Tag: malware

Google researchers detect first operational use of LLMs in active malware campaigns

Nov 7, 2025 2:20 PM

Tags: ai, api, attack, cybercrime, cybersecurity, encryption, exploit, finance, google, group, iran, LLM, malware, marketplace, phishing, RedTeam, service, skills, social-engineering, threat, tool, vulnerability

Using social engineering against LLMs: Additionally, GTIG found that attackers are increasingly using “social engineering-like pretexts” in their prompts to get around LLM safeguards. Notably, they have posed as participants in a “capture-the-flag” (CTF) gamified cybersecurity competition, persuading Gemini to give up information it would otherwise refuse to reveal. In one interaction, for instance, an attacker…
Russian APT abuses Windows Hyper-V for persistence and malware execution

Nov 7, 2025 2:20 PM

Tags: apt, attack, authentication, cctv, defense, group, infrastructure, malware, password, powershell, russia, threat, tool, windows

Other malware tools: The researchers also found additional malware payloads left by the attackers on systems, including a custom PowerShell script used to inject a Kerberos ticket into LSASS to enable authentication and command execution on remote systems.Another PowerShell script was pushed to multiple systems via domain Group Policy to change the password of an…
Herodotus Android Banking Trojan Takes Over Devices, Outsmarts Security Tools

Nov 7, 2025 2:20 PM

Tags: android, antivirus, banking, cyber, data, detection, finance, malware, mobile, service, social-engineering, threat, tool

A new threat has surfaced in the mobile banking landscape Herodotus, a sophisticated Android banking Trojan that has been wreaking havoc in recent weeks. Offered under the notorious Malware-as-a-Service (MaaS) model, Herodotus leverages social engineering and technical deception, evading detection by conventional antivirus solutions and putting users’ financial data at serious risk. Herodotus addressed victims…
Hidden Logic Bombs in Malware-Laced NuGet Packages Set to Detonate Years After Installation

Nov 7, 2025 2:20 PM

Tags: control, malicious, malware, software, supply-chain

A set of nine malicious NuGet packages has been identified as capable of dropping time-delayed payloads to sabotage database operations and corrupt industrial control systems.According to software supply chain security company Socket, the packages were published in 2023 and 2024 by a user named “shanhai666” and are designed to run malicious code after specific trigger…
Russian Hacking Group Sandworm Deploys New Wiper Malware in Ukraine

Nov 7, 2025 2:20 PM

Tags: data, group, hacking, malware, russia, ukraine

Sandworm deployed data wipers against Ukrainian governmental entities and companies in the energy, logistics and grain sectors First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/russian-sandworm-new-wiper-ukraine/
Herodotus Android Banking Trojan Takes Over Devices, Outsmarts Security Tools

Nov 7, 2025 2:20 PM

Tags: android, antivirus, banking, cyber, data, detection, finance, malware, mobile, service, social-engineering, threat, tool

A new threat has surfaced in the mobile banking landscape Herodotus, a sophisticated Android banking Trojan that has been wreaking havoc in recent weeks. Offered under the notorious Malware-as-a-Service (MaaS) model, Herodotus leverages social engineering and technical deception, evading detection by conventional antivirus solutions and putting users’ financial data at serious risk. Herodotus addressed victims…
Attackers upgrade ClickFix with tricks used by online stores

Nov 7, 2025 1:19 PM

Tags: malware

Attackers have taken the ClickFix technique further, with pages borrowing tricks from online sellers to pressure victims into performing the steps that will lead to a malware … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/11/07/newest-clickfix-tricks/
New Android Malware ‘Fantasy Hub’ Spies on Users’ Calls, Contacts, and Messages

Nov 7, 2025 1:19 PM

Tags: access, android, cyber, malware, mobile, russia, service, social-engineering, spyware, tactics, threat

Russian-based threat actors are actively distributing a sophisticated Android Remote Access Trojan called >>Fantasy Hub
Firewall von Versa erhält Bestnoten in unabhängigem Test

Nov 7, 2025 1:19 PM

Tags: access, exploit, firewall, malware, network, service

Die Next-Generation-Firewall von Versa Networks, Spezialist für Secure-Access-Service-Edge (SASE), wurde zum neunten Mal in Folge von Cyberratings.org mit der höchsten Bewertung ’empfehlenswert” ausgezeichnet. In dem Bericht ‘Q3 2025 Enterprise Firewall”, der auf unabhängigen Tests von NSS Labs basiert, erzielte Versa in zentralen Kategorien wie Malware- und Exploit-Abwehr 100 Prozent. Zudem lag der gemessene Datendurchsatz mit…
Firewall von Versa erhält Bestnoten in unabhängigem Test

