Tag: malware
-
Rhysida ransomware exploits Microsoft certificate to slip malware past defenses
Identifying forensic signals: The campaigns that leverage trusted certificates undermine the trust model enterprises rely on. Signed malware bypasses app-allow lists, browser warnings, OS checks, and antivirus assumptions about signed code. When the file poses as Teams or PuTTY, employees don’t hesitate to download it as it looks normal.”Once inside, the malware runs with fewer…
-
Open VSX rotates access tokens used in supply-chain malware attack
The Open VSX registry rotated access tokens after they were accidentally leaked by developers in public repositories and allowed threat actors to publish malicious extensions in an attempted supply-chain attack. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/open-vsx-rotates-tokens-used-in-supply-chain-malware-attack/
-
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 69
Tags: attack, data-breach, hacking, international, linux, malware, ransomware, threat, tool, windowsSecurity Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter Agenda Ransomware Deploys Linux Variant on Windows Systems Through Remote Management Tools and BYOVD Techniques Uncovering Qilin attack methods exposed through multiple cases Mem3nt0 mori The Hacking Team is back! Insider Threats Loom […]…
-
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 69
Tags: attack, data-breach, hacking, international, linux, malware, ransomware, threat, tool, windowsSecurity Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter Agenda Ransomware Deploys Linux Variant on Windows Systems Through Remote Management Tools and BYOVD Techniques Uncovering Qilin attack methods exposed through multiple cases Mem3nt0 mori The Hacking Team is back! Insider Threats Loom […]…
-
Hackers Hide SSHTor Backdoor Inside Weaponized Military Documents
In October 2025, cybersecurity researchers at Cyble Research and Intelligence Labs (CRIL) uncovered a sophisticated malware campaign distributing weaponized ZIP archives disguised as military documents. The attack specifically targeted Belarusian military personnel through a lure document titled >>ТЛГ на убытие на переподготовку.pdf
-
Preventing DNS filtering bypass by Encrypted DNS (DoT, DoH, DoQ)
DNS over HTTPS (DoH) and other encrypted DNS protocols like DNS over TLS (DoT) & DNS over QUIC (DoQ) enhances user privacy and security by encrypting DNS queries in transit, shielding them from eavesdropping, tampering, and censorship on untrusted networks. This prevents ISPs and local attackers from logging or manipulating domain resolutions, fostering a more…
-
Russian Police Bust Suspected Meduza Infostealer Developers
3 ‘Young IT Specialists’ Arrested After Malware Tied to Government Agency Infection. Russian police have arrested three young IT specialists in Moscow, charging them with developing and selling the notorious Meduza information-stealing malware, and members of their group using the infostealer to breach a Russian government institution in May and exfiltrate data. First seen on…
-
Nation-State Hackers Deploy New Airstalk Malware in Suspected Supply Chain Attack
A suspected nation-state threat actor has been linked to the distribution of a new malware called Airstalk as part of a likely supply chain attack.Palo Alto Networks Unit 42 said it’s tracking the cluster under the moniker CL-STA-1009, where “CL” stands for cluster and “STA” refers to state-backed motivation.”Airstalk misuses the AirWatch API for mobile…
-
Alleged Meduza Stealer malware admins arrested after hacking Russian org
The Russian authorities have arrested three individuals in Moscow who are believed to be the creators and operators of the Meduza Stealer information-stealing malware. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/alleged-meduza-stealer-malware-admins-arrested-after-hacking-russian-org/
-
Alleged Meduza Stealer malware admins arrested after hacking Russian org
The Russian authorities have arrested three individuals in Moscow who are believed to be the creators and operators of the Meduza Stealer information-stealing malware. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/alleged-meduza-stealer-malware-admins-arrested-after-hacking-russian-org/
-
Alleged Meduza Stealer malware admins arrested after hacking Russian org
The Russian authorities have arrested three individuals in Moscow who are believed to be the creators and operators of the Meduza Stealer information-stealing malware. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/alleged-meduza-stealer-malware-admins-arrested-after-hacking-russian-org/
-
Alleged Meduza Stealer malware admins arrested after hacking Russian org
The Russian authorities have arrested three individuals in Moscow who are believed to be the creators and operators of the Meduza Stealer information-stealing malware. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/alleged-meduza-stealer-malware-admins-arrested-after-hacking-russian-org/
-
Three suspected developers of Meduza Stealer malware arrested in Russia
Russia’s Interior Ministry posted a video of raids on suspected developers of the Meduza Stealer malware, which has been sold to cybercriminals since 2023. First seen on therecord.media Jump to article: therecord.media/meduza-stealer-malware-suspected-developers-arrested-russia
-
Cyberspionage gegen diplomatische Einrichtungen in Europa durch chinesische APT-Gruppe
Arctic Wolf hat eine laufende Cyberspionagekampagne des chinesisch-affiliierten Bedrohungsakteurs UNC6384 aufgedeckt, die sich im September und Oktober gezielt gegen diplomatische Einrichtungen in Ungarn, Belgien und weiteren europäischen Staaten richtete. Die Angreifer kombinieren eine neu entdeckte Windows-Schwachstelle (ZDI-CAN-25373) mit der seit Jahren aktiven Spionage-Malware PlugX und setzen dabei auf täuschend echte Phishing-Mails mit EU- und NATO-Konferenzthemen.…
