Collecting Cyber-News from over 60 sources

Tag: malware

Hive0163 Ransomware Operators Use AI-Generated Slopoly Malware

Mar 13, 2026 9:10 AM

Tags: ai, malware, ransomware

Researchers have identified a suspected case of AI-generated malware being used during a ransomware attack. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/slopoly-ai-generated-malware/
Iran-Linked Handala Ramps Up Wiper Attacks on Israeli, Western Targets

Mar 13, 2026 8:11 AM

Tags: attack, business, cyber, intelligence, iran, malware, risk

Tracking an increased risk of wiper attacks related to the conflict with Iran, including multiple related incidents impacting organizations in Israel and the US. For the latest intelligence on cyberattacks. The campaign uses destructive “wiper” malware designed to erase systems and disrupt business operations permanently. Security experts believe these activities are part of a broader…
Authorities Disrupt SocksEscort Proxy Botnet Exploiting 369,000 IPs Across 163 Countries

Mar 13, 2026 8:11 AM

Tags: botnet, business, exploit, international, Internet, law, malware, router, service

A court-authorized international law enforcement operation has dismantled a criminal proxy service named SocksEscort that enslaved thousands of residential routers worldwide into a botnet for committing large-scale fraud.”SocksEscort infected home and small business internet routers with malware,” the U.S. Department of Justice (DoJ) said. “The malware allowed SocksEscort to direct internet First seen on thehackernews.com…
Fileless Remcos RAT Attack Uses JavaScript and PowerShell to Slip Past Detection

Mar 13, 2026 7:09 AM

Tags: attack, cyber, defense, detection, malware, powershell, rat, windows

A recent Remcos RAT campaign showcases how commodity malware has fully embraced fileless, multi”‘stage execution to bypass traditional defenses and remain stealthy on compromised Windows systems. Instead of dropping a static executable to disk, the operators rely on JavaScript, PowerShell, and a managed .NET injector to execute Remcos entirely in memory, dramatically reducing forensic artifacts…
Telus Digital hit with massive data breach

Mar 13, 2026 5:09 AM

Tags: access, breach, business, credentials, cyber, cybersecurity, data, data-breach, defense, detection, encryption, exploit, extortion, group, identity, incident response, law, malware, mfa, mitigation, monitoring, network, ransomware, risk, theft, threat, unauthorized, vulnerability

CSO on Thursday, Telus Digital said it is “investigating a cybersecurity incident involving unauthorized access to a limited number of our systems. Upon discovery, we took immediate steps to address the unauthorized activity and secure our systems against further intrusion. We are actively managing the situation and continue to monitor it closely.”The statement went on…
Telus Digital hit with massive data breach

Mar 13, 2026 5:09 AM

Tags: access, breach, business, credentials, cyber, cybersecurity, data, data-breach, defense, detection, encryption, exploit, extortion, group, identity, incident response, law, malware, mfa, mitigation, monitoring, network, ransomware, risk, theft, threat, unauthorized, vulnerability

CSO on Thursday, Telus Digital said it is “investigating a cybersecurity incident involving unauthorized access to a limited number of our systems. Upon discovery, we took immediate steps to address the unauthorized activity and secure our systems against further intrusion. We are actively managing the situation and continue to monitor it closely.”The statement went on…
China-nexus Threat Actor Targets Persian Gulf Region With PlugX

Mar 13, 2026 1:10 AM

Tags: access, api, attack, backdoor, china, cloud, control, data, dns, dos, group, Hardware, injection, iran, malicious, malware, microsoft, middle-east, reverse-engineering, service, social-engineering, software, startup, threat, tool, update, windows

IntroductionOn March 1, 2026, ThreatLabz observed new activity from a China-nexus threat actor targeting countries in the Persian Gulf region. The activity took place within the first 24 hours of the renewed conflict in the Middle East. The threat actor quickly weaponized the theme of the conflict, using an Arabic-language document lure depicting missile attacks for…
US, Europol disrupt SocksEscort network that exploited thousands of residential routers

Mar 12, 2026 11:10 PM

Tags: access, cybercrime, exploit, malware, network, router

The SocksEscort proxy network allowed cybercriminals to purchase access to routers infected with malware, which they used to conceal their location and IP addresses. First seen on therecord.media Jump to article: therecord.media/us-europol-disrupt-socksescort-network
AI-generated Slopoly malware used in Interlock ransomware attack

Mar 12, 2026 10:09 PM

Tags: ai, attack, data, malware, ransomware, threat, tool

A new malware strain dubbed Slopoly, likely created using generative AI tools, allowed a threat actor to remain on a compromised server for more than a week and steal data in an Interlock ransomware attack. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/ai-generated-slopoly-malware-used-in-interlock-ransomware-attack/
Rust-Based VENON Malware Targets 33 Brazilian Banks with Credential-Stealing Overlays

Mar 12, 2026 8:10 PM

Tags: banking, credentials, cybercrime, cybersecurity, finance, malware, rust, windows

