Collecting Cyber-News from over 60 sources

Tag: malware

Fake Spotify Premium tutorials on TikTok and Instagram Reels spread malware

Jun 11, 2026 5:02 PM

Tags: cybercrime, malware, software

Cybercriminals are using TikTok and Instagram Reels videos to spread Vidar, an infostealer malware, through fake downloads for popular paid software, according to … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/06/11/vidar-infostealer-tiktok-instagram-reels-malware-campaigns/
ThreatsDay Bulletin: Worm Code Leaked, AI Agent Phished, Claude Action Patch + 28 New Stories

Jun 11, 2026 5:02 PM

Tags: ai, attack, data-breach, malware, network, rat, supply-chain, update, worm

It’s been one of those weeks. You expect the usual noise: recycled malware, sloppy attacks, another easy target getting hit. Instead, there’s a supply chain attack kit in a public repo, a $5,000-a-month RAT that clones browsers, and research showing AI agents can be tricked into leaking real credentials.The bigger problem is how polished this…
Cybercriminals Use Fake AI Guides and Dev Tools to Spread AsyncRAT Malware

Jun 11, 2026 5:02 PM

Tags: ai, cybercrime, guide, malware, tool

Fake AI guides hide a multi-stage chain that drops AsyncRAT, with signs of AI-assisted coding First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/fake-ai-guides-dev-tools-spread/
Hackers Use Fake Claude Code Guide and AI PDFs to Spread AsyncRAT Malware

Jun 11, 2026 4:02 PM

Tags: ai, attack, guide, hacker, malware, powershell, windows

Hackers are using fake Claude Code guide and AI PDFs to spread AsyncRAT malware via Windows attack using PowerShell and Defender exclusions. First seen on hackread.com Jump to article: hackread.com/hackers-fake-claude-code-guide-ai-pdfs-asyncrat/
Weaponized DMG Files Deliver macOS Infostealer Malware

Jun 11, 2026 2:02 PM

Tags: authentication, credentials, crypto, cyber, macOS, malware, social-engineering, threat

A recent surge in macOS-targeted campaigns shows threat actors favoring weaponized disk images (.dmg) as the primary delivery mechanism for infostealer malware. Attackers are leveraging convincing, branded DMG installers and social-engineering tricks to bypass Gatekeeper and trick users into executing payloads that rapidly harvest credentials, cookies, authentication tokens, and cryptocurrency wallets before disappearing without persistence.…
Attacke über Dienstleister: VerdantBamboo infiziert Linux-Appliances

Jun 11, 2026 8:02 AM

Tags: linux, malware

Die Hackergruppe VerdantBamboo nutzt eine BSD-Variante der BRICKSTORM-Malware sowie die Schadprogramme PLENET und AGENTPSD zur Linux-Spionage. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/linux-appliances-verdantbamboo
GitHub disables Microsoft repos pushing password-stealing malware

Jun 9, 2026 6:42 PM

Tags: github, malware, microsoft, password

Microsoft removed 73 repositories across its Azure, microsoft, Azure-Samples, and MicrosoftDocs organizations on GitHub, disrupting continuous integration pipelines. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/github-disables-microsoft-repos-pushing-password-stealing-malware/
MagicAd Android Malware Bypasses Restrictions to Flood Devices With Ads

Jun 9, 2026 3:42 PM

Tags: android, cyber, fraud, malware

Android.MagicAd, a stealthy Android trojan family that circumvents operating-system safeguards to push intrusive ads from the background. The apps were short-lived in the catalogs appearing for weeks then removed yet any installed copies remained active on user devices, allowing attackers to sustain ad-fraud and persistence while reducing exposure in app stores. Technically sophisticated, Android.MagicAd hides…
MagicAd Android Malware Bypasses Restrictions to Flood Devices With Ads

Jun 9, 2026 3:42 PM

Tags: android, cyber, fraud, malware

Android.MagicAd, a stealthy Android trojan family that circumvents operating-system safeguards to push intrusive ads from the background. The apps were short-lived in the catalogs appearing for weeks then removed yet any installed copies remained active on user devices, allowing attackers to sustain ad-fraud and persistence while reducing exposure in app stores. Technically sophisticated, Android.MagicAd hides…
North Korea Hackers Weaponize GitHub to Target Developers

Jun 9, 2026 2:42 PM

Tags: crypto, cyber, email, finance, github, hacker, korea, malware, north-korea, phishing, technology

