Collecting Cyber-News from over 60 sources

Tag: malware

APT28 Targeted European Entities Using Webhook-Based Macro Malware

Feb 23, 2026 11:00 PM

Tags: exploit, intelligence, malware, russia, service, threat

The Russia-linked state-sponsored threat actor tracked as APT28 has been attributed to a new campaign targeting specific entities in Western and Central Europe.The activity, per S2 Grupo’s LAB52 threat intelligence team, was active between September 2025 and January 2026. It has been codenamed Operation MacroMaze. “The campaign relies on basic tooling and the exploitation of…
Shai-Hulud-Like Worm Targets Developers via npm and AI Tools

Feb 23, 2026 6:01 PM

Tags: ai, malicious, malware, supply-chain, tool, worm

Supply chain worm mimicking Shai-Hulud malware spread via malicious npm packages, targeting AI tools has been identified by security researchers First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/shai-hulud-like-worm-devs-npm-ai/
Fake troubleshooting tip on ClawHub leads to infostealer infection

Feb 23, 2026 5:02 PM

Tags: ai, infection, malware

A new malware delivery campaign has hit ClawHub, the official online repository for >>skills<< that augment the capabilities of the popular OpenClaw AI agent. Unlike … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/23/clawhub-malicious-comment-infostealer/
Fraud Investigation Reveals Sophisticated Python Malware

Feb 23, 2026 5:02 PM

Tags: fraud, infrastructure, malware

Sophisticated Python malware uncovered in fraud probe shows obfuscation, disposable infrastructure First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/fraud-investigation-python-malware/
Künstliche Intelligenz wird zur neuen Befehls- und Kontrollschicht

Feb 23, 2026 4:00 PM

Tags: ai, cyber, malware, microsoft, risk

Die Sicherheitsforscher von Check Point Research haben eine neue Forschungsanalyse veröffentlicht, die sich auf KI-Assistenten als verdeckte Befehls- und Kontrollkanäle und KI-gesteuerte Malware konzentriert. Ein Wendepunkt im modernen Cyber-Risiko mit Auswirkungen auf alle Branchen, die die Einführung von KI vorantreiben. KI-Assistenten wie Microsoft-Copilot und Grok unterstützen Webbrowsing- oder URL-Abruf-Funktionen. Sie können als verdeckte C2-Proxys missbraucht…
Deutschsprachiger Entwickler hinter Arkanix-Stealer?

Feb 23, 2026 3:01 PM

Tags: kaspersky, malware, service

Ein neuer Infostealer namens Arkanix wurde öffentlich über Discord beworben und im Malware-as-a-Service-Modell angeboten. Experten von Kaspersky haben die Spuren eines deutschsprachigen Entwicklers gefunden. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/infostealer-arkanix
GrayCharlie Hacks WordPress Sites, Spreads NetSupport RAT and Stealc Malware

Feb 23, 2026 3:01 PM

Tags: cyber, group, malicious, malware, rat, threat, update, wordpress

GrayCharlie is abusing compromised WordPress sites to silently load malicious JavaScript that pushes NetSupport RAT, often followed by Stealc and SectopRAT, via fake browser updates and ClickFix lures. Insikt Group tracks GrayCharlie as a financially motivated threat actor overlapping with SmartApeSG, active since mid”‘2023, and specializing in turning legitimate WordPress sites into malware-delivery points. The…
âš¡ Weekly Recap: Double-Tap Skimmers, PromptSpy AI, 30Tbps DDoS, Docker Malware & More

Feb 23, 2026 3:01 PM

Tags: ai, cloud, ddos, docker, malware, risk, service, tool

Security news rarely moves in a straight line. This week, it feels more like a series of sharp turns, some happening quietly in the background, others playing out in public view. The details are different, but the pressure points are familiar.Across devices, cloud services, research labs, and even everyday apps, the line between normal behavior…
Hackers Use Excel Exploit to Hide XWorm 7.2 in JPEG Files, Hijack PCs

Feb 23, 2026 2:00 PM

Tags: encryption, exploit, hacker, malicious, malware, password, phishing, wifi, windows

