Collecting Cyber-News from over 60 sources

Tag: malware

GhostPoster Malware Targets Chrome Users via 17 Rogue Extensions

Jan 19, 2026 7:13 AM

Tags: browser, chrome, cyber, malicious, malware, threat

A sophisticated malware campaign has compromised users of Chrome, Firefox, and Edge by deploying 17 malicious extensions that employ advanced steganography techniques to evade detection. Collectively downloaded more than 840,000 times, the GhostPoster operation represents one of the most technically mature and persistent browser extension threats documented to date. The GhostPoster campaign leverages an uncommon…
GootLoader uses malformed ZIP files to bypass security controls

Jan 18, 2026 9:14 PM

Tags: access, control, detection, group, malware, ransomware

GootLoader malware uses malformed ZIP files made of hundreds of concatenated archives to evade detection. GootLoader is used by ransomware actors for initial access, then handed off to others. Built to evade detection, it accounted for 11% of bypassing malware in the past years. GootLoader runs on an access-a-as-a-service model, it is used by different groups to…
GootLoader uses malformed ZIP files to bypass security controls

Jan 18, 2026 9:14 PM

Tags: access, control, detection, group, malware, ransomware

GootLoader malware uses malformed ZIP files made of hundreds of concatenated archives to evade detection. GootLoader is used by ransomware actors for initial access, then handed off to others. Built to evade detection, it accounted for 11% of bypassing malware in the past years. GootLoader runs on an access-a-as-a-service model, it is used by different groups to…
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 80

Jan 18, 2026 7:13 PM

Tags: cyberattack, exploit, international, malware, rat, zero-day

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter Gogs 0-Day Exploited in the Wild SHADOW#REACTOR Text-Only Staging, .NET Reactor, and In-Memory Remcos RAT Deployment >>Untrustworthy Fund<<: targeted UAC-0190 cyberattacks against SOU using PLUGGYAPE (CERT-UA#19092) Hiding in Plain Sight: Deconstructing the Multi-Actor […]…
PDFSIDER Malware – Exploitation of DLL Side-Loading for AV and EDR Evasion

Jan 18, 2026 4:14 PM

Tags: edr, exploit, malware

First seen on resecurity.com Jump to article: www.resecurity.com/blog/article/pdfsider-malware-exploitation-of-dll-side-loading-for-av-and-edr-evasion
News alert: AppGuard reopens insider program as AI-enhanced malware outpaces detection defenses

Jan 16, 2026 8:52 AM

Tags: ai, cybersecurity, defense, detection, malware

MCLEAN, Va., Jan.15, 2026, CyberNewswire, A new Top 10 Cybersecurity Innovators profile by AppGuard has been released, spotlighting growing concerns over AI-enhanced malware. AI makes malware even more difficult to detect. Worse, they use AI to assess, adapt, and… (more”¦) First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/01/news-alert-appguard-reopens-insider-program-as-ai-enhanced-malware-outpaces-detection-defenses/
Verkauft, vernetzt, verwundbar: So landen Ihre Daten im Darknet

Jan 16, 2026 7:53 AM

Tags: dark-web, malware, phishing

Dank Phishing, Malware oder Datenpannen bei Dritten geraten sensible Informationen schneller in falsche Hände, als vielen bewusst ist. Was Cyberkriminelle mit Ihren Daten tun, wie Sie den Schaden begrenzen können und worauf es beim Schutz Ihrer digitalen Identität jetzt ankommt. First seen on welivesecurity.com Jump to article: www.welivesecurity.com/de/privatsphare/verkauft-vernetzt-verwundbar-so-landen-ihre-daten-im-darknet/
Gootloader now uses 1,000-part ZIP archives for stealthy delivery

Jan 16, 2026 12:51 AM

Tags: access, detection, malware

The Gootloader malware, typically used for initial access, is now using a malformed ZIP archive designed to evade detection by concatenating up to 1,000 archives. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/gootloader-now-uses-1-000-part-zip-archives-for-stealthy-delivery/
Check Point Research: VoidLink Shows Cloud-Native Linux Malware Evolving

Jan 15, 2026 9:52 PM

Tags: cloud, linux, malware

Check Point researchers say VoidLink shows how cloud-native Linux malware is evolving with stealthy, modular persistence. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/check-point-research-voidlink-shows-cloud-native-linux-malware-evolving/
AsyncRAT Malware Infests Orgs via Python & Cloudflare

Jan 15, 2026 9:52 PM

Tags: cloud, detection, malware, open-source, phishing, service, tool

The phishing campaign shows how attackers continue to weaponize legitimate cloud services and open source tools to evade detection and gain trust. First seen on darkreading.com Jump to article: www.darkreading.com/endpoint-security/attackers-abuse-python-cloudflare-deliver-asyncrat
From typos to takeovers: Inside the industrialization of npm supply chain attacks

Jan 15, 2026 9:11 AM

Tags: access, application-security, attack, automation, backdoor, blockchain, breach, control, credentials, cybersecurity, github, gitlab, malicious, malware, phishing, radius, risk, supply-chain, threat, update, worm

