026 12:11 PM

Tags: attack, country, credentials, cyber, international, malicious, malware, phone, supply-chain, windows

A new Glassworm-linked supply chain attack has briefly turned two popular React Native npm packages into delivery vehicles for Windows credential-stealing malware. On March 16, 2026, malicious versions of AstrOOnauta’s react-native-country-select@0.3.91 and react-native-international-phone-number@0.11.8 were published to npm, each embedding an identical staged loader that executes during a routine npm install. Together, these packages account for…
Check Point analysiert neue Malware-Kampagne – Cyberangreifer nutzen den Nahost-Konflikt

Mar 17, 2026 11:10 AM

Tags: malware

Die aktuellen Kampagnen verdeutlichen einmal mehr, wie flexibel und opportunistisch moderne Cyberangreifer agieren. Sie nutzen nicht nur technische Schwachstellen. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/check-point-analysiert-neue-malware-kampagne-cyberangreifer-nutzen-den-nahost-konflikt/a44160/
Attack on Stryker’s Microsoft environment wiped employee devices without malware

Mar 17, 2026 10:09 AM

Tags: attack, cyberattack, malware, microsoft, technology

The recent cyberattack on Stryker wiped tens of thousands of employee devices through its Microsoft environment, and systems are still offline. A recent cyberattack on medical technology giant Stryker targeted its internal Microsoft environment and remotely wiped tens of thousands of employee devices without using malware. The company confirmed that its medical devices were not…
FBI Investigates Steam Games Linked to Malware and Crypto Wallet Theft

Mar 17, 2026 12:09 AM

Tags: crypto, data, malware, theft

FBI warns gamers after malware hidden in several Steam games stole browser data and drained cryptocurrency wallets between May 2024 and January 2026. First seen on hackread.com Jump to article: hackread.com/fbi-investigate-steam-games-malware-crypto-theft/
GlassWorm Malware Evolves to Hide in Dependencies

Mar 16, 2026 11:10 PM

Tags: malicious, malware

Researchers have identified dozens of malicious GlassWorm extensions that come with new evasion techniques. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/glassworm-malware-evolves-hide-dependencies