Collecting Cyber-News from over 60 sources

Tag: malware

New Argamal malware disguised as adult games targets users

Jun 16, 2026 6:01 AM

Tags: malware

First seen on scworld.com Jump to article: www.scworld.com/brief/new-argamal-malware-disguised-as-adult-games-targets-users
Chinese hackers breached North American research institutions via REDCap servers

Jun 15, 2026 10:01 PM

Tags: china, cyber, espionage, hacker, malware

A China-linked cyber espionage operation targeted North American medical research institutions through compromised REDCap servers, using custom malware to gain persistent … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/06/15/chinese-hackers-redcap-medical-research-institutions-breach/
North Korean Hackers Are Turning Developer Tools Into Malware Delivery Channels

Jun 15, 2026 10:01 PM

Tags: cyber, cybersecurity, hacker, malicious, malware, north-korea, phishing, threat, tool

Cybersecurity researchers have flagged two malicious cyber campaigns that exhibit similarities with a persistent North Korean threat cluster known as Contagious Interview (aka Famous Chollima, HexagonalRodent, and Void Dokkaebi).According to a report published by Proofpoint, the threat actor has been found orchestrating phishing campaigns using developer role recruitment or code review themes First seen on…
Chinese hackers breach REDCap servers, steal medical research

Jun 15, 2026 5:01 PM

Tags: breach, china, data, data-breach, espionage, hacker, malware

A China-linked espionage campaign targeted exposed REDCap servers to deploy the InfiniteRed malware and steal sensitive data from a medical institution in North America. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/chinese-hackers-breach-redcap-servers-steal-medical-research/
APT37 Hackers Use NarwhalRAT Malware With MS-Themed Phishing and Dead-Drop C2

Jun 15, 2026 9:01 AM

Tags: backdoor, cyber, data, hacker, malicious, malware, microsoft, phishing, powershell, social-engineering, spear-phishing, theft

APT37 is using NarwhalRAT in a tightly engineered intrusion chain that starts with Microsoft-themed spear-phishing, pivots through malicious LNK files and PowerShell, and ends with a Python-based backdoor with dead-drop C2 via pCloud. The campaign is notable for its layered tradecraft: social engineering, LOLBin abuse, scheduled-task persistence, in-memory execution, and selective data theft are all…
Threat Actor Malware Platform Exposed Through Unlocked PHP Installer Page

Jun 15, 2026 8:01 AM

Tags: access, cyber, data-breach, intelligence, malware, monitoring, software, threat

A misconfigured PHP-based malware distribution platform has been exposed after a security researcher inadvertently gained administrative access via an unlocked installation page, highlighting critical operational security failures in the active threat actor’s infrastructure. The incident, documented on June 11, 2026, began with routine threat intelligence monitoring on X (formerly Twitter), where a suspicious software download…
Hackers Hide New Argamal Malware Inside Working Hentai Games

Jun 14, 2026 9:01 PM

Tags: access, hacker, kaspersky, malware

Kaspersky found Argamal malware hidden in hentai game installers, giving hackers remote access through working games shared on adult sites and torrents. First seen on hackread.com Jump to article: hackread.com/hackers-hide-argamal-malware-hentai-games/
Manipulierte Red-Hat-npm-Pakete verbreiten neue Malware

Jun 14, 2026 5:02 PM

Tags: cloud, exploit, malware, service, supply-chain

Das JFrog-Security-Research-Team hat eine neue Welle der Supply-Chain-Schadsoftware Shai-Hulud analysiert. Betroffen sind 96 manipulierte Paketversionen aus dem npm-Namensraum @redhat-cloud-services, einem von Red Hat selbst genutzten und damit vertrauenswürdigen Bereich. Die Angreifer haben dabei nicht etwa Typosquatting-Pakete platziert, sondern legitime, weit verbreitete Komponenten als Träger missbraucht. Im Schadcode selbst wird die Kampagne als ‘Miasma: The Spreading…
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 101

Jun 14, 2026 4:03 PM

Tags: ai, international, malware, worm

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter IronWorm: Shai-Hulud’s rustier cousin Trojanized ai-sdk-ollama Delivers Miasma, a Self-Replicating npm Worm via binding.gyp Inside the Cross-Platform Propagation of a New Gafgyt Variant C0XMO Using AI Agents to Analyze Malware on REMnux The Miasma…
Siemens Desigo CC patch files falsely flagged as malware

Jun 13, 2026 6:04 AM

Tags: malware, update

First seen on scworld.com Jump to article: www.scworld.com/brief/siemens-desigo-cc-patch-files-falsely-flagged-as-malware
Over 400 Arch Linux AUR Packages Hijacked to Deploy Infostealer and eBPF Rootkit

