Collecting Cyber-News from over 60 sources

Tag: malware

prompted: Key Insights from the AI Security Practitioners Conference FireTail Blog

Mar 18, 2026 5:10 AM

Tags: ai, api, application-security, attack, automation, conference, cybersecurity, data, defense, detection, exploit, google, infrastructure, injection, LLM, malicious, malware, monitoring, openai, risk, strategy, theft, threat, tool, training, update, vulnerability, zero-day

Mar 17, 2026 – Jeremy Snyder – The State of AI Security: Moving Beyond TheoryThe biggest shift evident at the [un]prompted AI Security Practitioners Conference was the move from purely theoretical discussions about “what could go wrong” to concrete, battle-tested methodologies for “what is going wrong and how we fix it.” It’s clear that AI…
prompted: Key Insights from the AI Security Practitioners Conference FireTail Blog

Mar 18, 2026 5:10 AM

Tags: ai, api, application-security, attack, automation, conference, cybersecurity, data, defense, detection, exploit, google, infrastructure, injection, LLM, malicious, malware, monitoring, openai, risk, strategy, theft, threat, tool, training, update, vulnerability, zero-day

Mar 17, 2026 – Jeremy Snyder – The State of AI Security: Moving Beyond TheoryThe biggest shift evident at the [un]prompted AI Security Practitioners Conference was the move from purely theoretical discussions about “what could go wrong” to concrete, battle-tested methodologies for “what is going wrong and how we fix it.” It’s clear that AI…
FAQ on CVE-2026-21514: OLE bypass N-Day in Microsoft Word

Mar 18, 2026 5:10 AM

Tags: access, ai, apt, attack, awareness, backdoor, cctv, cisa, cloud, control, cve, cyber, cyberattack, data, data-breach, detection, email, endpoint, exploit, flaw, fortinet, google, government, group, healthcare, identity, infrastructure, intelligence, Internet, iran, kev, malicious, malware, microsoft, mitigation, network, office, phishing, remote-code-execution, risk, technology, theft, threat, training, unauthorized, update, vulnerability, windows, zero-day

An N-day vulnerability in Microsoft Word exposes nearly 14 million assets. Attackers can exploit this flaw to bypass security prompts, enabling deployment of malware and establishing persistent access without triggering user warnings. Key takeaways: CVE-2026-21514 is a Microsoft Word n-day that bypasses OLE and Mark-of-the-Web protections, executing payloads silently without triggering user security prompts Tenable’s…
FAQ on CVE-2026-21514: OLE bypass N-Day in Microsoft Word

Mar 18, 2026 5:10 AM

Tags: access, ai, apt, attack, awareness, backdoor, cctv, cisa, cloud, control, cve, cyber, cyberattack, data, data-breach, detection, email, endpoint, exploit, flaw, fortinet, google, government, group, healthcare, identity, infrastructure, intelligence, Internet, iran, kev, malicious, malware, microsoft, mitigation, network, office, phishing, remote-code-execution, risk, technology, theft, threat, training, unauthorized, update, vulnerability, windows, zero-day

An N-day vulnerability in Microsoft Word exposes nearly 14 million assets. Attackers can exploit this flaw to bypass security prompts, enabling deployment of malware and establishing persistent access without triggering user warnings. Key takeaways: CVE-2026-21514 is a Microsoft Word n-day that bypasses OLE and Mark-of-the-Web protections, executing payloads silently without triggering user security prompts Tenable’s…
Operation Epic Fury: Why exposure data changes everything about Iran’s cyber-kinetic campaign

Mar 18, 2026 5:10 AM

Tags: access, ai, api, apt, attack, backdoor, breach, cctv, cisa, cloud, country, cve, cvss, cyber, cybersecurity, data, data-breach, ddos, detection, dns, espionage, exploit, firewall, flaw, fortinet, government, group, healthcare, identity, infrastructure, intelligence, Internet, iot, iran, kev, malware, microsoft, military, network, office, phishing, radius, remote-code-execution, risk, strategy, supply-chain, technology, threat, unauthorized, update, vpn, vulnerability, warfare, windows

