Collecting Cyber-News from over 60 sources

Tag: malware

SpyCloud Data Shows Corporate Users 3x More Likely to Be Targeted by Phishing Than by Malware

Dec 5, 2025 1:32 AM

Tags: attack, corporate, cyber, data, identity, malware, phishing, threat, usa

Austin, TX, USA, December 4th, 2025, CyberNewsWire Phishing has surged 400% year-over-year, highlighting need for real-time visibility into identity exposures. SpyCloud, the leader in identity threat protection, today released new data showing a sharp rise in phishing attacks that disproportionately target corporate users. The company tracked a 400% year-over-year increase in successfully phished identities, with…
Threat Actors Exploit Foxit PDF Reader to Seize System Access and Steal Data

Dec 5, 2025 1:32 AM

Tags: access, attack, control, cyber, data, email, exploit, jobs, malware, social-engineering, threat

A sophisticated malware campaign is leveraging a weaponized Foxit PDF Reader to target job seekers through email-based attacks, deploying ValleyRAT. This remote access trojan grants threat actors complete system control and data exfiltration capabilities. Security researchers have identified a significant uptick in this campaign, which combines social engineering, obfuscation techniques, and dynamic-link library (DLL) sideloading…
New Phishing Campaign Impersonates India’s Income Tax Department to Distribute AsyncRAT

Dec 5, 2025 1:32 AM

Tags: ai, attack, communications, country, cyber, government, india, malicious, malware, phishing, rat, zero-day

In November 2025, security researchers at Raven AI identified a sophisticated zero-day phishing campaign impersonating the Income Tax Department of India, targeting enterprises across the country with a multi-stage malware chain. The attack combined authentic-looking government communications with advanced evasion techniques, delivering both a shellcode-based RAT loader and a malicious executable disguised as a GoTo…
SpyCloud Data Shows Corporate Users 3x More Likely to Be Targeted by Phishing Than by Malware

Dec 5, 2025 1:32 AM

Tags: attack, corporate, cyber, data, identity, malware, phishing, threat, usa

Austin, TX, USA, December 4th, 2025, CyberNewsWire Phishing has surged 400% year-over-year, highlighting need for real-time visibility into identity exposures. SpyCloud, the leader in identity threat protection, today released new data showing a sharp rise in phishing attacks that disproportionately target corporate users. The company tracked a 400% year-over-year increase in successfully phished identities, with…
Brickstorm Malware Hits US Critical Systems, CISA Warns

Dec 5, 2025 12:32 AM

Tags: access, backdoor, china, cisa, credentials, cyber, detection, exploit, infrastructure, malware, vmware

Chinese-Linked Malware Campaign Targets Critical Environments With Weak Monitoring. U.S. and Canadian cyber authorities say Chinese state-backed actors used a backdoor dubbed BRICKSTORM to maintain long-term access into critical infrastructure, exploiting VMware environments to exfiltrate credentials and evade detection through encrypted covert channels. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/brickstorm-malware-hits-us-critical-systems-cisa-warns-a-30195
CISA, NSA warn of China’s BRICKSTORM malware after incident response efforts

Dec 4, 2025 11:32 PM

Tags: advisory, china, cisa, cyber, cybersecurity, incident response, infrastructure, malware

The Cybersecurity and Infrastructure Security Agency (CISA), NSA and Canadian Centre for Cyber Security published an advisory on Thursday outlining the BRICKSTORM malware based off an analysis of eight samples taken from victim organizations. First seen on therecord.media Jump to article: therecord.media/cisa-nsa-warn-brickstorm-china
Officials warn about expansive, ongoing China espionage threat riding on Brickstorm malware

Dec 4, 2025 11:32 PM

Tags: attack, china, espionage, malware, threat

The attacks, which have impacted dozens of organizations, date back at least three years, lasting an average of 393 days. And that’s just what’s been uncovered in the last four months. First seen on cyberscoop.com Jump to article: cyberscoop.com/china-brickstorm-malware-cyber-espionage-campaign-cisa-dhs-alert/
CISA warns of Chinese “BrickStorm” malware attacks on VMware servers

