Geek-Guy.com

Category: malware

Stay ahead of cyber threats with the latest malware news, ransomware alerts, and virus analysis. Geek-Guy tracks emerging infections and removal trends.

Breaking News, cyber crime, data breach, Global Security News, hacking, malware

Ransomware attack on Ingram Micro impacts 42,000 individuals

Ingram Micro says a ransomware attack exposed personal data of about 42,000 people, including names, birth dates, SSNs, and job-related details. Ingram Micro is a global technology distributor and supply-chain services company. It acts as a middleman between IT vendors (like Microsoft, Cisco, HP, Apple, and cybersecurity firms) and businesses, resellers, and service providers, helping…

Read more →

Breaking News, cyber crime, Cybercrime, Europe, Global Security News, hacking, malware

StealC malware control panel flaw leaks details on active attacker

Researchers uncovered an XSS flaw in StealC malware’s control panel, exposing key details about a threat actor using the info stealer. StealC is an infostealer that has been active since at least 2023, sold as Malware-as-a-Service to steal cookies and passwords. In 2025, its operators released StealC v2, but the web panel quickly leaked and…

Read more →

Breaking News, cyber crime, Cybercrime, Global Security News, GootLoader, malware

GootLoader uses malformed ZIP files to bypass security controls

GootLoader malware uses malformed ZIP files made of hundreds of concatenated archives to evade detection. GootLoader is used by ransomware actors for initial access, then handed off to others. Built to evade detection, it accounted for 11% of bypassing malware in the past years. GootLoader runs on an access-a-as-a-service model, it is used by different groups to…

Read more →

Breaking News, Cybercrime, Exploits, Global Security News, hacking, malware, Uncategorized

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 80

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter Gogs 0-Day Exploited in the Wild SHADOW#REACTOR – Text-Only Staging, .NET Reactor, and In-Memory Remcos RAT Deployment   “Untrustworthy Fund”: targeted UAC-0190 cyberattacks against SOU using PLUGGYAPE (CERT-UA#19092)   Hiding in Plain Sight: Deconstructing the Multi-Actor…

Read more →

Breaking News, cyber crime, Europe, Global Security News, hacking, malware

Ukraine–Germany operation targets Black Basta, Russian leader wanted

Police in Ukraine and Germany identified Black Basta suspects and issued an international wanted notice for the group’s alleged Russian leader. Ukrainian and German police raided homes linked to alleged Black Basta ransomware members, identifying two Ukrainian suspects. Law enforcement also issued an international wanted notice for the group’s alleged Russian ringleader. “The Office of…

Read more →

Breaking News, cyber crime, Cybercrime, Global Security News, malware

Lumen disrupts AISURU and Kimwolf botnet by blocking over 550 C2 servers

Lumen’s Black Lotus Labs blocked over 550 C2 servers tied to the AISURU/Kimwolf botnet used for DDoS attacks and proxy abuse. Lumen’s Black Lotus Labs disrupted over 550 command-and-control servers linked to the AISURU and Kimwolf botnet, a major network used for DDoS attacks and proxy abuse. Acting as a DDoS-for-hire service, Aisuru avoids government…

Read more →

Breaking News, Cyber warfare, Global Security News, intelligence, malware, Security

CERT-UA reports PLUGGYAPE cyberattacks on defense forces

CERT-UA reported PLUGGYAPE malware attacks on Ukraine’s defense forces, linked with medium confidence to Russia’s Void Blizzard group. The Computer Emergency Response Team of Ukraine (CERT-UA) reported new cyberattacks against Ukraine’s defense forces using PLUGGYAPE malware. Government experts attributed the attack with medium confidence to the Russian-linked group Void Blizzard (aka Laundry Bear, UAC-0190), active…

Read more →

AI, Apps, APT, Blog, CERT-UA, CVEs, Cybersecurity, Exploits, Global Security News, Government & Policy, malware, Network Security, Pluggyape, Risk Management, Russia

UAC-0190 Attack Detection: Fake Charity Lures Used to Deploy the PLUGGYAPE Backdoor Against the Ukrainian Armed Forces

