Collecting Cyber-News from over 60 sources

Tag: malware

Hackers Exploit n8n Webhooks to Spread Malware

Apr 17, 2026 12:48 AM

Tags: ai, automation, cyber, email, exploit, hacker, malicious, malware, phishing, tool

A new abuse campaign targeting AI-driven workflow automation platforms particularly n8n that turns legitimate automation tools into powerful malware delivery systems. Between October 2025 and March 2026, security analysts observed a sharp surge in phishing emails that weaponized n8n-generated webhooks to deliver malicious payloads and collect device fingerprints under the guise of trusted infrastructure. AI workflow platforms like n8n and Zapier are…
Ukrainian emergency services and hospitals hit by espionage campaign using new AgingFly malware

Apr 17, 2026 12:48 AM

Tags: espionage, government, hacker, healthcare, malware, service, tool, ukraine

Hackers have targeted Ukrainian hospitals and local government bodies in a new espionage campaign using a malware tool dubbed AgingFly, researchers say. First seen on therecord.media Jump to article: therecord.media/aging-fly-espionage-campaign-targets-ukraine-emergency-services
MiningDropper Turns Android Apps Into Multi-Stage Malware Delivery Systems

Apr 17, 2026 12:48 AM

Tags: android, malware

Researchers have uncovered an Android malware framework dubbed the MiningDropper. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/miningdropper-android-malware/
OpenAI Launches GPT-5.4-Cyber to Boost Defensive Cybersecurity

Apr 17, 2026 12:48 AM

Tags: access, cyber, cybersecurity, malware, openai, software

OpenAI unveils GPT-5.4-Cyber, a cybersecurity-focused model built to help defenders analyze malware and fix software bugs. The company is also expanding its Trusted Access for Cyber (TAC) program to thousands of verified experts. First seen on hackread.com Jump to article: hackread.com/openai-gpt-5-4-cyber-boost-defensive-cybersecurity/
Fake Claude AI Installer Targets Windows Users with PlugX Malware

Apr 17, 2026 12:48 AM

Tags: access, ai, malware, windows

Fake Claude AI installer mimicking Anthropic spreads PlugX malware on Windows, using DLL sideloading to gain persistent remote access to infected systems. First seen on hackread.com Jump to article: hackread.com/fake-claude-ai-installer-plugx-malware-windows-users/
Fake Claude AI Installer Targets Windows Users with PlugX Malware

Apr 17, 2026 12:48 AM

Tags: access, ai, malware, windows

Fake Claude AI installer mimicking Anthropic spreads PlugX malware on Windows, using DLL sideloading to gain persistent remote access to infected systems. First seen on hackread.com Jump to article: hackread.com/fake-claude-ai-installer-plugx-malware-windows-users/
Active HanGhost Loader Campaign Targets Enterprise Payment and Logistics Workflows

Apr 17, 2026 12:48 AM

Tags: attack, malware

Active HanGhost Loader campaign targets enterprise payment and logistics workflows with fileless attacks, multi-stage execution, and stealthy malware delivery. First seen on hackread.com Jump to article: hackread.com/active-hanghost-loader-payment-logistic-workflow/
AI platform n8n abused for stealthy phishing and malware delivery

Apr 17, 2026 12:48 AM

Tags: ai, automation, control, data, exploit, infrastructure, malware, phishing, threat

Attackers abuse AI automation platform n8n to run phishing campaigns, deliver malware, and evade security by using trusted infrastructure. Threat actors are exploiting the popular AI workflow automation platform n8n to launch advanced phishing campaigns, deliver malware, and collect device data through automated emails. By using trusted infrastructure, they can bypass traditional security controls and…
Mirax RAT Targets Android Devices Through Meta Apps

Apr 15, 2026 12:52 AM

Tags: access, android, malware, rat, russia, service

Malware-as-a-Service Operations Favors Russian-Speaking Customers. An emerging remote access Trojan targeting Android devices in Spanish-speaking nations is propagating fraudulent advertisements as an initial access point on Meta-owned applications. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/mirax-rat-targets-android-devices-through-meta-apps-a-31421
New ‘JanaWare’ ransomware targeting Turkish citizens as cybercriminal ecosystem fragments

Apr 14, 2026 10:53 PM

Tags: cybercrime, malware, ransomware

The researchers said the ransomware operation has been ongoing since 2020 and is associated with a strain of malware that enforces execution constraints based on system locale and external IP geolocation. First seen on therecord.media Jump to article: therecord.media/new-janaware-ransomware-targeting-turkey
Someone planted backdoors in dozens of WordPress plug-ins used in thousands of websites

Apr 14, 2026 9:52 PM

Tags: backdoor, corporate, malware, wordpress

Dozens of WordPress plug-ins were allegedly hijacked to push malware after they were sold to a new corporate owner. First seen on techcrunch.com Jump to article: techcrunch.com/2026/04/14/someone-planted-backdoors-in-dozens-of-wordpress-plugins-used-in-thousands-of-websites/
Someone planted backdoors in dozens of WordPress plugins used in thousands of websites

