Cloudflare blocked a record 29.7 Tbps DDoS attack from the AISURU botnet. The 69-second attack set a new high, though the target remains undisclosed. Cloudflare stopped a record 29.7 Tbps DDoS attack from the AISURU botnet, a 69-second barrage that set a new volume record. The cybersecurity firm did not disclose the name of the…
Category: malware
AI, Compliance, Cybersecurity, Global Security News, malware, privacy, Risk Management
A hacker doxxes himself, and social engineering-as-a-service
A teenage cybercriminal posts a smug screenshot to mock a sextortion scammer… and accidentally hands over the keys to his real-world identity. Meanwhile, we look into the crystal ball for 2026 and consider how stolen data is now the jet fuel of cybercrime – and how next year could be even nastier than 2025. Plus,…
Data loss, Global Security News, malware, Podcast, privacy, Security threats
Smashing Security podcast #446: A hacker doxxes himself, and social engineering-as-a-service
A teenage cybercriminal posts a smug screenshot to mock a sextortion scammer… and accidentally hands over the keys to his real-world identity. Meanwhile, we look into the crystal ball for 2026 and consider how stolen data is now the jet fuel of cybercrime – and how next year could be even nastier than 2025. Plus,…
Artificial Intelligence, Global Security News, malware, Security
Fake ChatGPT Atlas Browser Used in ClickFix Attack to Steal Passwords
Cybersecurity researchers have uncovered a critical ChatGPT Atlas browser attack, confirming the danger of the ongoing surge in the ClickFix threat.
Global Security News, Guest blog, Law & order, malware, phishing
FBI warns of surge in account takeover (ATO) fraud schemes – what you need to know
The FBI has recently issued a public service announcement that warns that since January 2025 there have been more than 5,100 complaints of account takeover fraud, and total reported losses in excess of US $262 million. Read more in my article on the Fortra blog.
backdoor, Browser, cyber attacks, Global Security News, malware, Security
7 Year Long ShadyPanda Attack Spied on 4.3M Chrome and Edge Users
Koi Security exposes ShadyPanda, a group that used trusted Chrome/Edge extensions to infect 4.3 million users over 7 years for deep surveillance and corporate espionage.
data breach, Data loss, Global Security News, Guest blog, malware, Ransomware
Asahi cyber attack spirals into massive data breach impacting almost 2 million people
Asahi Group Holdings, the makers of the popular Japanese beer Asahi Super Dry, has confirmed that the ransomware attack that disrupted its operations in late September also saw a significant data breach that affects more than 1.5 million customers and approximately 275,000 current and former employees and their families. Read more in my article on…
cyber attack, Global Security News, malware, Security
NK Hackers Push 200 Malicious npm Packages with OtterCookie Malware
North Korean hackers escalated the “Contagious Interview” attack, flooding the npm registry with over 200 malicious packages to install OtterCookie malware. This attack targets blockchain and Web3 developers through fake job interviews and coding tests.
APT, Breaking News, Global Security News, hacking, information security news, malware, North America
MuddyWater strikes Israel with advanced MuddyViper malware
Iran-linked threat actor MuddyWater targeted multiple Israeli sectors with a new MuddyViper backdoor in recent attacks. ESET researchers uncovered a new MuddyWater campaign targeting Israeli organizations and one confirmed Egyptian target. The Iran-linked APT group MuddyWater (aka SeedWorm, TEMP.Zagros, Mango Sandstorm, TA450, and Static Kitten) deployed custom tools to evade defenses and maintain persistence. They used a Fooder loader,…
ESET research, Global Security News, malware
MuddyWater: Snakes by the riverbank
MuddyWater targets critical infrastructure in Israel and Egypt, relying on custom malware, improved tactics, and a predictable playbook
Breaking News, cyber crime, Global Security News, malware, Mobile
Emerging Android threat ‘Albiriox’ enables full On‑Device Fraud
Albiriox is new Android MaaS malware enabling on-device fraud and real-time control. It targets 400+ banking, fintech, crypto, and payment apps. Albiriox is a new Android malware sold under a malware-as-a-service model on Russian‑speaking cybercrime forums. It provides advanced capabilities for on-device fraud, screen manipulation, and real-time interaction with infected devices. It also includes a…
api, Cybersecurity, Evidence-as-Code, Global Security News, malware, Press Release
Quttera Launches “Evidence-as-Code” API to Automate Security Compliance for SOC 2 and PCI DSS v4.0
New API capabilities and AI-powered Threat Encyclopedia eliminate manual audit preparation, providing real-time compliance evidence and instant threat intelligence.
