Collecting Cyber-News from over 60 sources

Tag: malware

Weekly Recap: Outlook Add-Ins Hijack, 0-Day Patches, Wormable Botnet & AI Malware

Feb 16, 2026 3:58 PM

Tags: ai, botnet, cloud, exploit, malware, supply-chain, tactics, tool, zero-day

This week’s recap shows how small gaps are turning into big entry points. Not always through new exploits, often through tools, add-ons, cloud setups, or workflows that people already trust and rarely question.Another signal: attackers are mixing old and new methods. Legacy botnet tactics, modern cloud abuse, AI assistance, and supply-chain exposure are being used…
The Promptware Kill Chain

Feb 16, 2026 2:58 PM

Tags: access, ai, attack, control, defense, injection, intelligence, LLM, malicious, malware

Attacks against modern generative artificial intelligence (AI) large language models (LLMs) pose a real threat. Yet discussions around these attacks and their potential defenses are dangerously myopic. The dominant narrative focuses on “prompt injection,” a set of techniques to embed instructions into inputs to LLM intended to perform malicious activity. This term suggests a simple,…
Microsoft alerts on DNS-based ClickFix variant delivering malware via nslookup

Feb 16, 2026 2:58 PM

Tags: captcha, dns, malicious, malware, microsoft, windows

Microsoft warns of a new ClickFix variant that tricks users into running DNS commands to fetch malware via nslookup. Microsoft has revealed a new ClickFix variant that deceives users into running a malicious nslookup command through the Windows Run dialog to retrieve a second-stage payload via DNS. ClickFix typically uses fake CAPTCHA or error messages…
Noodlophile Malware Authors Use Fake Job Ads and Phishing Schemes to Evolve Tactics

Feb 16, 2026 2:58 PM

Tags: credentials, cyber, data, jobs, malicious, malware, metric, phishing, tactics

Hey folks in the threat”‘hunting world looks like our coverage of the Noodlophile infostealer has struck a nerve with its creators. The operators used inflated engagement metrics and fake popularity scores to lure victims into downloading malicious ZIP archives. Once executed, these payloads quietly harvested user credentials, crypto”‘wallet data, browser information, and more all exfiltrated through Telegram…
Google Ads and Claude AI Abused to Spread MacSync Malware via ClickFix

Feb 16, 2026 10:58 AM

Tags: ai, cybersecurity, data, google, guide, hacker, malware

Cybersecurity experts at Moonlock Lab have discovered a new ClickFix attack. Hackers are using hijacked Google Ads and fake Claude AI guides to trick Mac users into installing the data-stealing MacSync malware. First seen on hackread.com Jump to article: hackread.com/google-ads-claude-ai-macsync-malware-clickfix/
Matryoshka Clickfix Variant Targets macOS Users, Deploys New Stealer Malware

Feb 16, 2026 9:58 AM

Tags: cyber, detection, macOS, malware, social-engineering

A new variant of the “ClickFix” social engineering campaign specifically targeting macOS users. Codenamed Matryoshka a reference to its multiple nested obfuscation layers this evolution builds on prior ClickFix lures. However, it adds advanced evasion features, including in”‘memory decompression and API”‘gated communication that make detection and analysis significantly harder. Once triggered, the chain loads a stealthy AppleScript payload aimed at stealing…
10 years later, Bangladesh Bank cyberheist still offers cyber-resiliency lessons

Feb 16, 2026 8:58 AM

Tags: access, ai, application-security, attack, automation, backdoor, banking, ceo, cisco, ciso, compliance, control, credentials, crypto, cyber, cybercrime, cybersecurity, data-breach, defense, detection, endpoint, exploit, finance, fintech, firewall, framework, infrastructure, intelligence, international, malware, monitoring, network, north-korea, oracle, password, risk, service, software, theft, threat, tool, vulnerability

