Tag: malware
-
Malicious VSCode extensions on Microsoft’s registry drop infostealers
Two malicious extensions on Microsoft’s Visual Studio Code Marketplace infect developers’ machines with information-stealing malware that can take screenshots, steal credentials, and hijack browser sessions. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/malicious-vscode-extensions-on-microsofts-registry-drop-infostealers/
-
Oh Crap, Kohler’s Toilet Cameras Aren’t Really EndEnd Encrypted
Plus: The Trump administration declines to issue sanctions over Salt Typhoon’s hacking spree, officials warn of a disturbingly stealthy Chinese malware specimen, and more. First seen on wired.com Jump to article: www.wired.com/story/security-news-this-week-oh-crap-kohlers-toilet-cameras-arent-really-end-to-end-encrypted/
-
Russian police bust bank-account hacking gang that used NFCGate-based malware
Russian police said they took down a multimillion-dollar cybercrime operation that used malware based on a legitimate software tool to take over individuals’ bank accounts. First seen on therecord.media Jump to article: therecord.media/russian-police-bust-banking-hackers-nfcgate-based-malware
-
Hackers Exploit Multiple Ad Networks to Distribute Triada Malware to Android Users
Adex, the anti-fraud and traffic-quality platform operating under AdTech Holding, has successfully identified and neutralized a sophisticated, multi-year malware operation linked to the infamous Triada Trojan. This campaign, which has persistently targeted the mobile advertising ecosystem, underscores the evolving dangers of supply-chain attacks in the digital ad space. According to industry data released alongside the…
-
Neue Android-Malware hat es auf eure Kontodaten abgesehen
First seen on t3n.de Jump to article: t3n.de/news/neue-android-malware-albiriox-banken-apps-1720198/
-
Android Malware FvncBot, SeedSnatcher, and ClayRat Gain Stronger Data Theft Features
Cybersecurity researchers have disclosed details of two new Android malware families dubbed FvncBot and SeedSnatcher, as another upgraded version of ClayRat has been spotted in the wild.The findings come from Intel 471, CYFIRMA, and Zimperium, respectively.FvncBot, which masquerades as a security app developed by mBank, targets mobile banking users in Poland. What’s notable about the…
-
MuddyWater Deploys UDPGangster Backdoor in Targeted Turkey-Israel-Azerbaijan Campaign
The Iranian hacking group known as MuddyWater has been observed leveraging a new backdoor dubbed UDPGangster that uses the User Datagram Protocol (UDP) for command-and-control (C2) purposes.The cyber espionage activity targeted users in Turkey, Israel, and Azerbaijan, according to a report from Fortinet FortiGuard Labs.”This malware enables remote control of compromised systems by allowing First…
-
Shanya EDR Killer: The New Favorite Tool for Ransomware Operators
A sophisticated new >>packer-as-a-service>EDR killer
-
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 74
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter Analysis of ShadowPad Attack Exploiting WSUS Remote Code Execution Vulnerability (CVE-2025-59287) Shai-Hulud 2.0 Supply Chain Attack: 25K+ npm Repos Exposed Spyware Allows Cyber Threat Actors to Target Users of Messaging Applications Morphisec Thwarts Russian-Linked…
-
Sideloading: ACE drängt auf härteres Vorgehen gegen Piraterie-Apps
ACE warnt vor Sideloading von Piraterie-Apps als Sicherheitsrisiko. Malware, Datendiebstahl und Betrug nehmen zu. First seen on tarnkappe.info Jump to article: tarnkappe.info/artikel/it-sicherheit/sideloading-ace-draengt-auf-haerteres-vorgehen-gegen-piraterie-apps-323934.html
-
Chinese State Hackers Use New BRICKSTORM Malware Against VMware Systems
CISA, NSA, and Canadian Cyber Centre warn that PRC state-sponsored hackers are using BRICKSTORM, a stealthy Go-based backdoor, for long-term espionage in Government and IT networks. First seen on hackread.com Jump to article: hackread.com/chinese-state-hackers-brickstorm-vmware-systems/
-
Security News This Week: Oh Crap, Kohler’s Toilet Cameras Aren’t Really EndEnd Encrypted