On January 12, 2026, the CERT-UA team disclosed a targeted cyber-espionage campaign against the Ukrainian Armed Forces that abused charity-themed social engineering to deliver the PLUGGYAPE backdoor. The activity, observed between October and December 2025, is attributed with medium confidence to the russia-aligned threat actor known as Void Blizzard (Laundry Bear), tracked by CERT-UA as…

Read more →

AI, Apps, APT, Blog, CERT-UA, CVEs, Cybersecurity, Exploits, Global Security News, Government & Policy, malware, Network Security, Pluggyape, Risk Management, Russia

UAC-0190 Attack Detection: Fake Charity Lures Used to Deploy the PLUGGYAPE Backdoor Against the Ukrainian Armed Forces

On January 12, 2026, the CERT-UA team disclosed a targeted cyber-espionage campaign against the Ukrainian Armed Forces that abused charity-themed social engineering to deliver the PLUGGYAPE backdoor. The activity, observed between October and December 2025, is attributed with medium confidence to the russia-aligned threat actor known as Void Blizzard (Laundry Bear), tracked by CERT-UA as…

Read more →

AI, Apps, APT, Blog, CERT-UA, CVEs, Cybersecurity, Exploits, Global Security News, Government & Policy, malware, Network Security, Pluggyape, Risk Management, Russia

UAC-0190 Attack Detection: Fake Charity Lures Used to Deploy the PLUGGYAPE Backdoor Against the Ukrainian Armed Forces

On January 12, 2026, the CERT-UA team disclosed a targeted cyber-espionage campaign against the Ukrainian Armed Forces that abused charity-themed social engineering to deliver the PLUGGYAPE backdoor. The activity, observed between October and December 2025, is attributed with medium confidence to the russia-aligned threat actor known as Void Blizzard (Laundry Bear), tracked by CERT-UA as…

Read more →

Breaking News, cyber crime, Cybercrime, Europe, Global Security News, malware, Security

Dutch court convicts hacker who exploited port networks for drug trafficking

Dutch appeals court jails a 44-year-old hacker for 7 years for hacking port systems to help smuggle cocaine through European logistics hubs. A Dutch appeals court sentenced a 44-year-old hacker to seven years in prison for hacking port systems to help smuggle cocaine through European logistics hubs into the Netherlands. The appeals court reduced the…

Read more →

Breaking News, Global Security News, malware, Security

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 79

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter VVS Discord Stealer Using Pyarmor for Obfuscation and Detection Evasion   A Broken System Fueling Botnets Malicious NPM Packages Deliver NodeCordRAT     Boto-Cor-de-Rosa campaign reveals Astaroth WhatsApp-based worm activity in Brazil CNCERT: Risk Warning Regarding…

Read more →

APT, Asia Pacific, Breaking News, Global Security News, hacking, intelligence, malware

China-linked UAT-7290 spies on telco in South Asia and Europe using modular malware

China-linked UAT-7290 has targeted South Asia and Southeastern Europe since 2022, conducting espionage and deploying RushDrop, DriveSwitch, and SilentRaid. China-linked threat actor UAT-7290 has conducted espionage attacks since at least 2022, targeting South Asia and Southeastern Europe. UAT-7290 primarily targets telecom providers, it conducts espionage by deeply embedding in victim networks and also operates Operational…

Read more →

APT, Asia Pacific, Breaking News, Global Security News, hacking, intelligence, malware

China-linked UAT-7290 spies on telco in South Asia and Europe using modular malware

China-linked UAT-7290 has targeted South Asia and Southeastern Europe since 2022, conducting espionage and deploying RushDrop, DriveSwitch, and SilentRaid. China-linked threat actor UAT-7290 has conducted espionage attacks since at least 2022, targeting South Asia and Southeastern Europe. UAT-7290 primarily targets telecom providers, it conducts espionage by deeply embedding in victim networks and also operates Operational…

Read more →

APT, Asia Pacific, Breaking News, Global Security News, hacking, intelligence, malware

China-linked UAT-7290 spies on telco in South Asia and Europe using modular malware

China-linked UAT-7290 has targeted South Asia and Southeastern Europe since 2022, conducting espionage and deploying RushDrop, DriveSwitch, and SilentRaid. China-linked threat actor UAT-7290 has conducted espionage attacks since at least 2022, targeting South Asia and Southeastern Europe. UAT-7290 primarily targets telecom providers, it conducts espionage by deeply embedding in victim networks and also operates Operational…

