Tag: malware

Fake Zoom SDK Update Spreads Sapphire Sleet Malware in New macOS Attack Chain

Apr 17, 2026 12:38 PM

Tags: apple, attack, cyber, macOS, malicious, malware, north-korea, social-engineering, software, threat, update, vulnerability

A sophisticated macOS-focused cyber campaign orchestrated by the North Korean threat actor Sapphire Sleet, revealing a shift toward social engineering over traditional software exploitation. Instead of relying on vulnerabilities, the attackers trick users into executing malicious files disguised as legitimate software updates, effectively bypassing Apple’s built-in security protections. The campaign centers on a fake file…
Facebook-Falle: Wie APT37-Hacker per Freundschaftsanfrage Malware verbreiten

Apr 17, 2026 9:38 AM

Tags: access, hacker, malware, software

Die nordkoreanische Hackergruppe APT37 nutzt Facebook-Profile für gezieltes Social Engineering. Wie Angreifer über manipulierte PDF-Software vollen Zugriff auf Nutzerdaten erlangen und welche Spionagetaktiken aktuell im Einsatz sind. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/facebook-hacker-malware
ZionSiphon Malware Hits Israeli Desalination Plants

Apr 17, 2026 8:37 AM

Tags: cyber, hacker, malware, tool

Hackers are experimenting with new malware designed to sabotage Israeli desalination and water treatment plants using a tool dubbed “ZionSiphon,”. However, the current sample appears to be a faulty or developmental build rather than a fully operational weapon. The code checks IPv4 ranges such as 2.52.0.02.55.255.255, 79.176.0.079.191.255.255, and 212.150.0.0212.150.255.255, all of which are geolocated to…
April Patch Tuesday roundup: Zero day vulnerabilities and critical bugs

Apr 17, 2026 12:48 AM

Tags: access, ai, attack, business, ciso, cloud, cve, cvss, cyber, data, exploit, firewall, flaw, identity, injection, international, ivanti, LLM, malware, microsoft, network, remote-code-execution, sap, social-engineering, software, sql, threat, tool, unauthorized, update, vulnerability, windows, zero-day

block inbound traffic on UDP ports 500 and 4500 for systems that do not use IKE;for systems that require IKE, configure firewall rules to allow inbound traffic on UDP ports 500 and 4500 only from known peer addresses.Microsoft noted that these actions reduce the attack surface, but don’t replace installing the security update.Breen said that…
Fake ProtonVPN, game mod sites spread NWHStealer in new Windows malware campaign

Apr 17, 2026 12:48 AM

Tags: attack, cyber, exploit, malicious, malware, phishing, threat, tool, vpn, windows

Multiple ongoing malware campaigns are distributing a powerful information-stealing trojan, tracked as NWHStealer, through fake VPN installers, gaming mods, and system tools. Unlike typical phishing campaigns, these attacks exploit users’ trust in popular software. Threat actors are disguising malicious payloads as legitimate installers for tools such as Proton VPN, OhmGraphite, Sidebar Diagnostics, Pachtop, and HardwareVisualizer. The files are hosted…
JUMPSEC Unmasks Iranian ‘Muddy Water’ Using Russian ‘CastleRAT’ Malware

Apr 17, 2026 12:48 AM

Tags: iran, malware, russia

The post JUMPSEC Unmasks Iranian ‘Muddy Water’ Using Russian ‘CastleRAT’ Malware appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/muddy-water-castlerat-chainshell-malware-alliance/
Hackers Exploit n8n Webhooks to Spread Malware

Apr 17, 2026 12:48 AM

Tags: ai, automation, cyber, email, exploit, hacker, malicious, malware, phishing, tool

A new abuse campaign targeting AI-driven workflow automation platforms particularly n8n that turns legitimate automation tools into powerful malware delivery systems. Between October 2025 and March 2026, security analysts observed a sharp surge in phishing emails that weaponized n8n-generated webhooks to deliver malicious payloads and collect device fingerprints under the guise of trusted infrastructure. AI workflow platforms like n8n and Zapier are…
Ukrainian emergency services and hospitals hit by espionage campaign using new AgingFly malware

Apr 17, 2026 12:48 AM

Tags: espionage, government, hacker, healthcare, malware, service, tool, ukraine

Hackers have targeted Ukrainian hospitals and local government bodies in a new espionage campaign using a malware tool dubbed AgingFly, researchers say. First seen on therecord.media Jump to article: therecord.media/aging-fly-espionage-campaign-targets-ukraine-emergency-services
MiningDropper Turns Android Apps Into Multi-Stage Malware Delivery Systems

Apr 17, 2026 12:48 AM

Tags: android, malware

Researchers have uncovered an Android malware framework dubbed the MiningDropper. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/miningdropper-android-malware/
OpenAI Launches GPT-5.4-Cyber to Boost Defensive Cybersecurity

