Tag: malware

New Cisco firewall malware can only be killed by pulling the plug

Apr 24, 2026 12:39 PM

Tags: backdoor, cisa, cisco, cyber, firewall, malware

Suspected state-sponsored attackers are using a custom backdoor to persistently compromise Cisco security devices (firewalls), the US CISA and the UK National Cyber Security … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/24/cisco-firepower-firestarter-backdoor/
Void Dokkaebi Hackers Spread Malware Through Fake Job Interviews

Apr 24, 2026 12:39 PM

Tags: ai, crypto, cyber, hacker, jobs, malware

Void Dokkaebi, also known as Famous Chollima, is expanding its cyber operations by turning fake job interviews into a large-scale malware distribution campaign targeting developers. The campaign begins with attackers posing as recruiters from cryptocurrency or AI companies. Developers are invited to complete coding tests that require cloning and running seemingly legitimate repositories from platforms…
UNC6692 Impersonates IT Help Desk via Microsoft Teams to Deploy SNOW Malware

Apr 24, 2026 12:39 PM

Tags: malware, microsoft, social-engineering, tactics, threat

A previously undocumented threat activity cluster known as UNC6692 has been observed leveraging social engineering tactics via Microsoft Teams to deploy a custom malware suite on compromised hosts.”As with many other intrusions in recent years, UNC6692 relied heavily on impersonating IT help desk employees, convincing their victim to accept a Microsoft Teams chat invitation from…
Npm Supply Chain Malware Attack Targets Developers With Worm-Like Propagation

Apr 24, 2026 10:38 AM

Tags: attack, credentials, malicious, malware, supply-chain, worm

Malicious npm packages spread via worm-like propagation and steal developer credentials First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/npm-supply-chain-worm-canister/
Hackers Impersonate IT Helpdesk Staff to Breach Firms via Microsoft Teams

Apr 24, 2026 7:38 AM

Tags: attack, breach, corporate, cyber, group, hacker, malware, microsoft, social-engineering, threat

A newly identified cyber threat group, UNC6692, is using a clever mix of social engineering and custom malware to infiltrate corporate networks. By impersonating IT helpdesk personnel on Microsoft Teams, these hackers trick employees into downloading a sophisticated malware suite that steals sensitive company data. The Social Engineering Trap The attack begins with an aggressive…
Newly Deciphered Sabotage Malware May Have Targeted Iran’s Nuclear Program”, and Predates Stuxnet

Apr 24, 2026 12:38 AM

Tags: iran, malware, stuxnet

Researchers have finally cracked Fast16, mysterious code capable of silently tampering with calculation and simulation software. It was created in 2005″, and likely deployed by the US or an ally. First seen on wired.com Jump to article: www.wired.com/story/fast16-malware-stuxnet-precursor-iran-nuclear-attack/
US, UK agencies warn hackers were hiding on Cisco firewalls long after patches were applied

Apr 23, 2026 11:38 PM

Tags: cisco, firewall, hacker, malware, network

Investigators found the malware, dubbed Firestarter, on a federal agency’s network in a campaign dating back to at least September 2025. First seen on cyberscoop.com Jump to article: cyberscoop.com/cisco-firestarter-malware-cisa-warning/
Dragos: Despite AI use, new malware targeting water plants is ‘hype’

Apr 23, 2026 10:39 PM

Tags: ai, malware

ZionSiphon was designed to find and sabotage Israelis’ water supply. An OT expert said it appears to be ineffective and the work of amateurs using AI. First seen on cyberscoop.com Jump to article: cyberscoop.com/dragos-zionsiphon-ai-malware-targeting-water-sector-hype/
US agency breached through Cisco vulnerability, FIRESTARTER backdoor allowed access through March

