Collecting Cyber-News from over 60 sources

Tag: malware

New Phishing Attack Exploits Vercel to Host and Deliver Remote Access Malware

Jan 26, 2026 4:21 PM

Tags: access, attack, business, cyber, email, exploit, finance, malware, phishing

A new phishing campaign abusing the Vercel hosting platform has been active since at least November 2025 and is becoming increasingly sophisticated. The core trick is “inherited trust.” Attackers send short phishing emails with financial or business themes such as unpaid invoices, payment statements, or document reviews. The real hook is not the text, but…
Poland repels data-wiping malware attack on energy systems

Jan 26, 2026 2:21 PM

Tags: attack, cyber, data, infrastructure, malware, russia

Suspected Russian cyber attackers tried to take down parts of Poland’s energy infrastructure with new data-wiping malware and failed. According to information shared … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/01/26/poland-energy-malware-attack/
âš¡ Weekly Recap: Firewall Flaws, AI-Built Malware, Browser Traps, Critical CVEs & More

Jan 26, 2026 2:21 PM

Tags: ai, cve, defense, firewall, flaw, malware, software, tool

Security failures rarely arrive loudly. They slip in through trusted tools, half-fixed problems, and habits people stop questioning. This week’s recap shows that pattern clearly.Attackers are moving faster than defenses, mixing old tricks with new paths. “Patched” no longer means safe, and every day, software keeps becoming the entry point.What follows is a set of…
North Korealinked KONNI uses AI to build stealthy malware tooling

Jan 26, 2026 1:18 PM

Tags: ai, blockchain, group, malware, phishing, powershell, software

Check Point links an active phishing campaign to North Koreaaligned KONNI, targeting developers with fake blockchain project docs and using an AI-written PowerShell backdoor. Check Point Research uncovered an active phishing campaign attributed to the North Korealinked KONNI group (aka Kimsuky, Earth Imp, TA406, Thallium, Vedalia, and Velvet Chollima). The operation targets software developers and engineers using fake project…
Winning Against AI-Based Attacks Requires a Combined Defensive Approach

Jan 26, 2026 1:18 PM

Tags: ai, attack, cybersecurity, google, group, intelligence, malicious, malware, strategy, threat

If there’s a constant in cybersecurity, it’s that adversaries are always innovating. The rise of offensive AI is transforming attack strategies and making them harder to detect. Google’s Threat Intelligence Group, recently reported on adversaries using Large Language Models (LLMs) to both conceal code and generate malicious scripts on the fly, letting malware shape-shift in…
Konni Hackers Deploy AI-Generated PowerShell Backdoor Against Blockchain Developers

Jan 26, 2026 11:21 AM

Tags: ai, backdoor, blockchain, hacker, india, intelligence, korea, malware, north-korea, phishing, powershell, russia, threat, tool, ukraine

The North Korean threat actor known as Konni has been observed using PowerShell malware generated using artificial intelligence (AI) tools to target developers and engineering teams in the blockchain sector.The phishing campaign has targeted Japan, Australia, and India, highlighting the adversary’s expansion of the targeting scope beyond South Korea, Russia, Ukraine, and European nations, Check…
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 81

Jan 25, 2026 4:18 PM

Tags: ai, edr, exploit, international, malware, pypi

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter UNO reverse card: stealing cookies from cookie stealers PDFSIDER Malware Exploitation of DLL Side-Loading for AV and EDR Evasion VoidLink: Evidence That the Era of Advanced AI-Generated Malware Has Begun PyPI Package Impersonates […]…
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 81

Jan 25, 2026 4:18 PM

Tags: ai, edr, exploit, international, malware, pypi

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter UNO reverse card: stealing cookies from cookie stealers PDFSIDER Malware Exploitation of DLL Side-Loading for AV and EDR Evasion VoidLink: Evidence That the Era of Advanced AI-Generated Malware Has Begun PyPI Package Impersonates […]…
Sandworm hackers linked to failed wiper attack on Poland’s energy systems