Apr 17, 2026 12:48 AM

Tags: access, cyber, cybersecurity, malware, openai, software

OpenAI unveils GPT-5.4-Cyber, a cybersecurity-focused model built to help defenders analyze malware and fix software bugs. The company is also expanding its Trusted Access for Cyber (TAC) program to thousands of verified experts. First seen on hackread.com Jump to article: hackread.com/openai-gpt-5-4-cyber-boost-defensive-cybersecurity/
Fake Claude AI Installer Targets Windows Users with PlugX Malware

Apr 17, 2026 12:48 AM

Tags: access, ai, malware, windows

Fake Claude AI installer mimicking Anthropic spreads PlugX malware on Windows, using DLL sideloading to gain persistent remote access to infected systems. First seen on hackread.com Jump to article: hackread.com/fake-claude-ai-installer-plugx-malware-windows-users/
Fake Claude AI Installer Targets Windows Users with PlugX Malware

Apr 17, 2026 12:48 AM

Tags: access, ai, malware, windows

Fake Claude AI installer mimicking Anthropic spreads PlugX malware on Windows, using DLL sideloading to gain persistent remote access to infected systems. First seen on hackread.com Jump to article: hackread.com/fake-claude-ai-installer-plugx-malware-windows-users/
Active HanGhost Loader Campaign Targets Enterprise Payment and Logistics Workflows

Apr 17, 2026 12:48 AM

Tags: attack, malware

Active HanGhost Loader campaign targets enterprise payment and logistics workflows with fileless attacks, multi-stage execution, and stealthy malware delivery. First seen on hackread.com Jump to article: hackread.com/active-hanghost-loader-payment-logistic-workflow/
AI platform n8n abused for stealthy phishing and malware delivery

Apr 17, 2026 12:48 AM

Tags: ai, automation, control, data, exploit, infrastructure, malware, phishing, threat

Attackers abuse AI automation platform n8n to run phishing campaigns, deliver malware, and evade security by using trusted infrastructure. Threat actors are exploiting the popular AI workflow automation platform n8n to launch advanced phishing campaigns, deliver malware, and collect device data through automated emails. By using trusted infrastructure, they can bypass traditional security controls and…
From clinics to government: UAC-0247 expands cyber campaign across Ukraine

Apr 17, 2026 12:48 AM

Tags: cyber, data, government, healthcare, malware, threat, ukraine

CERT-UA reports UAC-0247 targeting Ukrainian clinics and government bodies with malware stealing data from Chromium browsers and WhatsApp. CERT-UA has revealed a cyber campaign by the threat actor UAC-0247 targeting Ukrainian government entities and municipal healthcare facilities, including clinics and emergency hospitals. The operation between March and April 2026, used malware designed to steal sensitive…
Mirax malware campaign hits 220K accounts, enables full remote control

Apr 17, 2026 12:48 AM

Tags: access, android, control, malicious, malware, rat

Mirax, a new Android RAT, spread via Meta ads, infected 220,000 users and turns devices into SOCKS5 proxies, giving attackers full remote control. Mirax is a new Android remote access trojan spreading through ads on Meta platforms, targeting mainly Spanish-speaking users and reaching over 220,000 accounts. The malicious code lets attackers fully control infected devices…
Cargo theft malware actor spent a month inside a decoy network before researchers pulled the plug

Apr 17, 2026 12:48 AM

Tags: malicious, malware, network, theft, threat

Proofpoint researchers executed a malicious payload from a threat actor known to target trucking and logistics companies in late February 2026, doing so inside a decoy … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/16/cargo-theft-malware-actor-decoy-network/
ZionSiphon malware designed to sabotage water treatment systems

Apr 17, 2026 12:48 AM

Tags: malware, technology

A new malware called ZionSiphon, specifically designed for operational technology, is targeting water treatment and desalination environments to sabotage their operations. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/zionsiphon-malware-designed-to-sabotage-water-treatment-systems/
Android-Trojaner gibt sich als Bank oder Behörde aus

Apr 17, 2026 12:48 AM

Tags: android, banking, finance, infrastructure, malware, mobile

Sicherheitsforscher von Infoblox und der vietnamesischen Organisation Chong Lua Dao haben eine weitreichende Malware-Infrastruktur aufgedeckt, die gezielt auf Mobile-Banking-Nutzer abzielt. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/android-trojaner-bank-oder-behoerde
Hackers exploit Marimo flaw to deploy NKAbuse malware from Hugging Face

Apr 17, 2026 12:48 AM

Tags: exploit, flaw, hacker, malware

Hackers are exploiting a critical vulnerability in Marimo reactive Python notebook to deploy a new variant of NKAbuse malware hosted on Hugging Face Spaces. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/hackers-exploit-marimo-flaw-to-deploy-nkabuse-malware-from-hugging-face/
Android-Trojaner gibt sich als Bank oder Behörde aus