Nov 7, 2025 1:19 PM

Tags: access, exploit, firewall, malware, network, service

Die Next-Generation-Firewall von Versa Networks, Spezialist für Secure-Access-Service-Edge (SASE), wurde zum neunten Mal in Folge von Cyberratings.org mit der höchsten Bewertung ’empfehlenswert” ausgezeichnet. In dem Bericht ‘Q3 2025 Enterprise Firewall”, der auf unabhängigen Tests von NSS Labs basiert, erzielte Versa in zentralen Kategorien wie Malware- und Exploit-Abwehr 100 Prozent. Zudem lag der gemessene Datendurchsatz mit…
Attackers upgrade ClickFix with tricks used by online stores

Nov 7, 2025 1:19 PM

Tags: malware

Attackers have taken the ClickFix technique further, with pages borrowing tricks from online sellers to pressure victims into performing the steps that will lead to a malware … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/11/07/newest-clickfix-tricks/
Attackers upgrade ClickFix with tricks used by online stores

Nov 7, 2025 1:19 PM

Tags: malware

Attackers have taken the ClickFix technique further, with pages borrowing tricks from online sellers to pressure victims into performing the steps that will lead to a malware … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/11/07/newest-clickfix-tricks/
Attackers upgrade ClickFix with tricks used by online stores

Nov 7, 2025 1:19 PM

Tags: malware

Attackers have taken the ClickFix technique further, with pages borrowing tricks from online sellers to pressure victims into performing the steps that will lead to a malware … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/11/07/newest-clickfix-tricks/
New Android Malware ‘Fantasy Hub’ Spies on Users’ Calls, Contacts, and Messages

Nov 7, 2025 1:19 PM

Tags: access, android, cyber, malware, mobile, russia, service, social-engineering, spyware, tactics, threat

Russian-based threat actors are actively distributing a sophisticated Android Remote Access Trojan called >>Fantasy Hub
Over 15 Malicious npm Packages Exploiting Windows to Deploy Vidar Malware

Nov 7, 2025 11:20 AM

Tags: attack, cyber, exploit, malicious, malware, supply-chain, threat, windows

Datadog Security Research has uncovered a sophisticated supply chain attack targeting the npm ecosystem, involving 17 malicious packages across 23 releases designed to deliver the Vidar infostealer malware to Windows systems. The campaign, attributed to a threat actor cluster tracked as MUT-4831, represents a significant escalation in npm-based threats and marks the first known public…
Over 15 Malicious npm Packages Exploiting Windows to Deploy Vidar Malware

Nov 7, 2025 11:20 AM

Tags: attack, cyber, exploit, malicious, malware, supply-chain, threat, windows

Datadog Security Research has uncovered a sophisticated supply chain attack targeting the npm ecosystem, involving 17 malicious packages across 23 releases designed to deliver the Vidar infostealer malware to Windows systems. The campaign, attributed to a threat actor cluster tracked as MUT-4831, represents a significant escalation in npm-based threats and marks the first known public…
Attackers Deploy LeakyInjector and LeakyStealer to Hijack Crypto Wallets and Browser Info

Nov 7, 2025 9:19 AM

Tags: crypto, cyber, cybersecurity, data, detection, injection, malware, theft, threat

Cybersecurity researchers at Hybrid Analysis have uncovered a sophisticated two-stage malware campaign targeting cryptocurrency wallet users and browser data. The newly identified malware duo, dubbed LeakyInjector and LeakyStealer, represents a significant threat to digital asset security through its advanced evasion techniques and comprehensive data theft capabilities. Advanced Injection Techniques Evade Detection LeakyInjector serves as the…
Attackers Deploy LeakyInjector and LeakyStealer to Hijack Crypto Wallets and Browser Info

Nov 7, 2025 9:19 AM

Tags: crypto, cyber, cybersecurity, data, detection, injection, malware, theft, threat

Cybersecurity researchers at Hybrid Analysis have uncovered a sophisticated two-stage malware campaign targeting cryptocurrency wallet users and browser data. The newly identified malware duo, dubbed LeakyInjector and LeakyStealer, represents a significant threat to digital asset security through its advanced evasion techniques and comprehensive data theft capabilities. Advanced Injection Techniques Evade Detection LeakyInjector serves as the…
Sandworm Hackers Target Ukrainian Organizations With Data-Wiping Malware

Nov 7, 2025 7:19 AM

Tags: apt, cyber, cyberespionage, data, group, hacker, infrastructure, malware, russia, threat, ukraine

Russia-aligned threat actor Sandworm has intensified its destructive cyber operations against Ukrainian organizations, deploying data wiper malware to cripple critical infrastructure and weaken the nation’s economy. Unlike other Russia-aligned advanced persistent threat groups that primarily engage in cyberespionage activities, Sandworm’s operations are characterized by their explicitly destructive intent. According to the latest ESET APT Activity…
Gootloader malware back for the attack, serves up ransomware