A new phishing campaign is spreading XWorm 7.2 via malicious Excel files, hiding the malware in Windows processes, and using AES encryption to steal passwords and Wi-Fi keys. First seen on hackread.com Jump to article: hackread.com/hackers-excel-exploit-xworm-7-2-jpeg-files-hijack-pcs/
Malware in Javascript-Projekten: Neuer Wurm frisst sich durch die NPM-Datenbank

Feb 23, 2026 2:00 PM

Tags: malware

Forscher haben mehrere mit Malware verseuchte NPM-Pakete entdeckt. Die Infektion weiterer Pakete soll automatisch erfolgen. First seen on golem.de Jump to article: www.golem.de/news/malware-in-javascript-projekten-neuer-wurm-frisst-sich-durch-die-npm-datenbank-2602-205732.html
Über 1500 Prozent mehr neue Malware

Feb 23, 2026 11:02 AM

Tags: Internet, malware

Der aktuelle Internet Security Report von WatchGuard zeigt einen massiven Anstieg neuartiger Malware im zweiten Halbjahr 2025. Besonders auffällig ist die wachsende Fähigkeit der Schadsoftware, klassische Schutzmechanismen zu umgehen. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/mehr-neue-malware
MuddyWater Targets MENA Organizations with GhostFetch, CHAR, and HTTP_VIP

Feb 23, 2026 10:02 AM

Tags: group, hacking, iran, malware, middle-east

The Iranian hacking group known as MuddyWater (aka Earth Vetala, Mango Sandstorm, and MUDDYCOAST) has targeted several organizations and individuals mainly located across the Middle East and North Africa (MENA) region as part of a new campaign codenamed Operation Olalampo.The activity, first observed on January 26, 2026, has resulted in the deployment of new malware…
13 ways attackers use generative AI to exploit your systems

Feb 23, 2026 9:01 AM

Tags: access, ai, attack, authentication, awareness, breach, captcha, ceo, chatgpt, ciso, cloud, credentials, crypto, cyber, cyberattack, cybercrime, cybersecurity, dark-web, data, deep-fake, defense, detection, email, espionage, exploit, extortion, finance, flaw, framework, fraud, google, government, group, hacker, identity, infrastructure, intelligence, law, LLM, login, malicious, malware, marketplace, network, open-source, password, phishing, privacy, ransomware, resilience, risk, saas, scam, service, social-engineering, startup, supply-chain, tactics, technology, theft, threat, tool, vulnerability, zero-day

Facilitating malware development: AI can also be used to generate more sophisticated, or less labour-intensive, malware.For example, cybercriminals are using gen AI to create malicious HTML documents. The XWorm attack, initiated by HTML smuggling, which contains malicious code that downloads and runs the malware, bears the hallmarks of development via AI.”The loader’s detailed line-by-line description…
13 ways attackers use generative AI to exploit your systems

Feb 23, 2026 9:01 AM

Tags: access, ai, attack, authentication, awareness, breach, captcha, ceo, chatgpt, ciso, cloud, credentials, crypto, cyber, cyberattack, cybercrime, cybersecurity, dark-web, data, deep-fake, defense, detection, email, espionage, exploit, extortion, finance, flaw, framework, fraud, google, government, group, hacker, identity, infrastructure, intelligence, law, LLM, login, malicious, malware, marketplace, network, open-source, password, phishing, privacy, ransomware, resilience, risk, saas, scam, service, social-engineering, startup, supply-chain, tactics, technology, theft, threat, tool, vulnerability, zero-day

Facilitating malware development: AI can also be used to generate more sophisticated, or less labour-intensive, malware.For example, cybercriminals are using gen AI to create malicious HTML documents. The XWorm attack, initiated by HTML smuggling, which contains malicious code that downloads and runs the malware, bears the hallmarks of development via AI.”The loader’s detailed line-by-line description…
North Korean Hackers Exploit Fake IT Worker Schemes and Malicious Interview Lures

Feb 23, 2026 9:01 AM

Tags: credentials, cyber, exploit, hacker, jobs, malicious, malware, north-korea, software, threat