Read more →

APT, Asia Pacific, Breaking News, Global Security News, hacking, intelligence, malware

China-linked UAT-7290 spies on telco in South Asia and Europe using modular malware

China-linked UAT-7290 has targeted South Asia and Southeastern Europe since 2022, conducting espionage and deploying RushDrop, DriveSwitch, and SilentRaid. China-linked threat actor UAT-7290 has conducted espionage attacks since at least 2022, targeting South Asia and Southeastern Europe. UAT-7290 primarily targets telecom providers, it conducts espionage by deeply embedding in victim networks and also operates Operational…

Read more →

APT, Asia Pacific, Breaking News, Global Security News, hacking, intelligence, malware

China-linked UAT-7290 spies on telco in South Asia and Europe using modular malware

China-linked UAT-7290 has targeted South Asia and Southeastern Europe since 2022, conducting espionage and deploying RushDrop, DriveSwitch, and SilentRaid. China-linked threat actor UAT-7290 has conducted espionage attacks since at least 2022, targeting South Asia and Southeastern Europe. UAT-7290 primarily targets telecom providers, it conducts espionage by deeply embedding in victim networks and also operates Operational…

Read more →

APT, Asia Pacific, Breaking News, Global Security News, hacking, intelligence, malware

China-linked UAT-7290 spies on telco in South Asia and Europe using modular malware

China-linked UAT-7290 has targeted South Asia and Southeastern Europe since 2022, conducting espionage and deploying RushDrop, DriveSwitch, and SilentRaid. China-linked threat actor UAT-7290 has conducted espionage attacks since at least 2022, targeting South Asia and Southeastern Europe. UAT-7290 primarily targets telecom providers, it conducts espionage by deeply embedding in victim networks and also operates Operational…

Read more →

APT, Asia Pacific, Breaking News, Global Security News, hacking, intelligence, malware

China-linked UAT-7290 spies on telco in South Asia and Europe using modular malware

China-linked UAT-7290 has targeted South Asia and Southeastern Europe since 2022, conducting espionage and deploying RushDrop, DriveSwitch, and SilentRaid. China-linked threat actor UAT-7290 has conducted espionage attacks since at least 2022, targeting South Asia and Southeastern Europe. UAT-7290 primarily targets telecom providers, it conducts espionage by deeply embedding in victim networks and also operates Operational…

Read more →

APT, Asia Pacific, Breaking News, Global Security News, hacking, intelligence, malware

China-linked UAT-7290 spies on telco in South Asia and Europe using modular malware

China-linked UAT-7290 has targeted South Asia and Southeastern Europe since 2022, conducting espionage and deploying RushDrop, DriveSwitch, and SilentRaid. China-linked threat actor UAT-7290 has conducted espionage attacks since at least 2022, targeting South Asia and Southeastern Europe. UAT-7290 primarily targets telecom providers, it conducts espionage by deeply embedding in victim networks and also operates Operational…

Read more →

APT, Asia Pacific, Breaking News, Global Security News, hacking, intelligence, malware

China-linked UAT-7290 spies on telco in South Asia and Europe using modular malware

China-linked UAT-7290 has targeted South Asia and Southeastern Europe since 2022, conducting espionage and deploying RushDrop, DriveSwitch, and SilentRaid. China-linked threat actor UAT-7290 has conducted espionage attacks since at least 2022, targeting South Asia and Southeastern Europe. UAT-7290 primarily targets telecom providers, it conducts espionage by deeply embedding in victim networks and also operates Operational…

Read more →

APT, Asia Pacific, Breaking News, Global Security News, hacking, intelligence, malware

China-linked UAT-7290 spies on telco in South Asia and Europe using modular malware

China-linked UAT-7290 has targeted South Asia and Southeastern Europe since 2022, conducting espionage and deploying RushDrop, DriveSwitch, and SilentRaid. China-linked threat actor UAT-7290 has conducted espionage attacks since at least 2022, targeting South Asia and Southeastern Europe. UAT-7290 primarily targets telecom providers, it conducts espionage by deeply embedding in victim networks and also operates Operational…

