Tag: malware
-
Security Advisory Regarding BRICKSTORM
Tags: advisory, backdoor, crowdstrike, cyber, cybersecurity, infrastructure, malware, mandiant, threat, vmware, windowsExecutive Summary On December 5th, 2025 the US’s Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency, and Canada’s Cyber Security Centre released a joint malware report on BRICKSTORM, a backdoor targeting VMware vSphere and Windows environments. The suspected threat actor(s), tracked as UNC5221 by Mandiant and WARP PANDA by CrowdStrike, are identified as […]…
-
Security Advisory Regarding BRICKSTORM
Tags: advisory, backdoor, crowdstrike, cyber, cybersecurity, infrastructure, malware, mandiant, threat, vmware, windowsExecutive Summary On December 5th, 2025 the US’s Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency, and Canada’s Cyber Security Centre released a joint malware report on BRICKSTORM, a backdoor targeting VMware vSphere and Windows environments. The suspected threat actor(s), tracked as UNC5221 by Mandiant and WARP PANDA by CrowdStrike, are identified as […]…
-
Security Advisory Regarding BRICKSTORM
Tags: advisory, backdoor, crowdstrike, cyber, cybersecurity, infrastructure, malware, mandiant, threat, vmware, windowsExecutive Summary On December 5th, 2025 the US’s Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency, and Canada’s Cyber Security Centre released a joint malware report on BRICKSTORM, a backdoor targeting VMware vSphere and Windows environments. The suspected threat actor(s), tracked as UNC5221 by Mandiant and WARP PANDA by CrowdStrike, are identified as […]…
-
New SantaStealer malware steals data from browsers, crypto wallets
A new malware-as-a-service (MaaS) information stealer named SantaStealer is being advertised on Telegram and hacker forums as operating in memory to avoid file-based detection. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-santastealer-malware-steals-data-from-browsers-crypto-wallets/
-
ZnDoor Malware Actively Exploits React2Shell to Breach Network Infrastructure
Tags: attack, breach, crypto, cyber, exploit, infrastructure, malware, network, remote-code-execution, threat, vulnerabilitySince December 2025, security operations centers have identified a rising threat targeting Japanese enterprises through the exploitation of React2Shell (CVE-2025-55182), a critical remote code execution vulnerability affecting React and Next.js applications. While initial attacks primarily deployed cryptocurrency miners, researchers discovered a more dangerous payload a previously unknown malware family designated ZnDoor. Evidence suggests this threat…
-
PCPcat Malware Leverages React2Shell Vulnerability to Breach 59,000+ Servers
Tags: attack, breach, control, cve, cyber, docker, exploit, group, infrastructure, malware, monitoring, vulnerabilityA sophisticated attack campaign attributed to a group identifying as >>PCP
-
ZnDoor Malware Actively Exploits React2Shell to Breach Network Infrastructure
Tags: attack, breach, crypto, cyber, exploit, infrastructure, malware, network, remote-code-execution, threat, vulnerabilitySince December 2025, security operations centers have identified a rising threat targeting Japanese enterprises through the exploitation of React2Shell (CVE-2025-55182), a critical remote code execution vulnerability affecting React and Next.js applications. While initial attacks primarily deployed cryptocurrency miners, researchers discovered a more dangerous payload a previously unknown malware family designated ZnDoor. Evidence suggests this threat…
-
Android Users at Risk as Malware Poses as mParivahan and e-Challan Apps
A sophisticated Android malware campaign dubbed NexusRoute is actively targeting Indian users by impersonating the Indian Government Ministry, mParivahan, and e-Challan services to steal credentials and carry out large-scale financial fraud. The operation combines phishing, malware, and surveillance capabilities. It is being distributed via malicious APKs hosted on GitHub and clusters of phishing domains that…
-
Nation-State and Cybercrime Exploits Tied to React2Shell
Tags: china, cve, cybercrime, ddos, exploit, hacker, iran, korea, malware, north-korea, service, update, vulnerability2 More Vulnerabilities Need Patching in React Server Components, Warns Vercel. Mass exploitation of the React2Shell – CVE-2025-55182 – vulnerability remains underway by nation-state hackers tied to China, North Korea and Iran, as well as financially motivated cybercriminals running everything from cryptomining malware to DDoS services, security experts warn. First seen on govinfosecurity.com Jump to…
-
GitHub Scanner for React2Shell (CVE-2025-55182) Turns Out to Be Malware
A GitHub repository posing as a vulnerability scanner for CVE-2025-55182, also referred to as “React2Shell,” was exposed as… First seen on hackread.com Jump to article: hackread.com/github-scanner-react2shell-cve-2025-55182-malware/
-
Russian Phishing Campaign Delivers Phantom Stealer Via ISO Files
A new phishing campaign has been identified, delivering the Phantom information-stealing malware via an ISO attachment First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/russian-phishing-phantom-stealer/
-
No more orange juice? Why one ship reveals America’s maritime cybersecurity crisis
This is a workforce problem, not a vendor problem: The new regulations require all 3,000 MTSA facilities to designate a cybersecurity officer (why the Coast Guard named them CySOs and couldn’t just call them CISOs, I do not know). Finding hundreds of qualified people who understand both operational technology in maritime environments and cybersecurity is…
-
No more orange juice? Why one ship reveals America’s maritime cybersecurity crisis