Apr 14, 2026 8:52 PM

Tags: backdoor, corporate, malware, wordpress

Dozens of WordPress plugins were allegedly hijacked to push malware after they were sold to a new corporate owner. First seen on techcrunch.com Jump to article: techcrunch.com/2026/04/14/someone-planted-backdoors-in-dozens-of-wordpress-plugins-used-in-thousands-of-websites/
Omnistealer uses the blockchain to steal everything it can

Apr 14, 2026 5:52 PM

Tags: blockchain, cloud, crypto, login, malware, password

This malware is coming for your password managers, saved logins, cloud storage, crypto wallets, and just about anything else it can reach. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/omnistealer-uses-the-blockchain-to-steal-everything-it-can/
Mirax Android RAT Hijacks Infected Phones as Residential Proxies

Apr 14, 2026 4:52 PM

Tags: access, android, banking, control, cyber, cybercrime, infrastructure, malware, phone, rat

A new Android banking trojan called Mirax is rapidly gaining traction in the cybercrime ecosystem, combining powerful remote access features with residential proxy capabilities to turn victims’ smartphones into high-value infrastructure nodes. Mirax is marketed as a premium Android RAT and banking malware, offering attackers full, real”‘time control over compromised devices. Once installed, the malware can execute…
Mirax Android RAT Hijacks Infected Phones as Residential Proxies

Apr 14, 2026 4:52 PM

Tags: access, android, banking, control, cyber, cybercrime, infrastructure, malware, phone, rat

A new Android banking trojan called Mirax is rapidly gaining traction in the cybercrime ecosystem, combining powerful remote access features with residential proxy capabilities to turn victims’ smartphones into high-value infrastructure nodes. Mirax is marketed as a premium Android RAT and banking malware, offering attackers full, real”‘time control over compromised devices. Once installed, the malware can execute…
China-linked cloud credential heist runs on typos and SMTP

Apr 14, 2026 3:52 PM

Tags: access, china, cloud, credentials, detection, espionage, infrastructure, linux, malicious, malware, mitre, monitoring, network, service, tactics, tool

Typosquatting for cloud-native espionage: The campaign relies heavily on deception, the researchers pointed out, using C2 domains closely resembling legitimate Alibaba Cloud services. The typosquatting approach allows malicious traffic to blend into routine cloud operations, specifically in environments where outbound filtering is absent.The implant used is an obfuscated ELF binary, with an executable designed for…
Q1 2026 Open Source Malware Index: Adaptive Attacks, Familiar Weaknesses

Apr 14, 2026 2:51 PM

Tags: access, ai, api, attack, automation, cloud, credentials, crypto, data, github, guide, intelligence, kubernetes, linux, macOS, malicious, malware, open-source, pypi, risk, software, supply-chain, tactics, theft, tool, update, windows, worm

<div cla TL;DR Sonatype identified 21,764 open source malware packages in Q1 2026, bringing the total logged since 2017 to 1,346,867. npm accounted for 75% of malicious packages this quarter. Trojans dominated, with most activity focused on credential theft, host reconnaissance, and staged payload delivery. The quarter’s defining pattern was trust abuse: attackers succeeded by…
Ransomware-Linked ViperTunnel Malware Hits UK and US Businesses

Apr 14, 2026 12:52 PM

Tags: backdoor, malware, ransomware, windows

ViperTunnel is a Python-based backdoor linked to DragonForce ransomware that targets businesses using Windows servers across the US and the UK. First seen on hackread.com Jump to article: hackread.com/ransomware-vipertunnel-malware-uk-us-businesses/
Hackers Exploit Obsidian Plugin to Deploy Cross-Platform Malware

Apr 14, 2026 12:52 PM

Tags: access, cloud, crypto, cyber, exploit, finance, group, hacker, linkedin, malware

Hackers are abusing Obsidian’s Shell Commands plugin and shared cloud vaults to deliver a new cross”‘platform malware chain that ends with the PHANTOMPULSE remote access trojan. Attackers pose as a venture capital firm targeting financial and cryptocurrency professionals, first engaging over LinkedIn and then moving conversations to Telegram group chats with multiple fake “partners” to…
How AI is transforming threat detection

Apr 14, 2026 11:52 AM

Tags: ai, attack, automation, best-practice, business, ceo, cisa, cve, cyber, data, detection, email, endpoint, framework, google, governance, group, incident response, intelligence, international, jobs, kev, malware, network, nist, organized, phishing, risk, skills, soc, switch, technology, threat, tool

Reducing alert fatigue: In alert triage, AI agents are reducing alert fatigue by clustering alert patterns and enabling risk-based prioritization, adds Dipto Chakravarty, chief product and technology officer at Black Duck.For example, natural language processing agents can summarize threat alerts at scale and correlate them with threat intel feeds such as CVE.org and the CISA KEV Catalog,…
Fake Proxifier GitHub Installer Spreads ClipBanker Crypto Malware