Read more →

APT, Asia Pacific, Breaking News, Global Security News, hacking, intelligence, malware

China-linked UAT-7290 spies on telco in South Asia and Europe using modular malware

China-linked UAT-7290 has targeted South Asia and Southeastern Europe since 2022, conducting espionage and deploying RushDrop, DriveSwitch, and SilentRaid. China-linked threat actor UAT-7290 has conducted espionage attacks since at least 2022, targeting South Asia and Southeastern Europe. UAT-7290 primarily targets telecom providers, it conducts espionage by deeply embedding in victim networks and also operates Operational…

Read more →

APT, Asia Pacific, Breaking News, Global Security News, hacking, intelligence, malware

China-linked UAT-7290 spies on telco in South Asia and Europe using modular malware

China-linked UAT-7290 has targeted South Asia and Southeastern Europe since 2022, conducting espionage and deploying RushDrop, DriveSwitch, and SilentRaid. China-linked threat actor UAT-7290 has conducted espionage attacks since at least 2022, targeting South Asia and Southeastern Europe. UAT-7290 primarily targets telecom providers, it conducts espionage by deeply embedding in victim networks and also operates Operational…

Read more →

Breaking News, cyber crime, Emerging Tech, Global Security News, malware

Astaroth banking Trojan spreads in Brazil via WhatsApp worm

A WhatsApp worm spread the Astaroth banking trojan across Brazil by automatically sending malicious messages to victims’ contacts. Astaroth, a long-running Brazilian banking malware, has evolved in a new campaign dubbed Boto Cor-de-Rosa by abusing WhatsApp Web for propagation. The malware harvests the victim’s WhatsApp contact list and automatically sends malicious messages to each contact,…

Read more →

AI, Amazon GuardDuty, APAC, Apps, Compliance, Cybersecurity, Endpoint, Expert (400), Exploits, Global Security News, malware, Network Security, Risk Management, Security, Security, Identity, & Compliance

Real-time malware defense: Leveraging AWS Network Firewall active threat defense

Cyber threats are evolving faster than traditional security defense can respond; workloads with potential security issues are discovered by threat actors within 90 seconds, with exploitation attempts beginning within 3 minutes. Threat actors are quickly evolving their attack methodologies, resulting in new malware variants, exploit techniques, and evasion tactics. They also rotate their infrastructure—IP addresses,…

Read more →

AI, Amazon GuardDuty, APAC, Apps, Compliance, Cybersecurity, Endpoint, Expert (400), Exploits, Global Security News, malware, Network Security, Risk Management, Security, Security, Identity, & Compliance

Real-time malware defense: Leveraging AWS Network Firewall active threat defense

Cyber threats are evolving faster than traditional security defense can respond; workloads with potential security issues are discovered by threat actors within 90 seconds, with exploitation attempts beginning within 3 minutes. Threat actors are quickly evolving their attack methodologies, resulting in new malware variants, exploit techniques, and evasion tactics. They also rotate their infrastructure—IP addresses,…

Read more →

AI, Amazon GuardDuty, APAC, Apps, Compliance, Cybersecurity, Endpoint, Expert (400), Exploits, Global Security News, malware, Network Security, Risk Management, Security, Security, Identity, & Compliance

Real-time malware defense: Leveraging AWS Network Firewall active threat defense

Cyber threats are evolving faster than traditional security defense can respond; workloads with potential security issues are discovered by threat actors within 90 seconds, with exploitation attempts beginning within 3 minutes. Threat actors are quickly evolving their attack methodologies, resulting in new malware variants, exploit techniques, and evasion tactics. They also rotate their infrastructure—IP addresses,…

Read more →

AI, Amazon GuardDuty, APAC, Apps, Compliance, Cybersecurity, Endpoint, Expert (400), Exploits, Global Security News, malware, Network Security, Risk Management, Security, Security, Identity, & Compliance

Real-time malware defense: Leveraging AWS Network Firewall active threat defense

Cyber threats are evolving faster than traditional security defense can respond; workloads with potential security issues are discovered by threat actors within 90 seconds, with exploitation attempts beginning within 3 minutes. Threat actors are quickly evolving their attack methodologies, resulting in new malware variants, exploit techniques, and evasion tactics. They also rotate their infrastructure—IP addresses,…

