Tag: malware
-
GlassWorm Malware Discovered in Three VS Code Extensions with Thousands of Installs
Cybersecurity researchers have disclosed a new set of three extensions associated with the GlassWorm campaign, indicating continued attempts on part of threat actors to target the Visual Studio Code (VS Code) ecosystem.The extensions in question, which are still available for download, are listed below -ai-driven-dev.ai-driven-dev (3,402 downloads)adhamu.history-in-sublime-merge (4,057 First seen on thehackernews.com Jump to article:…
-
QNAP fixed multiple zero-days in its software demonstrated at Pwn2Own 2025
QNAP patched seven zero-days used at Pwn2Own 2025 affecting QTS, QuTS hero, Hyper Data Protector, Malware Remover, and HBS 3. Taiwanese vendor QNAP patched seven zero-day vulnerabilities exploited at Pwn2Own Ireland 2025. The flaws affected QTS, QuTS hero, Hyper Data Protector, Malware Remover, and HBS 3 Hybrid Backup Sync. The vulnerabilities addressed by the company…
-
QNAP fixed multiple zero-days in its software demonstrated at Pwn2Own 2025
QNAP patched seven zero-days used at Pwn2Own 2025 affecting QTS, QuTS hero, Hyper Data Protector, Malware Remover, and HBS 3. Taiwanese vendor QNAP patched seven zero-day vulnerabilities exploited at Pwn2Own Ireland 2025. The flaws affected QTS, QuTS hero, Hyper Data Protector, Malware Remover, and HBS 3 Hybrid Backup Sync. The vulnerabilities addressed by the company…
-
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 70
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter SesameOp: Novel backdoor uses OpenAI Assistants API for command and control Weaponized Military Documents Deliver Advanced SSH-Tor Backdoor to Defense Sector Gootloader Returns: What Goodies Did They Bring? Ransomvibing appears in VS Code extensions…
-
GlassWorm malware returns on OpenVSX with 3 new VSCode extensions
The GlassWorm malware campaign, which impacted the OpenVSX and Visual Studio Code marketplaces last month, has returned with three new VSCode extensions that have already been downloaded over 10,000 times. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/glassworm-malware-returns-on-openvsx-with-3-new-vscode-extensions/
-
New “LANDFALL” Android Malware Uses Samsung 0-Day Vulnerability Hidden in WhatsApp Images
Cybersecurity researchers at Unit 42 have uncovered a sophisticated Android spyware campaign that exploited a previously unknown zero-day vulnerability in Samsung Galaxy devices. The malware, dubbed LANDFALL, leveraged a critical vulnerability in Samsung’s image processing library to deliver commercial-grade surveillance capabilities through maliciously crafted image files sent via WhatsApp. The LANDFALL campaign exploited CVE-2025-21042, a…
-
New “LANDFALL” Android Malware Uses Samsung 0-Day Vulnerability Hidden in WhatsApp Images
Cybersecurity researchers at Unit 42 have uncovered a sophisticated Android spyware campaign that exploited a previously unknown zero-day vulnerability in Samsung Galaxy devices. The malware, dubbed LANDFALL, leveraged a critical vulnerability in Samsung’s image processing library to deliver commercial-grade surveillance capabilities through maliciously crafted image files sent via WhatsApp. The LANDFALL campaign exploited CVE-2025-21042, a…
-
New Microsoft Teams Feature Exposes Users to Phishing and Malware Risks
Microsoft is poised to roll out a significant update to Teams, enabling users to initiate chats with anyone using just an email address”, even if the recipient isn’t a Teams user. While the feature, launching in targeted releases by early November 2025 and globally by January 2026, promises expanded connectivity across Android, desktop, iOS, Linux,…
-
‘Landfall’ Malware Targeted Samsung Galaxy Users
The tool let its operators secretly record conversations, track device locations, capture photos, collect contacts, and perform other surveillance on compromised devices. First seen on darkreading.com Jump to article: www.darkreading.com/mobile-security/landfall-malware-targeted-samsung-galaxy-users
-
ClickFix Malware Evolves with Multi-OS Support and Video Tutorials
Tags: malwareThe ClickFix malware now uses videos, timers, and OS-specific tricks to deceive users into infecting their own devices. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/clickfix-malware-evolves-with-multi-os-support-and-video-tutorials/
-
