Tag: malware
-
Diplomatic entities in Belgium and Hungary hacked in China-linked spy campaign
A cyber-espionage operation attributed to China used the PlugX malware against Belgian and Hungarian diplomatic entities over the last two months, according to a new report. First seen on therecord.media Jump to article: therecord.media/belgium-hungary-diplomatic-entities-hacked-unc6384
-
Open-source AdaptixC2 hacking tool has fans in Russian cybercrime underground
Available on GitHub and promoted to professional penetration testers, the tool AdaptixC2 has been used to spread loader malware associated with Russian ransomware groups, researchers said. First seen on therecord.media Jump to article: therecord.media/open-source-adaptixc2-red-teaming-tool-russian-cybercrime
-
Open-source AdaptixC2 hacking tool has fans in Russian cybercrime underground
Available on GitHub and promoted to professional penetration testers, the tool AdaptixC2 has been used to spread loader malware associated with Russian ransomware groups, researchers said. First seen on therecord.media Jump to article: therecord.media/open-source-adaptixc2-red-teaming-tool-russian-cybercrime
-
Airstalk Malware: Multi-Threaded C2 Steals Windows Logins
Tags: attack, communications, control, cyber, cybersecurity, infrastructure, login, malware, mobile, powershell, supply-chain, threat, windowsCybersecurity researchers have uncovered a sophisticated Windows malware family dubbed Airstalk, which leverages legitimate mobile device management infrastructure to establish covert command-and-control communications and exfiltrate sensitive browser credentials. The malware, available in both PowerShell and .NET variants, has been linked with medium confidence to a nation-state threat actor operating through a likely supply chain attack…
-
Airstalk Malware: Multi-Threaded C2 Steals Windows Logins
Tags: attack, communications, control, cyber, cybersecurity, infrastructure, login, malware, mobile, powershell, supply-chain, threat, windowsCybersecurity researchers have uncovered a sophisticated Windows malware family dubbed Airstalk, which leverages legitimate mobile device management infrastructure to establish covert command-and-control communications and exfiltrate sensitive browser credentials. The malware, available in both PowerShell and .NET variants, has been linked with medium confidence to a nation-state threat actor operating through a likely supply chain attack…
-
ThreatsDay Bulletin: DNS Poisoning Flaw, Supply-Chain Heist, Rust Malware Trick and New RATs Rising
The comfort zone in cybersecurity is gone. Attackers are scaling down, focusing tighter, and squeezing more value from fewer, high-impact targets. At the same time, defenders face growing blind spots — from spoofed messages to large-scale social engineering.This week’s findings show how that shrinking margin of safety is redrawing the threat landscape. Here’s what’s First…
-
PhantomRaven Malware Found in 126 npm Packages Stealing GitHub Tokens From Devs
Tags: attack, authentication, credentials, cybersecurity, github, malicious, malware, software, supply-chainCybersecurity researchers have uncovered yet another active software supply chain attack campaign targeting the npm registry with over 100 malicious packages that can steal authentication tokens, CI/CD secrets, and GitHub credentials from developers’ machines.The campaign has been codenamed PhantomRaven by Koi Security. The activity is assessed to have begun in August 2025, when the first…
-
AtlasExploit ermöglicht Angriff auf ChatGPT-Speicher
Security-Forscher haben eine neue Schwachstelle entdeckt, die den ChatGPT Atlas-Browser von OpenAI betrifft.Nur wenige Tage, nachdem Cybersicherheitsanalysten davor gewarnt hatten, den neuen Atlas-Browser von OpenAI zu installieren, haben Forscher von LayerX Security eine Schwachstelle entdeckt. Die Lücke soll es Angreifen ermöglichen, bösartige Befehle direkt in den ChatGPT-Speicher der Anwender einzuschleusen und Remote-Code auszuführen. Wie Or…
-
AtlasExploit ermöglicht Angriff auf ChatGPT-Speicher
Security-Forscher haben eine neue Schwachstelle entdeckt, die den ChatGPT Atlas-Browser von OpenAI betrifft.Nur wenige Tage, nachdem Cybersicherheitsanalysten davor gewarnt hatten, den neuen Atlas-Browser von OpenAI zu installieren, haben Forscher von LayerX Security eine Schwachstelle entdeckt. Die Lücke soll es Angreifen ermöglichen, bösartige Befehle direkt in den ChatGPT-Speicher der Anwender einzuschleusen und Remote-Code auszuführen. Wie Or…
-
Dynamic binary instrumentation (DBI) with DynamoRio
Learn how to build your own dynamic binary instrumentation (DBI) tool with open-source DynamoRIO to enable malware analysis, security auditing, reverse engineering, and more. First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/dynamic-binary-instrumentation-dbi-with-dynamorio/
-
Invisible npm malware pulls a disappearing act then nicks your tokens
PhantomRaven slipped over a hundred credential-stealing packages into npm First seen on theregister.com Jump to article: www.theregister.com/2025/10/30/phantomraven_npm_malware/
-
Hackers Use NFC Relay Malware to Clone TapPay Android Transactions
A new investigation from mobile security firm Zimperium has revealed a fast-growing cybersecurity threat targeting Android users through… First seen on hackread.com Jump to article: hackread.com/nfc-relay-malware-clone-tap-to-pay-android/
-
Russian-Linked Cyberattacks Continue to Target Ukrainian Organizations
Sandworm targets Ukrainian networks using stealthy, low-malware attacks that exploit legitimate Windows tools to evade detection. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/russian-linked-cyberattacks-continue-to-target-ukrainian-organizations/
-
Attackers exploiting WSUS vulnerability drop Skuld infostealer (CVE-2025-59287)
