Tag: malware

Shai-Hulud 2.0 NPM malware attack exposed up to 400,000 dev secrets

Dec 2, 2025 8:49 PM

Tags: attack, breach, data, data-breach, github, malware

The second Shai-Hulud attack last week exposed around 400,000 raw secrets after infecting hundreds of packages in the NPM (Node Package Manager) registry and publishing stolen data in 30,000 GitHub repositories. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/shai-hulud-20-npm-malware-attack-exposed-up-to-400-000-dev-secrets/
NK Hackers Push 200 Malicious npm Packages with OtterCookie Malware

Dec 2, 2025 5:49 PM

Tags: attack, blockchain, hacker, jobs, malicious, malware, north-korea

North Korean hackers escalated the “Contagious Interview” attack, flooding the npm registry with over 200 malicious packages to install OtterCookie malware. This attack targets blockchain and Web3 developers through fake job interviews and coding tests. First seen on hackread.com Jump to article: hackread.com/nk-hackers-npm-packages-ottercookie-malware/
NK Hackers Push 200 Malicious npm Packages with OtterCookie Malware

Dec 2, 2025 5:49 PM

Tags: attack, blockchain, hacker, jobs, malicious, malware, north-korea

North Korean hackers escalated the “Contagious Interview” attack, flooding the npm registry with over 200 malicious packages to install OtterCookie malware. This attack targets blockchain and Web3 developers through fake job interviews and coding tests. First seen on hackread.com Jump to article: hackread.com/nk-hackers-npm-packages-ottercookie-malware/
NK Hackers Push 200 Malicious npm Packages with OtterCookie Malware

Dec 2, 2025 5:49 PM

Tags: attack, blockchain, hacker, jobs, malicious, malware, north-korea

North Korean hackers escalated the “Contagious Interview” attack, flooding the npm registry with over 200 malicious packages to install OtterCookie malware. This attack targets blockchain and Web3 developers through fake job interviews and coding tests. First seen on hackread.com Jump to article: hackread.com/nk-hackers-npm-packages-ottercookie-malware/
Schwachstelle für Malware-Verteilung genutzt – Notfall-Update für kritische RCE-Sicherheitslücke in WSUS

Dec 2, 2025 5:49 PM

Tags: bug, malware, rce, remote-code-execution, update, vulnerability

First seen on security-insider.de Jump to article: www.security-insider.de/microsoft-notfall-patch-kritische-wsus-sicherheitsluecke-a-d338bab93ebc2563e1999cae18f17e00/
NK Hackers Push 200 Malicious npm Packages with OtterCookie Malware

Dec 2, 2025 5:49 PM

Tags: attack, blockchain, hacker, jobs, malicious, malware, north-korea

North Korean hackers escalated the “Contagious Interview” attack, flooding the npm registry with over 200 malicious packages to install OtterCookie malware. This attack targets blockchain and Web3 developers through fake job interviews and coding tests. First seen on hackread.com Jump to article: hackread.com/nk-hackers-npm-packages-ottercookie-malware/
MuddyWater strikes Israel with advanced MuddyViper malware

Dec 2, 2025 4:49 PM

Tags: apt, backdoor, defense, group, iran, malware, threat, tool

Iran-linked threat actor MuddyWater targeted multiple Israeli sectors with a new MuddyViper backdoor in recent attacks. ESET researchers uncovered a new MuddyWater campaign targeting Israeli organizations and one confirmed Egyptian target. The Iran-linked APT group MuddyWater (aka SeedWorm, TEMP.Zagros, Mango Sandstorm, TA450, and Static Kitten) deployed custom tools to evade defenses and maintain persistence. They used a Fooder loader,…
Researchers Capture Lazarus APT’s Remote-Worker Scheme Live on Camera

Dec 2, 2025 4:49 PM

Tags: apt, cctv, group, intelligence, korea, lazarus, malware, network, north-korea, threat

