Tag: malware
-
Malicious PuTTY Ads Deliver OysterLoader, Allowing Attackers Full Device and Network Access
The Rhysida ransomware gang has been running a sophisticated malvertising campaign that delivers OysterLoader malware through deceptive search engine advertisements, giving attackers complete access to compromised devices and networks. The Rhysida gang, formerly known as Vice Society before rebranding in 2023, has perfected a dangerous infection chain using paid Bing search advertisements. The gang purchases…
-
SesameOp: Using the OpenAI Assistants API for Covert C2 Communication
Microsoft’s Detection and Response Team has exposed a sophisticated backdoor malware that exploits the OpenAI Assistants API as an unconventional command-and-control communication channel. Named SesameOp, this threat demonstrates how adversaries are rapidly adapting to leverage legitimate cloud services for malicious purposes, making detection significantly more challenging for security teams. The discovery highlights the evolving tactics…
-
Hacker jagen unvorsichtige Gamer (in Minecraft)
Einige Minecraft-“Hacks” helfen nicht beim Aufbau von Welten – sie zerstören sie. Hier erfahren Sie, wie sich Malware als Minecraft-Mod tarnen kann. First seen on welivesecurity.com Jump to article: www.welivesecurity.com/de/tipps-ratgeber/hacker-jagen-unvorsichtige-gamer-in-minecraft/
-
Hacker jagen unvorsichtige Gamer (in Minecraft)
Einige Minecraft-“Hacks” helfen nicht beim Aufbau von Welten – sie zerstören sie. Hier erfahren Sie, wie sich Malware als Minecraft-Mod tarnen kann. First seen on welivesecurity.com Jump to article: www.welivesecurity.com/de/tipps-ratgeber/hacker-jagen-unvorsichtige-gamer-in-minecraft/
-
Vom primitiven Krypto-Diebstahl zum raffinierten KI-basierten Betrug
Malware-Betreiber arbeiten mit verdeckten nordkoreanischen IT-Mitarbeitern zusammen. Ihr Ziel: Recruiter und Programmierer First seen on welivesecurity.com Jump to article: www.welivesecurity.com/de/eset-research/vom-primitiven-krypto-diebstahl-zum-raffinierten-ki-basierten-betrug/
-
Android Malware Mutes Alerts, Drains Crypto Wallets
Android/BankBot-YNRK is currently targeting users in Indonesia by masquerading as legitimate applications. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/android-malware-mutes-alerts-drains-crypto-wallets
-
SesameOp malware abuses OpenAI Assistants API in attacks
Microsoft security researchers have discovered a new backdoor malware that uses the OpenAI Assistants API as a covert command-and-control channel. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/microsoft-sesameop-malware-abuses-openai-assistants-api-in-attacks/
-
SesameOp malware abuses OpenAI Assistants API in attacks
Microsoft security researchers have discovered a new backdoor malware that uses the OpenAI Assistants API as a covert command-and-control channel. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/microsoft-sesameop-malware-abuses-openai-assistants-api-in-attacks/
-
Airstalk Malware Turns MDM Tools into Covert Spy Channels
Airstalk discovery reveals nation-state hackers exploiting trusted tools to infiltrate supply chains undetected. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/airstalk-malware-turns-mdm-tools-into-covert-spy-channels/
-
Airstalk Malware Turns MDM Tools into Covert Spy Channels
Airstalk discovery reveals nation-state hackers exploiting trusted tools to infiltrate supply chains undetected. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/airstalk-malware-turns-mdm-tools-into-covert-spy-channels/
-
Rhysida ransomware exploits Microsoft certificate to slip malware past defenses
Identifying forensic signals: The campaigns that leverage trusted certificates undermine the trust model enterprises rely on. Signed malware bypasses app-allow lists, browser warnings, OS checks, and antivirus assumptions about signed code. When the file poses as Teams or PuTTY, employees don’t hesitate to download it as it looks normal.”Once inside, the malware runs with fewer…
-
Rhysida ransomware exploits Microsoft certificate to slip malware past defenses
Identifying forensic signals: The campaigns that leverage trusted certificates undermine the trust model enterprises rely on. Signed malware bypasses app-allow lists, browser warnings, OS checks, and antivirus assumptions about signed code. When the file poses as Teams or PuTTY, employees don’t hesitate to download it as it looks normal.”Once inside, the malware runs with fewer…
-
Rhysida ransomware exploits Microsoft certificate to slip malware past defenses
Identifying forensic signals: The campaigns that leverage trusted certificates undermine the trust model enterprises rely on. Signed malware bypasses app-allow lists, browser warnings, OS checks, and antivirus assumptions about signed code. When the file poses as Teams or PuTTY, employees don’t hesitate to download it as it looks normal.”Once inside, the malware runs with fewer…
-
Researchers Uncover BankBot-YNRK and DeliveryRAT Android Trojans Stealing Financial Data
Cybersecurity researchers have shed light on two different Android trojans called BankBot-YNRK and DeliveryRAT that are capable of harvesting sensitive data from compromised devices.According to CYFIRMA, which analyzed three different samples of BankBot-YNRK, the malware incorporates features to sidestep analysis efforts by first checking its running within a virtualized or emulated environment First seen on…
-
Open VSX rotates access tokens used in supply-chain malware attack
