Tag: malware
-
Hacker hijacks Axios open-source project, used by millions, to push malware
A hacker inserted malware in Axios, an open-source web tool downloaded tens of millions of times weekly, in a widespread hack. First seen on techcrunch.com Jump to article: techcrunch.com/2026/03/31/hacker-hijacks-axios-open-source-project-used-by-millions-to-push-malware/
-
Hackers Poison Axios npm Package with 100 Million Weekly Downloads
Axios npm Package compromised in a supply chain attack, exposing developers to malware, data theft, and full system takeover risks worldwide. First seen on hackread.com Jump to article: hackread.com/hackers-poison-axios-npm-package-100m-downloads/
-
Hackers compromise Axios npm package to drop cross-platform malware
Hackers hijacked the npm account of the Axios package, a JavaScript HTTP client with 100M+ weekly downloads, to deliver remote access trojans to Linux, Windows, and macOS systems. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/hackers-compromise-axios-npm-package-to-drop-cross-platform-malware/
-
Foxveil – Neuer Malware-Loader tarnt sich in normalem Webverkehr
Tags: malwareFirst seen on security-insider.de Jump to article: www.security-insider.de/foxveil-malware-loader-cloudflare-discord-netlify-a-221c36257609a5804a7d2d3a3c45271b/
-
Windows Tools Abused to Kill AV Ahead of Ransomware Attacks
Hackers are increasingly turning legitimate Windows administration tools into stealthy weapons to disable antivirus and EDR before launching ransomware, making attacks faster, quieter, and harder to stop. Instead of dropping noisy custom malware upfront, modern operators chain trusted utilities to gain SYSTEM access, kill security processes, and then encrypt at scale. Because many of these…
-
Telegram-Based ResokerRAT Adds Screenshot Capture and Persistence
Hackers are deploying a new Windows malware called ResokerRAT, a Telegram”‘based Remote Access Trojan (RAT) that gives attackers stealthy remote control over infected systems. Instead of relying on a traditional command”‘and”‘control (C2) server, ResokerRAT abuses the Telegram Bot API to receive commands and exfiltrate data, blending in with legitimate encrypted traffic. When the user runs Resoker.exe,…
-
Axios Supply Chain Attack Exposes Developers to Hidden Malware
The Axios supply chain attack that surfaced on March 31, 2026, has raised serious concerns across the JavaScript ecosystem, exposing how a compromised npm Account can be leveraged to distribute malware at scale. The incident involved poisoned releases of the widely used HTTP client library Axios, where attackers exploited a hijacked Axios maintainer account to silently introduce a cross-platform remote access trojan (RAT). First…
-
Google Drive now detects ransomware and helps restore affected files
To help organizations minimize the impact of malware attacks on personal computers, Google launched ransomware detection and file restoration in beta in September 2025. These … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/03/31/google-drive-ransomware-detection-and-file-restoration/
-
Google Introduces Advanced Ransomware Defense and Recovery Features in Drive
Google has officially moved its advanced ransomware detection and file restoration features for Google Drive out of beta, making them generally available to organizations globally. Originally launched for beta testing in September 2025, these security enhancements are designed to minimize the destructive impact of malware attacks on both personal and corporate endpoints. The general availability…
-
NPM-Pakete laden Malware nach: Populärer HTTP-Client Axios kompromittiert
Tags: malwareAxios ist zur Verarbeitung von HTTP-Anfragen in unzählige Softwareprojekte eingebunden. Das NPM-Konto des Maintainers wurde gekapert, um Malware zu verbreiten. First seen on golem.de Jump to article: www.golem.de/news/npm-pakete-laden-malware-nach-populaerer-http-client-axios-kompromittiert-2603-207094.html
-
Tax Filing Scams Used to Deliver Malware in New Cybercrime Campaigns
Cybercriminals are once again exploiting global tax seasons, abusing IRS and tax filing lures to deliver malware, remote monitoring and management (RMM) tools, and credential phishing in a wave of new 2026 campaigns. Security researchers have already tracked more than a hundred tax-themed operations worldwide, with a noticeable increase in the use of legitimate RMM…
-
RoadK1ll Malware Turns Hacked Devices Into Network Relays
Hackers are deploying a new Node. js-based implant dubbed RoadK1ll to quietly turn compromised hosts into on-demand network relays, enabling stealthy pivoting deeper into victim environments without exposing obvious remote access tooling. The implant’s sole purpose is to provide attackers with reliable, flexible access back into an internal network after initial compromise, effectively turning a single infected…
-
GhostSocks Hijacks Devices as Proxy Network for Stealthy Cyberattacks
A newly emerging malware known as GhostSocks is quietly reshaping how attackers evade detection by converting compromised systems into residential proxy nodes. Modern cyberattacks rely heavily on blending into normal network traffic. Residential proxies allow attackers to route malicious activity through legitimate home IP addresses, making it appear as if traffic originates from ordinary users…
-
Cybercriminals Exploit Tax Season With New Phishing Tactics