Apr 23, 2026 9:39 PM

Tags: access, backdoor, cisa, cisco, exploit, hacker, malware, vulnerability

CISA said the unnamed department was infected with malware called “FIRESTARTER” that allowed the hackers to return to the Cisco device in March without re-exploiting the original vulnerabilities. First seen on therecord.media Jump to article: therecord.media/cisa-us-agency-breached-cisco-vulnerability-backdoor
UNC6692 Impersonates IT Helpdesk via Microsoft Teams to Deploy SNOW Malware

Apr 23, 2026 9:39 PM

Tags: malware, microsoft, social-engineering, tactics, threat

A previously undocumented threat activity cluster known as UNC6692 has been observed leveraging social engineering tactics via Microsoft Teams to deploy a custom malware suite on compromised hosts.”As with many other intrusions in recent years, UNC6692 relied heavily on impersonating IT helpdesk employees, convincing their victim to accept a Microsoft Teams chat invitation from an…
Self-Propagating npm Malware Turns Trusted Packages Into Attack Paths

Apr 23, 2026 8:39 PM

Tags: access, api, attack, authentication, automation, breach, control, credentials, crypto, data, data-breach, endpoint, exploit, intelligence, malicious, malware, open-source, pypi, risk, service, software, supply-chain, theft, threat, unauthorized, worm

<div cla TL;DR An open source malware campaign dubbed CanisterSprawl has been observed in npm, stealing sensitive data from developer machines including tokens, API keys, and more. From there, the malware publishes additional compromised packages under hijacked credentials, abusing developer trust in open source ecosystems to spread. Impacted organizations should remove the malware immediately, examine…
Self-Propagating npm Malware Turns Trusted Packages Into Attack Paths

Apr 23, 2026 8:39 PM

Tags: access, api, attack, authentication, automation, breach, control, credentials, crypto, data, data-breach, endpoint, exploit, intelligence, malicious, malware, open-source, pypi, risk, service, software, supply-chain, theft, threat, unauthorized, worm

<div cla TL;DR An open source malware campaign dubbed CanisterSprawl has been observed in npm, stealing sensitive data from developer machines including tokens, API keys, and more. From there, the malware publishes additional compromised packages under hijacked credentials, abusing developer trust in open source ecosystems to spread. Impacted organizations should remove the malware immediately, examine…
Self-Propagating npm Malware Turns Trusted Packages Into Attack Paths

Apr 23, 2026 8:39 PM

Tags: access, api, attack, authentication, automation, breach, control, credentials, crypto, data, data-breach, endpoint, exploit, intelligence, malicious, malware, open-source, pypi, risk, service, software, supply-chain, theft, threat, unauthorized, worm

<div cla TL;DR An open source malware campaign dubbed CanisterSprawl has been observed in npm, stealing sensitive data from developer machines including tokens, API keys, and more. From there, the malware publishes additional compromised packages under hijacked credentials, abusing developer trust in open source ecosystems to spread. Impacted organizations should remove the malware immediately, examine…
Harvester APT Expands Spying Operations with New GoGra Linux Malware

Apr 23, 2026 7:39 PM

Tags: api, apt, linux, malware, microsoft

New GoGra Linux malware linked to Harvester APT targets systems in South Asia, using fake PDFs and Microsoft APIs for covert command and control. First seen on hackread.com Jump to article: hackread.com/harvester-apt-spying-new-gogra-linux-malware/
With AI’s help, North Korean hackers stumbled into a near-undetectable attack

Apr 23, 2026 5:39 PM

Tags: ai, attack, exploit, hacker, hacking, malware, north-korea, phishing, social-engineering

For many years, state-sponsored hacking was defined by human expertise in finding security holes, writing malware and exploits, pulling off social engineering and phishing … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/23/hexagonalrodent-north-korean-hackers-targeting-developers/
Malware-Kit Venom Stealer hebt ClickFix-Angriffe auf ein neues Niveau