A joint investigation led by Mauro Eldritch, founder of BCA LTD, conducted together with threat-intel initiative NorthScan and ANY.RUN, a solution for interactive malware analysis and threat intelligence, has uncovered one of North Korea’s most persistent infiltration schemes: a network of remote IT workers tied to Lazarus Group’s Famous Chollima division.For the first time, researchers…
Researchers Capture Lazarus APT’s Remote-Worker Scheme Live on Camera

Dec 2, 2025 4:49 PM

Tags: apt, cctv, group, intelligence, korea, lazarus, malware, network, north-korea, threat

A joint investigation led by Mauro Eldritch, founder of BCA LTD, conducted together with threat-intel initiative NorthScan and ANY.RUN, a solution for interactive malware analysis and threat intelligence, has uncovered one of North Korea’s most persistent infiltration schemes: a network of remote IT workers tied to Lazarus Group’s Famous Chollima division.For the first time, researchers…
Add-ons für Chrome und Edge: 4,3 Millionen Geräte per Update mit Malware infiziert

Dec 2, 2025 1:50 PM

Tags: browser, chrome, exploit, hacker, malware, update

Hacker haben über mehrere Jahre hinweg zunächst harmlose Erweiterungen für Chrome und Edge veröffentlicht. Doch dann sind Updates mit Schadcode gekommen. First seen on golem.de Jump to article: www.golem.de/news/add-ons-fuer-chrome-und-edge-4-3-millionen-geraete-per-update-mit-malware-infiziert-2512-202816.html
Hackers Exploit Telegram, WinSCP, Chrome, and Teams to Deliver ValleyRat Malware

Dec 2, 2025 12:49 PM

Tags: access, browser, chrome, cyber, detection, endpoint, exploit, hacker, malware, threat

Researchers have uncovered a sophisticated malware campaign where threat actors weaponize trojanized installers for popular productivity applications to deploy ValleyRat, a persistent remote access tool. The operation demonstrates advanced evasion techniques, including kernel-level driver abuse, endpoint security tampering, and multi-stage obfuscation designed to evade detection and establish long-term system compromise. The campaign has been attributed…
Iran Hackers Take Inspiration From Snake Video Game

Dec 2, 2025 12:49 PM

Tags: hacker, iran, malware, mobile, phone

MuddyWater Hides Malware With Game Delay Technique. Iranian nation-state hackers took inspiration from a mobile phone time-killing mainstay, say security researchers who spotted hackers downloading malware masquerading as the Snake video game. A callback to the game isn’t nostalgia, say researchers at Eset. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/iran-hackers-take-inspiration-from-snake-video-game-a-30177
DevilsTongue Spyware Targets Windows Users Across Multiple Countries

Dec 2, 2025 12:49 PM

Tags: cyber, group, infrastructure, international, malware, spyware, threat, tool, windows

Researchers at Insikt Group have uncovered new infrastructure linked to multiple operational clusters associated with Israeli spyware vendor Candiru, revealing an ongoing campaign deploying the sophisticated DevilsTongue malware against Windows users across several nations. The discovery highlights the persistent threat posed by commercial surveillance tools despite international regulatory efforts to curb their abuse. The investigation…
Iran Hackers Take Inspiration From Snake Video Game

Dec 2, 2025 12:49 PM

Tags: hacker, iran, malware, mobile, phone

MuddyWater Hides Malware With Game Delay Technique. Iranian nation-state hackers took inspiration from a mobile phone time-killing mainstay, say security researchers who spotted hackers downloading malware masquerading as the Snake video game. A callback to the game isn’t nostalgia, say researchers at Eset. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/iran-hackers-take-inspiration-from-snake-video-game-a-30177
DevilsTongue Spyware Targets Windows Users Across Multiple Countries

Dec 2, 2025 12:49 PM

Tags: cyber, group, infrastructure, international, malware, spyware, threat, tool, windows