-
Cyberspionage gegen diplomatische Einrichtungen in Europa durch chinesische APT-Gruppe
Arctic Wolf hat eine laufende Cyberspionagekampagne des chinesisch-affiliierten Bedrohungsakteurs UNC6384 aufgedeckt, die sich im September und Oktober gezielt gegen diplomatische Einrichtungen in Ungarn, Belgien und weiteren europäischen Staaten richtete. Die Angreifer kombinieren eine neu entdeckte Windows-Schwachstelle (ZDI-CAN-25373) mit der seit Jahren aktiven Spionage-Malware PlugX und setzen dabei auf täuschend echte Phishing-Mails mit EU- und NATO-Konferenzthemen.…
-
Hackers Exploit WSUS Flaw to Spread Skuld Stealer Despite Microsoft Patch
Cybercriminals exploit a WSUS vulnerability to deploy Skuld Stealer malware, even after Microsoft released an urgent security patch. First seen on hackread.com Jump to article: hackread.com/hackers-exploit-wsus-skuld-stealer-microsoft-patch/
-
Hackers Exploit WSUS Flaw to Spread Skuld Stealer Despite Microsoft Patch
Cybercriminals exploit a WSUS vulnerability to deploy Skuld Stealer malware, even after Microsoft released an urgent security patch. First seen on hackread.com Jump to article: hackread.com/hackers-exploit-wsus-skuld-stealer-microsoft-patch/
-
Cyberspionage gegen diplomatische Einrichtungen in Europa durch chinesische APT-Gruppe
Arctic Wolf hat eine laufende Cyberspionagekampagne des chinesisch-affiliierten Bedrohungsakteurs UNC6384 aufgedeckt, die sich im September und Oktober gezielt gegen diplomatische Einrichtungen in Ungarn, Belgien und weiteren europäischen Staaten richtete. Die Angreifer kombinieren eine neu entdeckte Windows-Schwachstelle (ZDI-CAN-25373) mit der seit Jahren aktiven Spionage-Malware PlugX und setzen dabei auf täuschend echte Phishing-Mails mit EU- und NATO-Konferenzthemen.…
-
Stolen Credentials Drive the Rise of Financially Motivated Cyberattacks
Throughout the first half of 2025, the FortiGuard Incident Response team investigated dozens of security breaches across multiple industries driven by financially motivated threat actors. What emerged from these investigations was a striking pattern: attackers are abandoning complex, malware-heavy approaches in favor of a deceptively simple method”, simply logging in using stolen credentials and leveraging…
-
Stolen Credentials Drive the Rise of Financially Motivated Cyberattacks
Throughout the first half of 2025, the FortiGuard Incident Response team investigated dozens of security breaches across multiple industries driven by financially motivated threat actors. What emerged from these investigations was a striking pattern: attackers are abandoning complex, malware-heavy approaches in favor of a deceptively simple method”, simply logging in using stolen credentials and leveraging…
-
Android-Malware: Über 760 betrügerische Apps greifen Zahlungsdaten ab
Immer mehr Menschen bezahlen ihre Einkäufe mit dem Smartphone. Das wissen auch Cyberkriminelle – und beschaffen sich per Malware die Kartendaten. First seen on golem.de Jump to article: www.golem.de/news/android-malware-ueber-760-betruegerische-apps-greifen-zahlungsdaten-ab-2510-201726.html
-
Kimsuky and Lazarus Hackers Deploy New Backdoor Tools for Remote Access Attacks
North Korean state-sponsored threat actors have escalated their cyber operations with the deployment of sophisticated new malware variants designed to establish persistent backdoor access to compromised systems. Recent investigations by threat intelligence researchers have uncovered two distinct toolsets from prominent DPRK-aligned hacking groups: Kimsuky’s newly identified HttpTroy backdoor and an upgraded version of Lazarus’s BLINDINGCAN…
-
Malicious packages in npm evade dependency detection through invisible URL links: Report
Tags: ai, application-security, attack, control, detection, edr, endpoint, exploit, flaw, github, governance, hacker, malicious, malware, microsoft, open-source, programming, service, software, supply-chain, threat, tool, trainingCampaign also exploits AI: The names of packages uploaded to npm aren’t typosquats of common packages, a popular tactic of threat actors. Instead the hackers exploit AI hallucinations. When developers ask AI assistants for package recommendations, the chatbots sometimes suggest plausible-sounding names that are close to those of legitimate packages, but that don’t actually exist.…
-
Hidden npm Malware Exposes New Supply Chain Weakness
Hidden npm malware steals developer credentials, exposing major software supply chain risks in the open-source ecosystem. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/news/hidden-npm-malware-supply-chain/
-
Massive surge of NFC relay malware steals Europeans’ credit cards
Near-Field Communication (NFC) relay malware has grown massively popular in Eastern Europe, with researchers discovering over 760 malicious Android apps using the technique to steal people’s payment card information in the past few months. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/massive-surge-of-nfc-relay-malware-steals-europeans-credit-cards/
-
Suspected Chinese snoops weaponize unpatched Windows flaw to spy on European diplomats
Expired security cert, real Brussels agenda, plus PlugX malware finish the job First seen on theregister.com Jump to article: www.theregister.com/2025/10/30/suspected_chinese_snoops_abuse_unpatched/
-
Suspected Chinese snoops weaponize unpatched Windows flaw to spy on European diplomats
Expired security cert, real Brussels agenda, plus PlugX malware finish the job First seen on theregister.com Jump to article: www.theregister.com/2025/10/30/suspected_chinese_snoops_abuse_unpatched/
-
LotL Attack Hides Malware in Windows Native AI Stack
Security programs trust AI data files, but they shouldn’t: they can conceal malware more stealthily than most file types. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/lotl-attack-malware-windows-native-ai-stack