Tag: malware
-
React2Shell Vulnerability Actively Exploited to Deploy Linux Backdoors
The security vulnerability known as React2Shell is being exploited by threat actors to deliver malware families like KSwapDoor and ZnDoor, according to findings from Palo Alto Networks Unit 42 and NTT Security.”KSwapDoor is a professionally engineered remote access tool designed with stealth in mind,” Justin Moore, senior manager of threat intel research at Palo Alto…
-
React2Shell Vulnerability Actively Exploited to Deploy Linux Backdoors
The security vulnerability known as React2Shell is being exploited by threat actors to deliver malware families like KSwapDoor and ZnDoor, according to findings from Palo Alto Networks Unit 42 and NTT Security.”KSwapDoor is a professionally engineered remote access tool designed with stealth in mind,” Justin Moore, senior manager of threat intel research at Palo Alto…
-
Fake ‘Leonardo DiCaprio’ Torrent Spreads Agent Tesla Malware
A fake Leonardo DiCaprio movie torrent is spreading Agent Tesla malware through trusted Windows tools The post Fake ‘Leonardo DiCaprio’ Torrent Spreads Agent Tesla Malware appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-fake-leonardo-dicaprio-torrent-malware/
-
Fake ‘Leonardo DiCaprio’ Torrent Spreads Agent Tesla Malware
A fake Leonardo DiCaprio movie torrent is spreading Agent Tesla malware through trusted Windows tools The post Fake ‘Leonardo DiCaprio’ Torrent Spreads Agent Tesla Malware appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-fake-leonardo-dicaprio-torrent-malware/
-
SantaStealer Malware Steals Sensitive Files, Credentials, and Crypto Wallet Data
Cybersecurity researchers at Rapid7 Labs have uncovered a sophisticated new threat: SantaStealer, a malware-as-a-service information stealer actively promoted on Telegram channels and underground hacker forums. The malware, which recently rebranded from >>BluelineStealer,
-
SantaStealer Malware Steals Sensitive Files, Credentials, and Crypto Wallet Data
Cybersecurity researchers at Rapid7 Labs have uncovered a sophisticated new threat: SantaStealer, a malware-as-a-service information stealer actively promoted on Telegram channels and underground hacker forums. The malware, which recently rebranded from >>BluelineStealer,
-
Security Advisory Regarding BRICKSTORM
Tags: advisory, backdoor, crowdstrike, cyber, cybersecurity, infrastructure, malware, mandiant, threat, vmware, windowsExecutive Summary On December 5th, 2025 the US’s Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency, and Canada’s Cyber Security Centre released a joint malware report on BRICKSTORM, a backdoor targeting VMware vSphere and Windows environments. The suspected threat actor(s), tracked as UNC5221 by Mandiant and WARP PANDA by CrowdStrike, are identified as […]…
-
Security Advisory Regarding BRICKSTORM
Tags: advisory, backdoor, crowdstrike, cyber, cybersecurity, infrastructure, malware, mandiant, threat, vmware, windowsExecutive Summary On December 5th, 2025 the US’s Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency, and Canada’s Cyber Security Centre released a joint malware report on BRICKSTORM, a backdoor targeting VMware vSphere and Windows environments. The suspected threat actor(s), tracked as UNC5221 by Mandiant and WARP PANDA by CrowdStrike, are identified as […]…
-
Security Advisory Regarding BRICKSTORM
Tags: advisory, backdoor, crowdstrike, cyber, cybersecurity, infrastructure, malware, mandiant, threat, vmware, windowsExecutive Summary On December 5th, 2025 the US’s Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency, and Canada’s Cyber Security Centre released a joint malware report on BRICKSTORM, a backdoor targeting VMware vSphere and Windows environments. The suspected threat actor(s), tracked as UNC5221 by Mandiant and WARP PANDA by CrowdStrike, are identified as […]…
-
New SantaStealer malware steals data from browsers, crypto wallets
A new malware-as-a-service (MaaS) information stealer named SantaStealer is being advertised on Telegram and hacker forums as operating in memory to avoid file-based detection. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-santastealer-malware-steals-data-from-browsers-crypto-wallets/
-
PCPcat Malware Leverages React2Shell Vulnerability to Breach 59,000+ Servers
Tags: attack, breach, control, cve, cyber, docker, exploit, group, infrastructure, malware, monitoring, vulnerabilityA sophisticated attack campaign attributed to a group identifying as >>PCP
-
ZnDoor Malware Actively Exploits React2Shell to Breach Network Infrastructure
Tags: attack, breach, crypto, cyber, exploit, infrastructure, malware, network, remote-code-execution, threat, vulnerabilitySince December 2025, security operations centers have identified a rising threat targeting Japanese enterprises through the exploitation of React2Shell (CVE-2025-55182), a critical remote code execution vulnerability affecting React and Next.js applications. While initial attacks primarily deployed cryptocurrency miners, researchers discovered a more dangerous payload a previously unknown malware family designated ZnDoor. Evidence suggests this threat…
-
Android Users at Risk as Malware Poses as mParivahan and e-Challan Apps
A sophisticated Android malware campaign dubbed NexusRoute is actively targeting Indian users by impersonating the Indian Government Ministry, mParivahan, and e-Challan services to steal credentials and carry out large-scale financial fraud. The operation combines phishing, malware, and surveillance capabilities. It is being distributed via malicious APKs hosted on GitHub and clusters of phishing domains that…