Dec 4, 2025 7:33 PM

Tags: attack, china, cisa, cybersecurity, hacker, infrastructure, malware, network, vmware

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned network defenders of Chinese hackers backdooring VMware vSphere servers with Brickstorm malware. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cisa-warns-of-chinese-brickstorm-malware-attacks-on-vmware-servers/
Silver Fox Uses Fake Microsoft Teams Installer to Spread ValleyRAT Malware in China

Dec 4, 2025 7:33 PM

Tags: attack, china, group, malicious, malware, microsoft, russia, threat

The threat actor known as Silver Fox has been spotted orchestrating a false flag operation to mimic a Russian threat group in attacks targeting organizations in China.The search engine optimization (SEO) poisoning campaign leverages Microsoft Teams lures to trick unsuspecting users into downloading a malicious setup file that leads to the deployment of ValleyRAT (Winos…
Medical School Hamburg schützt ihre EKommunikation mit smarter Komplettlösung

Dec 4, 2025 5:37 PM

Tags: ceo, mail, malware, phishing, spam

Heute schützt NoSpamProxy Protection die Nutzenden sicher vor Spam, Phishing, Malware und anderen Bedrohungen wie CEO-Fraud. Rund 40% des eingehenden E-Mail-Verkehrs werden so im Vorfeld als ungewollt erkannt First seen on infopoint-security.de Jump to article: www.infopoint-security.de/medical-school-hamburg-schuetzt-ihre-e-mail-kommunikation-mit-smarter-komplettloesung/a43072/
Windows shortcuts’ use as a vector for malware may be cut short

Dec 4, 2025 4:32 PM

Tags: cve, cvss, malicious, malware, microsoft, powershell, update, vulnerability, windows

Windows shortcut files (.lnk) have long been a convenient hiding place for attackers because Windows Explorer only displayed the first 260 characters of the command in a shortcut’s properties. Anything appended after a long string of spaces stayed invisible to the user.The issue is tracked as CVE-2025-9491, with security analysts assigning a high-severity CVSS rating…
SpyCloud Data Shows Corporate Users 3x More Likely to Be Targeted by Phishing Than by Malware

Dec 4, 2025 3:32 PM

Tags: corporate, data, malware, phishing, usa

Austin, TX, USA, 4th December 2025, CyberNewsWire First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/12/spycloud-data-shows-corporate-users-3x-more-likely-to-be-targeted-by-phishing-than-by-malware/
SpyCloud Data Shows Corporate Users 3x More Likely to Be Targeted by Phishing Than by Malware

Dec 4, 2025 3:32 PM

Tags: corporate, data, malware, phishing, usa

Austin, TX, USA, 4th December 2025, CyberNewsWire First seen on hackread.com Jump to article: hackread.com/spycloud-data-shows-corporate-users-3x-more-likely-to-be-targeted-by-phishing-than-by-malware/
ShadyPanda’s Years-Long Browser Hack Infected 4.3 Million Users

Dec 4, 2025 2:32 PM

Tags: browser, chrome, exploit, group, malicious, malware, marketplace, rce, remote-code-execution, threat, update

A threat group dubbed ShadyPanda exploited traditional extension processes in browser marketplaces by uploading legitimate extensions and then quietly weaponization them with malicious updates, infecting 4.3 million Chrome and Edge users with RCE malware and spyware. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/12/shadypandas-years-long-browser-hack-infected-4-3-million-users/
ShadyPanda’s Years-Long Browser Hack Infected 4.3 Million Users

Dec 4, 2025 2:32 PM

Tags: browser, chrome, exploit, group, malicious, malware, marketplace, rce, remote-code-execution, threat, update

A threat group dubbed ShadyPanda exploited traditional extension processes in browser marketplaces by uploading legitimate extensions and then quietly weaponization them with malicious updates, infecting 4.3 million Chrome and Edge users with RCE malware and spyware. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/12/shadypandas-years-long-browser-hack-infected-4-3-million-users/
Newly Sold Albiriox Android Malware Targets Banks and Crypto Holders

