Tag: malware
-
Russian APT abuses Windows Hyper-V for persistence and malware execution
Tags: apt, attack, authentication, cctv, defense, group, infrastructure, malware, password, powershell, russia, threat, tool, windowsOther malware tools: The researchers also found additional malware payloads left by the attackers on systems, including a custom PowerShell script used to inject a Kerberos ticket into LSASS to enable authentication and command execution on remote systems.Another PowerShell script was pushed to multiple systems via domain Group Policy to change the password of an…
-
Hidden Logic Bombs in Malware-Laced NuGet Packages Set to Detonate Years After Installation
A set of nine malicious NuGet packages has been identified as capable of dropping time-delayed payloads to sabotage database operations and corrupt industrial control systems.According to software supply chain security company Socket, the packages were published in 2023 and 2024 by a user named “shanhai666” and are designed to run malicious code after specific trigger…
-
Russian Hacking Group Sandworm Deploys New Wiper Malware in Ukraine
Sandworm deployed data wipers against Ukrainian governmental entities and companies in the energy, logistics and grain sectors First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/russian-sandworm-new-wiper-ukraine/
-
Hidden Logic Bombs in Malware-Laced NuGet Packages Set to Detonate Years After Installation
A set of nine malicious NuGet packages has been identified as capable of dropping time-delayed payloads to sabotage database operations and corrupt industrial control systems.According to software supply chain security company Socket, the packages were published in 2023 and 2024 by a user named “shanhai666” and are designed to run malicious code after specific trigger…
-
Vibe-coded ransomware proof-of-concept ended up on Microsoft’s marketplace
Tags: access, ai, control, credentials, data, data-breach, github, infrastructure, malicious, malware, marketplace, microsoft, ransomware, toolExtension pointed to a GitHub-based C2: Ransomvibe deployed a rather unusual GitHub-based command-and-control (C2) infrastructure, instead of relying on traditional C2 servers. The extension used a private GitHub repository to receive and execute commands. It routinely checked for new commits in a file named “index.html”, executed the embedded commands, and then wrote the output back…
-
Vibe-coded ransomware proof-of-concept ended up on Microsoft’s marketplace
Tags: access, ai, control, credentials, data, data-breach, github, infrastructure, malicious, malware, marketplace, microsoft, ransomware, toolExtension pointed to a GitHub-based C2: Ransomvibe deployed a rather unusual GitHub-based command-and-control (C2) infrastructure, instead of relying on traditional C2 servers. The extension used a private GitHub repository to receive and execute commands. It routinely checked for new commits in a file named “index.html”, executed the embedded commands, and then wrote the output back…
-
Firewall von Versa erhält Bestnoten in unabhängigem Test
Die Next-Generation-Firewall von Versa Networks, Spezialist für Secure-Access-Service-Edge (SASE), wurde zum neunten Mal in Folge von Cyberratings.org mit der höchsten Bewertung ’empfehlenswert” ausgezeichnet. In dem Bericht ‘Q3 2025 Enterprise Firewall”, der auf unabhängigen Tests von NSS Labs basiert, erzielte Versa in zentralen Kategorien wie Malware- und Exploit-Abwehr 100 Prozent. Zudem lag der gemessene Datendurchsatz mit…
-
Firewall von Versa erhält Bestnoten in unabhängigem Test
Die Next-Generation-Firewall von Versa Networks, Spezialist für Secure-Access-Service-Edge (SASE), wurde zum neunten Mal in Folge von Cyberratings.org mit der höchsten Bewertung ’empfehlenswert” ausgezeichnet. In dem Bericht ‘Q3 2025 Enterprise Firewall”, der auf unabhängigen Tests von NSS Labs basiert, erzielte Versa in zentralen Kategorien wie Malware- und Exploit-Abwehr 100 Prozent. Zudem lag der gemessene Datendurchsatz mit…
-
Attackers upgrade ClickFix with tricks used by online stores
Tags: malwareAttackers have taken the ClickFix technique further, with pages borrowing tricks from online sellers to pressure victims into performing the steps that will lead to a malware … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/11/07/newest-clickfix-tricks/