Plus: The Trump administration declines to issue sanctions over Salt Typhoon’s hacking spree, officials warn of a disturbingly stealthy Chinese malware specimen, and more. First seen on wired.com Jump to article: www.wired.com/story/security-news-this-week-oh-crap-kohlers-toilet-cameras-arent-really-end-to-end-encrypted/
-
Security News This Week: Oh Crap, Kohler’s Toilet Cameras Aren’t Really EndEnd Encrypted
Plus: The Trump administration declines to issue sanctions over Salt Typhoon’s hacking spree, officials warn of a disturbingly stealthy Chinese malware specimen, and more. First seen on wired.com Jump to article: www.wired.com/story/security-news-this-week-oh-crap-kohlers-toilet-cameras-arent-really-end-to-end-encrypted/
-
FvncBot Android Malware Steals Keystrokes and Injects Harmful Payloads
A newly discovered Android banking trojan, FvncBot, has emerged as a sophisticated threat targeting mobile banking users in Poland. Researchers from Intel 471 first identified this malware on November 25, 2025, disguised as a security application from mBank, one of Poland’s most prominent banking institutions.”‹ Novel Malware with Advanced Capabilities FvncBot represents an entirely new…
-
Warning: React2Shell vulnerability already being exploited by threat actors
Tags: ai, application-security, attack, china, cloud, communications, credentials, data, data-breach, exploit, firewall, framework, group, infosec, intelligence, linux, malicious, malware, open-source, service, software, threat, tool, update, vulnerability, wafSystem.Management.Automation.AmsiUtils.amsiInitFailed = true (a standard AMSI bypass), and iex executes the next stage.JFrog’s security research team also today reported finding a working proof of concept that leads to code execution, and they and others have also reported finding fake PoCs containing malicious code on GitHub. “Security teams must verify sources before testing [these PoCs],” warns JFrog.Amitai Cohen, attack…
-
China-nexus actor targets multiple US entities with Brickstorm malware
Researchers outline a campaign targeting U.S. companies, and CISA warns of attacks on government services and IT firms. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/china-actor-us-entities-brickstorm-malware/807166/
-
Hardening browser security with zero-trust controls
Tags: access, api, authentication, automation, browser, chrome, cisa, cloud, compliance, container, control, corporate, credentials, crowdstrike, data, data-breach, detection, edr, email, encryption, endpoint, exploit, fido, finance, framework, google, governance, group, Hardware, identity, kubernetes, least-privilege, login, malicious, malware, mfa, microsoft, network, nist, okta, passkey, password, phishing, phone, risk, risk-assessment, sap, service, soar, theft, threat, tool, update, wifi, windows, zero-trust1. Identity-first access control Network proximity is now an inferior trust signal. Only federated, cryptographically verifiable identity tokens issued by centralized enterprise IdPs using OIDC or SAML are permitted as gates to corporate resources. This transition, well-documented by FIDO Alliance and Microsoft research, transfers the very concept of “inside” the organization from the network to…
-
Hackers Using CastleRAT Malware to Attack Windows Systems and Gain Remote Access
The cybersecurity landscape continues to evolve as threat actors deploy increasingly sophisticated tools to compromise Windows-based infrastructure. CastleRAT, a Remote Access Trojan that emerged around March 2025, represents a significant addition to the malware arsenal that defenders must now contend with. This newly discovered threat demonstrates the convergence of multiple attack techniques, enabling attackers to…
-
Russian Calisto Hackers Target NATO Research with ClickFix Malware