Apr 23, 2026 3:39 PM

Tags: cyberattack, malware, social-engineering

Der Ansatz: Das Opfer wird durch geschickte Social-Engineering-Methoden dazu gebracht, einen bereitgestellten Befehl in die Zwischenablage zu kopieren… First seen on infopoint-security.de Jump to article: www.infopoint-security.de/malware-kit-venom-stealer-hebt-clickfix-angriffe-auf-ein-neues-niveau/a44750/
Check Point belegt ersten Platz im Hybrid-Mesh-NetworkBenchmark von Miercom

Apr 23, 2026 2:39 PM

Tags: ai, malware, network, phishing, software

Check Point Software Technologies, gibt bekannt, dass man im <> den ersten Platz belegt hat. Dieser bedeutsame Erfolg markiert für Check Point das vierte Jahr in Folge die branchenweite Spitzenposition. Check Point erreichte mit einer Phishing-Erkennungsrate von 100 Prozent und einer KI-gestützten Malware-Abwehr von 99,9 Prozent den Spitzenwert […] First seen on netzpalaver.de Jump to…
If malware via monitor cables is a matter of national security, this might be the gadget for you

Apr 23, 2026 1:39 PM

Tags: cyber, malware

Orgs can now buy UK cyber agency engineered commercial gadget, but details are slim First seen on theregister.com Jump to article: www.theregister.com/2026/04/23/ncscs_first_foray_into_commercial/
Malicious npm Package Hijacks Hugging Face for Malware Delivery

Apr 23, 2026 1:39 PM

Tags: ai, breach, cyber, data, malicious, malware

Malicious npm package js-logger-pack is now abusing Hugging Face not just as a malware CDN, but also as a live exfiltration backend for stolen data, turning a popular AI platform into part of a full-featured cross”‘platform implant chain. Earlier campaign phases already used Hugging Face as a simple hosting point for those binaries, but the latest builds…
Unwary Chinese Hackers Hardcoded Credentials into Backdoors

Apr 23, 2026 12:39 PM

Tags: backdoor, china, control, credentials, cyberespionage, government, group, hacker, malware

Eset Researchers Discover Trove of Go-Based Malware. Researchers uncovered a Chinese-linked cyberespionage group after attackers left command and control credentials embedded in malware, exposing internal operations, testing environments and thousands of messages tied to campaigns targeting a Mongolia government agency. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/unwary-chinese-hackers-hardcoded-credentials-into-backdoors-a-31487
Outlook Mailboxes Used to Conceal Linux GoGra Backdoor Traffic

Apr 23, 2026 12:39 PM

Tags: backdoor, cyber, espionage, group, linux, malware, threat

A newly discovered Linux variant of the GoGra backdoor is being used by the Harvester advanced persistent threat (APT) group to conduct stealthy cyber espionage operations. Harvester, a suspected nation-state-backed group active since at least 2021, is known for targeting South Asia with custom malware and espionage campaigns. The discovery of a Linux version of…
Lazarus Lures Developers With Backdoored Coding Tests

Apr 23, 2026 11:39 AM

Tags: ai, crypto, cyber, data, group, hacker, korea, lazarus, malware, north-korea

North Korea-linked hackers are using AI-assisted malware and backdoored coding challenges to quietly loot millions in cryptocurrency from Web3 developers. Expel assesses with high confidence that HexagonalRodent is a DPRK state-sponsored subgroup that likely evolved from fraudulent IT worker operations before pivoting fully to malware-driven theft. In just three months, the group exfiltrated data from…
Microsoft Graph API misused by new GoGra Linux malware for hidden communication

Apr 23, 2026 10:39 AM

Tags: api, backdoor, cyberespionage, group, linux, malicious, malware, microsoft

A new GoGra Linux malware uses Microsoft Graph API and an Outlook inbox to deliver payloads, making it stealthy and hard to detect. A new Linux version of the GoGra backdoor uses Microsoft’s Graph API and an Outlook inbox to deliver malicious payloads stealthily. The malware is linked to the Harvester cyberespionage group, which is…
Fake Wallpaper App, YouTube Channel Used to Spread notnullOSX Malware