APT, Global Security News, hacking, malware, Security
Contagious Interview campaign expands with 197 npm Ppackages spreading new OtterCookie malware
North Korea-linked actors behind Contagious Interview uploaded 197 new malicious npm packages to distribute a new OtterCookie malware version. North Korea-linked threat actors added 197 new malicious npm packages to spread updated OtterCookie malware as part of the ongoing Contagious Interview campaign, cybersecurity firm Socket warns. The Contagious Interview campaign, active since November 2023 and linked to…
AI, Cybersecurity, Global Security News, malware, Video
This month in security with Tony Anscombe – November 2025 edition
Data exposure by top AI companies, the Akira ransomware haul, Operation Endgame against major malware families, and more of this month’s cybersecurity news
Botnet, Breaking News, cyber crime, Exploits, Global Security News, hacking, malware
New Mirai variant ShadowV2 tests IoT exploits amid AWS disruption
ShadowV2, a new Mirai-based botnet, briefly targeted vulnerable IoT devices during October’s AWS outage, likely as a test run. During the late-October AWS disruption, FortiGuard Labs researchers observed the Mirai-based ‘ShadowV2’ malware exploiting IoT vulnerabilities across multiple countries and industries. The botnet was active only during the outage, suggesting a test run for future attacks.…
Breaking News, cyber crime, data breach, Europe, Global Security News, malware
Asahi says crooks stole data of approximately 2M customers and employees
Asahi says hackers stole data of approximately 2M customers and employees before a ransomware attack crippled its Japan operations. Threat actors hit Asahi with a ransomware attack in September, stealing personal data on about 2 million customers and employees and severely disrupting the company’s operations in Japan. Asahi Group Holdings, Ltd (commonly called Asahi) is…
Data loss, Global Security News, Guest blog, Law & order, malware, Mobile
State-backed spyware attacks are targeting Signal and WhatsApp users, CISA warns
CISA, the US Cybersecurity and Infrastructure Security Agency, has issued a new warning that cybercriminals and state-backed hacking groups are using spyware to compromise smartphones belonging to users of popular encrypted messaging apps such as Signal, WhatsApp, and Telegram. Read more in my article on the Hot for Security blog.
AI, Apps, Cybersecurity, data breach, Data Breaches, Exploits, Global Security News, hacking, Information Security, malware
Forget Firewalls — Hack the Supplier: The Iberia Attack Blueprint Revealed
On 23 November 2025, Iberia disclosed a security incident stemming from an unauthorized access to the systems of a third-party supplier / vendor.The airline communicated to impacted customers that certain personal data may have been exposed. According to the notification, exposed information may include first and last name, email address, and loyalty-card identification numbers (Iberia…
APT, Breaking News, Exploits, Global Security News, intelligence, malware, Security
For the first time, a RomCom payload has been observed being distributed via SocGholish
RomCom malware used the SocGholish fake update loader to deliver Mythic Agent to a U.S. civil engineering firm. In September 2025, Arctic Wolf Labs observed RomCom threat actors delivering the Mythic Agent via SocGholish to a U.S. company. The researchers noticed that the payload executed about 10 minutes after initial exploitation, marking the first time…
Cybersecurity, Global Security News, malware, Microsoft, Microsoft 365, Security
Microsoft Teams Flaw in Guest Chat Exposes Users to Malware Attacks
New research from Ontinue exposes a major security flaw in Microsoft Teams B2B Guest Access. Learn how attackers bypass all Defender for Office 365 protections with a single invite.