North Korean state-backed hackers are running large-scale fake IT worker and “Contagious Interview” campaigns that abuse developer hiring workflows to deliver JavaScript-based malware, steal code and credentials, and covertly generate revenue for the regime. Since at least 2022, North Korean threat actors have impersonated recruiters and hiring managers, luring software developers into executing booby-trapped code…
Silver Fox APT Deploys DLL Sideloading and BYOVD in Advanced Malware Campaign

Feb 23, 2026 7:02 AM

Tags: apt, attack, cyber, infrastructure, malware, vulnerability

Silver Fox APT is running a new wave of targeted attacks in Taiwan that combine DLL sideloading and Bring Your Own Vulnerable Driver (BYOVD) techniques to deploy Winos 4.0 (ValleyRat) while aggressively disabling security tools. The campaigns rely on highly localized tax and e”‘invoice lures and fast”‘changing infrastructure, making them difficult to block with static…
Arkanix Stealer pops up as short-lived AI info-stealer experiment

Feb 22, 2026 6:01 PM

Tags: ai, dark-web, malware

An information-stealing malware operation named Arkanix Stealer, promoted on multiple dark web forums towards the end of 2025, was likely developed as an AI-assisted experiment. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/arkanix-stealer-pops-up-as-short-lived-ai-info-stealer-experiment/
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 85

Feb 22, 2026 5:02 PM

Tags: android, backdoor, china, data-breach, infection, international, malware

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter Ninja Browser & Lumma Infostealer Ghost Tapped: Tracking the Rise of Chinese Tap-to-pay Android Malware Hudson Rock Identifies Real-World Infostealer Infection Targeting OpenClaw Configurations Divide and conquer: how the new Keenadu backdoor exposed links…
ClickFix Malware-Kampagne: Fake-Cloudflare-Check installiert unbemerkt MIMICRAT

Feb 21, 2026 5:00 PM

Tags: malware

ClickFix Malware-Kampagne verteilt MIMICRAT über Fake-Cloudflare-Seiten mit fünfstufiger Infektionskette, AMSI-/ETW-Bypass und HTTPS-C2. First seen on tarnkappe.info Jump to article: tarnkappe.info/artikel/it-sicherheit/malware/clickfix-malware-kampagne-fake-cloudflare-check-installiert-unbemerkt-mimicrat-326127.html
Neue Android-Malware nutzt Gemini als Gehirn

Feb 21, 2026 7:01 AM

Tags: android, google, malware

Sicherheitsforscher des slowakischen IT-Unternehmens ESET haben eine neue Android-Schadsoftware entdeckt, die Google Gemini aktiv im laufenden Betrieb einsetzt. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/neue-android-malware-nutzt-gemini-als-gehirn
Compromised npm package silently installs OpenClaw on developer machines

Feb 21, 2026 5:01 AM

Tags: ai, attack, business, cybersecurity, detection, edr, malware, risk, supply-chain, tool, update

Update to the latest version: npm install “-g cline@latest.”If on version 2.3.0, update to 2.4.0 or higher.Check for and immediately remove OpenClaw if it hadn’t been intentionally installed (“npm uninstall -g openclaw”).Gooding noted, “nothing ran automatically beyond the install,” but added there was still a risk: “OpenClaw is a capable agentic tool with broad system…
Android Malware Taps Google Gemini at Runtime

Feb 20, 2026 10:01 PM

Tags: ai, android, google, intelligence, malware, mobile

Researchers Say PromptSpy Automates Persistence on Infected Devices. A newly discovered Android malware strain, PromptSpy, is using Google’s Gemini generative artificial intelligence model to automate part of its persistence mechanism, marking what researchers describe as the second known case of AI-driven mobile malware. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/android-malware-taps-google-gemini-at-runtime-a-30819
Cashing Out: ATM Jackpotting Attacks Surging Across US