Jun 12, 2026 11:02 PM

Tags: credentials, linux, malware, rust

Attackers took over more than 400 packages in the Arch User Repository (AUR) this week and rewrote their build scripts to install a credential stealer on any machine that built them.The malware is a Rust binary built to harvest developer secrets. When it lands with root, it can also load an eBPF rootkit to hide…
400+ Arch Linux AUR Packages Hijacked to Install Rust Credential Stealer

Jun 12, 2026 10:02 PM

Tags: credentials, linux, malware, rust

Attackers took over more than 400 packages in the Arch User Repository (AUR) this week and rewrote their build scripts to install a credential stealer on any machine that built them.The malware is a Rust binary built to harvest developer secrets. When it lands with root, it can also load an eBPF rootkit to hide…
Atomic Arch Campaign Hijacks 20+ Linux AUR Packages to Deliver Malware

Jun 12, 2026 9:02 PM

Tags: linux, malware

Over 20 Linux packages were compromised in the Atomic Arch campaign, which abuses AUR ownership transfers to drop rootkit-like malware. First seen on hackread.com Jump to article: hackread.com/atomic-arch-hijacks-linux-aur-packages-malware/
Over 400 Arch Linux packages compromised to push rootkit, infostealer

Jun 12, 2026 8:02 PM

Tags: access, credentials, linux, malware

More than 400 packages in the Arch User Repository (AUR) are distributing a Linux rootkit and infostealer malware targeting credentials and access tokens. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/over-400-arch-linux-packages-compromised-to-push-rootkit-infostealer/
Hackers Abuse NinjaOne RMM Agent to Gain Remote Access to Brazilian Organizations

Jun 12, 2026 2:02 PM

Tags: access, business, cyber, exploit, finance, hacker, malware, monitoring, phishing, social-engineering

An active phishing campaign that weaponizes a legitimate NinjaOne Remote Monitoring and Management (RMM) agent to gain persistent remote access to Brazilian organizations. Rather than relying on bespoke malware, the operators exploit familiar business workflows and Portuguese-language social engineering to trick finance, procurement, accounting and administrative staff into installing a digitally signed NinjaOne agent that…
Hackers Use Typosquatted npm Packages to Target Web3 Projects and Crypto Wallet Operators

Jun 12, 2026 2:02 PM

Tags: blockchain, crypto, cyber, hacker, malicious, malware, open-source, theft

Hackers have been using typosquatting npm packages to weaponize the trust Web3 teams place in open-source dependencies, turning routine installs into a path for wallet theft, secret harvesting, and staged malware delivery. The campaign is especially dangerous because it blends familiar Ethereum and blockchain branding with postinstall and preinstall abuse, allowing malicious code to execute…
OnyxC2 Stealer Uses Cloudflare-Fronted C2 to Exfiltrate Browser Data and Credentials

Jun 12, 2026 12:02 PM

Tags: control, credentials, cyber, cybercrime, data, malware, service

A new commercial-grade information stealer, marketed as OnyxC2, surfaced on cybercrime forums in early 2026 and demonstrates how commodity malware is increasingly packaged as a full-service product. For $250 a month buyers receive a web-based control panel, a payload builder, tiered licensing, and even refund guarantees if a build is detected lowering the barrier for…
OnyxC2 Stealer Uses Cloudflare-Fronted C2 to Exfiltrate Browser Data and Credentials

Jun 12, 2026 12:02 PM

Tags: control, credentials, cyber, cybercrime, data, malware, service

A new commercial-grade information stealer, marketed as OnyxC2, surfaced on cybercrime forums in early 2026 and demonstrates how commodity malware is increasingly packaged as a full-service product. For $250 a month buyers receive a web-based control panel, a payload builder, tiered licensing, and even refund guarantees if a build is detected lowering the barrier for…
ThreatsDay Bulletin: Worm Code Leaked, AI Agent Phished, Claude Code Patch + 28 New Stories

Jun 11, 2026 8:04 PM

Tags: ai, attack, data-breach, malware, network, rat, supply-chain, update, worm

It’s been one of those weeks. You expect the usual noise: recycled malware, sloppy attacks, another easy target getting hit. Instead, there’s a supply chain attack kit in a public repo, a $5,000-a-month RAT that clones browsers, and research showing AI agents can be tricked into leaking real credentials.The bigger problem is how polished this…
Cybercriminals Use Fake AI Guides and Dev Tools to Spread AsyncRAT Malware

Jun 11, 2026 5:02 PM

Tags: ai, cybercrime, guide, malware, tool

Fake AI guides hide a multi-stage chain that drops AsyncRAT, with signs of AI-assisted coding First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/fake-ai-guides-dev-tools-spread/
OnyxC2 Malware-as-a-Service Offers Enterprise-Grade Data Theft