Cybersecurity researchers have disclosed details of a new banking malware targeting Brazilian users that’s written in Rust, marking a significant departure from other known Delphi-based malware families associated with the Latin American cybercrime ecosystem.The malware, which is designed to infect Windows systems and was first discovered last month, has been codenamed VENON by Brazilian First…
Hive0163 Uses AI-Assisted Slopoly Malware for Persistent Access in Ransomware Attacks

Mar 12, 2026 8:10 PM

Tags: access, ai, attack, cybersecurity, framework, intelligence, malware, ransomware, threat

Cybersecurity researchers have disclosed details of a suspected artificial intelligence (AI)-generated malware codenamed Slopoly put to use by a financially motivated threat actor named Hive0163.”Although still relatively unspectacular, AI-generated malware such as Slopoly shows how easily threat actors can weaponize AI to develop new malware frameworks in a fraction of the time it used to…
The Threat Within: How Intelligent Detection Prevented a Potential Internal Malware Incident

Mar 12, 2026 7:10 PM

Tags: detection, firewall, intelligence, malware, network, threat

Executive Overview Organizations often focus heavily on defending their perimeter against external attackers. Firewalls, threat intelligence feeds, and intrusion prevention systems are designed to stop threats attempting to break in from outside the network. However, experienced security professionals understand an important reality. Threats that originate from within the network can sometimes be more dangerous than…
US disrupts SocksEscort proxy network powered by Linux malware

Mar 12, 2026 6:10 PM

Tags: cybercrime, law, linux, malware, network

Law enforcement agencies in the U.S. and Europe along with private partners have disrupted the SocksEscort cybercrime proxy network that used only edge devices compromised via the AVRecon malware for Linux. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/us-disrupts-socksescort-proxy-network-powered-by-linux-malware/
PixRevolution Malware Hijacks Brazil’s PIX Transfers in Real Time

Mar 12, 2026 6:10 PM

Tags: android, malware

PixRevolution Android trojan hijacks Brazil’s PIX payments in real time using accessibility abuse First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/pixrevolution-malware-brazils-pix/
Fake government and Starlink apps used in malware campaign targeting Brazil

Mar 12, 2026 3:10 PM

Tags: cybersecurity, government, Internet, kaspersky, malware, russia, service

The malware, dubbed BeatBanker by Russian cybersecurity firm Kaspersky, infects smartphones through fake applications that mimic legitimate services, including the Starlink satellite internet app and the Brazilian government portal INSS Reembolso. First seen on therecord.media Jump to article: therecord.media/fake-gov-apps-malware-android-brazil
MacOS-Nutzer verstärkt im Visier von Social-Engineering-Attacken

Mar 12, 2026 3:10 PM

Tags: exploit, macOS, malware, social-engineering, software, sophos

Sophos-X-Ops stellt einen Anstieg von Clickfix- und Infostealer-Kampagnen für das Betriebssystem MacOS fest und verzeichnet neue Techniken sowohl bei den Ködern als auch bei den Malware-Fähigkeiten. Clickfix ist eine zunehmend verbreitete Social-Engineering-Technik, mit der Angreifer die Anwender dazu verleiten, schädliche Software auf ihren Geräten zu installieren. Im Gegensatz zu herkömmlichen, Exploit-basierten Angriffen basiert diese Methode…
Sophos X-Ops analysiert ClickFix- und macOS-Infostealer-Kampagnen

Mar 12, 2026 3:10 PM

Tags: macOS, malware, sophos

Sophos X-Ops stellt einen Anstieg von ClickFix- und Infostealer-Kampagnen für das Betriebssystem macOS fest und verzeichnet neue Techniken bei den Ködern und Malware First seen on infopoint-security.de Jump to article: www.infopoint-security.de/sophos-x-ops-analysiert-clickfix-und-macos-infostealer-kampagnen/a44103/
PhantomRaven returns to npm with 88 bad packages

Mar 12, 2026 2:10 PM

Tags: breach, control, credentials, data, malicious, malware, update

Operational patterns challenge “research experiment” claim: Despite the new waves, PhantomRaven’s core functionality has remained largely unchanged, the researchers said. They found that 257 out of 259 lines of the malware payload are identical across all waves, with the only significant modification being the command-and-control domain used to receive stolen data.Instead, the attacker focused on…
4,000+ Routers Compromised by KadNap Malware Exploiting Vulnerabilities

Mar 12, 2026 2:10 PM

Tags: botnet, cyber, exploit, infection, malware, router, russia, vulnerability

A newly uncovered malware campaign dubbed KadNap has silently conscripted more than 14,000 internet”‘exposed routers and edge devices into a stealth proxy botnet, with Asus routers the primary victims. More than 60% of known victims are located in the United States, with additional infections observed in Taiwan, Hong Kong, Russia, and other countriesHow KadNap Infects Routers The…
New PixRevolution Malware Steals Brazil’s PIX Transfers in Real Time

Mar 12, 2026 1:09 PM

Tags: android, banking, malware, scam

Researchers have discovered PixRevolution, a new Android banking trojan targeting Brazil’s PIX system. Unlike automated scams, this malware uses live operators to watch your screen and divert funds instantly. First seen on hackread.com Jump to article: hackread.com/pixrevolution-malware-steals-brazil-pix-transfers/
North Korean fake IT worker tradecraft exposed