Security shortcomings: Adrian Cheek, senior cybercrime researcher at threat exposure management firm Flare, said the Bangladesh Bank heist was possible because of a number of security shortcomings, including a failure to air gap critical infrastructure.”The Bank of Bangladesh had four servers and the same number of desktops connected to SWIFT,” Cheek says. “This infrastructure, however,…
New ClickFix attack abuses nslookup to retrieve PowerShell payload via DNS

Feb 16, 2026 1:58 AM

Tags: attack, dns, malware, powershell, social-engineering, threat

Threat actors are now abusing DNS queries as part of ClickFix social engineering attacks to deliver malware, making this the first known use of DNS as a channel in these campaigns. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-clickfix-attack-abuses-nslookup-to-retrieve-powershell-payload-via-dns/
CTM360: Lumma Stealer and Ninja Browser malware campaign abusing Google Groups

Feb 15, 2026 5:58 PM

Tags: credentials, google, group, linux, malicious, malware, service, windows

CTM360 reports 4,000+ malicious Google Groups and 3,500+ Google-hosted URLs used to spread the Lumma Stealer infostealing malware and a trojanized “Ninja Browser.” The report details how attackers abuse trusted Google services to steal credentials and maintain persistence across Windows and Linux systems. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/ctm360-lumma-stealer-and-ninja-browser-malware-campaign-abusing-google-groups/
Microsoft Discloses DNS-Based ClickFix Attack Using Nslookup for Malware Staging

Feb 15, 2026 4:58 PM

Tags: attack, dns, malware, microsoft, social-engineering, windows

Microsoft has disclosed details of a new version of the ClickFix social engineering tactic in which the attackers trick unsuspecting users into running commands that carry out a Domain Name System (DNS) lookup to retrieve the next-stage payload.Specifically, the attack relies on using the “nslookup” (short for nameserver lookup) command to execute a custom DNS…
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 84

Feb 15, 2026 3:58 PM

Tags: android, botnet, defense, international, linux, malware, rat, russia, spyware

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter Stan Ghouls targeting Russia and Uzbekistan with NetSupport RAT Breaking Down ZeroDayRAT New Spyware Targeting Android and iOS Old-School IRC, New Victims: Inside the Newly Discovered SSHStalker Linux Botnet Reynolds: Defense Evasion Capability […]…
Suspected Russian hackers deploy CANFAIL malware against Ukraine

Feb 14, 2026 12:58 PM

Tags: apt, attack, defense, google, government, group, hacker, intelligence, malware, military, russia, service, threat, ukraine

A new alleged Russia-linked APT group targeted Ukrainian defense, government, and energy groups, with CANFAIL malware. Google Threat Intelligence Group identified a previously undocumented threat actor behind attacks on Ukrainian organizations using CANFAIL malware. The group is possibly linked to Russian intelligence services and has targeted defense, military, government, and energy entities at both regional…
REMnux v8 Linux Toolkit Released With AI-Powered Malware Analysis Capabilities

Feb 14, 2026 7:58 AM

Tags: ai, cyber, linux, malware, threat

The landscape of malware analysis has taken a significant leap forward with the official release of REMnux v8. This popular Linux toolkit, which has served the security community for fifteen years, has been updated to address modern threats and integrate emerging technologies. The headline feature of this major release is the introduction of AI-powered capabilities…
Fake job recruiters hide malware in developer coding challenges

Feb 13, 2026 11:58 PM

Tags: crypto, jobs, malware, north-korea, threat

A new variation of the fake recruiter campaign from North Korean threat actors is targeting JavaScript and Python developers with cryptocurrency-related tasks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/fake-job-recruiters-hide-malware-in-developer-coding-challenges/
Fake job recruiters hide malware in developer coding challenges

Feb 13, 2026 11:58 PM

Tags: crypto, jobs, malware, north-korea, threat

A new variation of the fake recruiter campaign from North Korean threat actors is targeting JavaScript and Python developers with cryptocurrency-related tasks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/fake-job-recruiters-hide-malware-in-developer-coding-challenges/
NDSS 2025 Automated Mass Malware Factory

Feb 13, 2026 10:58 PM

Tags: android, attack, conference, defense, detection, Internet, malicious, malware, microsoft, network, software