Dec 4, 2025 2:32 PM

Tags: android, banking, crypto, finance, fraud, malware, rat, service

Cleafy analysis reveals Albiriox, a new Android Malware-as-a-Service (MaaS) RAT that targets over 400 global banking and crypto apps. Learn how ODF fraud enables full device takeover. First seen on hackread.com Jump to article: hackread.com/albiriox-android-malware-targets-banks-crypto/
PickleScan Uncovers 0-Day Vulnerabilities Allowing Arbitrary Code Execution via Malicious PyTorch Models

Dec 4, 2025 1:32 PM

Tags: attack, cyber, detection, malicious, malware, ml, supply-chain, tool, vulnerability, zero-day

JFrog Security Research has uncovered three critical zero-day vulnerabilities in PickleScan, a widely-adopted industry-standard tool for scanning machine learning models and detecting malicious content. These vulnerabilities would enable attackers to completely bypass PickleScan’s malware detection mechanisms, potentially facilitating large-scale supply chain attacks by distributing malicious ML models containing undetectable code. The discoveries underscore a fundamental…
Sryxen Malware Uses Headless Browser Trick to Bypass Chrome Protections

Dec 4, 2025 1:32 PM

Tags: browser, chrome, credentials, crypto, cyber, malware, service, theft, vpn, windows

A new Windows-focused information stealer dubbed “Sryxen” is drawing attention in the security community for its blend of modern browser credential theft and unusually aggressive anti-analysis protections. Sold as malware-as-a-service (MaaS) and written in C++ for 64-bit Windows, Sryxen targets browser secrets, Discord tokens, VPNs, social accounts, and crypto wallets, then exfiltrates everything to its…
Sryxen Malware Uses Headless Browser Trick to Bypass Chrome Protections

Dec 4, 2025 1:32 PM

Tags: browser, chrome, credentials, crypto, cyber, malware, service, theft, vpn, windows

A new Windows-focused information stealer dubbed “Sryxen” is drawing attention in the security community for its blend of modern browser credential theft and unusually aggressive anti-analysis protections. Sold as malware-as-a-service (MaaS) and written in C++ for 64-bit Windows, Sryxen targets browser secrets, Discord tokens, VPNs, social accounts, and crypto wallets, then exfiltrates everything to its…
GoldFactory Hits Southeast Asia with Modified Banking Apps Driving 11,000+ Infections

Dec 4, 2025 11:32 AM

Tags: android, attack, banking, cybercrime, government, group, infection, malware, mobile

Cybercriminals associated with a financially motivated group known as GoldFactory have been observed staging a fresh round of attacks targeting mobile users in Indonesia, Thailand, and Vietnam by impersonating government services.The activity, observed since October 2024, involves distributing modified banking applications that act as a conduit for Android malware, Group-IB said in a technical First…
Shai-Hulud 2.0 NPM-Malware-Angriff erbeutet ~400 K Entwickler-Geheimnisse

Dec 4, 2025 5:32 AM

Tags: cyberattack, github, malware

Seit voriger Woche treibt Shai-Hulud 2.0, ein Wurm, sein Unwesen und schleust sich über NPM-Pakete von einem Opfer zum nächsten. Bisher wurden Zugangsdaten von über 25.000 GitHub-Repositories entwendet und bis zu 400.000 Entwicklergeheimnisse offoen gelegt. Auch die Sicherheitsforscher von Sysdig haben den … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/12/04/shai-hulud-2-0-npm-malware-angriff-erbeutet-400-k-entwickler-geheimnisse/
Shai-Hulud 2.0 NPM malware attack exposed up to 400,000 dev secrets

Dec 2, 2025 8:49 PM

Tags: attack, breach, data, data-breach, github, malware

The second Shai-Hulud attack last week exposed around 400,000 raw secrets after infecting hundreds of packages in the NPM (Node Package Manager) registry and publishing stolen data in 30,000 GitHub repositories. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/shai-hulud-20-npm-malware-attack-exposed-up-to-400-000-dev-secrets/
NK Hackers Push 200 Malicious npm Packages with OtterCookie Malware