Nov 7, 2025 12:19 AM

Tags: attack, malware, ransomware

Move fast – miscreants compromised a domain controller in 17 hours First seen on theregister.com Jump to article: www.theregister.com/2025/11/06/gootloader_back_ransomware/
New NGate Malware Lets Hackers Drain ATMs Remotely

Nov 6, 2025 11:19 PM

Tags: android, hacker, malware, nfc, social-engineering

The NGate malware uses Android NFC relays and social engineering to let attackers withdraw cash from ATMs without stealing victims’ cards. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/news-ngate-malware-poland-atm/
Google sounds alarm on self-modifying AI malware

Nov 6, 2025 8:23 PM

Tags: ai, cybercrime, data, detection, google, group, intelligence, malware, threat

Google warns malware now uses AI to mutate, adapt, and collect data during execution, boosting evasion and persistence. Google’s Threat Intelligence Group (GTIG) warn of a new generation of malware that is using AI during execution to mutate, adapt, and collect data in real time, helping it evade detection more effectively. Cybercriminals increasingly use AI…
Russia’s Destructive Wiper Attacks on Ukraine Rise Again

Nov 6, 2025 7:19 PM

Tags: attack, group, hacking, malware, russia, ukraine

Nation-State Teams Tied to Grain Sector Targeting, Plus More Joined-Up Operations. Russia’s nation-state hacking groups have returned to pummeling Ukrainian targets with destructive, wiper malware, including in apparent attempts to disrupt its economically valuable grain sector, alongside the repeat targeting of allied European nations, researchers report. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/russias-destructive-wiper-attacks-on-ukraine-rise-again-a-29945
Nikkei Data Breach Exposes Personal Information of 17,000 Individuals

Nov 6, 2025 7:19 PM

Tags: attack, breach, cloud, data, data-breach, malware

A malware attack on Nikkei’s Slack platform exposed data from over 17,000 people, underscoring human and cloud security risks. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/news-nikkei-data-breach/
ClickFix malware attacks evolve with multi-OS support, video tutorials

Nov 6, 2025 4:19 PM

Tags: attack, detection, guide, infection, malware

ClickFix attacks have evolved to feature videos that guide victims through the self-infection process, a timer to pressure targets into taking risky actions, and automatic detection of the operating system to provide the correct commands. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/clickfix-malware-attacks-evolve-with-multi-os-support-video-tutorials/
ClickFix malware attacks evolve with multi-OS support, video tutorials

Nov 6, 2025 4:19 PM

Tags: attack, detection, guide, infection, malware

ClickFix attacks have evolved to feature videos that guide victims through the self-infection process, a timer to pressure targets into taking risky actions, and automatic detection of the operating system to provide the correct commands. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/clickfix-malware-attacks-evolve-with-multi-os-support-video-tutorials/
Russia’s Sandworm hackers deploying wipers against Ukraine’s grain industry

Nov 6, 2025 2:19 PM

Tags: hacker, hacking, malware, russia, ukraine

The Russian state-backed hacking unit Sandworm has been targeting Ukraine’s grain industry with wiper malware amid Moscow’s ongoing efforts to undermine Kyiv’s wartime economy. First seen on therecord.media Jump to article: therecord.media/russia-sandworm-grain-wipers
Russia’s Sandworm hackers deploying wipers against Ukraine’s grain industry

Nov 6, 2025 2:19 PM

Tags: hacker, hacking, malware, russia, ukraine

The Russian state-backed hacking unit Sandworm has been targeting Ukraine’s grain industry with wiper malware amid Moscow’s ongoing efforts to undermine Kyiv’s wartime economy. First seen on therecord.media Jump to article: therecord.media/russia-sandworm-grain-wipers
Threat Actors Exploit VS Code Extensions for Ransomware via GitHub C2

Nov 6, 2025 2:19 PM

Tags: attack, control, cyber, espionage, exploit, github, government, group, infrastructure, malware, north-korea, ransomware, threat

Security researchers have uncovered a sophisticated attack campaign attributed to Kimsuky, the North Korean-backed threat group known for conducting espionage operations against government entities and think tanks. Recent analysis reveals that threat actors are leveraging Visual Studio Code extensions and GitHub as command-and-control infrastructure to deliver multi-stage malware payloads capable of deploying ransomware and conducting…
Russia’s Sandworm hackers deploying wipers against Ukraine’s grain industry

Nov 6, 2025 2:19 PM

Tags: hacker, hacking, malware, russia, ukraine

The Russian state-backed hacking unit Sandworm has been targeting Ukraine’s grain industry with wiper malware amid Moscow’s ongoing efforts to undermine Kyiv’s wartime economy. First seen on therecord.media Jump to article: therecord.media/russia-sandworm-grain-wipers