Tag: malware
-
New ‘DroidLock’ Android Malware Locks Users Out, Spies via Front Camera
Zimperium zLabs reveals DroidLock, a new Android malware acting like ransomware that can hijack Android devices, steal credentials via phishing, and stream your screen via VNC. First seen on hackread.com Jump to article: hackread.com/droidlock-android-malware-users-spy-camera/
-
AI is accelerating cyberattacks. Is your network prepared?
AI-driven attacks now automate reconnaissance, generate malware variants, and evade detection at a speed that overwhelms traditional defenses. Corelight explains how network detection and response (NDR) provides the visibility and behavioral insights SOC teams need to spot and stop these fast-moving threats. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/ai-is-accelerating-cyberattacks-is-your-network-prepared/
-
AI is accelerating cyberattacks. Is your network prepared?
AI-driven attacks now automate reconnaissance, generate malware variants, and evade detection at a speed that overwhelms traditional defenses. Corelight explains how network detection and response (NDR) provides the visibility and behavioral insights SOC teams need to spot and stop these fast-moving threats. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/ai-is-accelerating-cyberattacks-is-your-network-prepared/
-
ThreatsDay Bulletin: Spyware Alerts, Mirai Strikes, Docker Leaks, ValleyRAT Rootkit, and 20 More Stories
This week’s cyber stories show how fast the online world can turn risky. Hackers are sneaking malware into movie downloads, browser add-ons, and even software updates people trust. Tech giants and governments are racing to plug new holes while arguing over privacy and control. And researchers keep uncovering just how much of our digital life…
-
NANOREMOTE Malware Uses Google Drive API for Hidden Control on Windows Systems
Cybersecurity researchers have disclosed details of a new fully-featured Windows backdoor called NANOREMOTE that uses the Google Drive API for command-and-control (C2) purposes.According to a report from Elastic Security Labs, the malware shares code similarities with another implant codenamed FINALDRAFT (aka Squidoor) that employs Microsoft Graph API for C2. FINALDRAFT is attributed to a First…
-
ThreatsDay Bulletin: Spyware Alerts, Mirai Strikes, Docker Leaks, ValleyRAT Rootkit, and 20 More Stories
This week’s cyber stories show how fast the online world can turn risky. Hackers are sneaking malware into movie downloads, browser add-ons, and even software updates people trust. Tech giants and governments are racing to plug new holes while arguing over privacy and control. And researchers keep uncovering just how much of our digital life…
-
NANOREMOTE Malware Uses Google Drive API for Hidden Control on Windows Systems
Cybersecurity researchers have disclosed details of a new fully-featured Windows backdoor called NANOREMOTE that uses the Google Drive API for command-and-control (C2) purposes.According to a report from Elastic Security Labs, the malware shares code similarities with another implant codenamed FINALDRAFT (aka Squidoor) that employs Microsoft Graph API for C2. FINALDRAFT is attributed to a First…
-
WIRTE Leverages AshenLoader Sideloading to Install the AshTag Espionage Backdoor
An advanced persistent threat (APT) known as WIRTE has been attributed to attacks targeting government and diplomatic entities across the Middle East with a previously undocumented malware suite dubbed AshTag since 2020.Palo Alto Networks is tracking the activity cluster under the name Ashen Lepus. Artifacts uploaded to the VirusTotal platform show that the threat actor…
-
WIRTE Leverages AshenLoader Sideloading to Install the AshTag Espionage Backdoor
An advanced persistent threat (APT) known as WIRTE has been attributed to attacks targeting government and diplomatic entities across the Middle East with a previously undocumented malware suite dubbed AshTag since 2020.Palo Alto Networks is tracking the activity cluster under the name Ashen Lepus. Artifacts uploaded to the VirusTotal platform show that the threat actor…
-
Security Alert: 19 Fake PNG Extensions Found in VS Code Marketplace
