Collecting Cyber-News from over 60 sources

Tag: malware

Police cleans nearly 15,000 SocGholish-infected sites tied to Evil Corp

Jun 18, 2026 4:34 PM

Tags: botnet, cybercrime, international, law, malware, russia, wordpress

International law enforcement agencies cleaned nearly 15,000 malware-infected WordPress websites and took down more than 100 servers linked to the SocGholish botnet and the Evil Corp Russian cybercrime group. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/law-enforcement-nukes-socgholish-malware-from-nearly-15-000-sites/
DragonForce Ransomware Abused Microsoft Teams to Hide Malware Activity

Jun 18, 2026 3:34 PM

Tags: backdoor, malware, microsoft, ransomware, service

DragonForce ransomware abused Microsoft Teams relay systems to hide a custom backdoor, steal files and encrypt systems at a US services firm. First seen on hackread.com Jump to article: hackread.com/dragonforce-ransomware-microsoft-teams-malware/
DragonForce Ransomware Abused Microsoft Teams to Hide Malware Activity

Jun 18, 2026 3:34 PM

Tags: backdoor, malware, microsoft, ransomware, service

DragonForce ransomware abused Microsoft Teams relay systems to hide a custom backdoor, steal files and encrypt systems at a US services firm. First seen on hackread.com Jump to article: hackread.com/dragonforce-ransomware-microsoft-teams-malware/
Malware attacks strip Roblox developers of entire games

Jun 18, 2026 3:34 PM

Tags: attack, hacker, malware, service

Hackers who once focused on stealing valuable Roblox items are now taking over entire games. Although Roblox operates the service, users can create and publish their own games … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/06/18/roblox-game-takeover-malware-attacks/
Microsoft Confirms RoguePlanet Zero-Day in Defender, Patch Under Development

Jun 18, 2026 2:34 PM

Tags: cve, flaw, malware, microsoft, update, vulnerability, zero-day

Microsoft confirmed the RoguePlanet Defender zero-day (CVE-2026-50656), a privilege escalation flaw, and is developing a security patch. Microsoft has acknowledged the RoguePlanet zero-day affecting Microsoft Defender, tracked as CVE-2026-50656 (CVSS score of 7.8). The vulnerability allows privilege escalation through the Microsoft Malware Protection Engine. The company stated it is aware of the issue and is…
Dropping Elephant Hackers Use China-Themed Loader Chain to Deploy In-Memory RAT

Jun 18, 2026 2:34 PM

Tags: access, attack, china, cyber, gitlab, hacker, infrastructure, malicious, malware, rat, social-engineering

A sophisticated malvertising and social-engineering campaign that pivoted from weaponized GitLab Pages to abusing claude.ai’s shared chat feature, enabling operators to deliver an in-memory remote-access trojan (RAT) via a China-themed loader chain. Across seven weeks (April 8June 14, 2026) investigators tracked 106 unique malicious hostnames across six attack waves, revealing rapid infrastructure rotation, targeted geographic…
Microsoft Confirms RoguePlanet Defender Zero-Day, Says Patch is in Development

Jun 17, 2026 9:02 PM

Tags: cve, malware, microsoft, update, vulnerability, zero-day

Microsoft has formally disclosed that it’s working to release a patch to address a Defender zero-day codenamed RoguePlanet.The vulnerability has now been assigned the CVE identifier CVE-2026-50656 (CVSS score: 7.8), with the tech giant describing it as a privilege escalation flaw.”Microsoft is aware of an elevation of privilege in the Microsoft Malware Protection Engine in…
DragonForce Hid Inside Microsoft Teams and Nobody Noticed for Two Months

Jun 17, 2026 7:02 PM

Tags: backdoor, control, infrastructure, malware, microsoft, network, ransomware, service, threat

DragonForce hid for months by routing malware traffic through Microsoft Teams infrastructure, masking C2 activity and evading network detection. DragonForce ransomware operators hit a major U.S. services firm and stayed hidden for one to two months by routing their command-and-control traffic through Microsoft’s own Teams relay servers. Symantec’s threat hunters tracked the custom backdoor they…
New Rokarolla Android Trojan Targets 217 Banking and Crypto Apps

Jun 17, 2026 2:02 PM

Tags: android, banking, browser, chrome, control, credentials, crypto, finance, malicious, malware

Rokarolla Android malware targets 217 banking and crypto apps, steals credentials, blocks bank calls, intercepts SMS, and disables Play Protect. Zimperium’s zLabs researchers have published a detailed analysis of Rokarolla, a new Android banking trojan named after its command-and-control infrastructure. It spreads through malicious websites masquerading as TikTok and Chrome, one confirmed distribution point being…
Sapphire Sleet macOS Malware Abuses curlosascript Execution for Multi-Stage Payload Delivery

Jun 17, 2026 2:02 PM

Tags: cyber, infection, macOS, malware, update

Sapphire Sleet’s latest macOS campaign uses crafted .scpt AppleScript lures that pipe curl output directly to osascript, enabling a compact, multi-stage payload chain that executes entirely within Script Editor and evades many built”‘in macOS protections. The infection begins with a socially engineered lure fake SDK or update AppleScript files such as Zoom SDK Update.scpt or…
Angriff über Linkedin: Wie ein Entwickler mit KI eine Malware-Attacke entlarvt hat