Jan 24, 2026 11:33 PM

Tags: attack, cyberattack, data, group, hacker, hacking, malware, russia

A cyberattack targeting Poland’s power grid in late December 2025 has been linked to the Russian state-sponsored hacking group Sandworm, which attempted to deploy a new destructive data-wiping malware dubbed DynoWiper during the attack.. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/sandworm-hackers-linked-to-failed-wiper-attack-on-polands-energy-systems/
Poland’s energy grid was targeted by never-before-seen wiper malware

Jan 24, 2026 9:30 PM

Tags: attack, malware, russia, ukraine

Destructive payload unleashed on 10-year anniversary of Russia’s attack on Ukraine’s grid. First seen on arstechnica.com Jump to article: arstechnica.com/security/2026/01/wiper-malware-targeted-poland-energy-grid-but-failed-to-knock-out-electricity/
Konni hackers target blockchain engineers with AI-built malware

Jan 24, 2026 5:31 PM

Tags: ai, blockchain, group, hacker, malware, north-korea, powershell

The North Korean hacker group Konni (Opal Sleet, TA406) is using AI-generated PowerShell malware to target developers and engineers in the blockchain sector. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/konni-hackers-target-blockchain-engineers-with-ai-built-malware/
New DynoWiper Malware Used in Attempted Sandworm Attack on Polish Power Sector

Jan 24, 2026 10:30 AM

Tags: attack, country, cyber, group, hacking, malware, russia

The Russian nation-state hacking group known as Sandworm has been attributed to what has been described as the “largest cyber attack” targeting Poland’s power system in the last week of December 2025.The attack was unsuccessful, the country’s energy minister, Milosz Motyka, said last week.”The command of the cyberspace forces has diagnosed in the last days…
Browser Wars, Continued: Why Everyone Is Building Their Own AI Browser

Jan 23, 2026 11:30 PM

Tags: access, ai, api, attack, awareness, browser, chatgpt, chrome, cloud, data, detection, github, google, identity, infrastructure, Internet, LLM, malicious, malware, network, openai, saas, technology, threat, unauthorized

Written by Vivek Ramachandran, SquareX Founder, for Forbes Technology Council. This article originally appeared here. Source: Getty If you lived through the 1990s, you’ll remember the first of the ” browser wars,” where Netscape and Internet Explorer fiercely competed for market dominance. Then Google launched Chromium in 2008, and this battle effectively ended. The past 17…
Data Leak Exposes 149M Logins, Including Gmail, Facebook

Jan 23, 2026 11:30 PM

Tags: credentials, data, data-breach, leak, login, malware

A massive unsecured database exposed 149 million logins, raising concerns over infostealer malware and credential theft. The post Data Leak Exposes 149M Logins, Including Gmail, Facebook appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-149-million-passwords-exposed-infostealer-database/
Researchers say Russian government hackers were behind attempted Poland power outage

Jan 23, 2026 10:30 PM

Tags: government, group, hacker, hacking, infrastructure, malware, russia

Security researchers have attributed the attempted use of destructive “wiper” malware across Poland’s energy infrastructure in late December to a Russian-backed hacking group known for causing power outages in neighboring Ukraine. First seen on techcrunch.com Jump to article: techcrunch.com/2026/01/23/researchers-say-russian-government-hackers-were-behind-attempted-poland-power-outage/
The cybercrime industry continues to challenge CISOs in 2026

Jan 23, 2026 8:30 PM

Tags: access, ai, attack, automation, backup, best-practice, breach, business, ciso, compliance, control, credentials, crime, crowdstrike, cyber, cybercrime, cybersecurity, data, data-breach, deep-fake, defense, detection, disinformation, espionage, exploit, extortion, fortinet, framework, fraud, governance, group, hacker, hacking, identity, incident response, infection, infrastructure, insurance, intelligence, malware, metric, network, phishing, ransom, ransomware, resilience, risk, saas, service, soar, social-engineering, sophos, strategy, supply-chain, technology, theft, threat, tool, training, update, usa, vpn, vulnerability

