Tag: malware
-
Was sechs Milliarden durch Malware kompromittierte Zugangsdaten über die häufigsten Passwörter verraten
Specops veröffentlichte seinen jährlichen Breached-Password-Report 2026, in dem über 6 Milliarden gestohlene Passwörter analysiert werden, die von Januar bis Dezember 2025 vom Threat-Intelligence-Team von Outpost24, der Muttergesellschaft von Specops, gesammelt wurden. Der Report zeigt, dass der Diebstahl von Zugangsdaten kein Einzelfall oder kurzlebiges Ereignis mehr ist. Stattdessen werden gestohlene Passwörter in großem Umfang gesammelt, zu…
-
Was sechs Milliarden durch Malware kompromittierte Zugangsdaten über die häufigsten Passwörter verraten
Specops veröffentlichte seinen jährlichen Breached-Password-Report 2026, in dem über 6 Milliarden gestohlene Passwörter analysiert werden, die von Januar bis Dezember 2025 vom Threat-Intelligence-Team von Outpost24, der Muttergesellschaft von Specops, gesammelt wurden. Der Report zeigt, dass der Diebstahl von Zugangsdaten kein Einzelfall oder kurzlebiges Ereignis mehr ist. Stattdessen werden gestohlene Passwörter in großem Umfang gesammelt, zu…
-
Gootloader Malware With Low Detection Rate Evades Most Security Tools
Gootloader malware has resurfaced, employing sophisticated evasion techniques to exploit malformed ZIP archives and obfuscation mechanisms to bypass security detection systems. The Gootloader malware campaign, tracked as a partnership between Storm-0494 and Vanilla Tempest, has returned in late 2025 with an alarming ability to evade detection. The threat operates through a specialized delivery mechanism a…
-
CrashFix attack hijacks browser failures to deliver ModelRAT malware via fake Chrome extension
Payload delivery: When the user executes the supplied commands, a multistage infection process begins that ultimately deploys a previously undocumented Python-based remote access trojan, which the researchers dubbed ModelRAT. The malware establishes persistence and enables remote control of the infected system.Huntress’ telemetry suggested differing behavior based on the environment. Systems joined to a domain were…
-
Crashfix: Adblocker bringt Browser absichtlich zum Absturz
Tags: malwareAngreifer haben es auf Adblocker-Interessierte abgesehen. Mit einem gefälschten uBlock Origin Lite locken sie Suchende in die Malware-Falle. First seen on golem.de Jump to article: www.golem.de/news/crashfix-adblocker-erweiterung-bringt-browser-absichtlich-zum-absturz-2601-204394.html
-
Crashfix: Adblocker-Erweiterung bringt Browser absichtlich zum Absturz
Tags: malwareAngreifer haben es auf Adblocker-Interessierte abgesehen. Mit einem gefälschten uBlock Origin Lite locken sie Suchende in die Malware-Falle. First seen on golem.de Jump to article: www.golem.de/news/crashfix-adblocker-erweiterung-bringt-browser-absichtlich-zum-absturz-2601-204394.html
-
VoidLink Debuts AI-Assisted, Server-Side Kernel Compilation Rootkit Technique
On January 13, 2026, Check Point Research published its analysis of VoidLink, a Chinese-developed Linux malware framework designed to target cloud environments. Following this disclosure, the Sysdig Threat Research Team (TRT) examined VoidLink’s binaries to understand its loader chain, rootkit internals, and control mechanisms. VoidLink’s most significant innovation addresses a persistent challenge in Linux malware:…
-
Secure web browsers for the enterprise compared: How to pick the right one
Tags: access, ai, android, api, attack, browser, business, chrome, cloud, computer, control, corporate, data, encryption, endpoint, fortinet, gartner, google, guide, identity, linux, login, malicious, malware, mfa, mobile, monitoring, network, okta, phishing, saas, service, siem, software, technology, threat, tool, training, vpn, windows, zero-trustEnable MFA at the beginning of any browser session by default.Handle isolation controls both with respect to the user’s session and to isolate any application from cross-infection. This means controlling the movement of data between the browser, your particular endpoint and the web application or applications involved.Control access to web destinations, either to allow or…
-
Discord Exploited to Spread Clipboard Hijacker Stealing Cryptocurrency Funds
CloudSEK’s STRIKE team has uncovered a sophisticated cryptocurrency theft operation orchestrated by the threat actor >>RedLineCyber,<< who deliberately impersonates the notorious RedLine Solutions to establish credibility within underground communities. Rather than collecting comprehensive system data, the malware employs a highly targeted approach: continuously monitoring the Windows clipboard for cryptocurrency wallet addresses and performing silent substitution…
