Tag: malware
-
Backdoored Telnyx PyPI package pushes malware hidden in WAV audio
TeamPCP hackers compromised the Telnyx package on the Python Package Index today, uploading malicious versions that deliver credential-stealing malware hidden inside a WAV file. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/backdoored-telnyx-pypi-package-pushes-malware-hidden-in-wav-audio/
-
Fake VS Code alerts on GitHub spread malware to developers
A large-scale campaign is targeting developers on GitHub with fake Visual Studio Code (VS Code) security alerts posted in the Discussions section of various projects, to trick users into downloading malware. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/fake-vs-code-alerts-on-github-spread-malware-to-developers/
-
Hackers Target South Asian Financial Firm with BRUSHWORM and BRUSHLOGGER Attacks
A South Asian financial institution has been hit by a custom malware toolkit combining a modular backdoor, dubbed BRUSHWORM, and a DLL side”‘loaded keylogger known as BRUSHLOGGER. The attackers relied on a backdoor initially named paint.exe and a keylogger masquerading as libcurl.dll, both of which lacked advanced packing or obfuscation. BRUSHWORM acts as the primary implant, handling…
-
Hackers Deploy USB Malware, RATs, and Stealers in Southeast Asian Government Attacks
A multi-cluster cyberespionage operation in which attackers used USB-propagated malware, multiple RATs, loaders, and a custom stealer to target a Southeast Asian government organization between June and August 2025. Analysts initially observed USB-borne malware dubbed USBFect (also known as HIUPAN), which spreads through removable drives and deploys the PUBLOAD backdoor for lateral movement. Further telemetry revealed two…
-
Phishing ZIP Files Used to Deploy PXA Stealer Targeting Financial Firms
A sharp rise in PXA Stealer campaigns targeting global financial institutions during the first quarter of 2026. The activity marks a notable shift in the infostealer landscape, with PXA Stealer filling the gap left by the takedowns of major malware families such as Lumma, Rhadamanthys, and RedLine in 2025. Researchers estimate that PXA Stealer activity…
-
Hackers Implant Stealthy BPFdoor Backdoors in Telecom Networks for Persistent Access
A China-nexus threat actor known as Red Menshen is planting stealthy backdoors deep inside global telecommunications networks. According to a recent investigation by Rapid7 Labs, this long-term espionage campaign utilises a highly evasive Linux kernel malware called BPFdoor. Instead of launching noisy, disruptive attacks, these hackers are building dormant sleeper cells in the telecom backbone.…
-
China Upgrades the Backdoor It Uses to Spy on Telcos Globally
Chinese APT Red Menshen’s super-advanced BPFdoor malware defeats traditional cybersecurity protections. All telcos can do, really, is try hunting it down. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/china-upgrades-backdoor-spy-telcos
-
Coruna, DarkSword & Democratizing Nation-State Exploit Kits
Nation-state malware is being sold on the Dark Web and leaked to GitHub; and ordinary organizations might not stand much of a chance of defending themselves. First seen on darkreading.com Jump to article: www.darkreading.com/endpoint-security/coruna-darksword-democratizing-nation-state-exploit-kits
-
AitM Phishing Targets TikTok Business Accounts Using Cloudflare Turnstile Evasion
Threat actors are using adversary-in-the-middle (AitM) phishing pages to seize control of TikTok for Business accounts in a new campaign, according to a report from Push Security.Business accounts associated with social media platforms are a lucrative target, as they can be weaponized by bad actors for malvertising and distributing malware.”TikTok has been historically abused to…
-
AitM Phishing Targets TikTok Business Accounts Using Cloudflare Turnstile Evasion
Threat actors are using adversary-in-the-middle (AitM) phishing pages to seize control of TikTok for Business accounts in a new campaign, according to a report from Push Security.Business accounts associated with social media platforms are a lucrative target, as they can be weaponized by bad actors for malvertising and distributing malware.”TikTok has been historically abused to…
-
TeamPCP Targets Telnyx Package in Latest PyPI Software Supply Chain Attack
Socket and Endor Labs discovered a new TeamPCP campaign leading to the delivery of credential-stealing malware First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/teampcp-targets-telnyx-pypi-package/
-
Hochentwickelte PlugX-Malware nutzt Nahostkonflikt als Lockmittel
Seit dem 1. März 2026 beobachten die Zscaler Sicherheitsexperten von ThreatLabz eine neue Angriffswelle mit einer Variante der berüchtigten PlugX-Backdoor Malware First seen on infopoint-security.de Jump to article: www.infopoint-security.de/hochentwickelte-plugx-malware-nutzt-nahostkonflikt-als-lockmittel/a44369/
-
PlugX-Malware nutzt geopolitische Spannungen aus
Seit Anfang März 2026 beobachten Sicherheitsexperten von ThreatLabz eine neue Welle gezielter Malware-Angriffe in der Golfregion. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/plugx-malware-geopolitische-spannungen
-
Digitale Schläferzellen: Versteckte Linux-Malware in Telko-Netzwerken entdeckt
Forscher haben Netze von Telko-Providern untersucht und eine versteckte Backdoor-Malware gefunden. Hacker sollen damit Spionage betreiben. First seen on golem.de Jump to article: www.golem.de/news/digitale-schlaeferzellen-versteckte-linux-malware-in-telko-netzwerken-entdeckt-2603-207004.html
-
Iran-Krieg als Aufhänger: Cyberkriminelle missbrauchen geopolitische Ereignisse für Malware-Attacken auf Geschäftskommunikation
First seen on datensicherheit.de Jump to article: www.datensicherheit.de/iran-krieg-aufhaenger-cyberkriminell-missbrauch-geopolitik-ereignis-malware-attacken-geschaeftskommunikation