Attackers have been spotted exploiting the recently patched WSUS vulnerability (CVE-2025-59287) to deploy infostealer malware on unpatched Windows servers. An out-of-band … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/10/30/wsus-vulnerability-infostealer-cve-2025-59287/
-
WordPress security plugin exposes private data to site subscribers
The Anti-Malware Security and Brute-Force Firewall plugin for WordPress, installed on over 100,000 sites, has a vulnerability that allows subscribers to read any file on the server, potentially exposing private information. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/wordpress-security-plugin-exposes-private-data-to-site-subscribers/
-
WordPress security plugin exposes private data to site subscribers
The Anti-Malware Security and Brute-Force Firewall plugin for WordPress, installed on over 100,000 sites, has a vulnerability that allows subscribers to read any file on the server, potentially exposing private information. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/wordpress-security-plugin-exposes-private-data-to-site-subscribers/
-
Russian Hackers Target Government with Stealthy “Livingthe-Land” Tactics
Russian-linked attackers have intensified their targeting of Ukrainian organizations through sophisticated intrusions that rely heavily on legitimate Windows tools rather than malware. The attackers demonstrated remarkable restraint in their malware deployment, instead leveraging living-off-the-land tactics and dual-use tools to evade detection while accomplishing their objectives. A recent investigation by our Threat Hunter Team revealed two…
-
Npm Malware Uses Invisible Dependencies to Infect Dozens of Packages
The ongoing ‘PhantomRaven’ malicious campaign has infected 126 npm packages to date, representing 86,000 downloads First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/npm-malware-invisible-dependencies/
-
Russian Hackers Target Government with Stealthy “Livingthe-Land” Tactics
Russian-linked attackers have intensified their targeting of Ukrainian organizations through sophisticated intrusions that rely heavily on legitimate Windows tools rather than malware. The attackers demonstrated remarkable restraint in their malware deployment, instead leveraging living-off-the-land tactics and dual-use tools to evade detection while accomplishing their objectives. A recent investigation by our Threat Hunter Team revealed two…
-
PureHVNC RAT Distributed via Weaponized Judicial Documents
The campaign leverages judicial document themes to distribute Hijackloader malware, which subsequently deploys PureHVNC remote access trojan (RAT)”, marking the first observed instance where this combination has been used against Spanish-speaking users in Latin America. The campaign represents a significant tactical shift for threat actors operating in the region. Hijackloader, previously documented in campaigns targeting…
-
Malvertising – Neue Analyse enthüllt die komplexen Strukturen von Vane Viper
Tags: malwareFirst seen on security-insider.de Jump to article: www.security-insider.de/vane-viper-bedrohungsakteur-missbraucht-werbeindustrie-a-58dab3eaafa7037522a965b5e14cc9c9/
-
10 npm Packages Caught Stealing Developer Credentials on Windows, macOS, and Linux
Cybersecurity researchers have discovered a set of 10 malicious npm packages that are designed to deliver an information stealer targeting Windows, Linux, and macOS systems.”The malware uses four layers of obfuscation to hide its payload, displays a fake CAPTCHA to appear legitimate, fingerprints victims by IP address, and downloads a 24MB PyInstaller-packaged information stealer that…
-
10 npm Packages Caught Stealing Developer Credentials on Windows, macOS, and Linux
Cybersecurity researchers have discovered a set of 10 malicious npm packages that are designed to deliver an information stealer targeting Windows, Linux, and macOS systems.”The malware uses four layers of obfuscation to hide its payload, displays a fake CAPTCHA to appear legitimate, fingerprints victims by IP address, and downloads a 24MB PyInstaller-packaged information stealer that…
-
Herodotus Android malware mimics human typing to evade detection
Threat Fabric researchers spotted Herodotus Android malware mimicking human typing with random delays to evade detection. Threat Fabric found a new Android malware, named Herodotus, which mimics human typing by adding random delays to evade detection. Herodotus allows operators to takeover devices and bypass behaviour biometrics detection, it is offered as a malware-as-a-service (MaaS). The researchers…
-
XWiki Remote Code Execution Flaw Actively Weaponized for Coinmining
Tags: crypto, cve, cyber, cybersecurity, exploit, flaw, malware, remote-code-execution, software, threat, vulnerabilityA critical security vulnerability in XWiki collaboration software is being actively exploited by threat actors to deploy cryptocurrency mining malware on vulnerable systems. The flaw, tracked as CVE-2025-24893, represents a serious threat to organizations running unpatched XWiki installations. Cybersecurity researchers at VulnCheck have captured concrete evidence of active exploitation through their canary network. CVE Details…
-
XWiki Remote Code Execution Flaw Actively Weaponized for Coinmining
Tags: crypto, cve, cyber, cybersecurity, exploit, flaw, malware, remote-code-execution, software, threat, vulnerabilityA critical security vulnerability in XWiki collaboration software is being actively exploited by threat actors to deploy cryptocurrency mining malware on vulnerable systems. The flaw, tracked as CVE-2025-24893, represents a serious threat to organizations running unpatched XWiki installations. Cybersecurity researchers at VulnCheck have captured concrete evidence of active exploitation through their canary network. CVE Details…
-
3.000 Youtube-Videos als Malware-Köder enttarnt: Wie Gaming-Cheats zur Falle wurden
Tags: malwareFirst seen on t3n.de Jump to article: t3n.de/news/youtube-ghost-network-malware-1713954/