-
SolyxImmortal Malware Abuses Discord to Quietly Harvest Sensitive Information
A newly discovered information-stealing malware, SolyxImmortal, has emerged as a persistent surveillance threat targeting Windows users. Distributed through underground Telegram channels, this Python-based implant combines credential theft, document harvesting, keystroke logging, and screen capture capabilities into a continuously running surveillance framework that operates silently in the background. First detected in January 2026, the malware prioritizes…
-
Google Ads Exploited to Deliver TamperedChef Through Malicious PDF Editor
A sophisticated malvertising campaign tracked as TamperedChef has compromised over 100 organizations across 19 countries by distributing weaponized PDF editing software through Google Ads. Sophos Managed Detection and Response (MDR) teams discovered the operation in September 2025, revealing a multi-layered attack infrastructure designed to steal browser credentials and establish persistent backdoor access on Windows systems.…
-
This Intune update isn’t optional, it’s a kill switch for outdated apps
Tags: access, android, authentication, business, control, corporate, cybersecurity, data, infrastructure, malware, microsoft, mitigation, password, phone, risk, service, switch, threat, tool, updateiOS line-of-business (LOB) and custom iOS apps using the Intune App SDK must update to SDK version 20.8.0 or later for apps compiled with Xcode 16, and to 21.1.0 or later for apps compiled with Xcode 26.Apps using the wrapper must update to the new version of the Intune App Wrapping Tool for iOS: version…
-
Operation Poseidon: Konni APT Hijacks Google Naver Ads for Malware
The post Operation Poseidon: Konni APT Hijacks Google Naver Ads for Malware appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/operation-poseidon-konni-apt-hijacks-google-naver-ads-for-malware/
-
Fake ad blocker extension crashes the browser for ClickFix attacks
A malvertising campaign is using a fake ad-blocking Chrome and Edge extension named NexShield that intentionally crashes the browser in preparation for ClickFix attacks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/fake-ad-blocker-extension-crashes-the-browser-for-clickfix-attacks/
-
New PDFSider Windows malware deployed on Fortune 100 firm’s network
Ransomware attackers targeting a Fortune 100 company in the finance sector used a new malware strain, dubbed PDFSider, to deliver malicious payloads on Windows systems. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-pdfsider-windows-malware-deployed-on-fortune-100-firms-network/
-
OverAir Software Updates Pose Risks to Vehicles
eSync Alliance Chair Shrikant Acharya on How Standardization Can Prevent Breaches. Over-the-air updates are an irreplaceable part of software-defined vehicles, giving manufacturers a convenient way of remotely fixing and upgrading vehicles. If not appropriately secured, over-the-air updates can become a gateway for data theft, malware injection, vehicle theft and even injury. First seen on govinfosecurity.com…
-
Broker who sold malware to the FBI set for sentencing
Feras Albashiti faces 10 years after $20,000 in sales to undercover agent exposed ransomware ties First seen on theregister.com Jump to article: www.theregister.com/2026/01/19/iab_sentencing/
-
Researchers Uncover PDFSIDER Malware Built for Long-Term, Covert System Access
New malware PDFSIDER enables covert, long-term access to compromised systems via advanced techniques First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/pdfsider-anti-vm-checks-hidden/
-
StealC malware control panel flaw leaks details on active attacker
Researchers uncovered an XSS flaw in StealC malware’s control panel, exposing key details about a threat actor using the info stealer. StealC is an infostealer that has been active since at least 2023, sold as Malware-as-a-Service to steal cookies and passwords. In 2025, its operators released StealC v2, but the web panel quickly leaked and…
-
Visual Studio Code Abused in Sophisticated Multistage Malware Attacks
A newly analyzed campaign dubbed “Evelyn Stealer” is turning the Visual Studio Code (VSC) extension ecosystem into an attack delivery platform, enabling threat actors to compromise software developers and pivot deeper into enterprise environments. The campaign abuses seemingly legitimate extensions including a “Bitcoin Black” theme and a “Codo AI” coding assistant as the initial lure.…
-
Remcos RAT Campaign Uses Trojanized VeraCrypt Installers to Steal Credentials