Iran’s retaliatory campaign following Operation Epic Fury has collapsed the boundary between physical and digital warfare. Tenable’s exposure data analysis across seven target countries reveals that the largest exploitable attack surface isn’t the headline threat, it’s a Microsoft Word N-day affecting nearly 14 million assets. Key takeaways: Exposure data rebalances the threat picture. A Microsoft…
Operation Epic Fury: Why exposure data changes everything about Iran’s cyber-kinetic campaign

Mar 18, 2026 5:10 AM

Tags: access, ai, api, apt, attack, backdoor, breach, cctv, cisa, cloud, country, cve, cvss, cyber, cybersecurity, data, data-breach, ddos, detection, dns, espionage, exploit, firewall, flaw, fortinet, government, group, healthcare, identity, infrastructure, intelligence, Internet, iot, iran, kev, malware, microsoft, military, network, office, phishing, radius, remote-code-execution, risk, strategy, supply-chain, technology, threat, unauthorized, update, vpn, vulnerability, warfare, windows

Iran’s retaliatory campaign following Operation Epic Fury has collapsed the boundary between physical and digital warfare. Tenable’s exposure data analysis across seven target countries reveals that the largest exploitable attack surface isn’t the headline threat, it’s a Microsoft Word N-day affecting nearly 14 million assets. Key takeaways: Exposure data rebalances the threat picture. A Microsoft…
FBI seeks victims of Steam games used to spread malware

Mar 18, 2026 5:10 AM

Tags: malware

First seen on thesecurityblogger.com Jump to article: www.thesecurityblogger.com/fbi-seeks-victims-of-steam-games-used-to-spread-malware/
More Attackers Are Logging In, Not Breaking In

Mar 18, 2026 12:11 AM

Tags: ai, credentials, malware, theft

Credential theft soared in the second half of 2025, thanks in part to the industrialization of infostealer malware and AI-enabled social engineering. First seen on darkreading.com Jump to article: www.darkreading.com/identity-access-management-security/more-attackers-logging-in-not-breaking-in
Hijacked npm Packages Deliver Malware via Solana, Linked to Glassworm

Mar 18, 2026 12:11 AM

Tags: malicious, malware

<div cla Sonatype Security Research has identified two hijacked npm packages in the React Native ecosystem that receive more than 30,000 downloads collectively per week and were modified to deliver multi-stage malware. Sonatype is tracking the malicious packages as sonatype-2026-001153. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/hijacked-npm-packages-deliver-malware-via-solana-linked-to-glassworm/
GlassWorm malware hits 400+ code repos on GitHub, npm, VSCode, OpenVSX

Mar 17, 2026 11:10 PM

Tags: attack, github, malware, supply-chain

The GlassWorm supply-chain campaign has returned with a new, coordinated attack that targeted hundreds of packages, repositories, and extensions on GitHub, npm, and VSCode/OpenVSX extensions. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/glassworm-malware-hits-400-plus-code-repos-on-github-npm-vscode-openvsx/
ClickFix Attack Targets Devs with MacSync Malware via Fake Claude Tools

Mar 17, 2026 5:10 PM

Tags: ai, attack, cybersecurity, data, fraud, google, hacker, malware, tool

Cybersecurity researchers at 7AI have revealed a new Claude Fraud campaign in which hackers use fake AI extensions and Google ads to steal data from tech professionals. First seen on hackread.com Jump to article: hackread.com/clickfix-attack-devs-macsync-malware-fake-claude-tools/
LeakNet ransomware uses ClickFix, Deno runtime in stealthy attacks

Mar 17, 2026 2:10 PM

Tags: access, attack, corporate, malware, open-source, ransomware

The LeakNet ransomware gang is now using the ClickFix technique for initial access into corporate environments and deploys a malware loader based on the open-source Deno runtime for JavaScript and TypeScript. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/leaknet-ransomware-uses-clickfix-and-deno-runtime-for-stealthy-attacks/
Chinesische APT-Gruppe Camaro Dragon nutzt Nahost-Konflikt für Malware-Kampagne gegen Katar aus