From typo traps to legitimate backdoors: For years, typosquatting defined the npm threat model. Attackers published packages with names just close enough to popular libraries, such as “lodsash,” “expres,” “reacts,” and waited for automation or human error to do the rest. The impact was usually limited, and remediation straightforward.That model began to break in 2025.Instead…
Sophisticated VoidLink malware framework targets Linux cloud servers

Jan 15, 2026 5:11 AM

Tags: access, cloud, container, cybercrime, data, detection, docker, endpoint, exploit, framework, kubernetes, linux, malware, network, penetration-testing, risk, strategy, threat, tool, windows

Cloud reconnaissance and adaptability: The malware was designed to detect whether it’s being executed on various cloud platforms such as AWS, GCP, Azure, Alibaba, and Tencent and then to start leveraging those vendors’ management APIs. The code suggests the developers plan to add detections for Huawei, DigitalOcean, and Vultr in the future.The malware collects extensive…
Iran’s partial internet shutdown may be a windfall for cybersecurity intel

Jan 14, 2026 10:12 PM

Tags: attack, backup, business, ceo, china, ciso, control, cyber, cybersecurity, data, defense, dns, finance, gartner, government, infrastructure, intelligence, Internet, iran, jobs, malicious, malware, service, siem, skills, soc, threat, zero-trust

only available launchpads. A connection from the Ministry of Agriculture might not be a farmer. It’s likely a tunnel for a state actor who needs an exit node.”Ranjbar said the removal of the traffic from millions of routine Iranian business and residential users allows a powerful visibility into Iranian government traffic patterns, thereby allowing SOCs…
New Linux malware targets the cloud, steals creds, and then vanishes

Jan 14, 2026 10:12 PM

Tags: cloud, linux, malware

Cloud-native, 37 plugins “¦ an attacker’s dream First seen on theregister.com Jump to article: www.theregister.com/2026/01/14/voidlink_linux_malware/
CERT-UA reports PLUGGYAPE cyberattacks on defense forces

Jan 14, 2026 10:12 PM

Tags: attack, blizzard, computer, cyberattack, defense, government, group, malware, russia, ukraine

CERT-UA reported PLUGGYAPE malware attacks on Ukraine’s defense forces, linked with medium confidence to Russia’s Void Blizzard group. The Computer Emergency Response Team of Ukraine (CERT-UA) reported new cyberattacks against Ukraine’s defense forces using PLUGGYAPE malware. Government experts attributed the attack with medium confidence to the Russian-linked group Void Blizzard (aka Laundry Bear, UAC-0190), active…
New China Linked VoidLink Linux Malware Targets Major Cloud Providers

Jan 14, 2026 8:12 PM

Tags: china, cloud, framework, google, linux, malware

Researchers have discovered VoidLink, a sophisticated new Linux malware framework designed to infiltrate AWS, Google Cloud, and Azure. Learn how this Chinese-affiliated toolkit uses adaptive stealth to stay hidden. First seen on hackread.com Jump to article: hackread.com/china-voidlink-linux-malware-cloud-providers/
Cybercrime Inc.: When hackers are better organized than IT

Jan 14, 2026 7:11 PM

Tags: access, ai, attack, automation, awareness, botnet, breach, business, communications, compliance, computing, control, corporate, credentials, crime, cyber, cyberattack, cybercrime, cybersecurity, data, defense, email, exploit, finance, group, hacker, healthcare, incident response, intelligence, jobs, leak, malicious, malware, marketplace, network, organized, phishing, programming, ransom, ransomware, resilience, risk, service, social-engineering, software, supply-chain, technology, tool, training, update, vulnerability

Ransomware-as-a-service: The Amazon of crime: The ransomware-as-a-service (RaaS) model has also revolutionized the cybercrime business. Criminal groups offer their malware like a software product. Attackers can license the code, select targets, and launch attacks, all without in-depth programming knowledge. The operator receives a commission for this.Thus, a marketplace developed where services, tools, and data are traded like…
‘VoidLink’ Malware Poses Advanced Threat to Linux Systems

Jan 14, 2026 7:11 PM

Tags: access, cloud, framework, linux, malware, threat

Researchers discovered a modular, cloud-first framework that is feature-rich and designed to maintain stealthy, long-term access to Linux environments. First seen on darkreading.com Jump to article: www.darkreading.com/cloud-security/voidlink-malware-advanced-threat-linux-systems
Hackers Exploit c-ares DLL Side-Loading to Bypass Security and Deploy Malware

Jan 14, 2026 7:11 PM

Tags: control, exploit, hacker, malicious, malware, open-source, vulnerability

Security experts have disclosed details of an active malware campaign that’s exploiting a DLL side-loading vulnerability in a legitimate binary associated with the open-source c-ares library to bypass security controls and deliver a wide range of commodity trojans and stealers.”Attackers achieve evasion by pairing a malicious libcares-2.dll with any signed version of the legitimate ahost.exe…
PLUGGYAPE Malware Uses Signal and WhatsApp to Target Ukrainian Defense Forces

Jan 14, 2026 7:11 PM

Tags: attack, blizzard, computer, cyber, defense, group, hacking, malware, russia, threat, ukraine