Researchers at Insikt Group have uncovered new infrastructure linked to multiple operational clusters associated with Israeli spyware vendor Candiru, revealing an ongoing campaign deploying the sophisticated DevilsTongue malware against Windows users across several nations. The discovery highlights the persistent threat posed by commercial surveillance tools despite international regulatory efforts to curb their abuse. The investigation…
Hackers Exploit Telegram, WinSCP, Chrome, and Teams to Deliver ValleyRat Malware

Dec 2, 2025 12:49 PM

Tags: access, browser, chrome, cyber, detection, endpoint, exploit, hacker, malware, threat

Researchers have uncovered a sophisticated malware campaign where threat actors weaponize trojanized installers for popular productivity applications to deploy ValleyRat, a persistent remote access tool. The operation demonstrates advanced evasion techniques, including kernel-level driver abuse, endpoint security tampering, and multi-stage obfuscation designed to evade detection and establish long-term system compromise. The campaign has been attributed…
Arkanix Stealer Emerges as New Threat: Steals VPN Logins, Wi-Fi Credentials, and Screenshots

Dec 2, 2025 12:49 PM

Tags: breach, credentials, cyber, data, exploit, finance, login, malware, network, threat, vpn, wifi

A newly discovered information-stealing malware called Arkanix is rapidly evolving to target sensitive user data, including VPN credentials, system information, and wireless network passwords. Security researchers have identified this emerging threat as a short-lived, profit-driven malware designed for quick financial exploitation through the sale of stolen data and direct credential compromise. The threat actors behind…
Vaillant-CISO: “Starten statt Warten”

Dec 2, 2025 9:49 AM

Tags: business, ciso, compliance, cyber, cyberattack, cyersecurity, dora, germany, group, international, mail, malware, nis-2, phishing, ransomware, resilience, risk, supply-chain

Raphael Reiß, CISO bei Vaillant Group: “Ein moderner CISO muss nicht nur technologische Risiken managen.” Vaillant GroupDer Energiesektor gerät zunehmend in den Fokus von Cyberkriminellen. Aus Sicht von Experten und des Bundesamtes für Sicherheit in der Informationstechnik (BSI) muss der Schutz in diesem Bereich massiv erhöht werden. Wie beurteilen Sie die aktuelle Lage in Deutschland?Reiß:…
Vaillant-CISO: “Starten statt Warten”

Dec 2, 2025 9:49 AM

Tags: business, ciso, compliance, cyber, cyberattack, cyersecurity, dora, germany, group, international, mail, malware, nis-2, phishing, ransomware, resilience, risk, supply-chain

Raphael Reiß, CISO bei Vaillant Group: “Ein moderner CISO muss nicht nur technologische Risiken managen.” Vaillant GroupDer Energiesektor gerät zunehmend in den Fokus von Cyberkriminellen. Aus Sicht von Experten und des Bundesamtes für Sicherheit in der Informationstechnik (BSI) muss der Schutz in diesem Bereich massiv erhöht werden. Wie beurteilen Sie die aktuelle Lage in Deutschland?Reiß:…
Glassworm Malware Targets OpenVSX and Microsoft Visual Studio with 24 New Malicious Packages

Dec 2, 2025 8:49 AM

Tags: attack, cyber, malicious, malware, marketplace, microsoft, software, supply-chain, threat

Security threats rarely adhere to holiday schedules, and while developers may take time off, malicious actors are working overtime. A significant new wave of software supply chain attacks has been identified targeting the Microsoft Visual Studio Marketplace and OpenVSX platforms. Researchers at Secure Annex have uncovered and tracked 24 new malicious packages linked to the…
4.3 Million Chrome and Edge Users Hacked in 7-Year ShadyPanda Malware Campaign

Dec 2, 2025 8:49 AM

Tags: access, browser, chrome, cyber, malware, marketplace, threat

Koi researchers have uncovered a seven-year browser extension operation that has silently compromised at least 4.3 million Chrome and Edge users worldwide. The threat actor, dubbed ShadyPanda, systematically abused browser marketplaces to turn seemingly legitimate extensions into long”‘term surveillance and remote access platforms. Koi’s investigation identified two ongoing campaigns linked to the same actor. A 300,000″‘user remote…
Glassworm Malware Targets OpenVSX and Microsoft Visual Studio with 24 New Malicious Packages