-
Attackers upgrade ClickFix with tricks used by online stores
Tags: malwareAttackers have taken the ClickFix technique further, with pages borrowing tricks from online sellers to pressure victims into performing the steps that will lead to a malware … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/11/07/newest-clickfix-tricks/
-
Attackers upgrade ClickFix with tricks used by online stores
Tags: malwareAttackers have taken the ClickFix technique further, with pages borrowing tricks from online sellers to pressure victims into performing the steps that will lead to a malware … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/11/07/newest-clickfix-tricks/
-
Attackers upgrade ClickFix with tricks used by online stores
Tags: malwareAttackers have taken the ClickFix technique further, with pages borrowing tricks from online sellers to pressure victims into performing the steps that will lead to a malware … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/11/07/newest-clickfix-tricks/
-
Over 15 Malicious npm Packages Exploiting Windows to Deploy Vidar Malware
Datadog Security Research has uncovered a sophisticated supply chain attack targeting the npm ecosystem, involving 17 malicious packages across 23 releases designed to deliver the Vidar infostealer malware to Windows systems. The campaign, attributed to a threat actor cluster tracked as MUT-4831, represents a significant escalation in npm-based threats and marks the first known public…
-
Over 15 Malicious npm Packages Exploiting Windows to Deploy Vidar Malware
Datadog Security Research has uncovered a sophisticated supply chain attack targeting the npm ecosystem, involving 17 malicious packages across 23 releases designed to deliver the Vidar infostealer malware to Windows systems. The campaign, attributed to a threat actor cluster tracked as MUT-4831, represents a significant escalation in npm-based threats and marks the first known public…
-
Attackers Deploy LeakyInjector and LeakyStealer to Hijack Crypto Wallets and Browser Info
Cybersecurity researchers at Hybrid Analysis have uncovered a sophisticated two-stage malware campaign targeting cryptocurrency wallet users and browser data. The newly identified malware duo, dubbed LeakyInjector and LeakyStealer, represents a significant threat to digital asset security through its advanced evasion techniques and comprehensive data theft capabilities. Advanced Injection Techniques Evade Detection LeakyInjector serves as the…
-
Attackers Deploy LeakyInjector and LeakyStealer to Hijack Crypto Wallets and Browser Info
Cybersecurity researchers at Hybrid Analysis have uncovered a sophisticated two-stage malware campaign targeting cryptocurrency wallet users and browser data. The newly identified malware duo, dubbed LeakyInjector and LeakyStealer, represents a significant threat to digital asset security through its advanced evasion techniques and comprehensive data theft capabilities. Advanced Injection Techniques Evade Detection LeakyInjector serves as the…
-
Sandworm Hackers Target Ukrainian Organizations With Data-Wiping Malware
Russia-aligned threat actor Sandworm has intensified its destructive cyber operations against Ukrainian organizations, deploying data wiper malware to cripple critical infrastructure and weaken the nation’s economy. Unlike other Russia-aligned advanced persistent threat groups that primarily engage in cyberespionage activities, Sandworm’s operations are characterized by their explicitly destructive intent. According to the latest ESET APT Activity…
-
Gootloader malware back for the attack, serves up ransomware
Move fast – miscreants compromised a domain controller in 17 hours First seen on theregister.com Jump to article: www.theregister.com/2025/11/06/gootloader_back_ransomware/
-
Google sounds alarm on self-modifying AI malware
Google warns malware now uses AI to mutate, adapt, and collect data during execution, boosting evasion and persistence. Google’s Threat Intelligence Group (GTIG) warn of a new generation of malware that is using AI during execution to mutate, adapt, and collect data in real time, helping it evade detection more effectively. Cybercriminals increasingly use AI…