The Open VSX registry rotated access tokens after they were accidentally leaked by developers in public repositories and allowed threat actors to publish malicious extensions in an attempted supply-chain attack. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/open-vsx-rotates-tokens-used-in-supply-chain-malware-attack/
-
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 69
Tags: attack, data-breach, hacking, international, linux, malware, ransomware, threat, tool, windowsSecurity Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter Agenda Ransomware Deploys Linux Variant on Windows Systems Through Remote Management Tools and BYOVD Techniques Uncovering Qilin attack methods exposed through multiple cases Mem3nt0 mori The Hacking Team is back! Insider Threats Loom […]…
-
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 69
Tags: attack, data-breach, hacking, international, linux, malware, ransomware, threat, tool, windowsSecurity Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter Agenda Ransomware Deploys Linux Variant on Windows Systems Through Remote Management Tools and BYOVD Techniques Uncovering Qilin attack methods exposed through multiple cases Mem3nt0 mori The Hacking Team is back! Insider Threats Loom […]…
-
Hackers Hide SSHTor Backdoor Inside Weaponized Military Documents
In October 2025, cybersecurity researchers at Cyble Research and Intelligence Labs (CRIL) uncovered a sophisticated malware campaign distributing weaponized ZIP archives disguised as military documents. The attack specifically targeted Belarusian military personnel through a lure document titled >>ТЛГ на убытие на переподготовку.pdf
-
Preventing DNS filtering bypass by Encrypted DNS (DoT, DoH, DoQ)
DNS over HTTPS (DoH) and other encrypted DNS protocols like DNS over TLS (DoT) & DNS over QUIC (DoQ) enhances user privacy and security by encrypting DNS queries in transit, shielding them from eavesdropping, tampering, and censorship on untrusted networks. This prevents ISPs and local attackers from logging or manipulating domain resolutions, fostering a more…
-
Russian Police Bust Suspected Meduza Infostealer Developers
3 ‘Young IT Specialists’ Arrested After Malware Tied to Government Agency Infection. Russian police have arrested three young IT specialists in Moscow, charging them with developing and selling the notorious Meduza information-stealing malware, and members of their group using the infostealer to breach a Russian government institution in May and exfiltrate data. First seen on…
-
Nation-State Hackers Deploy New Airstalk Malware in Suspected Supply Chain Attack
A suspected nation-state threat actor has been linked to the distribution of a new malware called Airstalk as part of a likely supply chain attack.Palo Alto Networks Unit 42 said it’s tracking the cluster under the moniker CL-STA-1009, where “CL” stands for cluster and “STA” refers to state-backed motivation.”Airstalk misuses the AirWatch API for mobile…
-
Alleged Meduza Stealer malware admins arrested after hacking Russian org
The Russian authorities have arrested three individuals in Moscow who are believed to be the creators and operators of the Meduza Stealer information-stealing malware. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/alleged-meduza-stealer-malware-admins-arrested-after-hacking-russian-org/
-
Alleged Meduza Stealer malware admins arrested after hacking Russian org
The Russian authorities have arrested three individuals in Moscow who are believed to be the creators and operators of the Meduza Stealer information-stealing malware. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/alleged-meduza-stealer-malware-admins-arrested-after-hacking-russian-org/
-
Alleged Meduza Stealer malware admins arrested after hacking Russian org
The Russian authorities have arrested three individuals in Moscow who are believed to be the creators and operators of the Meduza Stealer information-stealing malware. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/alleged-meduza-stealer-malware-admins-arrested-after-hacking-russian-org/
-
Alleged Meduza Stealer malware admins arrested after hacking Russian org
The Russian authorities have arrested three individuals in Moscow who are believed to be the creators and operators of the Meduza Stealer information-stealing malware. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/alleged-meduza-stealer-malware-admins-arrested-after-hacking-russian-org/
-
Hackers Exploit WSUS Flaw to Spread Skuld Stealer Despite Microsoft Patch
Cybercriminals exploit a WSUS vulnerability to deploy Skuld Stealer malware, even after Microsoft released an urgent security patch. First seen on hackread.com Jump to article: hackread.com/hackers-exploit-wsus-skuld-stealer-microsoft-patch/
-
Hackers Exploit WSUS Flaw to Spread Skuld Stealer Despite Microsoft Patch
Cybercriminals exploit a WSUS vulnerability to deploy Skuld Stealer malware, even after Microsoft released an urgent security patch. First seen on hackread.com Jump to article: hackread.com/hackers-exploit-wsus-skuld-stealer-microsoft-patch/
-
Cyberspionage gegen diplomatische Einrichtungen in Europa durch chinesische APT-Gruppe
Arctic Wolf hat eine laufende Cyberspionagekampagne des chinesisch-affiliierten Bedrohungsakteurs UNC6384 aufgedeckt, die sich im September und Oktober gezielt gegen diplomatische Einrichtungen in Ungarn, Belgien und weiteren europäischen Staaten richtete. Die Angreifer kombinieren eine neu entdeckte Windows-Schwachstelle (ZDI-CAN-25373) mit der seit Jahren aktiven Spionage-Malware PlugX und setzen dabei auf täuschend echte Phishing-Mails mit EU- und NATO-Konferenzthemen.…