Jun 17, 2026 2:02 PM

Tags: ai, cyberattack, linkedin, malware, tool

Eine angebliche Recruiterin wollte einem Python-Entwickler über Linkedin Malware unterschieben. Ein KI-Tool half ihm dabei, den Angriff zu vereiteln. First seen on golem.de Jump to article: www.golem.de/news/linkedin-wie-ein-entwickler-mittels-ki-eine-schadcodeattacke-entlarven-konnte-2606-209862.html
Softwareprojekt mit Backdoor: Malware-Attacke über Linkedin mittels KI enttarnt

Jun 17, 2026 1:03 PM

Tags: ai, backdoor, cyberattack, linkedin, malware, tool

Eine angebliche Recruiterin wollte einem Python-Entwickler über Linkedin Malware unterschieben. Ein KI-Tool half ihm dabei, den Angriff zu vereiteln. First seen on golem.de Jump to article: www.golem.de/news/linkedin-wie-ein-entwickler-mittels-ki-eine-schadcodeattacke-entlarven-konnte-2606-209862.html
Malicious JetBrains Plugins Steal AI API Keys as Chrome Extensions Capture Chatbot Chats

Jun 17, 2026 12:02 PM

Tags: ai, api, browser, chrome, cybersecurity, intelligence, malicious, malware, marketplace

Cybersecurity researchers have flagged a “coordinated malware campaign” on the JetBrains Marketplace that has published no less than 15 malicious plugins capable of exfiltrating artificial intelligence (AI) provider keys.”Every plugin poses as an AI coding assistant built on DeepSeek and other large language models, offering chat, commit messages, code review, bug finding, and unit tests,”…
Wie ein Entwickler mittels KI eine Schadcodeattacke entlarven konnte

Jun 17, 2026 12:02 PM

Tags: ai, linkedin, malware, tool

Eine angebliche Recruiterin wollte einem Python-Entwickler über Linkedin Malware unterschieben. Ein KI-Tool half ihm dabei, das rechtzeitig zu erkennen. First seen on golem.de Jump to article: www.golem.de/news/linkedin-wie-ein-entwickler-mittels-ki-eine-schadcodeattacke-entlarven-konnte-2606-209862.html
ClickFix-Kampagnen verbreiten neue Malware-Loader

Jun 17, 2026 11:02 AM

Tags: malware, social-engineering, update

Angreifer nutzen ClickFix-Social-Engineering und gefälschte Updates, um neue Malware-Loader wie BabaDeda, Lorem Ipsum und Potemkin auf Systeme zu bringen. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/clickfix-kampagnen-malware-loader
Steam Workshop Malware Campaign Uses Wallpaper Engine to Steal Accounts and Infect Gamers

Jun 17, 2026 11:02 AM

Tags: backdoor, china, crypto, cyber, exploit, malware

A sophisticated malware campaign has been abusing Steam Workshop’s sharing model to distribute backdoors, infostealers and crypto miners hidden inside Wallpaper Engine packages, primarily targeting gamers in China and Russia. The campaign exploits Wallpaper Engine’s “application” wallpaper type essentially standalone executables that run as animated desktop backgrounds to execute arbitrary code the moment a user…
Hackers Inject Malicious JavaScript Into WordPress Sites to Deploy ErrTraffic ClickFix Lures

Jun 17, 2026 10:02 AM

Tags: cyber, exploit, hacker, malicious, malware, powershell, threat, vulnerability, wordpress

Hackers are injecting malicious JavaScript into compromised WordPress sites to deploy ErrTraffic-powered ClickFix lures, a campaign that achieved nearly 60% victim conversion rates an unprecedented figure in malware ecosystems. Threat actors exploit WordPress vulnerabilities to inject a single line of JavaScript that visually glitches websites, then trick users into executing malicious PowerShell commands under the…
Hackers Inject Malicious JavaScript Into WordPress Sites to Deploy ErrTraffic ClickFix Lures

Jun 17, 2026 10:02 AM

Tags: cyber, exploit, hacker, malicious, malware, powershell, threat, vulnerability, wordpress

Hackers are injecting malicious JavaScript into compromised WordPress sites to deploy ErrTraffic-powered ClickFix lures, a campaign that achieved nearly 60% victim conversion rates an unprecedented figure in malware ecosystems. Threat actors exploit WordPress vulnerabilities to inject a single line of JavaScript that visually glitches websites, then trick users into executing malicious PowerShell commands under the…
Rokarolla Malware Abuses Android Accessibility Services to Steal Banking Credentials

Jun 17, 2026 9:02 AM

Tags: android, banking, control, credentials, crypto, cyber, infrastructure, malicious, malware, service, social-engineering