Apr 17, 2026 12:48 AM

Tags: android, banking, finance, infrastructure, malware, mobile

Sicherheitsforscher von Infoblox und der vietnamesischen Organisation Chong Lua Dao haben eine weitreichende Malware-Infrastruktur aufgedeckt, die gezielt auf Mobile-Banking-Nutzer abzielt. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/android-trojaner-bank-oder-behoerde
New AgingFly malware used in attacks on Ukraine govt, hospitals

Apr 17, 2026 12:48 AM

Tags: attack, authentication, data, government, healthcare, malware, ukraine

A new malware family named ‘AgingFly’ has been identified in attacks against local governments and hospitals that steal authentication data from Chromium-based browsers and WhatsApp messenger. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-agingfly-malware-used-in-attacks-on-ukraine-govt-hospitals/
April Patch Tuesday roundup: Zero day vulnerabilities and critical bugs

Apr 17, 2026 12:48 AM

Tags: access, ai, attack, business, ciso, cloud, cve, cvss, cyber, data, exploit, firewall, flaw, identity, injection, international, ivanti, LLM, malware, microsoft, network, remote-code-execution, sap, social-engineering, software, sql, threat, tool, unauthorized, update, vulnerability, windows, zero-day

block inbound traffic on UDP ports 500 and 4500 for systems that do not use IKE;for systems that require IKE, configure firewall rules to allow inbound traffic on UDP ports 500 and 4500 only from known peer addresses.Microsoft noted that these actions reduce the attack surface, but don’t replace installing the security update.Breen said that…
WordPress plugin suite hacked to push malware to thousands of sites

Apr 17, 2026 12:48 AM

Tags: access, malicious, malware, unauthorized, wordpress

More than 30 WordPress plugins in the EssentialPlugin package have been compromised with malicious code that allows unauthorized access to websites running them. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/wordpress-plugin-suite-hacked-to-push-malware-to-thousands-of-sites/
Mirax RAT Targets Android Devices Through Meta Apps

Apr 15, 2026 12:52 AM

Tags: access, android, malware, rat, russia, service

Malware-as-a-Service Operations Favors Russian-Speaking Customers. An emerging remote access Trojan targeting Android devices in Spanish-speaking nations is propagating fraudulent advertisements as an initial access point on Meta-owned applications. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/mirax-rat-targets-android-devices-through-meta-apps-a-31421
New ‘JanaWare’ ransomware targeting Turkish citizens as cybercriminal ecosystem fragments

Apr 14, 2026 10:53 PM

Tags: cybercrime, malware, ransomware

The researchers said the ransomware operation has been ongoing since 2020 and is associated with a strain of malware that enforces execution constraints based on system locale and external IP geolocation. First seen on therecord.media Jump to article: therecord.media/new-janaware-ransomware-targeting-turkey
Someone planted backdoors in dozens of WordPress plug-ins used in thousands of websites

Apr 14, 2026 9:52 PM

Tags: backdoor, corporate, malware, wordpress

Dozens of WordPress plug-ins were allegedly hijacked to push malware after they were sold to a new corporate owner. First seen on techcrunch.com Jump to article: techcrunch.com/2026/04/14/someone-planted-backdoors-in-dozens-of-wordpress-plugins-used-in-thousands-of-websites/
Someone planted backdoors in dozens of WordPress plugins used in thousands of websites

Apr 14, 2026 8:52 PM

Tags: backdoor, corporate, malware, wordpress

Dozens of WordPress plugins were allegedly hijacked to push malware after they were sold to a new corporate owner. First seen on techcrunch.com Jump to article: techcrunch.com/2026/04/14/someone-planted-backdoors-in-dozens-of-wordpress-plugins-used-in-thousands-of-websites/
Omnistealer uses the blockchain to steal everything it can

Apr 14, 2026 5:52 PM

Tags: blockchain, cloud, crypto, login, malware, password

This malware is coming for your password managers, saved logins, cloud storage, crypto wallets, and just about anything else it can reach. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/omnistealer-uses-the-blockchain-to-steal-everything-it-can/
Mirax Android RAT Hijacks Infected Phones as Residential Proxies

Apr 14, 2026 4:52 PM

Tags: access, android, banking, control, cyber, cybercrime, infrastructure, malware, phone, rat

A new Android banking trojan called Mirax is rapidly gaining traction in the cybercrime ecosystem, combining powerful remote access features with residential proxy capabilities to turn victims’ smartphones into high-value infrastructure nodes. Mirax is marketed as a premium Android RAT and banking malware, offering attackers full, real”‘time control over compromised devices. Once installed, the malware can execute…