Tag: malware
-
45,000 malicious IP addresses taken down, 94 suspects arrested
An international law enforcement operation has taken down more than 45,000 malicious IP addresses and servers linked to phishing, malware, and ransomware activity. The action … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/03/16/interpol-operation-synergia-iii-cybercrime-infrastructure-takedown/
-
Konni Hijacks KakaoTalk Accounts in Spear-Phishing Malware Campaign
Konni APT recently ran a multi-stage malware operation that hijacked KakaoTalk accounts to spread remote access trojans (RATs) through highly targeted spear”‘phishing.”‹ The message used contextual content aligned with the victim’s role to build trust and trick them into opening an attached archive. That archive contained a malicious LNK shortcut masquerading as a document; once…
-
Android 17 Blocks Non-Accessibility Apps from Accessibility API to Prevent Malware Abuse
Google is testing a new security feature as part of Android Advanced Protection Mode (AAPM) that prevents certain kinds of apps from using the accessibility services API.The change, incorporated in Android 17 Beta 2, was first reported by Android Authority last week.AAPM was introduced by Google in Android 16, released last year. When enabled, it…
-
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 88
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter New BoryptGrab Stealer Targets Windows Users via Deceptive GitHub Pages Inside Coruna: Reverse Engineering a Nation-State iOS Exploit Kit From JavaScript ClipXDaemon: Autonomous X11 Clipboard Hijacker Delivered via Bincrypter-Based Loader New A0Backdoor Linked to…
-
Week in review: AiTM phishing kit used to hijack AWS accounts, year-long malware campaign targets HR
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Turning expertise into opportunity for women in cybersecurity Speaker … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/03/15/week-in-review-aitm-phishing-kit-used-to-hijack-aws-accounts-year-long-malware-campaign-targets-hr/
-
Interpol Operation Synergia III leads to 45,000 malicious IPs dismantled and 94 arrests worldwide
INTERPOL dismantled 45,000 malicious IPs and servers and arrested 94 suspects in a global cybercrime operation. INTERPOL announced a global cybercrime operation (codenamed Operation Synergia III) involving 72 countries that dismantled 45,000 malicious IP addresses and servers linked to phishing, malware, and ransomware. The international law enforcement operation led to 94 arrests, 110 ongoing investigations,…
-
GlassWorm Spreads via 72 Malicious Open VSX Extensions Hidden in Transitive Dependencies
The GlassWorm malware campaign has evolved, significantly escalating its attacks on software developers. Instead of embedding malware directly into initial releases, the threat actors are now using transitive dependencies to sneak malicious code into developer environments. This stealthy approach allows a seemingly safe package to pull in a separate, infected extension only after establishing trust.…
-
Global Authorities Take Down 45,000 Malicious IPs Used in Ransomware Campaigns
Tags: cyber, cybercrime, infrastructure, international, interpol, law, malicious, malware, phishing, ransomwareAn unprecedented international law enforcement effort has successfully dismantled a massive cybercrime network. Coordinated by INTERPOL, the initiative targeted critical infrastructure used in phishing, malware, and ransomware campaigns worldwide. Operation Synergia III Dubbed >>Operation Synergia III,<< the global crackdown took place between July 18, 2025, and January 31, 2026. The operation brought together law enforcement…
-
FBI seeks victims of Steam games used to spread malware
The FBI is asking gamers who installed Steam titles containing malware to provide information as part of an ongoing investigation into eight malicious games uploaded to the gaming platform. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/fbi-seeks-victims-of-steam-games-used-to-spread-malware/
-
INTERPOL Operation Synergia III Shuts Down 45,000 Malicious IPs, 94 Arrested
INTERPOL’s Operation Synergia III led to 94 arrests and the takedown of 45,000 malicious IPs in 72 countries targeting phishing, malware, and fraud networks. First seen on hackread.com Jump to article: hackread.com/interpol-operation-synergia-iii-malicious-ip-94-arrest/
-
Chinese Hackers Target Southeast Asian Militaries with AppleChris and MemFun Malware
A suspected China-based cyber espionage operation has targeted Southeast Asian military organizations as part of a state-sponsored campaign that dates back to at least 2020.Palo Alto Networks Unit 42 is tracking the threat activity under the moniker CL-STA-1087, where CL refers to cluster, and STA stands for state-backed motivation.”The activity demonstrated strategic operational patience and…
-
Even primitive AI-coded malware helps hackers move faster, thwart attribution
IBM researchers discovered an autonomously coded backdoor that they called unsophisticated but nonetheless ominous. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/ai-ransomware-backdoor-ibm-attribution/814671/
-
The FBI is investigating malware hidden inside games hosted on Steam
Tags: malwareThe FBI believes a series of video games published on Steam in the last two years were embedded with malware by the same hacker. First seen on techcrunch.com Jump to article: techcrunch.com/2026/03/13/valve-steam-malware-games-fbi/
-
INTERPOL Dismantles 45,000 Malicious IPs, Arrests 94 in Global Cybercrime
Tags: cybercrime, international, interpol, law, malicious, malware, network, phishing, ransomware, threatINTERPOL on Friday announced the takedown of 45,000 malicious IP addresses and servers used in connection with phishing, malware, and ransomware campaigns, as part of the agency’s ongoing efforts to dismantle criminal networks, disrupt emerging threats, and safeguard victims from scams.The effort is part of an international law enforcement operation that involved 72 countries and…
-
Iran Claims Massive Cyber-Attack on MedTech Firm Stryker
The pro-Iran Handala group claims to have wiped 200,000 systems in destructive wiper malware attack on US firm Stryker First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/iran-massive-wiper-attack-medtech/
