Tag: malware
-
Vidar Stealer Exploits: Direct Memory Attacks Used to Capture Browser Credentials
On October 6, 2025, the cybercriminal developer known as >>Loadbaks
-
Millions of Credentials Stolen Each Day by Stealer Malware
The cybercrime ecosystem surrounding stealer malware has reached unprecedented scale, with threat actors now processing millions of stolen credentials daily through sophisticated distribution networks. Security researchers have been monitoring these operations for nearly a year, revealing an alarming infrastructure that processes victim data at industrial volumes through platforms like Telegram, forums, and social media sites.…
-
New Rust Malware “ChaosBot” Hides CommandControl Inside Discord
A sophisticated, Rust-based malware dubbed ChaosBot has been exposed utilizing the Discord platform for its Command and Control (C2) operations. This isn’t your average botnet; it’s a new generation of threat that hides its malicious traffic by communicating over the popular, legitimate service, making detection significantly more challenging for traditional security tools. ChaosBot operates by…
-
New Rust Malware “ChaosBot” Hides CommandControl Inside Discord
A sophisticated, Rust-based malware dubbed ChaosBot has been exposed utilizing the Discord platform for its Command and Control (C2) operations. This isn’t your average botnet; it’s a new generation of threat that hides its malicious traffic by communicating over the popular, legitimate service, making detection significantly more challenging for traditional security tools. ChaosBot operates by…
-
Russia-linked COLDRIVER speeds up malware evolution after LOSTKEYS exposure
Russia-linked COLDRIVER rapidly evolved its malware since May 2025, refining tools just days after releasing its LOSTKEYS variant, says Google. The Russia-linked hacking group COLDRIVER has been quickly upgrading its malware since May 2025, when its LOSTKEYS malware was exposed. According to Google’s Threat Intelligence Group, the hackers have been rolling out frequent updates and…
-
Dead-Drop Resolvers: Malware’s Quiet Rendezvous and Why Adaptive Defense Matters
At this weekend’s BSides NYC, Dr. Jonathan Fuller, CISO of the U.S. Military Academy at West Point, delivered an extremely clear talk on how modern malware hides its command-and-control (C2) infrastructure through dead-drop resolvers. Fuller, who co-authored Georgia Tech’s VADER project, described how adversaries increasingly use public platforms-GitHub, Dropbox, Pastebin, even blockchain transactions-as-covert meeting points…
-
Self-propagating worm found in marketplaces for Visual Studio Code extensions
Tags: access, application-security, attack, backdoor, backup, best-practice, blockchain, breach, ciso, control, credentials, crime, crypto, cyber, data, data-breach, endpoint, framework, github, gitlab, google, government, identity, incident response, infrastructure, intelligence, least-privilege, login, malicious, malware, marketplace, network, open-source, resilience, risk, sans, security-incident, software, supply-chain, threat, tool, update, wormMarketplaces targeted: The Koi Security report is the latest in a series of warnings that threat actors are increasingly targeting VS Code marketplaces in supply chain attacks. Last week, Koi Security exposed a threat actor dubbed TigerJack spreading malicious extensions. And researchers at Wiz just published research showing the widespread abuse of the OpenVSX and…
-
COLDRIVER APT Bounces Back: Deploys ‘ROBOT’ Malware Family Days After LOSTKEYS Exposure
The post COLDRIVER APT Bounces Back: Deploys ‘ROBOT’ Malware Family Days After LOSTKEYS Exposure appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/coldriver-apt-bounces-back-deploys-robot-malware-family-days-after-lostkeys-exposure/
-
Vidar Stealer 2.0 adds multi-threaded data theft, better evasion
The operators of Vidar Stealer, one of the most successful malware-as-a-service (MaaS) operations of the past decade, have released a new major version to reflect massive improvements in the malware. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/vidar-stealer-20-adds-multi-threaded-data-theft-better-evasion/
-
Russia’s Coldriver Revamps Malware to Evade Detection
Russian Intel Hackers Flexible in Face of Detection. Russia-linked threat group COLDRIVER rapidly replaced its exposed malware with a stealthier PowerShell variant, using fake CAPTCHA prompts and cryptographic key-splitting to evade detection and escalate surveillance on NGOs, dissidents and policy experts, according to new research. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/russias-coldriver-revamps-malware-to-evade-detection-a-29776