The Computer Emergency Response Team of Ukraine (CERT-UA) has disclosed details of new cyber attacks targeting its defense forces with malware known as PLUGGYAPE between October and December 2025.The activity has been attributed with medium confidence to a Russian hacking group tracked as Void Blizzard (aka Laundry Bear or UAC-0190). The threat actor is believed…
SpyCloud Launches Supply Chain Solution to Combat Rising Third-Party Identity Threats

Jan 14, 2026 7:11 PM

Tags: access, ai, authentication, breach, business, communications, compliance, credentials, cybercrime, cybersecurity, dark-web, data, data-breach, defense, government, grc, group, identity, incident response, infosec, infrastructure, malware, monitoring, phishing, ransomware, risk, risk-management, service, supply-chain, technology, theft, threat, tool

For government agencies and critical infrastructure operators, supply chain threats present national security risks that demand heightened vigilance. Public sector organizations managing sensitive data and critical services increasingly rely on contractors and technology vendors whose compromised credentials could provide adversaries with pathways into classified systems or essential infrastructure. Last year alone, the top 98 Defense…
Ukraine’s army targeted in new charity-themed malware campaign

Jan 14, 2026 1:01 AM

Tags: backdoor, defense, malware, ukraine

Officials of Ukraine’s Defense Forces were targeted in a charity-themed campaign between October and December 2025 that delivered backdoor malware called PluggyApe. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/ukraines-army-targeted-in-new-charity-themed-malware-campaign/
Never-before-seen Linux malware is “far more advanced than typical”

Jan 14, 2026 12:04 AM

Tags: linux, malware

VoidLink includes an unusually broad and advanced array of capabilities. First seen on arstechnica.com Jump to article: arstechnica.com/security/2026/01/never-before-seen-linux-malware-is-far-more-advanced-than-typical/
New VoidLink malware framework targets Linux cloud servers

Jan 14, 2026 12:04 AM

Tags: cloud, framework, linux, malware

A newly discovered advanced cloud-native Linux malware framework named VoidLink focuses on cloud environments, providing attackers with custom loaders, implants, rootkits, and plugins designed for modern infrastructures. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-voidlink-malware-framework-targets-linux-cloud-servers/
PowerShell-Driven Multi-Stage Windows Malware Using Text Payloads

Jan 13, 2026 8:02 PM

Tags: cyber, detection, infection, malicious, malware, powershell, rat, windows

Security researchers have identified a sophisticated multi-stage malware campaign dubbed SHADOW#REACTOR that chains together obfuscated Visual Basic Script (VBS) execution, resilient PowerShell stagers, text-only payload delivery mechanisms, and .NET Reactorprotected in-memory loaders to deploy Remcos RAT while evading detection and analysis reliably. Initial infection begins when users execute a malicious VBS script, typically delivered through…
Android Banking Malware deVixor Actively Targeting Users with Ransomware Capabilities.

Jan 13, 2026 8:02 PM

Tags: android, banking, cyber, data, finance, infrastructure, malicious, malware, mobile, ransomware, theft, threat

A sophisticated Android banking trojan known as deVixor has emerged as a significant threat to mobile users, combining financial data theft, device surveillance, and ransomware capabilities into a single malicious platform. Active since October 2025, the malware represents a concerning evolution in Android-based financial threats, targeting victims through fake automotive websites and leveraging Telegram infrastructure…
Analysis of VoidLink: A Cloud-Native Malware Threat Targeting Linux Systems

Jan 13, 2026 8:02 PM

Tags: access, china, cloud, cyber, detection, framework, linux, malware, threat

A sophisticated Linux malware framework, VoidLink, has been identified by Check Point Research, representing a significant escalation in threats targeting cloud-native environments. The advanced framework, developed by Chinese-affiliated developers, combines custom loaders, implants, rootkits, and over 30 modular plugins specifically engineered to maintain persistent access to Linux systems while evading detection through multiple layers of…
AUTHOR QA: New techno-thriller ‘The Virus’ simulates an AI malware outbreak gone global

Jan 13, 2026 7:02 PM

Tags: ai, cybersecurity, malware, radius, threat, virus

Eddy Willems has been a steady, pragmatic voice in cybersecurity for decades, known for breaking down complex threats in ways real people can understand. Related: AI fueling disinformaton With The Virus, he tries something new: a fast-paced techno-thriller… (more”¦) First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/01/author-qa-new-techno-thriller-the-virus-simulates-an-ai-malware-outbreak-gone-global/
SHADOW#REACTOR Campaign Uses Text-Only Staging to Deploy Remcos RAT

Jan 13, 2026 6:02 PM

Tags: infection, malware, rat, windows

SHADOW#REACTOR is a multi-stage Windows malware campaign that stealthily deploys the Remcos RAT using complex infection techniques First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/shadowreactor-text-staging-remcos/
Dutch cops cuff alleged AVCheck malware kingpin in Amsterdam

Jan 13, 2026 4:02 PM

Tags: malware

33-year-old was under surveillance for some time before returning home from the UAE First seen on theregister.com Jump to article: www.theregister.com/2026/01/13/avcheck_arrest/