Session 12B: Malware Authors, Creators & Presenters: Heng Li (Huazhong University of Science and Technology), Zhiyuan Yao (Huazhong University of Science and Technology), Bang Wu (Huazhong University of Science and Technology), Cuiying Gao (Huazhong University of Science and Technology), Teng Xu (Huazhong University of Science and Technology), Wei Yuan (Huazhong University of Science and Technology),…
Claude LLM artifacts abused to push Mac infostealers in ClickFix attack

Feb 13, 2026 9:58 PM

Tags: attack, google, LLM, macOS, malware, threat

Threat actors are abusing Claude artifacts and Google Ads in ClickFix campaigns that deliver infostealer malware to macOS users searching for specific queries. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/claude-llm-artifacts-abused-to-push-mac-infostealers-in-clickfix-attack/
Claude LLM artifacts abused to push Mac infostealers in ClickFix attack

Feb 13, 2026 9:58 PM

Tags: attack, google, LLM, macOS, malware, threat

Threat actors are abusing Claude artifacts and Google Ads in ClickFix campaigns that deliver infostealer malware to macOS users searching for specific queries. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/claude-llm-artifacts-abused-to-push-mac-infostealers-in-clickfix-attack/
1,800+ Windows Servers Hit by BADIIS SEO Malware

Feb 13, 2026 8:58 PM

Tags: malware, windows

Over 1,800 Windows IIS servers were compromised by BADIIS malware in a stealthy global SEO poisoning campaign. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/1800-windows-servers-hit-by-badiis-seo-malware/
State Hackers Turn Google AI Into Attack Acceleration Tool

Feb 13, 2026 7:58 PM

Tags: ai, attack, china, cyberattack, exploit, google, hacker, intelligence, iran, korea, malware, north-korea, social-engineering, tool

China, Iran, North Korea Hackers Exploit Gemini Across Attack Life Cycle. State-backed hackers weaponized Google’s artificial intelligence model Gemini to accelerate cyberattacks, using the productivity tool as an offensive asset for reconnaissance, social engineering and malware development. Google said it has disabled accounts and strengthened defenses. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/state-hackers-turn-google-ai-into-attack-acceleration-tool-a-30751
State Hackers Turn Google AI Into Attack Acceleration Tool

Feb 13, 2026 7:58 PM

Tags: ai, attack, china, cyberattack, exploit, google, hacker, intelligence, iran, korea, malware, north-korea, social-engineering, tool

China, Iran, North Korea Hackers Exploit Gemini Across Attack Life Cycle. State-backed hackers weaponized Google’s artificial intelligence model Gemini to accelerate cyberattacks, using the productivity tool as an offensive asset for reconnaissance, social engineering and malware development. Google said it has disabled accounts and strengthened defenses. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/state-hackers-turn-google-ai-into-attack-acceleration-tool-a-30751
Google Ties Suspected Russian Actor to CANFAIL Malware Attacks on Ukrainian Orgs

Feb 13, 2026 6:58 PM

Tags: attack, defense, google, government, group, intelligence, malware, military, russia, threat, ukraine

A previously undocumented threat actor has been attributed to attacks targeting Ukrainian organizations with malware known as CANFAIL.Google Threat Intelligence Group (GTIG) described the hack group as possibly affiliated with Russian intelligence services. The threat actor is assessed to have targeted defense, military, government, and energy organizations within the Ukrainian regional and First seen on…
NDSS 2025 Density Boosts Everything

Feb 13, 2026 5:58 PM

Tags: ai, attack, conference, cybersecurity, detection, Internet, malware, military, network, resilience, strategy, training

Session 12B: Malware Authors, Creators & Presenters: Jianwen Tian (Academy of Military Sciences), Wei Kong (Zhejiang Sci-Tech University), Debin Gao (Singapore Management University), Tong Wang (Academy of Military Sciences), Taotao Gu (Academy of Military Sciences), Kefan Qiu (Beijing Institute of Technology), Zhi Wang (Nankai University), Xiaohui Kuang (Academy of Military Sciences) PAPER Density Boosts Everything:…
UAT-9921 Deploys VoidLink Malware to Target Technology and Financial Sectors