Jun 11, 2026 5:02 PM

Tags: access, cybercrime, data, malware, service, theft

OnyxC2 is a MaaS stealer targeting 210+ apps, using DLL sideloading, encrypted payloads, and remote access features to evade detection. OnyxC2 appeared on a cybercrime forum earlier this year and is sold as a subscription service: $250 per month for the standard build, $500 for the premium tier that includes HVNC, and $6,000 for an…
Fake Spotify Premium tutorials on TikTok and Instagram Reels spread malware

Jun 11, 2026 5:02 PM

Tags: cybercrime, malware, software

Cybercriminals are using TikTok and Instagram Reels videos to spread Vidar, an infostealer malware, through fake downloads for popular paid software, according to … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/06/11/vidar-infostealer-tiktok-instagram-reels-malware-campaigns/
ThreatsDay Bulletin: Worm Code Leaked, AI Agent Phished, Claude Action Patch + 28 New Stories

Jun 11, 2026 5:02 PM

Tags: ai, attack, data-breach, malware, network, rat, supply-chain, update, worm

It’s been one of those weeks. You expect the usual noise: recycled malware, sloppy attacks, another easy target getting hit. Instead, there’s a supply chain attack kit in a public repo, a $5,000-a-month RAT that clones browsers, and research showing AI agents can be tricked into leaking real credentials.The bigger problem is how polished this…
Hackers Use Fake Claude Code Guide and AI PDFs to Spread AsyncRAT Malware

Jun 11, 2026 4:02 PM

Tags: ai, attack, guide, hacker, malware, powershell, windows

Hackers are using fake Claude Code guide and AI PDFs to spread AsyncRAT malware via Windows attack using PowerShell and Defender exclusions. First seen on hackread.com Jump to article: hackread.com/hackers-fake-claude-code-guide-ai-pdfs-asyncrat/
Weaponized DMG Files Deliver macOS Infostealer Malware

Jun 11, 2026 2:02 PM

Tags: authentication, credentials, crypto, cyber, macOS, malware, social-engineering, threat

A recent surge in macOS-targeted campaigns shows threat actors favoring weaponized disk images (.dmg) as the primary delivery mechanism for infostealer malware. Attackers are leveraging convincing, branded DMG installers and social-engineering tricks to bypass Gatekeeper and trick users into executing payloads that rapidly harvest credentials, cookies, authentication tokens, and cryptocurrency wallets before disappearing without persistence.…
Attacke über Dienstleister: VerdantBamboo infiziert Linux-Appliances

Jun 11, 2026 8:02 AM

Tags: linux, malware

Die Hackergruppe VerdantBamboo nutzt eine BSD-Variante der BRICKSTORM-Malware sowie die Schadprogramme PLENET und AGENTPSD zur Linux-Spionage. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/linux-appliances-verdantbamboo
GitHub disables Microsoft repos pushing password-stealing malware

Jun 9, 2026 6:42 PM

Tags: github, malware, microsoft, password

Microsoft removed 73 repositories across its Azure, microsoft, Azure-Samples, and MicrosoftDocs organizations on GitHub, disrupting continuous integration pipelines. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/github-disables-microsoft-repos-pushing-password-stealing-malware/
MagicAd Android Malware Bypasses Restrictions to Flood Devices With Ads

Jun 9, 2026 3:42 PM

Tags: android, cyber, fraud, malware

Android.MagicAd, a stealthy Android trojan family that circumvents operating-system safeguards to push intrusive ads from the background. The apps were short-lived in the catalogs appearing for weeks then removed yet any installed copies remained active on user devices, allowing attackers to sustain ad-fraud and persistence while reducing exposure in app stores. Technically sophisticated, Android.MagicAd hides…
MagicAd Android Malware Bypasses Restrictions to Flood Devices With Ads

Jun 9, 2026 3:42 PM

Tags: android, cyber, fraud, malware

Android.MagicAd, a stealthy Android trojan family that circumvents operating-system safeguards to push intrusive ads from the background. The apps were short-lived in the catalogs appearing for weeks then removed yet any installed copies remained active on user devices, allowing attackers to sustain ad-fraud and persistence while reducing exposure in app stores. Technically sophisticated, Android.MagicAd hides…
North Korea Hackers Weaponize GitHub to Target Developers

Jun 9, 2026 2:42 PM

Tags: crypto, cyber, email, finance, github, hacker, korea, malware, north-korea, phishing, technology

A sustained phishing campaign that leverages developer recruitment and code-review lures to deliver cross”‘platform malware via attacker-controlled GitHub repositories. Tracked as UNK_DeadDrop and attributed with high confidence to a North Korea”‘aligned actor, the operation targeted nearly 100 organizations across finance, cryptocurrency, education and technology by sending more than 250 tailored emails over six weeks. The…