AhnLab Security Intelligence Center (ASEC) has identified an active Remcos RAT campaign targeting users in South Korea. The malware is being spread through multiple channels. It often masquerades as VeraCrypt utilities or tools used within illegal online gambling ecosystems. Once installed, the RAT can steal login credentials, monitor user activity, and give attackers remote control…
-
Cybercriminals Impersonate Malwarebytes to Steal User Credentials
As part of an ongoing effort to highlight active and technically interesting intrusions, a new “Flash Hunting Findings” investigation has uncovered a short but well”‘structured malware campaign impersonating MalwareBytes to deliver infostealers and steal user logins and crypto”‘wallet data. The activity was observed between January 11 and January 15, 2026, and is characterized by consistent…
-
Attackers Rerouted Employee Pay Without Breaching IT Systems
An unnamed organization recently discovered that several employees’ paychecks had silently vanished not because of a ransomware attack, data-wiping malware, or a cloud breach, but because an attacker convinced people to do exactly what they wanted. Instead of hacking through firewalls or exploiting zero-days, the threat actor went after the weakest link: operational processes and…
-
Spear-Phishing Campaign Leverages Google Ads to Distribute EndRAT Malware
Genians Security Center has published an in-depth analysis of Operation Poseidon, a sophisticated APT campaign attributed to the Konni threat group that exploits legitimate advertising infrastructure to distribute EndRAT malware. This advanced spear-phishing operation demonstrates how threat actors leverage trusted platforms to circumvent traditional security defenses while targeting South Korean financial institutions and human rights…
-
Hackers Exploiting PDF24 App to Deploy Stealthy PDFSIDER Backdoor
Resecurity has identified PDFSIDER malware that exploits the legitimate PDF24 App to covertly steal data and allow remote access. Learn how this APT-level campaign targets corporate networks through spear-phishing and encrypted communications. First seen on hackread.com Jump to article: hackread.com/hackers-exploit-pdf24-app-pdfsider-backdoor/
-
Python-Bibliotheken für Hugging-Face-Modelle vergiftet
Tags: ai, apple, cve, exploit, intelligence, malware, ml, network, nvidia, rce, remote-code-execution, tool, vulnerabilityPython-Libraries sind mit manipulierten Metadaten in KI-Modellen infiziert und können beim Laden Schadcode ausgeführen.NeMo, Uni2TS und FlexTok, Python-Bibliotheken für Künstliche Intelligenz (KI) und Machine Learning (ML), die in Hugging-Face-Modellen verwendet werden, haben gravierende Schwächen. Wie Forschende von Palo Alto Networks’ Unit 42 herausgefunden haben, können Kriminelle diese nutzen, um Schadcode in Metadaten zu verstecken. Einmal…
-
Mastang Panda Uses Venezuela News to Spread LOTUSLITE Malware
Researchers have found a new spying campaign using news about Venezuela to trick US government officials. Learn how the LOTUSLITE virus sneaks into computers to steal secrets. First seen on hackread.com Jump to article: hackread.com/mastang-panda-venezuela-news-lotuslite-malware/
-
PDFSIDER Malware Actively Exploited to Evade Antivirus and EDR Defenses
Security researchers have identified a sophisticated backdoor malware variant, PDFSIDER, that leverages DLL side-loading to evade endpoint detection and response (EDR) systems. The threat demonstrates advanced persistent threat (APT) tradecraft, combining evasion mechanisms with encrypted command-and-control capabilities to maintain covert access on compromised systems. PDFSIDER’s infection chain originates through spear-phishing campaigns delivering ZIP archives containing…
-
Security Bug in StealC Malware Panel Let Researchers Spy on Threat Actor Operations
Cybersecurity researchers have disclosed a cross-site scripting (XSS) vulnerability in the web-based control panel used by operators of the StealC information stealer, allowing them to gather crucial insights on one of the threat actors using the malware in their operations.”By exploiting it, we were able to collect system fingerprints, monitor active sessions, and in a…
-
GhostPoster Malware Targets Chrome Users via 17 Rogue Extensions
A sophisticated malware campaign has compromised users of Chrome, Firefox, and Edge by deploying 17 malicious extensions that employ advanced steganography techniques to evade detection. Collectively downloaded more than 840,000 times, the GhostPoster operation represents one of the most technically mature and persistent browser extension threats documented to date. The GhostPoster campaign leverages an uncommon…