Feb 13, 2026 5:58 PM

Tags: cisco, finance, framework, malware, service, technology, threat

A previously unknown threat actor tracked as UAT-9921 has been observed leveraging a new modular framework called VoidLink in its campaigns targeting the technology and financial services sectors, according to findings from Cisco Talos.”This threat actor seems to have been active since 2019, although they have not necessarily used VoidLink over the duration of their…
Google fears massive attempt to clone Gemini AI through model extraction

Feb 13, 2026 1:58 PM

Tags: access, ai, api, attack, china, ciso, cybercrime, cybersecurity, defense, exploit, google, government, group, hacker, intelligence, iran, jobs, korea, LLM, malicious, malware, north-korea, phishing, russia, service, social-engineering, threat, vulnerability

Nation-state groups used Gemini to accelerate attack operations: Google sees itself not just as a potential victim of AI cybercrime, but also an unwilling enabler. Its report documented how government-backed threat actors from China, Iran, North Korea, and Russia integrated Gemini into their operations in late 2025. The company said it disabled accounts and assets…
Flucht vor der Polizei: Malware-Entwickler täuscht eigenen Tod vor

Feb 13, 2026 1:58 PM

Tags: malware

Mit einer gefälschten Sterbeurkunde wollte ein Malware-Entwickler einer Haftstrafe entgehen. Doch seine Gewohnheiten wurden ihm zum Verhängnis. First seen on golem.de Jump to article: www.golem.de/news/flucht-vor-der-polizei-malware-entwickler-taeuscht-eigenen-tod-vor-2602-205389.html
Chrome Extensions Infect 500K Users to Hijack VKontakte Accounts

Feb 13, 2026 12:59 PM

Tags: browser, chrome, cyber, group, infrastructure, malware, threat, tool

A long-running Chrome extension malware campaign has silently hijacked more than 500,000 VKontakte (VK) accounts, forcing users into attacker-controlled groups, resetting their settings every 30 days, and abusing VK’s own infrastructure as command-and-control. What appeared to be harmless VK customization tools were in reality a tightly maintained malware project operated by a single threat actor…
npm’s Update to Harden Their Supply Chain, and Points to Consider

Feb 13, 2026 12:59 PM

Tags: attack, authentication, malware, supply-chain, update

In December 2025, in response to the Sha1-Hulud incident, npm completed a major authentication overhaul intended to reduce supply-chain attacks. While the overhaul is a solid step forward, the changes don’t make npm projects immune from supply-chain attacks. npm is still susceptible to malware attacks here’s what you need to know for a safer Node…
Adversaries Exploiting Proprietary AI Capabilities, API Traffic to Scale Cyberattacks

Feb 13, 2026 9:58 AM

Tags: ai, api, cyberattack, exploit, google, group, intelligence, malware, phishing, threat

In the fourth quarter of 2025, the Google Threat Intelligence Group (GTIG) reported a significant uptick in the misuse of artificial intelligence by threat actors. According to GTIG’s AI threat tracker, what initially appeared as experimental probing has evolved into systematic, repeatable exploitation of large language models (LLMs) to enhance reconnaissance, phishing, malware development, and post-compromise…
OysterLoader Evasion Tactics Exposed: Advanced Obfuscation and Rhysida Ransomware Ties Uncovered

Feb 13, 2026 9:58 AM

Tags: cyber, data-breach, google, malware, ransomware, software, tactics, tool

OysterLoader, also tracked as Broomstick and CleanUp, is a multi”‘stage loader malware written in C++ and actively leveraged in campaigns linked to the Rhysida ransomware group. First highlighted in mid”‘2024 during malvertising and SEO”‘poisoning campaigns abusing trojanized installers for popular IT tools such as PuTTY, WinSCP, and Google Authenticator, OysterLoader masquerades as legitimate software download…