Dec 2, 2025 8:49 AM

Tags: attack, cyber, malicious, malware, marketplace, microsoft, software, supply-chain, threat

Security threats rarely adhere to holiday schedules, and while developers may take time off, malicious actors are working overtime. A significant new wave of software supply chain attacks has been identified targeting the Microsoft Visual Studio Marketplace and OpenVSX platforms. Researchers at Secure Annex have uncovered and tracked 24 new malicious packages linked to the…
Glassworm malware returns in third wave of malicious VS Code packages

Dec 1, 2025 10:49 PM

Tags: malicious, malware, marketplace, microsoft

The Glassworm campaign, which first emerged on the OpenVSX and Microsoft Visual Studio marketplaces in October, is now in its third wave, with 24 new packages added on the two platforms. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/glassworm-malware-returns-in-third-wave-of-malicious-vs-code-packages/
The Hidden Calendar Threat Putting 4 Million Apple Devices at Risk

Dec 1, 2025 9:49 PM

Tags: apple, malware, phishing, risk, threat

Hijacked calendar subscriptions are emerging as a stealthy new way for attackers to push phishing and malware directly onto devices. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/the-hidden-calendar-threat-putting-4-million-apple-devices-at-risk/
Contagious Interview attackers go ‘full stack’ to fool developers

Dec 1, 2025 5:49 PM

Tags: attack, control, credentials, crypto, data, endpoint, exploit, github, infrastructure, intelligence, macOS, malicious, malware, open-source, social-engineering, supply-chain, theft, threat, update, windows, worm

Coding tasks lead to malware delivery: These defensive measures are effective because Contagious Interview’s entry vector relies heavily on social engineering, using fake interview tasks to trick developers into installing compromised dependencies.The campaign exploits NPM, a widely used package registry for JavaScript and Node.js, by publishing packages that appear benign but carry hidden payloads. The…
New Android Albiriox Malware Gains Traction in Dark Web Markets

Dec 1, 2025 5:49 PM

Tags: android, dark-web, fraud, malware

Android malware Albiriox emerged as MaaS, offering device takeover and real-time fraud capabilities First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/android-maas-malware-albiriox-dark/
New Android Albiriox Malware Gains Traction in Dark Web Markets

Dec 1, 2025 5:49 PM

Tags: android, dark-web, fraud, malware

Android malware Albiriox emerged as MaaS, offering device takeover and real-time fraud capabilities First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/android-maas-malware-albiriox-dark/
Bin ich Teil eines Botnets? Jetzt kostenlos nachprüfen

Dec 1, 2025 5:49 PM

Tags: botnet, cloud, computer, infrastructure, Internet, malware, software, tool, vpn

Zu Weihnachten die Rechner der Verwandtschaft auf Botnet-Aktivitäten überprüfen der kostenlose GreyNoise IP Check machts möglich.Hacks greifen immer stärker Unternehmen an, weil die Beute in Form von Lösegeld und Daten dort aussichtreicher ist als bei Privatpersonen. Das bedeutet jedoch nicht, dass eine Einzelperson kein lohnendes Opfer ist. Im Gegenteil Computer von Individuen zu infizieren kann…
ShadyPanda browser extensions amass 4.3M installs in malicious campaign

Dec 1, 2025 4:49 PM

Tags: browser, chrome, malicious, malware

A long-running malware operation known as “ShadyPanda” has amassed over 4.3 million installations of seemingly legitimate Chrome and Edge browser extensions that evolved into malware. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/shadypanda-browser-extensions-amass-43m-installs-in-malicious-campaign/
Malware Manipulates AI Detection in Latest npm Package Breach

Dec 1, 2025 4:49 PM

Tags: ai, breach, detection, exploit, malicious, malware

Malicious npm package targets AI security with misleading prompts, exploiting automated analysis First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/malware-ai-detection-npm-package/