Read more →

AI, Amazon GuardDuty, APAC, Apps, Compliance, Cybersecurity, Endpoint, Expert (400), Exploits, Global Security News, malware, Network Security, Risk Management, Security, Security, Identity, & Compliance

Real-time malware defense: Leveraging AWS Network Firewall active threat defense

Cyber threats are evolving faster than traditional security defense can respond; workloads with potential security issues are discovered by threat actors within 90 seconds, with exploitation attempts beginning within 3 minutes. Threat actors are quickly evolving their attack methodologies, resulting in new malware variants, exploit techniques, and evasion tactics. They also rotate their infrastructure—IP addresses,…

Read more →

AI, Amazon GuardDuty, APAC, Apps, Compliance, Cybersecurity, Endpoint, Expert (400), Exploits, Global Security News, malware, Network Security, Risk Management, Security, Security, Identity, & Compliance

Real-time malware defense: Leveraging AWS Network Firewall active threat defense

Cyber threats are evolving faster than traditional security defense can respond; workloads with potential security issues are discovered by threat actors within 90 seconds, with exploitation attempts beginning within 3 minutes. Threat actors are quickly evolving their attack methodologies, resulting in new malware variants, exploit techniques, and evasion tactics. They also rotate their infrastructure—IP addresses,…

Read more →

AI, china, Compliance, Cybersecurity, Data Breaches, Global Security News, malware, Network Security, privacy, Venture

How to scam someone in seven days

Romance scammers have apparently discovered astrology… and Taurus is their secret weapon. In episode 449 of “Smashing Security”, we take a look inside an actual romance-fraud handbook – complete with scripts, personality “types”, corporate jargon, and a seven-day plan to get victims from hello to hand over the crypto. Then Lesley “hacks4pancakes” Carhart delivers a…

Read more →

Breaking News, ClickFix, cyber crime, Europe, Global Security News, malware, Security

Fake Booking.com lures and BSoD scams spread DCRat in European hospitality sector

PHALT#BLYX targets European hotels with fake Booking emails and BSoD lures, tricking staff into installing the DCRat remote access trojan. Researchers uncovered a late-December 2025 campaign, dubbed PHALT#BLYX, targeting European hotels with fake Booking-themed emails. Victims are redirected to bogus BSoD pages using ClickFix-style lures that prompt them to apply “fixes.” The multi-stage attack ultimately…

Read more →

APT, Exploits, Global Security News, hacking, hacking news, intelligence, malware

Russia-linked APT UAC-0184 uses Viber to spy on Ukrainian military in 2025

Russia-linked APT UAC-0184 targets Ukrainian military and government bodies via Viber, delivering malicious ZIP files for espionage in 2025. Russia-linked threat actor UAC-0184 (aka Hive0156) is targeting Ukrainian military and government entities, using Viber messages to deliver malicious ZIP files as part of ongoing intelligence-gathering operations in 2025. “Recent monitoring data from the 360 ​​Advanced…

Read more →

Botnet, Breaking News, cyber crime, Exploits, Global Security News, malware, Security

Kimwolf botnet leverages residential proxies to hijack 2M+ Android devices

The Kimwolf botnet has infected over 2 million Android devices, spreading mainly through residential proxy networks, researchers say. The Kimwolf botnet has compromised more than 2 million Android devices, spreading primarily via residential proxy networks, according to cybersecurity firm Synthient. Kimwolf is a newly discovered Android botnet linked to the Aisuru botnet that has infected over 1.8…

Read more →

Breaking News, cyber crime, Cybercrime, discord, Global Security News, malware

VVS Stealer, a new python malware steals Discord credentials

VVS Stealer is a Python-based malware that steals Discord credentials and tokens and has been sold on Telegram since at least April 2025. Palo Alto Networks researchers uncovered VVS Stealer, a Python-based malware that steals Discord credentials and tokens and has been sold on Telegram since at least April 2025. VVS Stealer uses the source…