Evolution of the security strategy: Alessandro Armenia, global head of cybersecurity at ReeVo, believes that three key aspects are emerging in the current landscape: “First, attacks are no longer isolated events, but coordinated, in some cases automated, operations that often originate within the organizations themselves, for example, due to human error or exposed credentials. Second,…
The cybercrime industry continues to challenge CISOs in 2026

Jan 23, 2026 8:30 PM

Tags: access, ai, attack, automation, backup, best-practice, breach, business, ciso, compliance, control, credentials, crime, crowdstrike, cyber, cybercrime, cybersecurity, data, data-breach, deep-fake, defense, detection, disinformation, espionage, exploit, extortion, fortinet, framework, fraud, governance, group, hacker, hacking, identity, incident response, infection, infrastructure, insurance, intelligence, malware, metric, network, phishing, ransom, ransomware, resilience, risk, saas, service, soar, social-engineering, sophos, strategy, supply-chain, technology, theft, threat, tool, training, update, usa, vpn, vulnerability

Evolution of the security strategy: Alessandro Armenia, global head of cybersecurity at ReeVo, believes that three key aspects are emerging in the current landscape: “First, attacks are no longer isolated events, but coordinated, in some cases automated, operations that often originate within the organizations themselves, for example, due to human error or exposed credentials. Second,…
US to deport Venezuelans who emptied bank ATMs using malware

Jan 23, 2026 6:38 PM

Tags: finance, malware

South Carolina federal prosecutors announced that two Venezuelan nationals convicted of stealing hundreds of thousands of dollars from U.S. banks in an ATM jackpotting scheme will be deported after serving their sentences. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/us-to-deport-venezuelans-who-emptied-bank-atms-using-malware/
MacSync macOS Infostealer Exploits ClickFix-style Attack to Trick Users with Single Terminal Command

Jan 23, 2026 4:34 PM

Tags: access, attack, credentials, crypto, cyber, exploit, Hardware, login, macOS, malware, microsoft, phishing, service, social-engineering, tool

A sophisticated macOS infostealer campaign that leverages deceptive ClickFix-style social engineering to distribute MacSync, a Malware-as-a-Service (MaaS) credential-stealing tool targeting cryptocurrency users. The attack chain begins with phishing redirects and culminates in persistent access through trojanized hardware wallet applications. The campaign initiates with credential harvesters impersonating Microsoft login pages. Analysis of crosoftonline[.]com/login[.]srf a domain spoofing official Microsoft…
From Incident to Insight: How Forensic Recovery Drives Adaptive Cyber Resilience

Jan 23, 2026 4:34 PM

Tags: business, cyber, cybersecurity, defense, malware, ransomware, resilience

When ransomware cripples a business’s systems or stealthy malware slips past defenses, the first instinct is to get everything back online as quickly as possible. That urgency is understandable, Cybersecurity Ventures estimates ransomware damage costs $156 million per day. But businesses cannot let speed overshadow the more pressing need to understand exactly what happened,.. First…
Fake Captcha Exploits Trusted Web Infrastructure to Distribute Malware

Jan 23, 2026 4:34 PM

Tags: captcha, cyber, exploit, infrastructure, malicious, malware, service

Fake Captcha and >>ClickFix<< lures have emerged as among the most persistent and deceptive malware-delivery mechanisms on the modern web. These pages mimic legitimate verification challenges from trusted services like Cloudflare, tricking users into executing malicious commands disguised as security checks or browser validation steps. What appears to be a routine security interstitial something millions…
Threat Actors Exploit LNK Files to Deploy MoonPeak Malware on Windows Systems

Jan 23, 2026 4:34 PM

Tags: attack, cyber, exploit, finance, korea, malware, social-engineering, threat, windows

A sophisticated three-stage malware attack campaign against Windows users in South Korea using specially crafted LNK (shortcut) files. The attack begins with a deceptive LNK file named >>ì‹¤ì „ íŠ¸ë ˆì´ë, © í•µì‹¬ ë¹„ë²•ì„œ.pdf.lnk<>Practical Trading Core Secret Book<<), specifically crafted to target South Korean investors seeking financial guidance. This social engineering approach exploits users' trust […] The…
Angreifer missbrauchen Tools für Remote-Monitoring und Management als Backdoor