This is a workforce problem, not a vendor problem: The new regulations require all 3,000 MTSA facilities to designate a cybersecurity officer (why the Coast Guard named them CySOs and couldn’t just call them CISOs, I do not know). Finding hundreds of qualified people who understand both operational technology in maritime environments and cybersecurity is…
-
Hamas Linked Hackers Using AshTag Malware Against Diplomatic Offices
New report by Unit 42 reveals the Hamas-linked Ashen Lepus (WIRTE) group is using the AshTag malware suite to target Middle Eastern diplomatic and government entities with advanced, hidden tactics. First seen on hackread.com Jump to article: hackread.com/hamas-hackers-ashtag-malware-diplomats/
-
Man jailed for teaching criminals how to use malware
A 49-year-old man has received a five-and-a-half year jail sentence after admitting to creating detailed video tutorials that showed members of a criminal gang how to infect Android phones with spyware and drain their bank accounts. First seen on bitdefender.com Jump to article: www.bitdefender.com/en-us/blog/hotforsecurity/man-jailed-for-teaching-criminals-how-to-use-malware
-
Hamas-Affiliated APT Ashen Lepus Unveils AshTag Malware Suite for Wider Cyber-Espionage
The post Hamas-Affiliated APT Ashen Lepus Unveils AshTag Malware Suite for Wider Cyber-Espionage appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/hamas-affiliated-apt-ashen-lepus-unveils-ashtag-malware-suite-for-wider-cyber-espionage/
-
New ‘DroidLock’ malware demands a ransom, locks user out of device
Recently spotted malware targets Spanish-speaking Android users with a lock screen that demands a ransom and other changes that effectively render a device unusable, researchers say. First seen on therecord.media Jump to article: therecord.media/android-droidlock-malware-demands-ransom-locks-mobile-device
-
New DroidLock Malware Locks Android Devices and Demands Ransom Payment
The zLabs research team has identified a sophisticated new threat campaign targeting Spanish Android users through a malware strain called DroidLock. Unlike traditional ransomware that encrypts files, this Android-focused threat employs a more direct approach locking devices with ransomware-style overlays and demanding payment while maintaining complete control over compromised handsets. DroidLock primarily spreads through phishing…
-
Hackers Are Using Shared AI Chats to Steal Your Passwords and Crypto
A sophisticated malvertising campaign is exploiting ChatGPT and DeepSeek’s shared chat features to deliver credential-stealing malware to macOS users. Threat actors are purchasing sponsored Google search results and redirecting victims to legitimate-looking LLM-generated chat sessions that contain obfuscated malicious commands, effectively bypassing platform-level safety mechanisms. The attack begins when users search for common macOS troubleshooting…
-
ValleyRAT Malware Evades Windows 11 Security with Stealthy Driver Install
Check Point Research (CPR) has published a comprehensive analysis of ValleyRAT, a widely distributed backdoor also known as Winos/Winos4.0, revealing its sophisticated modular architecture and dangerous kernel-mode rootkit capabilities. The research demonstrates how the malware’s developers possess deep expertise in Windows internals and successfully bypass modern security protections on fully updated Windows 11 systems. The…
-
Hackers Are Using Shared AI Chats to Steal Your Passwords and Crypto
A sophisticated malvertising campaign is exploiting ChatGPT and DeepSeek’s shared chat features to deliver credential-stealing malware to macOS users. Threat actors are purchasing sponsored Google search results and redirecting victims to legitimate-looking LLM-generated chat sessions that contain obfuscated malicious commands, effectively bypassing platform-level safety mechanisms. The attack begins when users search for common macOS troubleshooting…
-
New 01Flip Ransomware Targets Both Windows and Linux Systems
Security researchers at Palo Alto Networks Unit 42 have identified a newly emerging ransomware family, 01flip, that represents a significant shift in malware development tactics. Discovered in June 2025, this sophisticated threat is entirely written in Rust a modern programming language that enables cross-platform compatibility and currently targets a limited set of victims across the…
-
ValleyRAT Malware Evades Windows 11 Security with Stealthy Driver Install
Check Point Research (CPR) has published a comprehensive analysis of ValleyRAT, a widely distributed backdoor also known as Winos/Winos4.0, revealing its sophisticated modular architecture and dangerous kernel-mode rootkit capabilities. The research demonstrates how the malware’s developers possess deep expertise in Windows internals and successfully bypass modern security protections on fully updated Windows 11 systems. The…
-
Malicious Visual Studio Code Extensions Hide Trojan in Fake PNG Files
VS Code developers beware: ReversingLabs found 19 malicious extensions hiding trojans inside a popular dependency, disguising the final malware payload as a standard PNG image file. First seen on hackread.com Jump to article: hackread.com/malicious-vs-code-extensions-trojan-fake-png-files/
-
Malware Discovered in 19 Visual Studio Code Extensions
A new campaign involving 19 malicious Visual Studio Code extensions used a legitimate npm package to embed malware in dependency folders First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/malware-discovered-in-19-vs-code/
-
AI is accelerating cyberattacks. Is your network prepared?
AI-driven attacks now automate reconnaissance, generate malware variants, and evade detection at a speed that overwhelms traditional defenses. Corelight explains how network detection and response (NDR) provides the visibility and behavioral insights SOC teams need to spot and stop these fast-moving threats. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/ai-is-accelerating-cyberattacks-is-your-network-prepared/