Mar 17, 2026 1:09 PM

Tags: apt, cyberattack, mail, malware, software

Check Point Research (CPR), die Sicherheitsforschungsabteilung von Check Point Software Technologies hat eine Malware-Kampagne beobachtet, die sich an Ziele in Katar richtet und Foto-Archive mit Bildern aus dem Konflikt in Nahost als Lockmittel nutzt, um Malware einzuschleusen. Kurz nach Beginn der Angriffe am 1. März beobachtete CPR gezielte, mutmaßlich per E-Mail durchgeführte Kampagnen gegen Einrichtungen…
Mysteriöse Malware: Angreifer kapern Github-Projekte und verbreiten Schadcode

Mar 17, 2026 1:09 PM

Tags: exploit, github, malware

Eine Kampagne mit verschlüsselter Malware hat es auf Python-Entwickler abgesehen – allerdings nur, wenn die nicht in Russland sitzen. First seen on golem.de Jump to article: www.golem.de/news/mysterioese-malware-angreifer-kapern-github-projekte-und-verbreiten-schadcode-2603-206592.html
Google cracks down on Android apps abusing accessibility

Mar 17, 2026 12:11 PM

Tags: android, google, malware

Malware has been abusing Android’s accessibility features for years. Google just made that a lot harder. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/google-cracks-down-on-android-apps-abusing-accessibility/
Google cracks down on Android apps abusing accessibility

Mar 17, 2026 12:11 PM

Tags: android, google, malware

Malware has been abusing Android’s accessibility features for years. Google just made that a lot harder. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/google-cracks-down-on-android-apps-abusing-accessibility/
Glassworm Malware Infects Popular React Native npm Packages

Mar 17, 2026 12:11 PM

Tags: attack, country, credentials, cyber, international, malicious, malware, phone, supply-chain, windows

A new Glassworm-linked supply chain attack has briefly turned two popular React Native npm packages into delivery vehicles for Windows credential-stealing malware. On March 16, 2026, malicious versions of AstrOOnauta’s react-native-country-select@0.3.91 and react-native-international-phone-number@0.11.8 were published to npm, each embedding an identical staged loader that executes during a routine npm install. Together, these packages account for…
Glassworm Malware Infects Popular React Native npm Packages

Mar 17, 2026 12:11 PM

Tags: attack, country, credentials, cyber, international, malicious, malware, phone, supply-chain, windows

A new Glassworm-linked supply chain attack has briefly turned two popular React Native npm packages into delivery vehicles for Windows credential-stealing malware. On March 16, 2026, malicious versions of AstrOOnauta’s react-native-country-select@0.3.91 and react-native-international-phone-number@0.11.8 were published to npm, each embedding an identical staged loader that executes during a routine npm install. Together, these packages account for…
Konni Deploys EndRAT Through Phishing, Uses KakaoTalk to Propagate Malware

Mar 17, 2026 12:11 PM

Tags: access, email, group, hacking, intelligence, malicious, malware, north-korea, phishing, spear-phishing, threat

North Korean threat actors have been observed sending phishing to compromise targets and obtain access to a victim’s KakaoTalk desktop application to distribute malicious payloads to certain contacts.The activity has been attributed by South Korean threat intelligence firm Genians to a hacking group referred to as Konni.”Initial access was achieved through a spear-phishing email disguised…
Check Point analysiert neue Malware-Kampagne – Cyberangreifer nutzen den Nahost-Konflikt

Mar 17, 2026 11:10 AM

Tags: malware

Die aktuellen Kampagnen verdeutlichen einmal mehr, wie flexibel und opportunistisch moderne Cyberangreifer agieren. Sie nutzen nicht nur technische Schwachstellen. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/check-point-analysiert-neue-malware-kampagne-cyberangreifer-nutzen-den-nahost-konflikt/a44160/
Attack on Stryker’s Microsoft environment wiped employee devices without malware

Mar 17, 2026 10:09 AM

Tags: attack, cyberattack, malware, microsoft, technology

The recent cyberattack on Stryker wiped tens of thousands of employee devices through its Microsoft environment, and systems are still offline. A recent cyberattack on medical technology giant Stryker targeted its internal Microsoft environment and remotely wiped tens of thousands of employee devices without using malware. The company confirmed that its medical devices were not…
FBI Investigates Steam Games Linked to Malware and Crypto Wallet Theft