Read more →

Breaking News, Cybercrime, data breach, Global Security News, malware, Security

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 78

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter Evasive Panda APT poisons DNS requests to deliver MgBot   Spearphishing Campaign Abuses npm Registry to Target U.S. and Allied Manufacturing and Healthcare Organizations   EmEditor Supply Chain Incident Details Disclosed: Distribution of Information-Stealing Malware Sweeps…

Read more →

Breaking News, cyber crime, Global Security News, malware, Security

Two U.S. cybersecurity professionals plead guilty in BlackCat/Alphv ransomware case

Two U.S. cybersecurity professionals pleaded guilty to charges tied to their roles in BlackCat/Alphv ransomware attacks. The U.S. cybersecurity professionals Ryan Goldberg and Kevin Martin pleaded guilty to charges tied to their roles in BlackCat/Alphv ransomware attacks that occurred in 2023. Court records show Ryan Goldberg, Kevin Martin, and a co-conspirator deployed ALPHV BlackCat ransomware…

Read more →

APT, Asia Pacific, Breaking News, Global Security News, intelligence, malware, Security

Mustang Panda deploys ToneShell via signed kernel-mode rootkit driver

China-linked APT Mustang Panda used a signed kernel-mode rootkit driver to load shellcode and deploy its ToneShell backdoor. China-linked APT Mustang Panda (aka Hive0154, HoneyMyte, Camaro Dragon, RedDelta or Bronze President) was observed using a signed kernel-mode rootkit driver with embedded shellcode to deploy its ToneShell backdoor. Mustang Panda has been active since at least 2012, targeting American and European entities such as…

Read more →

Breaking News, cyber crime, Cybercrime, Global Security News, malware, Security

Lithuanian suspect arrested over KMSAuto malware that infected 2.8M systems

A Lithuanian national was arrested for allegedly spreading KMSAuto malware that stole clipboard data and infected 2.8 million Windows and Office systems. A Lithuanian man (29) was arrested for allegedly spreading KMSAuto-based clipboard-stealing malware that infected about 2.8 million Windows and Office systems. The man was extradited from Georgia to South Korea under Interpol coordination.…

Read more →

Breaking News, cyber crime, Cybercrime, Global Security News, malware, Security

Romania’s Oltenia Energy Complex suffers major ransomware attack

A ransomware attack hit Romania’s Oltenia Energy Complex on December 26, knocking out IT systems at the country’s largest coal power producer. A ransomware attack disrupted Oltenia Energy Complex, Romania’s largest coal-based power producer, shutting down its IT systems on December 26. The Oltenia Energy Complex (CE Oltenia) is Romania’s leading state-controlled lignite mining and…

Read more →

APT, Asia Pacific, china, Global Security News, intelligence, malware, Security

Evasive Panda cyberespionage campaign uses DNS poisoning to install MgBot backdoor

China-linked APT Evasive Panda used DNS poisoning to deliver the MgBot backdoor in targeted cyber-espionage attacks in Türkiye, China, and India. Kaspersky researchers spotted the China-linked APT group Evasive Panda (aka Daggerfly, Bronze Highland, and StormBamboo) running a targeted cyber-espionage campaign using DNS poisoning to deliver the MgBot backdoor against victims in Türkiye, China, and…

Read more →

Breaking News, Cybercrime, data breach, Global Security News, malware, Security

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 77

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter Choose Your Fighter: A New Stage in the Evolution of Android SMS Stealers in Uzbekistan From Linear to Complex: An Upgrade in RansomHouse Encryption   Prince of Persia: A Decade of Iranian Nation-State APT Campaign…

Read more →

Breaking News, Cybercrime, Global Security News, hacking, hacking news, malware

NPM package with 56,000 downloads compromises WhatsApp accounts

An NPM package with over 56,000 downloads stole WhatsApp credentials, hid its activity, and installed a backdoor. Koi Security researchers warned that the NPM package ‘Lotusbail’, a WhatsApp Web API library and fork of ‘Baileys’, has been stealing users’ credentials and data. The package has been available for six months and has had over 56,000…

Read more →

Breaking News, cyber crime, Global Security News, hacking, malware, Security

Romanian Waters confirms cyberattack, critical water operations unaffected

Romania’s national water management authority, Romanian Waters, was hit by a ransomware attack over the weekend. Romanian Waters (Administrația Națională Apele Române), the country’s water management authority, suffered a ransomware attack over the weekend. According to the National Cyber Security Directorate (DNSC), the incident affected around 1,000 computer systems across the central organization and 10…

Read more →

Breaking News, cyber crime, Cybercrime, Global Security News, malware, North America

Ukrainian hacker pleads guilty to Nefilim Ransomware attacks in U.S.

