Tag: malware
-
Threat Actors Exploit VS Code Extensions for Ransomware via GitHub C2
Tags: attack, control, cyber, espionage, exploit, github, government, group, infrastructure, malware, north-korea, ransomware, threatSecurity researchers have uncovered a sophisticated attack campaign attributed to Kimsuky, the North Korean-backed threat group known for conducting espionage operations against government entities and think tanks. Recent analysis reveals that threat actors are leveraging Visual Studio Code extensions and GitHub as command-and-control infrastructure to deliver multi-stage malware payloads capable of deploying ransomware and conducting…
-
ThreatsDay Bulletin: AI Tools in Malware, Botnets, GDI Flaws, Election Attacks & More
Cybercrime has stopped being a problem of just the internet — it’s becoming a problem of the real world. Online scams now fund organized crime, hackers rent violence like a service, and even trusted apps or social platforms are turning into attack vectors.The result is a global system where every digital weakness can be turned…
-
ThreatsDay Bulletin: AI Tools in Malware, Botnets, GDI Flaws, Election Attacks & More
Cybercrime has stopped being a problem of just the internet — it’s becoming a problem of the real world. Online scams now fund organized crime, hackers rent violence like a service, and even trusted apps or social platforms are turning into attack vectors.The result is a global system where every digital weakness can be turned…
-
Airstalk Malware Exploits AirWatch MDM for Covert C2 Communication
Security researchers have identified a sophisticated new malware family, Airstalk, that exploits VMware’s AirWatch API”, now known as Workspace ONE Unified Endpoint Management”, to establish covert command-and-control channels. The discovery represents a significant threat to evolution, with both PowerShell and .NET variants discovered in what researchers assess with medium confidence was a nation-state-sponsored supply chain…
-
Airstalk Malware Exploits AirWatch MDM for Covert C2 Communication
Security researchers have identified a sophisticated new malware family, Airstalk, that exploits VMware’s AirWatch API”, now known as Workspace ONE Unified Endpoint Management”, to establish covert command-and-control channels. The discovery represents a significant threat to evolution, with both PowerShell and .NET variants discovered in what researchers assess with medium confidence was a nation-state-sponsored supply chain…
-
Malware-pwned laptop gifts cybercriminals Nikkei’s Slack
Stolen creds let miscreants waltz into 17K employees’ chats, spilling info on staff and partners First seen on theregister.com Jump to article: www.theregister.com/2025/11/06/nikkeis_private_chats_go_public/
-
Alleged Russia-linked Curly COMrades exploit Windows Hyper-V to evade EDRs
Curly COMrades threat actors exploit Windows Hyper-V to hide Linux VMs, evade EDR tools, and deploy custom malware undetected. Bitdefender researchers, aided by Georgia’s CERT, uncovered that Curly COMrades, a group linked to Russian interests, abused Windows Hyper-V to gain covert, long-term access to victims. Threat actors created hidden Alpine Linux VMs (120MB/256MB) hosting custom…
-
Sandworm hackers use data wipers to disrupt Ukraine’s grain sector
Russian state-backed hacker group Sandworm has deployed multiple data-wiping malware families in attacks targeting Ukraine’s education, government, and the grain sector, the country’s main revenue source. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/sandworm-hackers-use-data-wipers-to-disrupt-ukraines-grain-sector/
-
Sandworm hackers use data wipers to disrupt Ukraine’s grain sector
Russian state-backed hacker group Sandworm has deployed multiple data-wiping malware families in attacks targeting Ukraine’s education, government, and the grain sector, the country’s main revenue source. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/sandworm-hackers-use-data-wipers-to-disrupt-ukraines-grain-sector/
-
AI-Enabled Malware Now Actively Deployed, Says Google
Google warns of “just-in-time AI” malware using LLMs to evade detection and generate malicious code on-demand First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/aienabled-malware-actively/
-
ValleyRAT Campaign Targets Windows via WeChat and DingTalk
A sophisticated Windows remote-access trojan known as ValleyRAT has emerged as a high-confidence indicator of targeted intrusions against Chinese-language users and organizations. ValleyRAT’s operational model relies on a carefully orchestrated delivery chain comprising four distinct components: the downloader, loader, injector, and RAT payload. First observed in early 2023, this multi-stage malware combines advanced evasion techniques,…
-
ValleyRAT Campaign Targets Windows via WeChat and DingTalk
A sophisticated Windows remote-access trojan known as ValleyRAT has emerged as a high-confidence indicator of targeted intrusions against Chinese-language users and organizations. ValleyRAT’s operational model relies on a carefully orchestrated delivery chain comprising four distinct components: the downloader, loader, injector, and RAT payload. First observed in early 2023, this multi-stage malware combines advanced evasion techniques,…
-
Google Warns of PROMPTFLUX Malware That Uses Gemini API for Self-Rewriting Attacks
Cybersecurity researchers at Google Threat Intelligence Group (GTIG) have identified a significant shift in how threat actors are leveraging artificial intelligence in their operations. The discovery of experimental malware called PROMPTFLUX marks a watershed moment in cyber threats, demonstrating that attackers are no longer using AI merely to boost productivity they are now deploying AI-enabled…
-
Google Warns of PROMPTFLUX Malware That Uses Gemini API for Self-Rewriting Attacks
Cybersecurity researchers at Google Threat Intelligence Group (GTIG) have identified a significant shift in how threat actors are leveraging artificial intelligence in their operations. The discovery of experimental malware called PROMPTFLUX marks a watershed moment in cyber threats, demonstrating that attackers are no longer using AI merely to boost productivity they are now deploying AI-enabled…