A sustained phishing campaign that leverages developer recruitment and code-review lures to deliver cross”‘platform malware via attacker-controlled GitHub repositories. Tracked as UNK_DeadDrop and attributed with high confidence to a North Korea”‘aligned actor, the operation targeted nearly 100 organizations across finance, cryptocurrency, education and technology by sending more than 250 tailored emails over six weeks. The…
Shai-Hulud-Wurm infiziert 19 Python-Pakete

Jun 9, 2026 1:43 PM

Tags: malware

Die Sicherheitsfirma Socket hat eine neue Welle der Shai-Hulud-Malware entdeckt. Betroffen sind 19 populäre Python-Pakete für die Wissenschaft. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/19-python-pakete-shai-hulud-wurm
Shai-Hulud-Wurm infiziert 19 Python-Pakete

Jun 9, 2026 1:43 PM

Tags: malware

Die Sicherheitsfirma Socket hat eine neue Welle der Shai-Hulud-Malware entdeckt. Betroffen sind 19 populäre Python-Pakete für die Wissenschaft. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/19-python-pakete-shai-hulud-wurm
Digitale Revierkämpfe: Botnetz C0XMO vernichtet rivalisierende Malware

Jun 9, 2026 10:42 AM

Tags: botnet, malware, router, vulnerability

Die neue Gafgyt-Malware-Variante C0XMO attackiert DD-WRT-Router über eine Schwachstelle und eliminiert konkurrierende Schadsoftware auf den Geräten. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/rivalisierende-malware-vernichtet
Weedhack MaaS Targets Minecraft Players to Steal Credentials and Hijack Accounts

Jun 9, 2026 9:42 AM

Tags: access, credentials, crypto, cyber, malware, service, tactics, theft

Weedhack, a Malware-as-a-Service (MaaS) operation specifically engineered to prey on Minecraft players, that has been active since at least January 2026. The service packages credential theft, cryptocurrency wallet extraction, account hijacking and full remote-access capabilities into a low-cost, subscription-based offering marketed through SEO poisoning,YouTube promotion and counterfeit Minecraft mod websites. By combining polished distribution tactics…
NFCShare Android Malware Spreads via Weaponized Banking Apps

Jun 9, 2026 9:42 AM

Tags: android, banking, cyber, data, malicious, malware, nfc, phishing, theft

A renewed and operationally refined wave of the NFCShare Android banking trojan that delivers NFC card-data theft by masquerading as legitimate banking applications. First documented in January 2026, NFCShare continues to rely on a social”‘engineering phishing flow that coerces victims into sideloading malicious APKs; since 14 May 2026 the campaign has pivoted to Italian and…
Malware ships with bugs that defenders could use against it

Jun 9, 2026 7:42 AM

Tags: malware, software, tool

Static analysis tools have spent years scanning legitimate software for security bugs before it goes out the door. The same scanners work on malware, and malware carries a … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/06/09/malware-source-code-bugs-research/
Shai-Hulud Malware Campaign Abuses 23 PyPI Packages in Developer-Focused Attack

Jun 9, 2026 7:42 AM

Tags: attack, cyber, malicious, malware, pypi, supply-chain

A rapidly evolving supply chain campaign dubbed “Shai-Hulud” is targeting developers through malicious Python packages. Researchers have identified 23 newly weaponised PyPI artefacts, expanding the scope of the ongoing Mini Shai-Hulud, Miasma, and Hades malware operations. The latest findings highlight a shift in attacker tradecraft, combining multiple delivery techniques to compromise developer environments, CI/CD pipelines,…
NFCShare Android malware spreads via fake banking app updates on GitHub

Jun 9, 2026 12:42 AM

Tags: android, banking, github, malware, update

New variants of the NFCShare Android malware are being distributed as fake updates for legitimate banking apps hosted on GitHub. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/nfcshare-android-malware-spreads-via-fake-banking-app-updates-on-github/
New Shai-Hulud attack trojanizes 19 science-focused PyPI packages

Jun 8, 2026 11:43 PM

Tags: attack, hacker, malware, pypi

Hackers compromised 19 packages on the PyPI, collectively downloaded hundreds of thousands of times, in a new Shai-Hulud supply-chain attack that delivered malware designed to steal developer secrets. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-shai-hulud-attack-trojanizes-19-science-focused-pypi-packages/
Hackers Clone Ghidra, dnSpy and Other Tool Sites to Spread Malware