Apr 23, 2026 10:39 AM

Tags: crypto, cyber, hacker, macOS, malware

Hackers are abusing a fake macOS wallpaper app and a hijacked YouTube channel to quietly deliver notnullOSX, a new crypto-focused stealer that targets Macs via ClickFix commands and weaponized DMG installers. The campaign is highly selective, going after victims with crypto holdings above 10,000 USD and using polished lures that closely mimic legitimate apps and workflows.…
Fake TradingView AI Site Spreads Needle Stealer Through Phony TradingClaw App

Apr 23, 2026 9:39 AM

Tags: ai, cyber, finance, malware, strategy

A fake TradingView AI agent website is delivering Needle Stealer malware through a bogus “TradingClaw” assistant that can hijack victims’ browsers, drain financial accounts, and enable follow”‘on attacks. The campaign targets traders seeking automated strategies on TradingView, capitalizing on the current hype around AI trading bots and browser”‘based investing tools. The site imitates legitimate trading…
Fake TradingView AI Site Spreads Needle Stealer Through Phony TradingClaw App

Apr 23, 2026 9:39 AM

Tags: ai, cyber, finance, malware, strategy

A fake TradingView AI agent website is delivering Needle Stealer malware through a bogus “TradingClaw” assistant that can hijack victims’ browsers, drain financial accounts, and enable follow”‘on attacks. The campaign targets traders seeking automated strategies on TradingView, capitalizing on the current hype around AI trading bots and browser”‘based investing tools. The site imitates legitimate trading…
Tropic Trooper Pivots to AdaptixC2 and Custom Beacon Listener

Apr 23, 2026 5:39 AM

Tags: access, api, attack, backdoor, china, cloud, control, data, detection, github, infection, intelligence, korea, login, malicious, malware, military, monitoring, network, open-source, service, tactics, threat, tool, windows

IntroductionOn March 12, 2026, Zscaler ThreatLabz discovered a malicious ZIP archive containing military-themed document lures targeting Chinese-speaking individuals. Our analysis of this sample uncovered a campaign leveraging a multi-stage attack chain where a trojanized SumatraPDF reader deploys an AdaptixC2 Beacon agent, ultimately leading to the download and abuse of Visual Studio (VS) Code tunnels for…
Malicious pgserve, automagik developer tools found in npm registry

Apr 23, 2026 5:39 AM

Tags: access, attack, breach, cloud, control, corporate, credentials, crypto, data, firewall, github, infrastructure, least-privilege, malicious, malware, network, open-source, password, radius, risk, service, software, tactics, theft, threat, tool, worm

Advice to victimized developers: Developers who have downloaded the malicious versions of pgserver and automagik need to act fast, says Tanya Janca, head of Canadian secure coding consultancy SheHacksPurple.”Rotate every credential you can think of, right now, before you do anything else,” she said. “Then harden your CI/CD network egress controls so your build runners…
North Korean hackers siphon more than $12 million from crypto users in sprawling campaign

Apr 22, 2026 11:39 PM

Tags: attack, crypto, group, hacker, malware, north-korea

Researchers said the group stole up to $12 million in cryptocurrency in the first three months of 2026 through malware attacks on personal devices. First seen on therecord.media Jump to article: therecord.media/north-korean-hackers-siphon-12-million-from-crypto-users
New Mirai campaign exploits RCE flaw in EoL D-Link routers

Apr 22, 2026 10:39 PM

Tags: cve, exploit, flaw, injection, malware, rce, remote-code-execution, router, vulnerability

A new Mirai-based malware campaign is actively exploiting CVE-2025-29635, a high-severity command-injection vulnerability affecting D-Link DIR-823X routers, to enlist devices into the botnet. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-mirai-campaign-exploits-rce-flaw-in-eol-d-link-routers/