-
ZnDoor Malware Actively Exploits React2Shell to Breach Network Infrastructure
Tags: attack, breach, crypto, cyber, exploit, infrastructure, malware, network, remote-code-execution, threat, vulnerabilitySince December 2025, security operations centers have identified a rising threat targeting Japanese enterprises through the exploitation of React2Shell (CVE-2025-55182), a critical remote code execution vulnerability affecting React and Next.js applications. While initial attacks primarily deployed cryptocurrency miners, researchers discovered a more dangerous payload a previously unknown malware family designated ZnDoor. Evidence suggests this threat…
-
Nation-State and Cybercrime Exploits Tied to React2Shell
Tags: china, cve, cybercrime, ddos, exploit, hacker, iran, korea, malware, north-korea, service, update, vulnerability2 More Vulnerabilities Need Patching in React Server Components, Warns Vercel. Mass exploitation of the React2Shell – CVE-2025-55182 – vulnerability remains underway by nation-state hackers tied to China, North Korea and Iran, as well as financially motivated cybercriminals running everything from cryptomining malware to DDoS services, security experts warn. First seen on govinfosecurity.com Jump to…
-
GitHub Scanner for React2Shell (CVE-2025-55182) Turns Out to Be Malware
A GitHub repository posing as a vulnerability scanner for CVE-2025-55182, also referred to as “React2Shell,” was exposed as… First seen on hackread.com Jump to article: hackread.com/github-scanner-react2shell-cve-2025-55182-malware/
-
Russian Phishing Campaign Delivers Phantom Stealer Via ISO Files
A new phishing campaign has been identified, delivering the Phantom information-stealing malware via an ISO attachment First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/russian-phishing-phantom-stealer/
-
No more orange juice? Why one ship reveals America’s maritime cybersecurity crisis
This is a workforce problem, not a vendor problem: The new regulations require all 3,000 MTSA facilities to designate a cybersecurity officer (why the Coast Guard named them CySOs and couldn’t just call them CISOs, I do not know). Finding hundreds of qualified people who understand both operational technology in maritime environments and cybersecurity is…
-
No more orange juice? Why one ship reveals America’s maritime cybersecurity crisis
This is a workforce problem, not a vendor problem: The new regulations require all 3,000 MTSA facilities to designate a cybersecurity officer (why the Coast Guard named them CySOs and couldn’t just call them CISOs, I do not know). Finding hundreds of qualified people who understand both operational technology in maritime environments and cybersecurity is…
-
Hamas Linked Hackers Using AshTag Malware Against Diplomatic Offices
New report by Unit 42 reveals the Hamas-linked Ashen Lepus (WIRTE) group is using the AshTag malware suite to target Middle Eastern diplomatic and government entities with advanced, hidden tactics. First seen on hackread.com Jump to article: hackread.com/hamas-hackers-ashtag-malware-diplomats/
-
Man jailed for teaching criminals how to use malware
A 49-year-old man has received a five-and-a-half year jail sentence after admitting to creating detailed video tutorials that showed members of a criminal gang how to infect Android phones with spyware and drain their bank accounts. First seen on bitdefender.com Jump to article: www.bitdefender.com/en-us/blog/hotforsecurity/man-jailed-for-teaching-criminals-how-to-use-malware
-
Hamas-Affiliated APT Ashen Lepus Unveils AshTag Malware Suite for Wider Cyber-Espionage
The post Hamas-Affiliated APT Ashen Lepus Unveils AshTag Malware Suite for Wider Cyber-Espionage appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/hamas-affiliated-apt-ashen-lepus-unveils-ashtag-malware-suite-for-wider-cyber-espionage/
-
New ‘DroidLock’ malware demands a ransom, locks user out of device
Recently spotted malware targets Spanish-speaking Android users with a lock screen that demands a ransom and other changes that effectively render a device unusable, researchers say. First seen on therecord.media Jump to article: therecord.media/android-droidlock-malware-demands-ransom-locks-mobile-device
-
New DroidLock Malware Locks Android Devices and Demands Ransom Payment
The zLabs research team has identified a sophisticated new threat campaign targeting Spanish Android users through a malware strain called DroidLock. Unlike traditional ransomware that encrypts files, this Android-focused threat employs a more direct approach locking devices with ransomware-style overlays and demanding payment while maintaining complete control over compromised handsets. DroidLock primarily spreads through phishing…
-
Hackers Are Using Shared AI Chats to Steal Your Passwords and Crypto
A sophisticated malvertising campaign is exploiting ChatGPT and DeepSeek’s shared chat features to deliver credential-stealing malware to macOS users. Threat actors are purchasing sponsored Google search results and redirecting victims to legitimate-looking LLM-generated chat sessions that contain obfuscated malicious commands, effectively bypassing platform-level safety mechanisms. The attack begins when users search for common macOS troubleshooting…