Dec 2, 2025 5:49 PM

Tags: attack, blockchain, hacker, jobs, malicious, malware, north-korea

North Korean hackers escalated the “Contagious Interview” attack, flooding the npm registry with over 200 malicious packages to install OtterCookie malware. This attack targets blockchain and Web3 developers through fake job interviews and coding tests. First seen on hackread.com Jump to article: hackread.com/nk-hackers-npm-packages-ottercookie-malware/
NK Hackers Push 200 Malicious npm Packages with OtterCookie Malware

Dec 2, 2025 5:49 PM

Tags: attack, blockchain, hacker, jobs, malicious, malware, north-korea

North Korean hackers escalated the “Contagious Interview” attack, flooding the npm registry with over 200 malicious packages to install OtterCookie malware. This attack targets blockchain and Web3 developers through fake job interviews and coding tests. First seen on hackread.com Jump to article: hackread.com/nk-hackers-npm-packages-ottercookie-malware/
NK Hackers Push 200 Malicious npm Packages with OtterCookie Malware

Dec 2, 2025 5:49 PM

Tags: attack, blockchain, hacker, jobs, malicious, malware, north-korea

North Korean hackers escalated the “Contagious Interview” attack, flooding the npm registry with over 200 malicious packages to install OtterCookie malware. This attack targets blockchain and Web3 developers through fake job interviews and coding tests. First seen on hackread.com Jump to article: hackread.com/nk-hackers-npm-packages-ottercookie-malware/
Schwachstelle für Malware-Verteilung genutzt – Notfall-Update für kritische RCE-Sicherheitslücke in WSUS

Dec 2, 2025 5:49 PM

Tags: bug, malware, rce, remote-code-execution, update, vulnerability

First seen on security-insider.de Jump to article: www.security-insider.de/microsoft-notfall-patch-kritische-wsus-sicherheitsluecke-a-d338bab93ebc2563e1999cae18f17e00/
NK Hackers Push 200 Malicious npm Packages with OtterCookie Malware

Dec 2, 2025 5:49 PM

Tags: attack, blockchain, hacker, jobs, malicious, malware, north-korea

North Korean hackers escalated the “Contagious Interview” attack, flooding the npm registry with over 200 malicious packages to install OtterCookie malware. This attack targets blockchain and Web3 developers through fake job interviews and coding tests. First seen on hackread.com Jump to article: hackread.com/nk-hackers-npm-packages-ottercookie-malware/
MuddyWater strikes Israel with advanced MuddyViper malware

Dec 2, 2025 4:49 PM

Tags: apt, backdoor, defense, group, iran, malware, threat, tool

Iran-linked threat actor MuddyWater targeted multiple Israeli sectors with a new MuddyViper backdoor in recent attacks. ESET researchers uncovered a new MuddyWater campaign targeting Israeli organizations and one confirmed Egyptian target. The Iran-linked APT group MuddyWater (aka SeedWorm, TEMP.Zagros, Mango Sandstorm, TA450, and Static Kitten) deployed custom tools to evade defenses and maintain persistence. They used a Fooder loader,…
Researchers Capture Lazarus APT’s Remote-Worker Scheme Live on Camera

Dec 2, 2025 4:49 PM

Tags: apt, cctv, group, intelligence, korea, lazarus, malware, network, north-korea, threat

A joint investigation led by Mauro Eldritch, founder of BCA LTD, conducted together with threat-intel initiative NorthScan and ANY.RUN, a solution for interactive malware analysis and threat intelligence, has uncovered one of North Korea’s most persistent infiltration schemes: a network of remote IT workers tied to Lazarus Group’s Famous Chollima division.For the first time, researchers…
Researchers Capture Lazarus APT’s Remote-Worker Scheme Live on Camera

Dec 2, 2025 4:49 PM

Tags: apt, cctv, group, intelligence, korea, lazarus, malware, network, north-korea, threat

A joint investigation led by Mauro Eldritch, founder of BCA LTD, conducted together with threat-intel initiative NorthScan and ANY.RUN, a solution for interactive malware analysis and threat intelligence, has uncovered one of North Korea’s most persistent infiltration schemes: a network of remote IT workers tied to Lazarus Group’s Famous Chollima division.For the first time, researchers…