AI, API security, Cybersecurity, Endpoint, Exploits, Global Security News, malware, Network Security, Risk Management
When your AI Assistant Becomes the Attacker’s Command-and-Control
Earlier this month, Microsoft uncovered SesameOp, a new backdoor malware that abuses the OpenAI Assistants API as a covert command-and-control (C2) channel. The discovery has drawn significant attention within the cybersecurity community. Security teams can no longer focus solely on endpoint malware. Attackers are weaponizing public and legitimate AI assistant APIs and defenders must adjust.…
AI, API security, Cybersecurity, Endpoint, Exploits, Global Security News, malware, Network Security, Risk Management
When your AI Assistant Becomes the Attacker’s Command-and-Control
Earlier this month, Microsoft uncovered SesameOp, a new backdoor malware that abuses the OpenAI Assistants API as a covert command-and-control (C2) channel. The discovery has drawn significant attention within the cybersecurity community. Security teams can no longer focus solely on endpoint malware. Attackers are weaponizing public and legitimate AI assistant APIs and defenders must adjust.…
AI, API security, Cybersecurity, Endpoint, Exploits, Global Security News, malware, Network Security, Risk Management
When your AI Assistant Becomes the Attacker’s Command-and-Control
Earlier this month, Microsoft uncovered SesameOp, a new backdoor malware that abuses the OpenAI Assistants API as a covert command-and-control (C2) channel. The discovery has drawn significant attention within the cybersecurity community. Security teams can no longer focus solely on endpoint malware. Attackers are weaponizing public and legitimate AI assistant APIs and defenders must adjust.…
AI, API security, Cybersecurity, Endpoint, Exploits, Global Security News, malware, Network Security, Risk Management
When your AI Assistant Becomes the Attacker’s Command-and-Control
Earlier this month, Microsoft uncovered SesameOp, a new backdoor malware that abuses the OpenAI Assistants API as a covert command-and-control (C2) channel. The discovery has drawn significant attention within the cybersecurity community. Security teams can no longer focus solely on endpoint malware. Attackers are weaponizing public and legitimate AI assistant APIs and defenders must adjust.…
Breaking News, cyber crime, data breach, Global Security News, hacking, malware
Emergency alerts go dark after cyberattack on OnSolve CodeRED
Cyberattack on OnSolve CodeRED disrupted emergency alert services for U.S. state, local, police, and fire agencies. A cyberattack on the OnSolve CodeRED alert platform disrupted emergency notification services used by U.S. state and local governments, police, and fire agencies. OnSolve CodeRED is a cloud-based emergency alert system used by U.S. state and local governments to…
Gaming, Global Security News, malware, Security
Fake Battlefield 6 Downloads Are Spreading Malware, Stealing Player Data
Bitdefender Labs found fake Battlefield 6 pirated copies and trainers spreading aggressive malware, C2 agents, and infostealers, designed to steal player data and crypto-wallets.
Breaking News, cyber crime, Cybercrime, Exploits, Global Security News, hacking, malware
Dissecting a new malspam chain delivering Purelogs infostealer
The AISI Research Center’s Cybersecurity Observatory publishes the report “Dissecting a new malspam chain delivering Purelogs infostealer” – November 25, 2025. Organizational and personal security remains under constant threat from increasingly sophisticated attack vectors, with malspam continuing to represent one of the most widespread and effective initial infection vectors for distributing malware on a large…
Breaking News, cyber crime, Exploits, Global Security News, hacking, malware, Security
Morphisec warns StealC V2 malware spread through weaponized blender files
StealC V2 spread via malicious Blender files on 3D model sites like CGTrader, abusing Blender’s ability to run hidden Python scripts. Cybersecurity firm Morphisec reported that Russian threat actors are spreading StealC V2 infostealer via weaponized Blender files uploaded to 3D model marketplaces like CGTrader. The malware abuses Blender’s ability to run Python scripts for automation…
Breaking News, Exploits, Global Security News, intelligence, malware, Reports, Security
CISA: Spyware and RATs used to target WhatsApp and Signal Users
CISA warns that threat actors are actively using commercial spyware and RATs to target users of mobile messaging apps WhatsApp and Signal. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning of threat actors using commercial spyware and remote access trojans (RATs) to target users of popular instant messaging applications, including WhatsApp and Signal.…
Global Security News, malware, social media
Influencers in the crosshairs: How cybercriminals are targeting content creators
Social media influencers can provide reach and trust for scams and malware distribution. Robust account protection is key to stopping the fraudsters.
cyber attack, Cybersecurity, Developer, Global Security News, malware, Security
Shai Hulud npm Worm Infects 19,000 Packages in Major Supply Chain Attack
The Shai Hulud worm’s “Second Coming” has compromised over 19,000 public repositories. We detail the attacker’s mistake, the target packages, and mandatory security tips.
Breaking News, Exploits, Global Security News, hacking, hacking news, malware
Attackers deliver ShadowPad via newly patched WSUS RCE bug
Attackers exploited a patched WSUS flaw (CVE-2025-59287) to gain access, use PowerCat for a shell, and deploy the ShadowPad malware. AhnLab SEcurity intelligence Center (ASEC) researchers reported that threat actors exploited a recently patched WSUS flaw (CVE-2025-59287) to deliver the ShadowPad malware. ShadowPad is a backdoor widely used by China-linked APT groups and privately sold…
Android, cyber crime, Global Security News, malware, Security
New RadzaRat Spyware Poses as File Manager to Hijack Android Devices
Certo Software found RadzaRat, an Android RAT disguised as a file manager that has a 0/66 detection rate on VirusTotal. It keylogs passwords and steals files.