Ukrainian Artem Stryzhak (35) pleaded guilty in the U.S. for Nefilim ransomware attacks; he was arrested in Spain in 2024, extradited in April 2025. A 35-year-old Ukrainian, Artem Aleksandrovych Stryzhak (35), pleaded guilty in the U.S. for Nefilim ransomware attacks. The Ukrainian citizen was arrested in Spain in 2024 and extradited to the US in…

Read more →

Breaking News, cyber crime, Global Security News, hacking, malware, Security

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 76

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter CyberVolk | A Deep Dive into the Hacktivists, Tools and Ransomware Fueling Pro-Russian Cyber Attacks Operation MoneyMount-ISO — Deploying Phantom Stealer via ISO-Mounted Executables     Inside GhostPoster: How a PNG Icon Infected 50,000 Firefox Users…

Read more →

Android, Breaking News, cyber crime, Global Security News, malware

Massive Android botnet Kimwolf infects millions, strikes with DDoS

The Kimwolf Android botnet has infected 1.8M+ devices, launching massive DDoS attacks and boosting its C&C domain, says XLab. Kimwolf is a newly discovered Android botnet linked to the Aisuru botnet that has infected over 1.8 million devices and issued more than 1.7 billion DDoS attack commands, according to XLab. On October 24, 2025, XLab…

Read more →

Breaking News, cyber crime, Global Security News, hacking, malware, North America

ATM Jackpotting ring busted: 54 indicted by DoJ

The U.S. Department of Justice has indicted 54 individuals over a multi-million-dollar ATM jackpotting fraud scheme. U.S. DoJ indicted 54 people for a nationwide ATM jackpotting scheme that stole millions via malware. The case links the crimes to the cybercrime group Tren de Aragua, including charges of fraud, money laundering, and material support to a…

Read more →

Breaking News, cyber crime, Exploits, Global Security News, hacking, malware, Security

CLOP targets Gladinet CentreStack servers in large-scale extortion campaign

The Clop ransomware group is targeting Gladinet CentreStack file servers in a new large-scale extortion campaign. The Clop ransomware group is targeting Gladinet CentreStack file servers in a new large-scale extortion campaign aimed at stealing sensitive data from organizations worldwide. Gladinet CentreStack is a software platform that allows organizations to turn their existing file servers,…

Read more →

AI, Apps, Best Practices, Cloud Security, Compliance, Cybersecurity, Exploits, Foundational (100), Global Security News, malware, Network Security, Security, Identity, & Compliance

What AWS Security learned from responding to recent npm supply chain threat campaigns

AWS incident response operates around the clock to protect our customers, the AWS Cloud, and the AWS global infrastructure. Through that work, we learn from a variety of issues and spot unique trends. Over the past few months, high-profile software supply chain threat campaigns involving third party software repositories have highlighted the importance of protecting…

Read more →

AI, Apps, Best Practices, Cloud Security, Compliance, Cybersecurity, Exploits, Foundational (100), Global Security News, malware, Network Security, Security, Identity, & Compliance

What AWS Security learned from responding to recent npm supply chain threat campaigns

AWS incident response operates around the clock to protect our customers, the AWS Cloud, and the AWS global infrastructure. Through that work, we learn from a variety of issues and spot unique trends. Over the past few months, high-profile software supply chain threat campaigns involving third party software repositories have highlighted the importance of protecting…

Read more →

AI, Apps, Best Practices, Cloud Security, Compliance, Cybersecurity, Exploits, Foundational (100), Global Security News, malware, Network Security, Security, Identity, & Compliance

What AWS Security learned from responding to recent npm supply chain threat campaigns

AWS incident response operates around the clock to protect our customers, the AWS Cloud, and the AWS global infrastructure. Through that work, we learn from a variety of issues and spot unique trends. Over the past few months, high-profile software supply chain threat campaigns involving third party software repositories have highlighted the importance of protecting…