ReversingLabs (RL) researchers have identified a sophisticated supply chain campaign involving 19 malicious Visual Studio Code (VS Code) extensions. The campaign, which has been active since February 2025 and was uncovered on December 2, 2025, leverages the trust inherent in the developer ecosystem by hiding malware within the dependency folders of otherwise functional extensions. The…
-
Security Alert: 19 Fake PNG Extensions Found in VS Code Marketplace
ReversingLabs (RL) researchers have identified a sophisticated supply chain campaign involving 19 malicious Visual Studio Code (VS Code) extensions. The campaign, which has been active since February 2025 and was uncovered on December 2, 2025, leverages the trust inherent in the developer ecosystem by hiding malware within the dependency folders of otherwise functional extensions. The…
-
Microsoft Patch Tuesday 2025 Year in Review
Tags: apt, attack, backdoor, cve, cyber, cybercrime, dos, exploit, flaw, malware, microsoft, ransomware, rce, remote-code-execution, service, software, threat, update, vulnerability, zero-dayMicrosoft addressed over 1,100 CVEs as part of Patch Tuesday releases in 2025, including 40 zero-day vulnerabilities. Key takeaways: Microsoft’s 2025 Patch Tuesday releases addressed 1,130 CVEs. This is the second year in a row where the CVE count was over 1,000. Elevation of Privilege vulnerabilities accounted for 38.3% of all Patch Tuesday vulnerabilities in…
-
Microsoft Patch Tuesday 2025 Year in Review
Tags: apt, attack, backdoor, cve, cyber, cybercrime, dos, exploit, flaw, malware, microsoft, ransomware, rce, remote-code-execution, service, software, threat, update, vulnerability, zero-dayMicrosoft addressed over 1,100 CVEs as part of Patch Tuesday releases in 2025, including 40 zero-day vulnerabilities. Key takeaways: Microsoft’s 2025 Patch Tuesday releases addressed 1,130 CVEs. This is the second year in a row where the CVE count was over 1,000. Elevation of Privilege vulnerabilities accounted for 38.3% of all Patch Tuesday vulnerabilities in…
-
Microsoft Patch Tuesday 2025 Year in Review
Tags: apt, attack, backdoor, cve, cyber, cybercrime, dos, exploit, flaw, malware, microsoft, ransomware, rce, remote-code-execution, service, software, threat, update, vulnerability, zero-dayMicrosoft addressed over 1,100 CVEs as part of Patch Tuesday releases in 2025, including 40 zero-day vulnerabilities. Key takeaways: Microsoft’s 2025 Patch Tuesday releases addressed 1,130 CVEs. This is the second year in a row where the CVE count was over 1,000. Elevation of Privilege vulnerabilities accounted for 38.3% of all Patch Tuesday vulnerabilities in…
-
Google ads for shared ChatGPT, Grok guides push macOS infostealer malware
A new AMOS infostealer campaign is abusing Google search ads to lure users into Grok and ChatGPT conversations that appear to offer “helpful” instructions but ultimately lead to installing the AMOS info-stealing malware on macOS. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/google-ads-for-shared-chatgpt-grok-guides-push-macos-infostealer-malware/
-
The Unseen Threat: DNA as Malware
The Next Major Cyber Risk Could Come Through a Biological Sample Researchers demonstrated that it is feasible to encode executable payloads into synthetic DNA that, once sequenced and processed, could trigger malware in sequencing software. When a vulnerability in a sequencer becomes a vulnerability in national health or food security, the stakes are existential. First…
-
The Unseen Threat: DNA as Malware
The Next Major Cyber Risk Could Come Through a Biological Sample Researchers demonstrated that it is feasible to encode executable payloads into synthetic DNA that, once sequenced and processed, could trigger malware in sequencing software. When a vulnerability in a sequencer becomes a vulnerability in national health or food security, the stakes are existential. First…
-
New DroidLock malware locks Android devices and demands a ransom
A new Android malware called DroidLock has emerged with capabilities to lock screens for ransom payments, erase data, access text messages, call logs, contacts, and audio data. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-droidlock-malware-locks-android-devices-and-demands-a-ransom/