Botnet, Europol, Global Security News, Guest blog, Law & order, malware
Operation Endgame disrupts Rhadamanthys information-stealing malware
International cybercrime-fighting agencies, co-ordinated by Europol, took down over 1000 servers and seized 20 domains earlier this month as part of Operation Endgame 3.0. Their target? Three major malware platforms: the infostealer known as Rhadamanthys, the VenomRAT remote access trojan, and the Elysium botnet. Read more in my article on the Hot for Security blog.
Breaking News, Cybercrime, data breach, Emerging Tech, Global Security News, hacking, malware
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 72
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter Contagious Interview Actors Now Utilize JSON Storage Services for Malware Delivery RONINGLOADER: DragonBreath’s New Path to PPL Abuse npm Malware Campaign Uses Adspect Cloaking to Deliver Malicious Redirects GPT Trade: Fake Google Play Store…
Cybersecurity, Exploits, Global Security News, malware, Microsoft, Security
Critical 7 Zip Vulnerability With Public Exploit Requires Manual Update
A critical security flaw (CVE-2025-11001) in 7-Zip has a public exploit. Learn why this high-risk vulnerability is dangerous and how to manually update to version 25.01 now.
APT, Asia Pacific, Breaking News, Global Security News, intelligence, malware, Security
BadAudio malware: how APT24 scaled its cyberespionage through supply chain attacks
APT24 used supply chain attacks and varied techniques to deploy the BadAudio malware in a long-running cyberespionage campaign. China-linked group APT24 used supply-chain attacks and multiple techniques over three years to deploy the BadAudio downloader and additional malware payloads, Google Threat Intelligence Group (GTIG) warns. According to the researchers, the group shifted from broad web…
Android, Cybersecurity, encryption, Global Security News, malware, Security
New Sturnus Android Malware Reads WhatsApp, Telegram, Signal Chats via Accessibility Abuse
Sturnus, an advanced Android banking trojan, has been discovered by ThreatFabric. Learn how this malware bypasses end-to-end encryption on Signal and WhatsApp, steals bank credentials using fake screens, and executes fraudulent transactions.
Android, Breaking News, cyber crime, Europe, Global Security News, malware, Mobile
Sturnus: New Android banking trojan targets WhatsApp, Telegram, and Signal
The Android trojan Sturnus targets communications from secure messaging apps like WhatsApp, Telegram and Signal. Sturnus is a new Android banking trojan with full device-takeover abilities. It bypasses encrypted messaging by capturing on-screen content and can steal banking credentials, remotely control the device, and hide fraudulent actions from the user. ThreatFabric analysis shows Sturnus malware…
Banking, Eternidade Stealer, Global Security News, malware, Security
New Eternidade Stealer Uses WhatsApp to Steal Banking Data
Trustwave SpiderLabs warns of Eternidade Stealer, a new banking trojan spreading via personalised WhatsApp messages. Find out how this malicious software bypasses security checks and deploys fake login screens for major banks and wallets.
Data loss, Global Security News, malware, Podcast, privacy
Smashing Security podcast #444: We’re sorry. Wait, did a company actually say that?
Stop the press – a company has actually said “sorry” after a data breach, and hotels are helping hackers phish their own guests. We examine a refreshingly honest breach response (and why legacy systems are still going to ruin your week), dig into a nasty hotel-booking malware campaign that abuses trust in apps and CAPTCHAs,…
AI, Compliance, Cybersecurity, Data Breaches, Global Security News, malware, Network Security, privacy
We’re sorry. Wait, did a company actually say that?
