Collecting Cyber-News from over 60 sources

Tag: malware

New RecruitRat, SaferRat, Astrinox, Massiv Android Malware Found Targeting 800 Apps

Apr 17, 2026 9:37 PM

Tags: android, banking, malware

New research from Zimperium reveals four active Android malware campaigns, RecruitRat, SaferRat, Astrinox, and Massiv, targeting over 800 banking apps globally. First seen on hackread.com Jump to article: hackread.com/recruitrat-saferrat-astrinox-massiv-android-malware/
New Phishing Attack Turns n8n Into On-Demand Malware Machine

Apr 17, 2026 6:39 PM

Tags: attack, automation, cisco, detection, hacker, malware, phishing

Hackers are abusing n8n workflows to deliver malware and evade detection, according to Cisco Talos, using trusted automation to bypass security defenses. The post New Phishing Attack Turns n8n Into On-Demand Malware Machine appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-hackers-abuse-n8n-workflows-malware-delivery/
New Mirai Variant Nexcorium Hijacks DVR Devices for DDoS Attacks

Apr 17, 2026 4:38 PM

Tags: attack, botnet, cybersecurity, ddos, fortinet, malware

Cybersecurity researchers at Fortinet have discovered Nexcorium, a new Mirai-based malware targeting TBK DVR systems to turn them into a botnet for DDoS attacks. First seen on hackread.com Jump to article: hackread.com/mirai-variant-nexcorium-dvr-devices-ddos-attacks/
New Mirai Variant Nexcorium Hijacks DVR Devices for DDoS Attacks

Apr 17, 2026 4:38 PM

Tags: attack, botnet, cybersecurity, ddos, fortinet, malware

Cybersecurity researchers at Fortinet have discovered Nexcorium, a new Mirai-based malware targeting TBK DVR systems to turn them into a botnet for DDoS attacks. First seen on hackread.com Jump to article: hackread.com/mirai-variant-nexcorium-dvr-devices-ddos-attacks/
TP-Link Routers Hit by Mirai in CVE-2023-33538 Attacks

Apr 17, 2026 4:38 PM

Tags: attack, credentials, cve, cyber, exploit, hacker, malware, router, vulnerability

Hackers are actively scanning for vulnerable TP-Link home routers to push Mirai-style malware, abusing CVE-2023-33538 in a new wave of automated attacks. While the current exploit attempts are technically flawed, researchers warn that the underlying bug is real and dangerous when combined with default credentials and end”‘of”‘life firmware. It affects TL”‘WR940N v2/v4, TL”‘WR740N v1/v2 and…
Industrial Systems Hit by New Email-Worm Threat Wave

Apr 17, 2026 3:39 PM

Tags: backdoor, control, cyber, data, email, malware, network, phishing, risk, technology, threat, worm

Email-borne worms are driving a fresh wave of incidents against industrial control systems (ICS), even as overall malware activity on these networks appears to be slowly declining. New data from Q4 2025 shows that phishing-driven distribution of the XWorm backdoor has sharply shifted the risk landscape for operational technology (OT) environments worldwide. The share of…
Industrial Systems Hit by New Email-Worm Threat Wave

Apr 17, 2026 3:39 PM

Tags: backdoor, control, cyber, data, email, malware, network, phishing, risk, technology, threat, worm

Email-borne worms are driving a fresh wave of incidents against industrial control systems (ICS), even as overall malware activity on these networks appears to be slowly declining. New data from Q4 2025 shows that phishing-driven distribution of the XWorm backdoor has sharply shifted the risk landscape for operational technology (OT) environments worldwide. The share of…
Industrial Systems Hit by New Email-Worm Threat Wave

Apr 17, 2026 3:39 PM

Tags: backdoor, control, cyber, data, email, malware, network, phishing, risk, technology, threat, worm

Email-borne worms are driving a fresh wave of incidents against industrial control systems (ICS), even as overall malware activity on these networks appears to be slowly declining. New data from Q4 2025 shows that phishing-driven distribution of the XWorm backdoor has sharply shifted the risk landscape for operational technology (OT) environments worldwide. The share of…
“Your shipment has arrived” email hides remote access software

Apr 17, 2026 1:38 PM

Tags: access, email, malware, software

This DHL-themed email tries to get recipients to install remote access software attackers can use to deploy further malware, including ransomware. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/your-shipment-has-arrived-email-hides-remote-access-software/
New ZionSiphon Malware Discovered Targeting Israeli Water Systems

Apr 17, 2026 1:38 PM

Tags: malware

Researchers at Darktrace have identified ZionSiphon, a new malware targeting Israeli water treatment plants. Learn how this OT-focused… First seen on hackread.com Jump to article: hackread.com/zionsiphon-malware-target-israeli-water-systems/
New CGrabber and Direct-Sys Malware Spread Through GitHub ZIP Files