-
Google Warns of PROMPTFLUX Malware That Uses Gemini API for Self-Rewriting Attacks
Cybersecurity researchers at Google Threat Intelligence Group (GTIG) have identified a significant shift in how threat actors are leveraging artificial intelligence in their operations. The discovery of experimental malware called PROMPTFLUX marks a watershed moment in cyber threats, demonstrating that attackers are no longer using AI merely to boost productivity they are now deploying AI-enabled…
-
Gootloader Returns with a New ZIP File Tactic to Conceal Malicious Payloads
Cybersecurity researchers have discovered a resurgent Gootloader malware campaign employing sophisticated new evasion techniques that exploit ZIP archive manipulation to evade detection and analysis. Credit for uncovering this latest threat goes to security researcher RussianPanda and the team at Huntress, identified the campaign actively targeting victims through compromised websites. Despite previous disruption efforts earlier this…
-
APT60 Targets Japan: New SpyGlace Malware Uses VHDX LNK and GitHub Tasking for Persistent Espionage
The post APT-C-60 Targets Japan: New SpyGlace Malware Uses VHDX LNK and GitHub Tasking for Persistent Espionage appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/apt-c-60-targets-japan-new-spyglace-malware-uses-vhdx-lnk-and-github-tasking-for-persistent-espionage/
-
5 AI-developed malware families analyzed by Google fail to work and are easily detected
You wouldn’t know it from the hype, but the results fail to impress. First seen on arstechnica.com Jump to article: arstechnica.com/security/2025/11/ai-generated-malware-poses-little-real-world-threat-contrary-to-hype/
-
5 AI-developed malware families analyzed by Google fail to work and are easily detected
You wouldn’t know it from the hype, but the results fail to impress. First seen on arstechnica.com Jump to article: arstechnica.com/security/2025/11/ai-generated-malware-poses-little-real-world-threat-contrary-to-hype/
-
5 AI-developed malware families analyzed by Google fail to work and are easily detected
You wouldn’t know it from the hype, but the results fail to impress. First seen on arstechnica.com Jump to article: arstechnica.com/security/2025/11/ai-generated-malware-poses-little-real-world-threat-contrary-to-hype/
-
AI-generated malware poses little real-world threat, contrary to hype
You wouldn’t know it from the hype, but the results fail to impress. First seen on arstechnica.com Jump to article: arstechnica.com/security/2025/11/ai-generated-malware-poses-little-real-world-threat-contrary-to-hype/
-
Gootloader malware is back with new tricks after 7-month break
Tags: malwareThe Gootloader malware loader operation has returned after a 7-month absence and is once again performing SEO poisoning to promote fake websites that distribute the malware. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/gootloader-malware-is-back-with-new-tricks-after-7-month-break/
-
Generative AI Supercharges Reverse Engineering
Check Point shows how generative AI accelerates XLoader analysis, uncovering real C2s and enabling faster, smarter malware defense. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/news/generative-ai-reverse-engineering/
-
Google uncovers malware using LLMs to operate and evade detection
PromptLock, the AI-powered proof-of-concept ransomware developed by researchers at NYU Tandon and initially mistaken for an active threat by ESET, is no longer an isolated … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/11/05/malware-using-llms/
-
AI-based malware makes attacks stealthier and more adaptive
Google says it has discovered at least five malware families that use AI to reinvent themselves and hide from defenders. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/ai-powered-malware-google/804760/
-
Google Uncovers PROMPTFLUX Malware That Uses Gemini AI to Rewrite Its Code Hourly
Google on Wednesday said it discovered an unknown threat actor using an experimental Visual Basic Script (VB Script) malware dubbed PROMPTFLUX that interacts with its Gemini artificial intelligence (AI) model API to write its own source code for improved obfuscation and evasion.”PROMPTFLUX is written in VBScript and interacts with Gemini’s API to request specific VBScript…
-
UNK_SmudgedSerpent Targets Academics With Political Lures
A previously unknown cyber actor UNK_SmudgedSerpent has been observed targeting academics with phishing and malware, merging techniques from Iranian groups First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/unksmudgedserpent-targets-academics/
-
Google warns of new AI-powered malware families deployed in the wild
Google’s Threat Intelligence Group (GTIG) has identified a major shift this year, with adversaries leveraging artificial intelligence to deploy new malware families that integrate large language models (LLMs) during execution. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/google-warns-of-new-ai-powered-malware-families-deployed-in-the-wild/
-
Malware Developers Test AI for Adaptive Code Generation
Google Details How Attackers Could Use LLMs to Mutate Scripts. Malware authors are experimenting with a new breed of artificial intelligence-driven attacks, with code that could potentially rewrite itself as it runs. Large language models are allowing hackers to generate, modify and execute commands on demand, instead of relying on static payloads First seen on…
-
Malware Developers Test AI for Adaptive Code Generation
Google Details How Attackers Could Use LLMs to Mutate Scripts. Malware authors are experimenting with a new breed of artificial intelligence-driven attacks, with code that could potentially rewrite itself as it runs. Large language models are allowing hackers to generate, modify and execute commands on demand, instead of relying on static payloads First seen on…