Feb 20, 2026 7:01 PM

Tags: attack, breach, Hardware, malware

$20M Stolen Last Year in Malware-Driven Jackpotting Attacks, Warns FBI. Malware-wielding criminals jackpotted ATMs across the United States last year to walk away with $20 million thanks to cash-out attacks. Tracking that collective haul, the FBI said such attacks are on the rise, and urged operators to implement a range of physical and hardware-level defenses.…
Don’t trust TrustConnect: This fake remote support tool only helps hackers

Feb 20, 2026 6:01 PM

Tags: access, business, crypto, detection, hacker, malicious, malware, rat, software, tool

Attackers use a dual-purpose website: The TrustConnect website has realistic marketing language, feature descriptions, and documentation that serves both as a public-facing front to promote the software and as a backend portal for customers who purchase access to the tool’s malicious services.”Cybercriminals are instructed to sign up for a ‘free trial,’ instructed on how to…
ClickFix Campaign Abuses Compromised Sites to Deploy MIMICRAT Malware

Feb 20, 2026 4:01 PM

Tags: access, cybersecurity, infrastructure, malware

Cybersecurity researchers have disclosed details of a new ClickFix campaign that abuses compromised legitimate sites to deliver a previously undocumented remote access trojan (RAT) called MIMICRAT (aka AstarionRAT).”The campaign demonstrates a high level of operational sophistication: compromised sites spanning multiple industries and geographies serve as delivery infrastructure, a multi-stage First seen on thehackernews.com Jump to…
Google Blocks 1.75 Million Malicious Apps from Entering Play Store

Feb 20, 2026 3:01 PM

Tags: android, cyber, fraud, google, malicious, malware, mobile, privacy

Google has revealed that it blocked more than 1.75 million malicious or policy”‘violating Android apps from reaching users through the Play Store in 2025, highlighting a major AI”‘driven push to secure the mobile ecosystem against malware, fraud, and privacy abuse. More than 80,000 “bad” developer accounts were also banned, cutting off repeat offenders who tried…
Facebook ads spread fake Windows 11 downloads that steal passwords and crypto wallets

Feb 20, 2026 2:01 PM

Tags: crypto, malware, password, windows

Attackers are weaponizing Facebook ads to distribute password-stealing malware masked as a Windows download. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/02/facebook-ads-spread-fake-windows-11-downloads-that-steal-passwords-and-crypto-wallets/
CharlieKirk Grabber Malware Targets Windows Systems to Steal Login Credentials

Feb 20, 2026 2:01 PM

Tags: control, credentials, cyber, data, login, malware, password, theft, windows

CharlieKirk Grabber is a Python-based Windows infostealer that focuses on rapid “smash”‘and”‘grab” credential theft and data exfiltration rather than long-term system control or destructive behavior. It targets browser”‘stored passwords, Wi”‘Fi keys, Discord tokens, and gaming sessions, then exfiltrates the collected data via third”‘party file hosting and encrypted Discord or Telegram channels. File Name CharlieKirk.exe File…
The Cyber Express Weekly Roundup: AI Disruption, Regulatory Pressure, and the Evolving Cyber Threat Landscape

Feb 20, 2026 1:01 PM

Tags: ai, cyber, fraud, intelligence, malware, mobile, ransomware, risk, strategy, threat

Artificial intelligence is no longer a future-facing concept; it is actively reshaping cyber risk, regulatory enforcement, and enterprise security strategy in real time. This week’s The Cyber Express weekly roundup reflects the modern environment where AI-driven fraud, deepfake investigations, ransomware incidents, and mobile malware innovations are unfolding simultaneously across multiple regions. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/ai-deepfakes-ransomware-weekly-roundup/
FBI Issues Emergency Alert as Ploutus Malware Drains U.S. ATMs Without Cards or Accounts

Feb 20, 2026 1:01 PM

Tags: attack, control, cyber, finance, malware, threat

Ploutus malware is powering a new wave of “jackpotting” attacks that drain U.S. ATMs without needing a bank card, customer account, or bank authorization, prompting the FBI to issue an emergency FLASH alert to financial institutions nationwide.”‹ According to the FBI alert, threat actors are using Ploutus and related ATM jackpotting malware to control cash…