Apr 17, 2026 12:38 PM

Tags: crypto, github, hacker, malware, password, tool

Hackers spread CGrabber and Direct-Sys malware through GitHub ZIP files, bypassing security tools to steal passwords, crypto wallets, and user data. First seen on hackread.com Jump to article: hackread.com/cgrabber-direct-sys-malware-github-zip-files/
Inside ZionSiphon: politically driven malware aims at Israeli water systems

Apr 17, 2026 12:38 PM

Tags: flaw, malware

New ZionSiphon malware targets water systems, and allows attackers to alter pressure and chlorine levels. A flaw makes it ineffective for now. Darktrace analyzed ZionSiphon, a new malware designed to target water treatment and desalination systems, which aims to disrupt operations by altering hydraulic pressure and increasing chlorine levels to unsafe levels. The malware combines…
Inside ZionSiphon: politically driven malware aims at Israeli water systems

Apr 17, 2026 12:38 PM

Tags: flaw, malware

New ZionSiphon malware targets water systems, and allows attackers to alter pressure and chlorine levels. A flaw makes it ineffective for now. Darktrace analyzed ZionSiphon, a new malware designed to target water treatment and desalination systems, which aims to disrupt operations by altering hydraulic pressure and increasing chlorine levels to unsafe levels. The malware combines…
Inside ZionSiphon: politically driven malware aims at Israeli water systems

Apr 17, 2026 12:38 PM

Tags: flaw, malware

New ZionSiphon malware targets water systems, and allows attackers to alter pressure and chlorine levels. A flaw makes it ineffective for now. Darktrace analyzed ZionSiphon, a new malware designed to target water treatment and desalination systems, which aims to disrupt operations by altering hydraulic pressure and increasing chlorine levels to unsafe levels. The malware combines…
Fake Zoom SDK Update Spreads Sapphire Sleet Malware in New macOS Attack Chain

Apr 17, 2026 12:38 PM

Tags: apple, attack, cyber, macOS, malicious, malware, north-korea, social-engineering, software, threat, update, vulnerability

A sophisticated macOS-focused cyber campaign orchestrated by the North Korean threat actor Sapphire Sleet, revealing a shift toward social engineering over traditional software exploitation. Instead of relying on vulnerabilities, the attackers trick users into executing malicious files disguised as legitimate software updates, effectively bypassing Apple’s built-in security protections. The campaign centers on a fake file…
Facebook-Falle: Wie APT37-Hacker per Freundschaftsanfrage Malware verbreiten

Apr 17, 2026 9:38 AM

Tags: access, hacker, malware, software

Die nordkoreanische Hackergruppe APT37 nutzt Facebook-Profile für gezieltes Social Engineering. Wie Angreifer über manipulierte PDF-Software vollen Zugriff auf Nutzerdaten erlangen und welche Spionagetaktiken aktuell im Einsatz sind. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/facebook-hacker-malware
ZionSiphon Malware Hits Israeli Desalination Plants

Apr 17, 2026 8:37 AM

Tags: cyber, hacker, malware, tool

Hackers are experimenting with new malware designed to sabotage Israeli desalination and water treatment plants using a tool dubbed “ZionSiphon,”. However, the current sample appears to be a faulty or developmental build rather than a fully operational weapon. The code checks IPv4 ranges such as 2.52.0.02.55.255.255, 79.176.0.079.191.255.255, and 212.150.0.0212.150.255.255, all of which are geolocated to…
Android-Trojaner gibt sich als Bank oder Behörde aus

Apr 17, 2026 12:48 AM

Tags: android, banking, finance, infrastructure, malware, mobile

Sicherheitsforscher von Infoblox und der vietnamesischen Organisation Chong Lua Dao haben eine weitreichende Malware-Infrastruktur aufgedeckt, die gezielt auf Mobile-Banking-Nutzer abzielt. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/android-trojaner-bank-oder-behoerde
Hackers exploit Marimo flaw to deploy NKAbuse malware from Hugging Face

Apr 17, 2026 12:48 AM

Tags: exploit, flaw, hacker, malware

Hackers are exploiting a critical vulnerability in Marimo reactive Python notebook to deploy a new variant of NKAbuse malware hosted on Hugging Face Spaces. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/hackers-exploit-marimo-flaw-to-deploy-nkabuse-malware-from-hugging-face/
Android-Trojaner gibt sich als Bank oder Behörde aus

Apr 17, 2026 12:48 AM

Tags: android, banking, finance, infrastructure, malware, mobile

Sicherheitsforscher von Infoblox und der vietnamesischen Organisation Chong Lua Dao haben eine weitreichende Malware-Infrastruktur aufgedeckt, die gezielt auf Mobile-Banking-Nutzer abzielt. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/android-trojaner-bank-oder-behoerde
New AgingFly malware used in attacks on Ukraine govt, hospitals