Tax-season phishing floods deliver RMM malware, credential theft, BEC and tax-form scams First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/tax-season-new-phishing-tactics/
-
Popular AI gateway startup LiteLLM ditches controversial startup Delve
LiteLLM had obtained two security compliance certifications via Delve and fell victim to some horrific credential-stealing malware last week. First seen on techcrunch.com Jump to article: techcrunch.com/2026/03/30/popular-ai-gateway-startup-litellm-ditches-controversial-startup-delve/
-
AI-Powered ‘DeepLoad’ Malware Steals Credentials, Evades Detection
The massive amount of junk code that hides the malware’s logic from security scans was almost certainly generated by AI, researchers say. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/ai-powered-deepload-steals-credentials-evades-detection
-
China-Linked groups target Southeast Asian government with advanced malware in 2025
China-linked groups hit a Southeast Asian government in 2025, deploying multiple malware families in a sophisticated cyber campaign. In 2025, three China-linked threat clusters targeted a Southeast Asian government in a complex, well-funded cyber operation. Threat actors deployed numerous malware types, including HIUPAN, PUBLOAD, EggStremeFuel/Loader, MASOL RAT, PoshRAT, TrackBak Stealer, Hypnosis Loader, and FluffyGh0st, showing…
-
Newly observed malware campaign likely combines AI and ClickFix
Using the techniques in tandem helps hackers evade detection, a security firm said. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/ai-malware-clickfix-deepload/816086/
-
Russian Hackers Deploy “CTRL” for RDP Hijacking
Russian hackers are using a new remote access toolkit called “CTRL” to silently hijack Remote Desktop Protocol (RDP) sessions via FRP-based reverse tunnels, enabling stealthy, hands-on access to compromised Windows systems. The toolkit blends credential theft, keylogging, and RDP abuse into a cohesive post-exploitation framework that currently flies under the radar of public malware scanners…
-
CrySome RAT: Stealthy .NET Malware Adds AV Killer, HVNC Features
CrySome RAT is a newly observed, advanced .NET remote access trojan that combines full”‘featured post”‘exploitation tooling with unusually hardened persistence, AV-killing, and anti”‘removal logic, making it a serious long”‘term threat to Windows environments. The client component (Crysome.Client.exe) communicates with a TCP”‘based C2 operated by CrySome.Server.exe, with debug logging falling back to a Crysome_debug.log path if…
-
DeepLoad Malware Combines ClickFix With AI-Generated Code to Avoid Detection
Researchers at ReliaQuest warn of persistent malware campaign targeting enterprise credentials First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/deepload-malware-clickfix-ai-code/
-
Three China-Linked Clusters Target Southeast Asian Government in 2025 Cyber Campaign
Three threat activity clusters aligned with China have targeted a government organization in Southeast Asia as part of what has been described as a “complex and well-resourced operation.”The campaigns have led to the deployment of various malware families, including HIUPAN (aka USBFect, MISTCLOAK, or U2DiskWatch), PUBLOAD, EggStremeFuel (aka RawCookie), EggStremeLoader (aka Gorem RAT), MASOL First…
-
VoidLink Proves AI-Assisted Malware Is No Longer Experimental
VoidLink shows that AI-assisted malware is now a mature, operational tool rather than a lab experiment, compressing what once required a full team into days of work by a single developer. At the same time, threat actors are cautiously testing self-hosted models, abusing agentic AI architectures, and probing enterprise GenAI usage as a fresh attack…
-
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 90
Tags: attack, browser, chrome, cyber, docker, government, international, iran, malware, software, supply-chainSecurity Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape New Malware Targets Users of Cobra DocGuard Software Government of Iran Cyber Actors Deploy Telegram C2 to Push Malware to Identified Targets Trivy Supply Chain Attack Expands to Compromised Docker Images VoidStealer: Debugging Chrome to Steal…
-
AI Threat Landscape Digest January-February 2026
EY FINDINGS AI-assisted malware development has reached operational maturity.VoidLink framework, which is modular, professionally engineered, and fully functional,was built by a single developer using a commercial AI-powered IDE within a compressedtimeframe. AI-assisted development is no longer experimental but produces deploymentreadyoutput. AI-assisted development is not always obvious from the final product.VoidLink was initially assessed as the…
-
New Infinity Stealer malware grabs macOS data via ClickFix lures
A new info-stealing malware named Infinity Stealer is targeting macOS systems with a Python payload packaged as an executable using the open-source Nuitka compiler. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-infinity-stealer-malware-grabs-macos-data-via-clickfix-lures/
-
Fake Certificate Loader Hides BlankGrabber Malware Chain
BlankGrabber’s operators are now abusing a fake “certificate” loader to hide a multi”‘stage Rust and Python infection chain, making this commodity stealer significantly harder to spot on Windows endpoints. The new technique relies on built”‘in tools such as certutil.exe, heavily obfuscated PyInstaller stubs, and stealthy exfiltration via Telegram and public web services to evade both…