-
New AITM phishing wave hijacks TikTok Business accounts
A new AITM phishing campaign targets TikTok Business accounts to hijack them for malvertising, continuing tactics seen in earlier Google-themed scams. Push Security researchers uncovered a new wave of AITM phishing pages targeting TikTok for Business accounts, aiming to hijack them for malvertising. The campaign includes TikTok and Google-themed fake pages, showing links to previous…
-
TeamPCP strikes again: Backdoored Telnyx PyPI package delivers malware
TeamPCP continues is supply chain compromise rampage, with telnyx on PyPI being the latest maliciously modified package. What happened? Telnyx is a widely used software … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/03/27/teampcp-telnyx-supply-chain-compromise/
-
Breach Roundup: Tycoon2FA Phishing Platform Rebounds
Tags: 2fa, attack, breach, data, data-breach, healthcare, iran, malware, north-korea, oracle, phishing, ransomware, russiaAlso, Russian Signal Phishing, Iran-Linked Malware, Breaches in Spain and France. This week, Tycoon 2FA, Trio-Tech, messaging app spying and a ransomware broker sentenced. Iran-linked hackers. Mazda disclosed a breach. Oracle patched a flaw. North Korean actors weaponized VS Code, a Spanish port ransomware attack, a French teacher data breach and a healthcare firm victim…
-
LiteLLM Hit in Cascading Supply-Chain Attack
Stolen Credentials From Trivy Breach Let Hackers Push Malware to PyPI. Threat group TeamPCP exploited credentials stolen in the Trivy breach to push malicious versions of LiteLLM to PyPI, exposing developers to credential theft, persistent backdoors and lateral movement tools within hours of publication. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/litellm-hit-in-cascading-supply-chain-attack-a-31210
-
Alleged RedLine malware developer extradited to US, faces up to 30 years
Hambardzum Minasyan appeared in an Austin federal court on Tuesday and was indicted on charges of conspiracy to commit access device fraud, conspiracy to violate the Computer Fraud and Abuse Act and conspiracy to commit money laundering. First seen on therecord.media Jump to article: therecord.media/redline-malware-developer-extradited-to-us-faces-30-years
-
New ClickFix Attack Exploits Windows Run Dialog and macOS Terminal to Deploy Malware
Threat actors are standardizing a powerful ClickFix-based attack that abuses the Windows Run dialog box and macOS Terminal to deliver malware while sidestepping traditional browser protections. Insikt Group has tracked five distinct ClickFix activity clusters active since at least May 2024, with lures impersonating brands such as Intuit QuickBooks and Booking.com. Using Recorded Future’s HTML…
-
New PXA Stealer Malware Targets Banks, Uses Telegram to Exfiltrate Data
CyberProof researchers have detected a 10% surge in PXA Stealer attacks targeting financial institutions in Q1 2026. Learn… First seen on hackread.com Jump to article: hackread.com/financial-firms-rise-pxa-stealer-attacks/
-
Second RedLine infostealer operator ends up in US custody
Tags: malwareHambardzum Minasyan, an Armenian man extradited to the United States, is accused of conspiring with others to develop and operate the RedLine infostealer malware used to steal … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/03/26/redline-infostealer-developer-extradited-us-charged/
-
Iran-Krieg wird für Malware-infizierte Geschäftskommunikation genutzt
Seit Ende Februar 2026 registrieren die Bitdefender Labs eine spürbare Zunahme von Cyberangriffen im Nahen Osten. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/iran-krieg-malware-geschaeftskommunikation
-
Hochentwickelte PlugXKampagne nutzt den aktuellen Nahostkonflikt als Köder
Kurz nach dem Aufflammen der kriegerischen Auseinandersetzungen in der Region des Persischen Golfs machten sich Bedrohungsakteure diesen Konflikt bereits für eine virtuelle Angriffskampagne zunutze. Die Sicherheitsexperten von Threatlabz beobachten seit dem 1. März 2026 einen neuen Cyberangriff zur Auslieferung einer PlugX-Backdoor-Variante. Aufbauend auf den aufgedeckten Tools, Techniken und Prozessen der Multi-Stage-Kampagne schreiben die Analysten des…
-
GhostClaw AI Malware Targets macOS Users with Credential-Stealing Payloads
GhostClaw is a multi-stage macOS infostealer that now abuses both GitHub and AI-assisted development workflows to harvest credentials and deploy secondary payloads, significantly widening its potential victim base. Jamf Threat Labs has since expanded on this work, uncovering at least eight additional samples hosted in GitHub repositories that impersonate trading bots, SDKs, and developer tools.…
-
GitHub phishers use fake OpenClaw tokens to drain crypto wallets
Smart, obfuscated malware code: According to OX, the malicious phishing and wallet-stealing code is “highly obfuscated” and resides within the “eleven.js” JavaScript file in the repository.The threat actor used “watery-compost[.]today” to host a C2 server to collect information (including wallet address, transaction value, and name) and drain wallets once they were connected. Commands used by…
-
Suspected Hijacked Developer Accounts Spread npm Malware
Sonatype uncovers a sophisticated malware campaign using hijacked npm developer accounts to steal API keys and passwords. Is your dev environment at risk? First seen on hackread.com Jump to article: hackread.com/suspected-hijacked-developer-accounts-npm-malware/
-
Suspected RedLine infostealer malware admin extradited to US
Tags: malwareAn Armenian suspect was extradited to the United States to face criminal charges for allegedly helping manage RedLine, one of the most prolific infostealer malware operations in recent years. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/suspected-redline-infostealer-administrator-extradited-to-us/