-
React2Shell Exploitation Delivers Crypto Miners and New Malware Across Multiple Sectors
React2Shell continues to witness heavy exploitation, with threat actors leveraging the maximum-severity security flaw in React Server Components (RSC) to deliver cryptocurrency miners and an array of previously undocumented malware families, according to new findings from Huntress.This includes a Linux backdoor called PeerBlight, a reverse proxy tunnel named CowTunnel, and a Go-based First seen on…
-
2025 Year of Browser Bugs Recap:
Tags: access, ai, api, attack, authentication, awareness, browser, cctv, chrome, cloud, communications, computer, credentials, crypto, cyber, data, data-breach, detection, edr, email, endpoint, exploit, flaw, gartner, google, guide, identity, injection, leak, login, malicious, malware, network, openai, passkey, password, phishing, ransom, ransomware, risk, saas, service, threat, tool, update, vulnerability, windows, xss, zero-dayAt the beginning of this year, we launched the Year of Browser Bugs (YOBB) project, a commitment to research and share critical architectural vulnerabilities in the browser. Inspired by the iconic Months of Bugs tradition in the 2000s, YOBB was started with a similar purpose”Š”, “Što drive awareness and discussion around key security gaps and…
-
APT28’s Toolkit: AI, Wi-Fi Intrusions, Cloud C2
APT28’s new “LameHug” malware uses LLMs to generate basic commands, a strikingly clumsy move from an otherwise advanced threat group. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/apt28s-toolkit-ai-wi-fi-intrusions-cloud-c2/
-
AI-Powered Analysis Exposes Massive 5,000-Domain Chinese Malware Operation
DomainTools Investigations has released critical findings detailing the expansion of a massive malware-delivery network targeting Chinese-speaking users worldwide. The long-running cluster, active since June 2023, has swelled to approximately 5,000 domains, with researchers identifying over 1,900 new domains between May and November 2025 alone. This latest investigation also marks a significant milestone in defensive cybersecurity,…
-
Cybercriminals Use Fake Game Updates on Itch.io and Patreon to Push Lumma Stealer
The indie gaming community faces a new and sophisticated threat. Malicious actors are exploiting itch.io and Patreon to distribute the Lumma Stealer malware disguised as legitimate game updates, targeting unsuspecting gamers through a systematic spam campaign across the platform. Newly created itch.io accounts have been flooding comment sections of legitimate games with templated messages claiming…
-
AI-Powered Analysis Exposes Massive 5,000-Domain Chinese Malware Operation
DomainTools Investigations has released critical findings detailing the expansion of a massive malware-delivery network targeting Chinese-speaking users worldwide. The long-running cluster, active since June 2023, has swelled to approximately 5,000 domains, with researchers identifying over 1,900 new domains between May and November 2025 alone. This latest investigation also marks a significant milestone in defensive cybersecurity,…
-
Cybercriminals Use Fake Game Updates on Itch.io and Patreon to Push Lumma Stealer
The indie gaming community faces a new and sophisticated threat. Malicious actors are exploiting itch.io and Patreon to distribute the Lumma Stealer malware disguised as legitimate game updates, targeting unsuspecting gamers through a systematic spam campaign across the platform. Newly created itch.io accounts have been flooding comment sections of legitimate games with templated messages claiming…
-
FortiGuard Team Uncovers Stealth Forensic Data Within Windows Telemetry
During a recent incident response engagement, FortiGuard IR services responded to a sophisticated ransomware attack in which threat actors deployed advanced anti-forensic techniques to eliminate their digital footprint. The attackers deleted malware, cleared logs, and obfuscated tools to prevent analysis. However, FortiGuard researchers made a critical discovery: historical evidence of the deleted malware and attacker…