Rokarolla, a new Android banking trojan named after its Command-and-Control (C2) infrastructure, that combines sophisticated social engineering, broad permissions abuse, and a flexible command set to harvest credentials from 217 targeted banking and cryptocurrency apps. Distributed via malicious websites that masquerade as popular apps (examples include a disguised landing page at hxxps://infocontablidades[.]it[.]com/). Rokarolla uses a…
Malware Uses Deno Permission Flags to Run Commands and Proxy Internal Network Traffic

Jun 17, 2026 8:02 AM

Tags: access, cyber, detection, malware, microsoft, network, social-engineering, threat

A recent intrusion demonstrates how threat actors are shifting toward scripting runtimes to evade traditional detection: attackers delivered a modular Remote Access Trojan (RAT) built on Deno, using social engineering to install a multi-process JavaScript implant that executes commands and proxies internal network traffic. The campaign combined high-volume mailbombing with Microsoft Teams impersonation to trick…
Malware distributed via Steam Workshop wallpapers

Jun 17, 2026 6:02 AM

Tags: malware

First seen on scworld.com Jump to article: www.scworld.com/brief/malware-distributed-via-steam-workshop-wallpapers
North Korean hackers use fake Microsoft alerts to deploy NarwhalRAT malware

Jun 17, 2026 6:02 AM

Tags: hacker, malware, microsoft, north-korea

First seen on scworld.com Jump to article: www.scworld.com/brief/north-korean-hackers-use-fake-microsoft-alerts-to-deploy-narwhalrat-malware
Rokarolla Android Banking Trojan Enables Device Takeover

Jun 17, 2026 1:02 AM

Tags: access, android, banking, control, credentials, crypto, finance, malicious, malware, threat

Malware Targets Banks, Crypto Platforms and Social Media. Newly surfaced Android-based banking Trojan gives threat actors near-total control over infected devices, letting them steal user credentials for direct access to financial accounts, says researchers. Rokarolla tricks users into side-loading malicious versions of popular, high traffic apps. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/rokarolla-android-banking-trojan-enables-device-takeover-a-31996
Fileless Phantom Stealer Targets Browser Credentials

Jun 17, 2026 1:02 AM

Tags: credentials, infection, malware

In addition to executing entirely in memory, the malware’s infection chain incorporates other anti-analysis techniques designed to frustrate detection. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/fileless-phantom-stealer-targets-browser-credentials
Chinese Espionage Actor Abuses Email Rules to Steal Research Data

Jun 17, 2026 12:02 AM

Tags: china, compliance, credentials, data, email, espionage, google, group, intelligence, malware, threat

Threat Actor Silently Forwarded Sensitive Emails Matching Strategic Topics. Google says Chinese espionage group UNC6508 compromised REDCap environments at North American research institutions, deployed custom malware, stole credentials and covertly forwarded strategically relevant emails through abused compliance rules to support long-term intelligence collection. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/chinese-espionage-actor-abuses-email-rules-to-steal-research-data-a-31993
New Rokarolla Android malware targets 217 banking, crypto apps

Jun 16, 2026 11:02 PM

Tags: android, banking, crypto, malware

A new Android banking trojan named Rokarolla is targeting 217 banking and cryptocurrency applications using an extensive set of 137 commands. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-rokarolla-android-malware-targets-217-banking-crypto-apps/
ClickFix Campaigns Expand Malware Delivery With New Loaders and Fake Update Lures

Jun 16, 2026 10:03 PM

Tags: cybersecurity, finance, malware, update

Cybersecurity researchers have flagged multiple ClickFix campaigns that deliver three malware loaders called BabaDeda Loader, Lorem Ipsum Loader, and Potemkin, per independent reports from Morphisec, BlueVoyant, and Huntress, respectively.Attacks involving BabaDeda Loader, observed in April 2026, have targeted education and financial organizations.”Earlier BabaDeda activity was known for First seen on thehackernews.com Jump to article: thehackernews.com/2026/06/clickfix-campaigns-expand-malware.html
Steam Workshop abused to spread malware via Wallpaper Engine app

Jun 16, 2026 9:03 PM

Tags: malware, threat

Threat actors are abusing Steam Workshop, Valve’s community hub for downloading game-related content, to push various malware hidden in wallpaper packages. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/steam-workshop-abused-to-spread-malware-via-wallpaper-engine-app/
Rokarolla Android Trojan Levels Up to Full Device Control, Persistence

Jun 16, 2026 9:03 PM

Tags: android, banking, browser, chrome, control, fraud, malware

The emerging malware, spread via fake TikTok and Chrome downloads, demonstrates an evolution by combining banking fraud with extensive device surveillance and remote control. First seen on darkreading.com Jump to article: www.darkreading.com/endpoint-security/rokarolla-android-trojan
Cybercriminals mask malicious communications through Microsoft Teams relays

Jun 16, 2026 5:01 PM

Tags: communications, control, cybercrime, group, infrastructure, malicious, malware, microsoft, ransomware

The DragonForce ransomware group used a custom malware called Backdoor.Turn to hide command-and-control traffic inside Microsoft Teams relay infrastructure during an intrusion … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/06/16/dragonforce-microsoft-teams-malware-backdoor-turn/