Jan 23, 2026 3:31 PM

Tags: backdoor, malware, monitoring, software, threat, tool

Die KnowBe4 Threat Labs informieren über eine ausgeklügelte Dual-Vektor-Kampagne, die die Bedrohungskette nach der Kompromittierung von Anmeldedaten demonstriert. Anstatt maßgeschneiderte Malware einzusetzen, umgehen die Angreifer die Sicherheitsperimeter, indem sie IT-Tools missbrauchen, denen von IT-Administratoren vertraut wird. Indem sie sich einen ‘Generalschlüssel” für das System verschaffen, verwandeln sie legitime Remote-Monitoring and Management (RMM)-Software in eine dauerhafte…
What are drive-by download attacks?

Jan 23, 2026 2:30 PM

Tags: attack, cyber, infection, malicious, malware, software, threat

A drive-by download attack is a type of cyber threat where malicious software is downloaded and installed on a user’s device without their knowledge or consent simply by visiting a compromised or malicious website. Unlike traditional malware attacks, users often do not have to click a link or open an attachment, the infection can… First…
Hackers Disable Windows Security With New Malware Attack

Jan 23, 2026 12:30 PM

Tags: attack, exploit, hacker, malware, social-engineering, windows

Unlike traditional attacks that rely on exploits, this succeeds through social engineering combined with abuse of Windows’ own security architecture. The post Hackers Disable Windows Security With New Malware Attack appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-hackers-disable-windows-security/
Keine Malware nötig: Hacker tricksen Googles Gemini mit einem Kalendereintrag aus

Jan 23, 2026 10:31 AM

Tags: google, hacker, malware

First seen on t3n.de Jump to article: t3n.de/news/keine-malware-noetig-hacker-tricksen-googles-gemini-mit-einem-kalendereintrag-aus-1726136/
Machine learningpowered Android Trojans bypass script-based Ad Click detection

Jan 22, 2026 9:42 PM

Tags: android, cybersecurity, detection, fraud, malware, ml

A new Android click-fraud trojan family uses TensorFlow ML to visually detect and tap ads, bypassing traditional script-based click techniques. Researchers at cybersecurity firm Dr.Web discovered a new Android click-fraud trojan family that uses TensorFlow.js ML models to visually detect and tap ads, avoiding traditional script-based methods. The malware is distributed via Xiaomi’s GetApps, it…
KI-generierte Malware bedroht Entwickler und Blockchain-Ökosysteme

Jan 22, 2026 6:46 PM

Tags: ai, blockchain, cyber, malware, phishing, software

Check Point Research veröffentlicht die Ergebnisse seiner Analyse einer neuen Phishing-Kampagne im Zusammenhang mit <>. Die Malware-Familie wird der nordkoreanischen Gruppe APT37 zugerechnet. Aufgrund der Analyse stellen die Sicherheitsforscher fest, dass KI-generierte Malware nun einsatzbereit ist und Cyber-Kriminelle nicht mehr nur damit experimentieren. Die Kampagne zielt auf Software-Entwickler und Ingenieure ab, die an Blockchain- und…
Hackers Exploit Snap Domains to Inject Malicious Code into Linux Software Packages

Jan 22, 2026 4:30 PM

Tags: cyber, exploit, hacker, linux, malicious, malware, software, threat

Snaps are compressed, cryptographically signed, revertable software packages for Linux desktops, servers, and embedded devices. A sophisticated campaign targeting Canonical’s Snap Store has escalated dramatically, with threat actors shifting from publishing malware under new accounts to hijacking established publishers through expired domain takeovers. This represents a fundamental erosion of trust signals that Linux users previously…
VoidLink Malware Puts Cloud Systems on High Alert With Custom Built Attacks

Jan 22, 2026 2:30 PM

Tags: attack, cloud, linux, malware

Sysdig TRT analysis reveals VoidLink as a revolutionary Linux threat. Using Serverside Rootkit Compilation and Zig code, it targets AWS and Azure with adaptive stealth. First seen on hackread.com Jump to article: hackread.com/voidlink-malware-cloud-system-custom-built-attack/