Tags: credentials, cyber, defense, hacker, intelligence, malicious, malware, phishing, russia, service, spear-phishing, threat, ukraineRussian intelligence-linked cyber threat actors have intensified their operations against NATO research organizations, Western defense contractors, and NGOs supporting Ukraine, employing sophisticated phishing and credential harvesting techniques. The Calisto intrusion set, attributed to Russia’s FSB intelligence service, has escalated its spear-phishing campaigns throughout 2025, leveraging the ClickFix malicious code technique to target high-value entities across…
-
Hackers Using CastleRAT Malware to Attack Windows Systems and Gain Remote Access
The cybersecurity landscape continues to evolve as threat actors deploy increasingly sophisticated tools to compromise Windows-based infrastructure. CastleRAT, a Remote Access Trojan that emerged around March 2025, represents a significant addition to the malware arsenal that defenders must now contend with. This newly discovered threat demonstrates the convergence of multiple attack techniques, enabling attackers to…
-
China-Nexus Hackers Target VMware vCenter Systems to Deploy Web Shells and Malware Implants
Throughout 2025, CrowdStrike has identified multiple intrusions targeting VMware vCenter environments at U.S.-based entities, in which newly identified China-nexus adversary WARP PANDA deployed BRICKSTORM malware. WARP PANDA exhibits sophisticated technical capabilities, advanced operations security skills, and extensive knowledge of cloud and virtual machine environments. In addition to BRICKSTORM, WARP PANDA has deployed JSP web shells…
-
China-Nexus Hackers Target VMware vCenter Systems to Deploy Web Shells and Malware Implants
Throughout 2025, CrowdStrike has identified multiple intrusions targeting VMware vCenter environments at U.S.-based entities, in which newly identified China-nexus adversary WARP PANDA deployed BRICKSTORM malware. WARP PANDA exhibits sophisticated technical capabilities, advanced operations security skills, and extensive knowledge of cloud and virtual machine environments. In addition to BRICKSTORM, WARP PANDA has deployed JSP web shells…
-
Bybit-Hack: Berüchtigter Hacker fängt sich selbst Malware ein
Ein am großen Bybit-Hack beteiligter nordkoreanischer Hacker hat sein eigenes System wohl versehentlich mit Malware infiziert. Nun ist mehr über ihn bekannt. First seen on golem.de Jump to article: www.golem.de/news/bybit-hack-beruechtigter-hacker-faengt-sich-selbst-malware-ein-2512-202958.html
-
Behörden warnen: Chinesische Hacker attackieren VMware-Systeme
Die Angreifer schleusen eine Backdoor-Malware namens Brickstorm ein, um sich dauerhaft einzunisten. IT-Verantwortliche sollten dringend handeln. First seen on golem.de Jump to article: www.golem.de/news/behoerden-warnen-chinesische-hacker-attackieren-vmware-systeme-2512-202940.html
-
SpyCloud Data Shows Corporate Users 3x More Likely to Be Targeted by Phishing Than by Malware
Contact Sr. Account DirectorEmily BrownREQ on behalf of SpyCloudspycloud@req.co First seen on csoonline.com Jump to article: www.csoonline.com/article/4101513/spycloud-data-shows-corporate-users-3x-more-likely-to-be-targeted-by-phishing-than-by-malware.html
-
CISA, NSA Alert on BRICKSTORM Malware Targeting VMware ESXi and Windows Systems
The Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA), joined by Canadian cyber authorities, have issued a joint alert warning of a sophisticated new malware campaign dubbed >>BRICKSTORM.
-
New Stealthy Linux Malware Merges Mirai-based DDoS Botnet with Fileless Cryptominer
Cybersecurity researchers uncover a sophisticated Linux campaign that blends legacy botnet capabilities with modern evasion techniques. A newly discovered Linux malware campaign is demonstrating the evolving sophistication of threat actors by combining Mirai-derived distributed denial-of-service (DDoS) functionality with a stealthy, fileless cryptocurrency mining operation. According to research from Cyble Research & Intelligence Labs (CRIL), the…
-
CISA, NSA Alert on BRICKSTORM Malware Targeting VMware ESXi and Windows Systems
The Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA), joined by Canadian cyber authorities, have issued a joint alert warning of a sophisticated new malware campaign dubbed >>BRICKSTORM.