Apr 17, 2026 12:48 AM

Tags: attack, authentication, data, government, healthcare, malware, ukraine

A new malware family named ‘AgingFly’ has been identified in attacks against local governments and hospitals that steal authentication data from Chromium-based browsers and WhatsApp messenger. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-agingfly-malware-used-in-attacks-on-ukraine-govt-hospitals/
April Patch Tuesday roundup: Zero day vulnerabilities and critical bugs

Apr 17, 2026 12:48 AM

Tags: access, ai, attack, business, ciso, cloud, cve, cvss, cyber, data, exploit, firewall, flaw, identity, injection, international, ivanti, LLM, malware, microsoft, network, remote-code-execution, sap, social-engineering, software, sql, threat, tool, unauthorized, update, vulnerability, windows, zero-day

block inbound traffic on UDP ports 500 and 4500 for systems that do not use IKE;for systems that require IKE, configure firewall rules to allow inbound traffic on UDP ports 500 and 4500 only from known peer addresses.Microsoft noted that these actions reduce the attack surface, but don’t replace installing the security update.Breen said that…
WordPress plugin suite hacked to push malware to thousands of sites

Apr 17, 2026 12:48 AM

Tags: access, malicious, malware, unauthorized, wordpress

More than 30 WordPress plugins in the EssentialPlugin package have been compromised with malicious code that allows unauthorized access to websites running them. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/wordpress-plugin-suite-hacked-to-push-malware-to-thousands-of-sites/
April Patch Tuesday roundup: Zero day vulnerabilities and critical bugs

Apr 17, 2026 12:48 AM

Tags: access, ai, attack, business, ciso, cloud, cve, cvss, cyber, data, exploit, firewall, flaw, identity, injection, international, ivanti, LLM, malware, microsoft, network, remote-code-execution, sap, social-engineering, software, sql, threat, tool, unauthorized, update, vulnerability, windows, zero-day

block inbound traffic on UDP ports 500 and 4500 for systems that do not use IKE;for systems that require IKE, configure firewall rules to allow inbound traffic on UDP ports 500 and 4500 only from known peer addresses.Microsoft noted that these actions reduce the attack surface, but don’t replace installing the security update.Breen said that…
Fake ProtonVPN, game mod sites spread NWHStealer in new Windows malware campaign

Apr 17, 2026 12:48 AM

Tags: attack, cyber, exploit, malicious, malware, phishing, threat, tool, vpn, windows

Multiple ongoing malware campaigns are distributing a powerful information-stealing trojan, tracked as NWHStealer, through fake VPN installers, gaming mods, and system tools. Unlike typical phishing campaigns, these attacks exploit users’ trust in popular software. Threat actors are disguising malicious payloads as legitimate installers for tools such as Proton VPN, OhmGraphite, Sidebar Diagnostics, Pachtop, and HardwareVisualizer. The files are hosted…
JUMPSEC Unmasks Iranian ‘Muddy Water’ Using Russian ‘CastleRAT’ Malware

Apr 17, 2026 12:48 AM

Tags: iran, malware, russia

The post JUMPSEC Unmasks Iranian ‘Muddy Water’ Using Russian ‘CastleRAT’ Malware appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/muddy-water-castlerat-chainshell-malware-alliance/
Hackers Exploit n8n Webhooks to Spread Malware

Apr 17, 2026 12:48 AM

Tags: ai, automation, cyber, email, exploit, hacker, malicious, malware, phishing, tool

A new abuse campaign targeting AI-driven workflow automation platforms particularly n8n that turns legitimate automation tools into powerful malware delivery systems. Between October 2025 and March 2026, security analysts observed a sharp surge in phishing emails that weaponized n8n-generated webhooks to deliver malicious payloads and collect device fingerprints under the guise of trusted infrastructure. AI workflow platforms like n8n and Zapier are…
Ukrainian emergency services and hospitals hit by espionage campaign using new AgingFly malware

Apr 17, 2026 12:48 AM

Tags: espionage, government, hacker, healthcare, malware, service, tool, ukraine

Hackers have targeted Ukrainian hospitals and local government bodies in a new espionage campaign using a malware tool dubbed AgingFly, researchers say. First seen on therecord.media Jump to article: therecord.media/aging-fly-espionage-campaign-targets-ukraine-emergency-services
MiningDropper Turns Android Apps Into Multi-Stage Malware Delivery Systems

Apr 17, 2026 12:48 AM

Tags: android, malware

Researchers have uncovered an Android malware framework dubbed the MiningDropper. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/miningdropper-android-malware/
OpenAI Launches GPT-5.4-Cyber to Boost Defensive Cybersecurity

Apr 17, 2026 12:48 AM

Tags: access, cyber, cybersecurity, malware, openai, software

OpenAI unveils GPT-5.4-Cyber, a cybersecurity-focused model built to help defenders analyze malware and fix software bugs. The company is also expanding its Trusted Access for Cyber (TAC) program to thousands of verified experts. First seen on hackread.com Jump to article: hackread.com/openai-gpt-5-4-cyber-boost-defensive-cybersecurity/