Apr 14, 2026 7:52 AM

Tags: crypto, cyber, github, hacker, infection, malware

Hackers are abusing a fake Proxifier installer hosted on GitHub to deliver a multi”‘stage ClipBanker malware that silently hijacks cryptocurrency transactions from infected systems. The campaign combines search”‘engine poisoning, trojanized installers, and fileless techniques to stay under the radar while swapping victims’ wallet addresses with those controlled by attackers. The infection typically begins when users…
JanelaRAT Malware Targets Latin American Banks with 14,739 Attacks in Brazil in 2025

Apr 13, 2026 9:51 PM

Tags: attack, crypto, data, finance, malware, rat

Banks and financial institutions in Latin American countries like Brazil and Mexico have continued to be the target of a malware family called JanelaRAT.A modified version of BX RAT, JanelaRAT is known to steal financial and cryptocurrency data associated with specific financial entities, as well as track mouse inputs, log keystrokes, take screenshots, and collect…
When AI Finds a Way Out: The Alibaba Incident and Why Zero Trust Matters More Than Ever

Apr 13, 2026 8:51 PM

Tags: access, ai, control, cybersecurity, data-breach, detection, firewall, flaw, identity, malware, network, software, threat, training, zero-trust

The incidentIn cybersecurity, the most important lessons rarely come from theory, but reality.A recent incident involving an experimental AI agent in the Alibaba ecosystem is one of those moments that forces us to pause and rethink some of our core assumptions. During what should have been just model training, the Alibaba AI agent began behaving…
OpenSSF Flags Malware Campaign on Slack Posing as Linux Foundation Figures

Apr 13, 2026 3:51 PM

Tags: hacker, linux, malware

OpenSSF warns hackers impersonate Linux Foundation leaders on Slack, tricking developers into installing malware that can compromise entire systems. First seen on hackread.com Jump to article: hackread.com/openssf-malware-slack-linux-foundation-figures/
Hackers hijacked CPUID downloads, served STX RAT to victims

Apr 13, 2026 3:51 PM

Tags: hacker, malware, rat, software

If you tried to download software from CPUID’s website late last week, you might have downloaded malware instead. >>Investigations are still ongoing, but it appears … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/13/cpuid-download-malware/
Hackers Exploit MSBuild LOLBin to Evade Detection in Fileless Windows Attacks

Apr 13, 2026 2:51 PM

Tags: attack, cyber, defense, detection, exploit, hacker, malware, tool, windows

Cyber attackers are increasingly using Living Off the Land Binaries (LOLBins) to bypass security detection. By leveraging legitimate system tools, these attacks avoid signature-based defenses and operate without dropping traditional malware files. One such LOLBin now gaining attention is MSBuild.exe, a native Windows development tool signed by Microsoft. Originally designed to build and run C# code from XML-based…
North Korea’s APT37 Uses Facebook Social Engineering to Deliver RokRAT Malware

Apr 13, 2026 12:52 PM

Tags: access, group, hacking, korea, malware, north-korea, social-engineering, threat

The North Korean hacking group tracked as APT37 (aka ScarCruft) has been attributed to a fresh multi-stage, social engineering campaign in which threat actors approached targets on Facebook and added them as friends on the social media platform, turning the trust-building exercise into a delivery channel for a remote access trojan called RokRAT.”The threat actor…
CPUID watering hole attack spreads STX RAT malware

Apr 13, 2026 10:51 AM

Tags: access, attack, malicious, malware, rat, threat

Threat actors compromised the CPUID website and spread STX RAT through fake CPU-Z and HWMonitor downloads. Attackers breached the website CPUID and replaced download links for CPU-Z and HWMonitor with malicious files for several hours. Users who downloaded them got infected with the STX RAT, giving attackers remote access to their systems. The short attack…
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 92

Apr 12, 2026 3:51 PM

Tags: backdoor, hacker, international, malicious, malware, rce, remote-code-execution, theft

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Thirty-Six Malicious npm Strapi Packages Deploy Redis RCE, Database Theft, and Persistent C2 Malicious LNK Files Distributing a Python-Based Backdoor and Changes in Distribution Techniques (Kimsuky Group) Hackers Are Attempting to Turn ComfyUI Servers Into a…
Google Locks Chrome Sessions to Devices to Stop Cookie Theft

Apr 11, 2026 11:51 AM

Tags: browser, chrome, credentials, cyber, google, macOS, malware, mfa, password, theft, windows

Google has officially launched a major security upgrade to protect users from session hijacking. Starting with Chrome version 146 for Windows users, Device Bound Session Credentials (DBSC) is now publicly available. This new feature aims to stop malware from stealing web cookies and using them to bypass passwords and multi-factor authentication. Support for macOS users…