Read more →

Breaking News, cyber crime, Exploits, Global Security News, malware, Security

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 75

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter UDPGangster Campaigns Target Multiple Countries Ransomware Trends in Bank Secrecy Act Data Between 2022 and 2024  Return of ClayRat: Expanded Features and Techniques  SEEDSNATCHER : Dissecting an Android Malware Targeting Multiple Crypto Wallet Mnemonic…

Read more →

Asia Pacific, Breaking News, Global Security News, hacking, information security news, IT Information Security, malware

Elastic detects stealthy NANOREMOTE malware using Google Drive as C2

Elastic found a new Windows backdoor, NANOREMOTE, similar to FINALDRAFT/REF7707, using the Google Drive API for C2. Elastic Security Labs researchers uncovered NANOREMOTE, a new Windows backdoor that uses the Google Drive API for C2. Elastic says it shares code with the FINALDRAFT (Squidoor) implant, which uses Microsoft Graph API and is linked to threat…

Read more →

Breaking News, Exploits, Global Security News, Gogs, hacking, malware, Security

Critical Gogs zero-day under attack, 700 servers hacked

Hackers exploited an unpatched Gogs zero-day, allowing remote code execution and compromising around 700 Internet-facing servers. Gogs is a self-hosted Git service, similar to GitHub, GitLab, or Bitbucket, but designed to be lightweight and easy to deploy. It allows individuals or organizations to host their own Git repositories on their servers, offering features like version…

Read more →

APT, Breaking News, Cyber warfare, Exploits, Global Security News, malware, Security

New EtherRAT backdoor surfaces in React2Shell attacks tied to North Korea

NK-linked hackers are likely exploiting the React2Shell flaw to deploy a newly discovered remote access trojan, dubbed EtherRAT. North Korea–linked threat actors are likely exploiting the new critical React2Shell flaw (CVE-2025-55182) to deploy a previously unknown remote access trojan called EtherRAT, Sysdig researchers warn. The vulnerability CVE-2025-55182, is a pre-authentication remote code execution issue in React…

Read more →

Breaking News, cyber crime, Cybercrime, Exploits, Global Security News, malware

Broadside botnet hits TBK DVRs, raising alarms for maritime logistics

Mirai-based Broadside botnet targets vulnerable TBK Vision DVRs, posing a potential threat to the maritime logistics sector, Cydome warns. Cydome researchers have identified a new Mirai botnet variant dubbed Broadside that is targeting the maritime logistics sector by exploiting the command injection vulnerability CVE-2024-3721 in TBK DVR devices used on vessels. “Cydome’s Cybersecurity Research Team has identified…

Read more →

Breaking News, cyber crime, Cybercrime, Global Security News, malware, Security

FinCEN data shows $4.5B in ransomware payments, record spike in 2023

Ransomware payments reported to FinCEN exceeded $4.5B by 2024, with 2023 marking a record year at $1.1B across 1,512 incidents. FinCEN analyzed ransomware trends using Bank Secrecy Act (BSA) reports filed from January 2022 to February 2025. During this period, organizations reported 4,194 ransomware incidents and more than $2.1 billion in payments. For comparison, from…

Read more →

Breaking News, cyber crime, Cybercrime, Exploits, Global Security News, malware, Security

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 74

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter Analysis of ShadowPad Attack Exploiting WSUS Remote Code Execution Vulnerability (CVE-2025-59287)   Shai-Hulud 2.0 Supply Chain Attack: 25K+ npm Repos Exposed Spyware Allows Cyber Threat Actors to Target Users of Messaging Applications  Morphisec Thwarts Russian-Linked…

Read more →

Breaking News, cyber crime, data breach, Exploits, Global Security News, malware, Security

ASUS confirms vendor breach as Everest gang leaks data, claims ArcSoft and Qualcomm

ASUS confirms a third-party breach after Everest leaks sample data. Hackers also claim ArcSoft and Qualcomm. ASUS says a third-party breach exposed data after Everest ransomware leaked samples, claiming they have hacked ASUS, ArcSoft, and Qualcomm. ASUS says a supplier breach exposed some phone camera source code but did not affect products, internal systems, or…

Read more →