ClickFix Malware Evolves with Multi-OS Support and Video Tutorials
Tags: malwareThe ClickFix malware now uses videos, timers, and OS-specific tricks to deceive users into infecting their own devices. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/clickfix-malware-evolves-with-multi-os-support-and-video-tutorials/
-
Cyberattacks surge against IoT, mobile devices in critical infrastructure
Manufacturing and energy firms saw some of the biggest increases in malware activity targeting connected devices. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/mobile-iot-attacks-surge-critical-infrastructure-zscaler/805008/
-
Nevada ransomware attack traced back to malware download by employee
The state refused to pay a ransom and recovered 90% of the impacted data. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/nevada-ransomware-attack-traced-back-to-malware-download-by-employee/805011/
-
Cybercrims plant destructive time bomb malware in industrial .NET extensions
Tags: malwareMulti-year wait for destruction comes to an end for mystery attackers First seen on theregister.com Jump to article: www.theregister.com/2025/11/07/cybercriminals_plant_destructive_time_bomb/
-
Cybercrims plant destructive time bomb malware in industrial .NET extensions
Tags: malwareMulti-year wait for destruction comes to an end for mystery attackers First seen on theregister.com Jump to article: www.theregister.com/2025/11/07/cybercriminals_plant_destructive_time_bomb/
-
“I Paid Twice” Scam Infects Booking.com Users with PureRAT via ClickFix
Cybersecurity firm Sekoia reports a widespread fraud where criminals compromise hotel systems (Booking.com, Expedia and others) with PureRAT malware, then use stolen reservation data to phish and defraud guests. First seen on hackread.com Jump to article: hackread.com/i-paid-twice-scam-booking-com-purerat-clickfix/
-
“I Paid Twice” Scam Infects Booking.com Users with PureRAT via ClickFix
Cybersecurity firm Sekoia reports a widespread fraud where criminals compromise hotel systems (Booking.com, Expedia and others) with PureRAT malware, then use stolen reservation data to phish and defraud guests. First seen on hackread.com Jump to article: hackread.com/i-paid-twice-scam-booking-com-purerat-clickfix/
-
“I Paid Twice” Scam Infects Booking.com Users with PureRAT via ClickFix
Cybersecurity firm Sekoia reports a widespread fraud where criminals compromise hotel systems (Booking.com, Expedia and others) with PureRAT malware, then use stolen reservation data to phish and defraud guests. First seen on hackread.com Jump to article: hackread.com/i-paid-twice-scam-booking-com-purerat-clickfix/
-
Russian APT abuses Windows Hyper-V for persistence and malware execution
Tags: apt, attack, authentication, cctv, defense, group, infrastructure, malware, password, powershell, russia, threat, tool, windowsOther malware tools: The researchers also found additional malware payloads left by the attackers on systems, including a custom PowerShell script used to inject a Kerberos ticket into LSASS to enable authentication and command execution on remote systems.Another PowerShell script was pushed to multiple systems via domain Group Policy to change the password of an…
-
Hidden Logic Bombs in Malware-Laced NuGet Packages Set to Detonate Years After Installation
A set of nine malicious NuGet packages has been identified as capable of dropping time-delayed payloads to sabotage database operations and corrupt industrial control systems.According to software supply chain security company Socket, the packages were published in 2023 and 2024 by a user named “shanhai666” and are designed to run malicious code after specific trigger…
-
Russian Hacking Group Sandworm Deploys New Wiper Malware in Ukraine
Sandworm deployed data wipers against Ukrainian governmental entities and companies in the energy, logistics and grain sectors First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/russian-sandworm-new-wiper-ukraine/
-
Hidden Logic Bombs in Malware-Laced NuGet Packages Set to Detonate Years After Installation
A set of nine malicious NuGet packages has been identified as capable of dropping time-delayed payloads to sabotage database operations and corrupt industrial control systems.According to software supply chain security company Socket, the packages were published in 2023 and 2024 by a user named “shanhai666” and are designed to run malicious code after specific trigger…