-
Google finds Russian state hackers replacing burned malware with new tools
A Russia-linked group tracked as Coldriver or Callisto is using three new pieces of malicious code to replace the LostKeys malware outed by Google earlier this year, the company said. First seen on therecord.media Jump to article: therecord.media/coldriver-callisto-russia-hackers-new-malware-google
-
The Unkillable Threat: How Attackers Turned Blockchain Into Bulletproof Malware Infrastructure
The blockchain was supposed to revolutionize trust. Instead, it’s revolutionizing cybercrime. Every foundational principle that makes blockchain technology secure”, decentralization, immutability, global accessibility”, has been systematically inverted by sophisticated threat actors into the most resilient malware delivery system ever created. Welcome to the era of EtherHiding, where malicious code lives forever on public ledgers, protected…
-
‘PassiveNeuron’ Cyber Spies Target Orgs with Custom Malware
A persistent cyber espionage campaign focused on SQL servers is targeting government, industrial and financial sectors across Asia, Africa, and Latin America. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/-passiveneuron-cyber-spies-target-industrial-financial-orgs
-
PolarEdge Targets Cisco, ASUS, QNAP, Synology Routers in Expanding Botnet Campaign
Cybersecurity researchers have shed light on the inner workings of a botnet malware called PolarEdge.PolarEdge was first documented by Sekoia in February 2025, attributing it to a campaign targeting routers from Cisco, ASUS, QNAP, and Synology with the goal of corralling them into a network for an as-yet-undetermined purpose.The TLS-based ELF implant, at its core,…
-
PassiveNeuron Targets High-Profile Servers to Deploy Malware
A sophisticated cyberespionage campaign dubbed PassiveNeuron has emerged from the shadows after months of dormancy, with security researchers uncovering fresh details about its operations and attack methods. The campaign, first detected in June 2024, has resurfaced with renewed vigor, targeting government, financial and industrial organizations across Asia, Africa and Latin America with previously unknown malware…
-
Russian State-Sponsored COLDRIVER Group Deploys New Malware After Exposure of LOSTKEYS
Following the public disclosure of its LOSTKEYS malware in May 2025, the Russian state-sponsored threat group known as COLDRIVER, also tracked under aliases such as UNC4057, Star Blizzard, and Callisto, has rapidly evolved its cyber operations. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/coldriver-new-malware-after-lostkeys-exposure/
-
Russian State-Sponsored COLDRIVER Group Deploys New Malware After Exposure of LOSTKEYS
Following the public disclosure of its LOSTKEYS malware in May 2025, the Russian state-sponsored threat group known as COLDRIVER, also tracked under aliases such as UNC4057, Star Blizzard, and Callisto, has rapidly evolved its cyber operations. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/coldriver-new-malware-after-lostkeys-exposure/
-
AI-enabled ransomware attacks: CISO’s top security concern, with good reason
Ransomware’s AI-powered future: Although CrowdStrike’s latest survey doesn’t provide a full picture of AI’s use by ransomware gangs, the fact that generative AI is proving highly effective in crafting phishing emails that lead to ransomware infections shows the tip of the iceberg CISOs face.CrowdStrike Field CTO Cristian Rodriguez tells CSO, “We’re seeing AI touch every…
-
New Luma Infostealer Malware Steals Browser Data, Cryptocurrency, and Remote Access Accounts
Luma Infostealer, a malware-as-a-service (MaaS) offering, has emerged as a potent threat targeting high-value credentials such as web browser cookies, cryptocurrency wallets, and VPN/RDP account information. Beyond isolated theft, threat actors are employing Luma in the initial infiltration stages of complex campaigns”, ransomware deployment, account hijacking, and internal network compromise. The stolen data fuels identity…
-
Official Xubuntu website compromised to serve malware
The official website for Xubuntu, a community-maintained >>flavour
-
CISOs’ security priorities reveal an augmented cyber agenda