Mar 17, 2026 12:09 AM

Tags: crypto, data, malware, theft

FBI warns gamers after malware hidden in several Steam games stole browser data and drained cryptocurrency wallets between May 2024 and January 2026. First seen on hackread.com Jump to article: hackread.com/fbi-investigate-steam-games-malware-crypto-theft/
GlassWorm Malware Evolves to Hide in Dependencies

Mar 16, 2026 11:10 PM

Tags: malicious, malware

Researchers have identified dozens of malicious GlassWorm extensions that come with new evasion techniques. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/glassworm-malware-evolves-hide-dependencies
Russia-linked APT uses DRILLAPP backdoor to spy on Ukrainian targets

Mar 16, 2026 10:10 PM

Tags: apt, backdoor, group, malware, microsoft, russia, spy, threat, ukraine

Russia-linked threat actors target Ukrainian entities with DRILLAPP backdoor and use Edge debugging for stealth. A new DRILLAPP backdoor campaign targets Ukrainian organizations, abusing Microsoft Edge debugging to evade detection. Observed in February 2026, it shows links to previous Russian-aligned operations by Laundry Bear APT group (aka UAC-0190, Void Blizzard) using the PLUGGYAPE malware family…
Stryker attack wiped tens of thousands of devices, no malware needed

Mar 16, 2026 9:10 PM

Tags: attack, cyberattack, malware, microsoft, technology

Last week’s cyberattack on medical technology giant Stryker was limited to its internal Microsoft environment and remotely wiped tens of thousands of employee devices. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/stryker-attack-wiped-tens-of-thousands-of-devices-no-malware-needed/
GlassWorm Attack Uses Stolen GitHub Tokens to Force-Push Malware Into Python Repos

Mar 16, 2026 9:10 PM

Tags: attack, breach, github, malware, ml, pypi

The GlassWorm malware campaign is being used to fuel an ongoing attack that leverages the stolen GitHub tokens to inject malware into hundreds of Python repositories.”The attack targets Python projects, including Django apps, ML research code, Streamlit dashboards, and PyPI packages, by appending obfuscated code to files like setup.py, main.py, and app.py,” StepSecurity said. “Anyone…
FBI launches inquiry into Steam games spreading malware

Mar 16, 2026 5:09 PM

Tags: malware

The FBI is asking gamers who installed malware-infected Steam games between May 2024 and January 2026 to come forward as part of an ongoing investigation. The FBI is seeking gamers who downloaded Steam games later found to contain malware. According to a notice from the FBI’s Seattle Division, investigators are trying to identify victims who…
CamelClone Uses Public File-Sharing Sites in Government Cyberattacks

Mar 16, 2026 3:10 PM

Tags: cyber, cyberattack, data, espionage, government, malware, tool

A new cyber espionage campaign dubbed Operation CamelClone, targeting government and strategic sectors across several geopolitically significant regions. The campaign abuses legitimate tools and public file”‘sharing platforms to deliver malware and steal sensitive data, making it harder for defenders to detect. The operation primarily targets organizations linked to government and national security interests. Industries affected…
GlassWorm Campaign Expands Through Malicious Open VSX Extensions

Mar 16, 2026 2:09 PM

Tags: malicious, malware

A large-scale malicious campaign tied to GlassWorm has expanded within the ecosystem of open VSX extensions, introducing a method of spreading malware through developer tools. Researchers identified at least 72 additional malicious open VSX extensions beginning January 31, 2026, including several that function as transitive GlassWorm loader extensions aimed at developers. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/glassworm-malicious-campaign/
Open VSX extensions hijacked: GlassWorm malware spreads via dependency abuse

Mar 16, 2026 1:10 PM

Tags: ai, blockchain, control, exploit, infrastructure, malicious, malware, software, supply-chain, tool, update

The evolving GlassWorm: Earlier research into the GlassWorm operation has revealed techniques such as heavy code obfuscation, the use of Unicode characters to hide malicious logic, and infrastructure that retrieves command-and-control servers through blockchain transactions, making the campaign more resilient to takedowns.The latest wave also mimics widely used developer tools to maximise installation chances. “The…