-
Real-Time Banking Trojan Strikes Brazil’s Pix Users
The latest banking Trojan campaign to hit Brazil combines classic malware with a real-time human operator, waiting for the perfect moment to strike. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/real-time-banking-trojan-strikes-brazils-pix-users
-
AI-assisted Slopoly malware powers Hive0163’s ransomware campaigns
The Hive0163 group used AI-assisted malware called Slopoly to maintain persistent access in ransomware attacks. IBM X-Force researchers report that the financially motivated group Hive0163 is using AI-assisted malware named Slopoly to maintain persistent access during ransomware attacks, showing how threat actors can quickly build new malware frameworks using AI. Hive0163 is a threat actor…
-
Authorities Shut Down Proxy Service Linked to Malware Campaign Targeting Thousands of Users
A coordinated international law enforcement operation successfully dismantled SocksEscort, a massive malicious residential proxy network. Led by the U.S. Justice Department alongside several European allies, the operation disrupted a sophisticated infrastructure that compromised thousands of residential and small business routers globally. By executing seizure warrants against dozens of U.S.-registered domains, authorities effectively halted a criminal…
-
Storm-2561 Uses SEO Poisoning, Fake Signed VPN Apps to Steal Enterprise Credentials
A financially motivated threat actor tracked as Storm-2561 is running a credential theft campaign that abuses SEO poisoning and fake, signed VPN installers to steal enterprise VPN credentials. Active since May 2025, Storm-2561 continues to exploit user trust in search results, known VPN brands, and code-signing certificates to distribute malware disguised as legitimate remote access…
-
Fake Temu Coin airdrop uses ClickFix trick to install stealthy malware
A fake $TEMU crypto airdrop uses the ClickFix trick to make victims run malware themselves and quietly installs a remote-access backdoor. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/fake-temu-coin-airdrop-uses-clickfix-trick-to-install-stealthy-malware/
-
The Cyber Express Weekly Roundup: Global Cyberattacks, Espionage, Malware, and Critical Security Updates
This week’s The Cyber Express weekly roundup highlights major cybersecurity developments affecting organizations, governments, and individuals worldwide. Key stories include destructive cyberattacks, such as system-wide wipes and targeted breaches, as well as state-backed cyber espionage targeting technology and research sectors. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/the-cyber-express-weekly-roundup-march/
-
Proxy-Netzwerk zerschlagen: 370.000 Router und IoT-Geräte von Hackern missbraucht
Mit Socksescort haben Cyberkriminelle durch mit Malware infizierte Router und IoT-Geräte ihren Traffic verschleiert. Damit ist jetzt Schluss. First seen on golem.de Jump to article: www.golem.de/news/proxy-netzwerk-zerschlagen-370-000-router-und-iot-geraete-von-hackern-missbraucht-2603-206455.html
-
Storm-2561 targets enterprise VPN users with SEO poisoning, fake clients
vpn-fortinet[.]com and ivanti-vpn[.]org, hosting malicious ZIP files on GitHub, the advisory said.The malware itself arrives as a ZIP file containing a Windows Installer package. When a user launches the downloaded installer, it drops a fake Pulse Secure application into a directory that closely mimics a legitimate Pulse Secure installation path, Microsoft said.”This installation path blends…
-
Storm-2561 targets enterprise VPN users with SEO poisoning, fake clients
vpn-fortinet[.]com and ivanti-vpn[.]org, hosting malicious ZIP files on GitHub, the advisory said.The malware itself arrives as a ZIP file containing a Windows Installer package. When a user launches the downloaded installer, it drops a fake Pulse Secure application into a directory that closely mimics a legitimate Pulse Secure installation path, Microsoft said.”This installation path blends…
-
Iran War Bait Fuels TA453, TA473 Phishing Campaigns
Tags: cloud, credentials, cyber, espionage, exploit, government, iran, malware, middle-east, phishing, service, theft, threatTA453, TA473, and several emerging threat clusters are exploiting breaking news about the Iran war to run highly targeted phishing campaigns against governments and policy organizations across the Middle East and beyond. These operations blend traditional espionage with opportunistic credential theft and malware delivery, often abusing compromised government accounts and trusted cloud services to increase…
-
Hive0163 Ransomware Operators Use AI-Generated Slopoly Malware
Researchers have identified a suspected case of AI-generated malware being used during a ransomware attack. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/slopoly-ai-generated-malware/
-
Iran-Linked Handala Ramps Up Wiper Attacks on Israeli, Western Targets
Tracking an increased risk of wiper attacks related to the conflict with Iran, including multiple related incidents impacting organizations in Israel and the US. For the latest intelligence on cyberattacks. The campaign uses destructive “wiper” malware designed to erase systems and disrupt business operations permanently. Security experts believe these activities are part of a broader…
-
Authorities Disrupt SocksEscort Proxy Botnet Exploiting 369,000 IPs Across 163 Countries
A court-authorized international law enforcement operation has dismantled a criminal proxy service named SocksEscort that enslaved thousands of residential routers worldwide into a botnet for committing large-scale fraud.”SocksEscort infected home and small business internet routers with malware,” the U.S. Department of Justice (DoJ) said. “The malware allowed SocksEscort to direct internet First seen on thehackernews.com…
-
Fileless Remcos RAT Attack Uses JavaScript and PowerShell to Slip Past Detection
A recent Remcos RAT campaign showcases how commodity malware has fully embraced fileless, multi”‘stage execution to bypass traditional defenses and remain stealthy on compromised Windows systems. Instead of dropping a static executable to disk, the operators rely on JavaScript, PowerShell, and a managed .NET injector to execute Remcos entirely in memory, dramatically reducing forensic artifacts…