Tags: access, ai, attack, authentication, automation, awareness, business, cio, ciso, cyber, cybersecurity, data, deep-fake, detection, edr, email, framework, governance, healthcare, incident response, intelligence, malware, microsoft, mssp, phishing, ransomware, risk, service, siem, soc, software, tactics, technology, threat, tool, training, usa, vulnerability, vulnerability-management, zero-trustCSOConsequently, 41% are planning to leverage AI to detect threats, for anomaly detection, and to automate security responses. Other respondents cited plans to leverage AI for malware detection and real-time risk prediction (39%), as well as DLP and improving enterprise system visibility.Further, 40% expect to see AI enhancements as part of their existing security systems,…
-
CISOs’ security priorities reveal an augmented cyber agenda
Tags: access, ai, attack, authentication, automation, awareness, business, cio, ciso, cyber, cybersecurity, data, deep-fake, detection, edr, email, framework, governance, healthcare, incident response, intelligence, malware, microsoft, mssp, phishing, ransomware, risk, service, siem, soc, software, tactics, technology, threat, tool, training, usa, vulnerability, vulnerability-management, zero-trustCSOConsequently, 41% are planning to leverage AI to detect threats, for anomaly detection, and to automate security responses. Other respondents cited plans to leverage AI for malware detection and real-time risk prediction (39%), as well as DLP and improving enterprise system visibility.Further, 40% expect to see AI enhancements as part of their existing security systems,…
-
Cavalry Werewolf APT Targets Multiple Sectors Using FoalShell and StallionRAT
From May to August 2025, an advanced persistent threat group known as Cavalry Werewolf”, also tracked as YoroTrooper and Silent Lynx”, executed a sophisticated attack campaign targeting Russia’s public sector and vital industries such as energy, mining, and manufacturing. The coordinated offensive leveraged trusted relationships for highly targeted spear-phishing and deployed a custom multi-language malware…
-
New LOSTKEYS Malware Tied to Russian State-Sponsored Hacker Group COLDRIVER
Russian state-sponsored threat actor COLDRIVER, long known for targeting high-profile NGOs, policy advisors, and dissidents, has been linked to a rapidly evolving malware campaign following the public disclosure of its LOSTKEYS malware in May 2025. After details of LOSTKEYS surfaced, COLDRIVER (also tracked as UNC4057, Star Blizzard, and Callisto) pivoted away from the compromised malware.…
-
Google Identifies Three New Russian Malware Families Created by COLDRIVER Hackers
A new malware attributed to the Russia-linked hacking group known as COLDRIVER has undergone numerous developmental iterations since May 2025, suggesting an increased “operations tempo” from the threat actor.The findings come from Google Threat Intelligence Group (GTIG), which said the state-sponsored hacking crew has rapidly refined and retooled its malware arsenal merely five days following…
-
Hackers Used Snappybee Malware and Citrix Flaw to Breach European Telecom Network
A European telecommunications organization is said to have been targeted by a threat actor that aligns with a China-nexus cyber espionage group known as Salt Typhoon.The organization, per Darktrace, was targeted in the first week of July 2025, with the attackers exploiting a Citrix NetScaler Gateway appliance to obtain initial access.Salt Typhoon, also known as…
-
Google Identifies Three New Russian Malware Families Created by COLDRIVER Hackers
A new malware attributed to the Russia-linked hacking group known as COLDRIVER has undergone numerous developmental iterations since May 2025, suggesting an increased “operations tempo” from the threat actor.The findings come from Google Threat Intelligence Group (GTIG), which said the state-sponsored hacking crew has rapidly refined and retooled its malware arsenal merely five days following…
-
Hackers Used Snappybee Malware and Citrix Flaw to Breach European Telecom Network
A European telecommunications organization is said to have been targeted by a threat actor that aligns with a China-nexus cyber espionage group known as Salt Typhoon.The organization, per Darktrace, was targeted in the first week of July 2025, with the attackers exploiting a Citrix NetScaler Gateway appliance to obtain initial access.Salt Typhoon, also known as…
-
Russian Coldriver Hackers Deploy New ‘NoRobot’ Malware
The Coldriver hacking group reportedly shifted its operation quickly after the May 2025 public disclosure of its LostKeys malware First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/russian-coldriver-hackers-new/