Mar 12, 2026 11:10 AM

Tags: access, ai, banking, breach, china, crypto, data-breach, defense, detection, finance, fintech, fraud, gitlab, group, identity, infection, intelligence, jobs, malicious, malware, mobile, north-korea, programming, scam, service, skills, software, tactics, threat, tool

Opportunistic and broadly targeted: These suspect code silos were abused in a variety of illicit projects split between targeting job-seeking programmers and fake IT worker operations.”Based on our visibility, malware operations targeting individual developers seeking employment are most common,” Oliver Smith, senior threat intelligence engineer at GitLab, told CSO. “Threat actors appear to have a…
North Korean fake IT worker tradecraft exposed

Mar 12, 2026 11:10 AM

Tags: access, ai, banking, breach, china, crypto, data-breach, defense, detection, finance, fintech, fraud, gitlab, group, identity, infection, intelligence, jobs, malicious, malware, mobile, north-korea, programming, scam, service, skills, software, tactics, threat, tool

Opportunistic and broadly targeted: These suspect code silos were abused in a variety of illicit projects split between targeting job-seeking programmers and fake IT worker operations.”Based on our visibility, malware operations targeting individual developers seeking employment are most common,” Oliver Smith, senior threat intelligence engineer at GitLab, told CSO. “Threat actors appear to have a…
Six Android Malware Families Target Pix Payments, Banking Apps, and Crypto Wallets

Mar 12, 2026 11:10 AM

Tags: android, banking, crypto, cybersecurity, data, finance, malware, rat, tool

Cybersecurity researchers have discovered half-a-dozen new Android malware families that come with capabilities to steal data from compromised devices and conduct financial fraud.The Android malware range from traditional banking trojans like PixRevolution, TaxiSpy RAT, BeatBanker, Mirax, and Oblivion RAT to full-fledged remote administration tools such as SURXRAT.PixRevolution, according to First seen on thehackernews.com Jump to…
Six Android Malware Families Target Pix Payments, Banking Apps, and Crypto Wallets

Mar 12, 2026 11:10 AM

Tags: android, banking, crypto, cybersecurity, data, finance, malware, rat, tool

Cybersecurity researchers have discovered half-a-dozen new Android malware families that come with capabilities to steal data from compromised devices and conduct financial fraud.The Android malware range from traditional banking trojans like PixRevolution, TaxiSpy RAT, BeatBanker, Mirax, and Oblivion RAT to full-fledged remote administration tools such as SURXRAT.PixRevolution, according to First seen on thehackernews.com Jump to…
Iran Claim Massive Cyber-Attack on MedTech Firm Stryker

Mar 12, 2026 11:10 AM

Tags: attack, cyber, group, iran, malware

The pro-Iran Handala group claims to have wiped 200,000 systems in destructive wiper malware attack on US firm Stryker First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/iran-massive-wiper-attack-medtech/
Cyberkriminelle verteilen Malware über GitHub: Wie du die Angriffe erkennst und dich davor schützt

Mar 12, 2026 11:10 AM

Tags: cyberattack, github, malware

First seen on t3n.de Jump to article: t3n.de/news/cyberkriminelle-malware-github-1733437/
BlackSanta Malware Shuts Down Protections, Targets HR and Recruiting Operations

Mar 11, 2026 7:48 PM

Tags: antivirus, data, edr, malware, phishing, russia, threat, tool

Russian threat actors for more than a year have targeted HR and recruiting operations in a sophisticated phishing and infostealing campaign that includes a component, dubbed BlackSanta, that can shut down antivirus tools and EDR protections before deploying the malware that exfiltrates data, Aryaka researchers say. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/blacksanta-malware-shuts-down-protections-targets-hr-and-recruiting-operations/
Medtech giant Stryker offline after Iran-linked wiper malware attack

Mar 11, 2026 6:48 PM

Tags: attack, iran, malware, technology

Leading medical technology company Stryker has been hit by a wiper malware attack claimed by Handala, an Iranian-linked and pro-Palestinian hacktivist group. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/medtech-giant-stryker-offline-after-iran-linked-wiper-malware-attack/
Vermeintlich von Google gesponserte Online-Anzeigen für Anthropics Claude-Code bereiten den Weg für Malware

Mar 11, 2026 5:48 PM

Tags: ai, google, malware

Cyberkriminelle springen aktuell auf die hohe Nachfrage und Aufmerksamkeit rund um Claude-Code, den KI-gestützten Codierassistenten von Anthropic, auf. Davor warnen die Experten der Bitdefender Labs in einer aktuellen Analyse. Die angeblich von Google gesponserten Suchergebnisse erwecken Vertrauen. Wahrscheinlich kompromittierten die Kriminellen ein offizielles Anzeigenkonto eines Unternehmens und nutzen den korrekten Markenauftritt für ihre Glaubwürdigkeit. In…
BlackSanta EDR-Killer Targets HR Teams in CV-Themed Campaign

Mar 11, 2026 4:48 PM

Tags: data, edr, malware

BlackSanta malware targets HR staff with fake resumes, kills EDR and steals system data First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/blacksanta-edr-killer-targets-hr/