Jun 8, 2026 7:42 PM

Tags: crypto, hacker, malware, tool

Hackers are cloning Ghidra, dnSpy, ILSpy and other free tool sites to spread Malware like RemusStealer, crypto clippers and loaders through fake downloads. First seen on hackread.com Jump to article: hackread.com/hackers-clone-ghidra-dnspy-tool-sites-spread-malware/
AI Phishing Is Crushing SOCs with Alert Volume: How to Reduce Tier 1 Overload

Jun 8, 2026 3:44 PM

Tags: ai, credentials, email, login, malware, phishing, soc, theft

Phishing has always been a numbers game. AI has turned it into a volume machine.Attackers can now create convincing emails, fake login pages, and tailored lures in minutes. Every polished message adds another case for Tier 1 to review, another link to inspect, and another alert that cannot be dismissed at a glance.As the queue…
VerdantBamboo Deploys BSD Variant of BRICKSTORM on Linux Appliances

Jun 8, 2026 1:42 PM

Tags: backdoor, china, cyber, espionage, group, hacking, linux, malware, threat

A China-nexus cyber espionage group has been observed deploying a BSD variant of a known backdoor called BRICKSTORM, as well as two other malware families codenamed PLENET (aka GRIMBOLT) and AGENTPSD to target Linux systems.The activity has been attributed by Volexity to a threat cluster it tracks as VerdantBamboo, which it said overlaps with hacking…
IoT Botnet C0XMO Adds Competitor-Killing Capability

Jun 8, 2026 10:42 AM

Tags: botnet, cve, ddos, exploit, flaw, iot, malware, router

C0XMO is a new Gafgyt botnet variant exploiting old router flaws, spreading across IoT devices, killing rivals, and enabling large-scale DDoS attacks. In March 2026, FortiGuard Labs discovered a new variant of the Gafgyt botnet, dubbed C0XMO, which is noticeably more capable than its predecessors. The malware spreads through CVE-2021-27137, a stack buffer overflow in…
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 100

Jun 7, 2026 6:42 PM

Tags: ai, china, control, international, malware, wordpress

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter Malware Targeting WordPress Abuses Steam Community Profiles for Command & Control Operations Legitimate-Looking Codex Remote UI Secretly Steals Your AI Tokens Operation Dragon Weave : Uncovering a China-Linked Campaign Targeting Czech Republic and Taiwan…
C0XMO botnet spreads via DD-WRT router flaw, kills rival malware

Jun 7, 2026 4:42 PM

Tags: botnet, firmware, flaw, malware, router

A new variant of the Gafgyt botnet called C0XMO is targeting DD-WRT router firmware and can move to other device types with various CPU architectures. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/c0xmo-botnet-spreads-via-dd-wrt-router-flaw-kills-rival-malware/
Malicious podcast, PDF apps spread FlutterShell macOS backdoor malware

Jun 6, 2026 5:42 AM

Tags: backdoor, macOS, malicious, malware

First seen on scworld.com Jump to article: www.scworld.com/news/malicious-podcast-pdf-apps-spread-fluttershell-macos-backdoor-malware
IronWorm malware, similar to Shai-Hulud, hits 57 projects across 9 organizations

Jun 6, 2026 5:42 AM

Tags: malware

First seen on scworld.com Jump to article: www.scworld.com/news/ironworm-malware-similar-to-shai-hulud-hits-57-projects-across-9-organizations
Malicious podcast, PDF apps spread FlutterShell macOS backdoor malware

Jun 6, 2026 5:42 AM

Tags: backdoor, macOS, malicious, malware

First seen on scworld.com Jump to article: www.scworld.com/news/malicious-podcast-pdf-apps-spread-fluttershell-macos-backdoor-malware
Miasma Malware Hits 32 Red Hat Packages via Compromised GitHub Account

Jun 5, 2026 9:43 PM

Tags: cloud, credentials, github, malware, supply-chain

32 Red Hat npm packages compromised by Miasma malware expose cloud tokens, CI/CD secrets and developer credentials in supply chain attack. First seen on hackread.com Jump to article: hackread.com/miasma-malware-red-hat-packages-github-account/
Chinese APT deploys new malware to keep access to hacked networks

Jun 5, 2026 8:43 PM

Tags: access, apt, backdoor, china, espionage, group, malware, microsoft, network

A Chinese espionage group tracked as UNC5221 has been accessing Microsoft 365 environments using the Brickstorm backdoor and previously undocumented malware named Plenet and AgentPSD. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/chinese-apt-deploys-new-malware-to-keep-access-to-hacked-networks/