Stop the press – a company has actually said “sorry” after a data breach, and hotels are helping hackers phish their own guests. In episode 444 of “Smashing Security” we examine a refreshingly honest breach response (and why legacy systems are still going to ruin your week), dig into a nasty hotel-booking malware campaign that…
Breaking News, cyber crime, Exploits, Global Security News, malware, Security
Operation WrtHug hijacks 50,000+ ASUS routers to Bìbuild global botnet
Operation WrtHug hijacks tens of thousands of outdated ASUS routers worldwide, mainly in Taiwan, the U.S., and Russia, forming a large botnet. A new campaign called Operation WrtHug has compromised tens of thousands of outdated or end-of-life ASUS routers worldwide, mainly in Taiwan, the U.S., and Russia, pulling them into a large malicious network. SecurityScorecard…
Breaking News, cyber crime, Exploits, Global Security News, malware, Security
Operation WrtHug hijacks 50,000+ ASUS routers to build a global botnet
Operation WrtHug hijacks tens of thousands of outdated ASUS routers worldwide, mainly in Taiwan, the U.S., and Russia, forming a large botnet. A new campaign called Operation WrtHug has compromised tens of thousands of outdated or end-of-life ASUS routers worldwide, mainly in Taiwan, the U.S., and Russia, pulling them into a large malicious network. SecurityScorecard…
Global Security News, Hacks, malware, Tips & Hacks, Webcam
10 Signs Your Webcam Has Been Hacked (and How to Protect Yourself)
Today, we will show you some signs that your webcam has been hacked. In today’s digital age, privacy can feel increasingly fragile. We constantly grapple with safeguarding our information, from financial details to personal data. Even governments are known to collect user information. Fears of webcam hacking can add another layer of anxiety. But how…
Asia Pacific, Cyber Threats, Global Security News, IoT, malware, News, phishing
唉! New Kaiji Malware Attacks IoT devices using SSH Brute Force
The Kaiji malware was designed by a developer based in China to launch DDoS attacks according to researchers. The Internet of Things (IoT) has revolutionized the way we interact with the digital world. From smart refrigerators to connected thermostats, these devices offer convenience and automation. However, with this growing network of interconnected devices comes a…
Global Security News, malware, Ransomware, Threat Intelligence
Gh0st RAT spread through thousands of software impersonating sites
Attackers advanced to a more evasive infection chain between two waves of attacks.
Cyber Threats, Global Security News, malware, trojan, Trojan Horse, Tutorials
Types Of Trojan Horses And How To Remove Them
This post will show the types of trojan horses, what they are, how they work, signs, and how to remove them from your computer. When discussing technological terms, a Trojan Horse is a harmless-looking program that may be downloaded to a computer as an innocent-looking program, but is, in fact, malicious. What Is A Trojan…
Breaking News, cyber crime, Global Security News, malware, Security
Microsoft mitigated the largest cloud DDoS ever recorded, 15.7 Tbps
Microsoft says the Aisuru botnet launched a 15.7 Tbps DDoS on Azure from 500k IPs, using massive UDP floods peaking at 3.6 B pps. On October 24, 2025, Azure DDoS Protection detected and mitigated a massive multi-vector attack peaking at 15.72 Tbps and 3.64 billion pps, the largest cloud DDoS ever recorded, aimed at a…
Breaking News, Cyber warfare, Global Security News, hacking, intelligence, malware
North Korean threat actors use JSON sites to deliver malware via trojanized code
North Korean Contagious Interview actors now host malware on JSON storage sites to deliver trojanized code projects, NVISO reports. North Korea-linked actors behind the Contagious Interview campaign have updated their tactics, using JSON storage services (e.g. JSON Keeper, JSONsilo, and npoint.io) to host and deliver malware through trojanized code projects, according to a new NVISO report. “NVISO…
Breaking News, cyber crime, Exploits, Global Security News, hacking, malware
RondoDox expands botnet by exploiting XWiki RCE bug left unpatched since February 2025
RondoDox botnet exploits unpatched XWiki flaw CVE-2025-24893 to gain RCE and infect more servers, despite fixes released in February 2025. RondoDox is targeting unpatched XWiki servers via critical RCE flaw CVE-2025-24893 (CVSS score of 9.8), pulling more devices into its botnet despite patches released in Feb 2025. The XWiki Platform is a generic wiki framework…
Breaking News, Cybercrime, data breach, Exploits, Global Security News, hacking, malware
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 71
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter 9 Malicious NuGet Packages Deliver Time-Delayed Destructive Payloads GlassWorm Returns: New Wave Strikes as We Expose Attacker Infrastructure Gootloader Returns: What Goodies Did They Bring? Active Water Saci Campaign Spreading Via WhatsApp Features Multi-Vector…
Global Security News, malware, security flaws, Tutorials
Adware Signs, Effects, And How To Remove It
In this post, we will reveal the signs and effects of adware. Plus, how to remove them from your web browsers. Adware is malicious software (malware) that prompts up ads on computer screens – usually while surfing the net. However, there is more to this program than malware. This article provides a concise review, highlighting…
Global Security News, Mac OS, malware, Tutorials
Your Guide For Dealing With MacBook Malware
This is the ultimate guide for dealing with MacBook malware. You might have heard that MacBooks are not prone to cybersecurity attacks. Malware developers aim to target their largest demographic, and macOS does not fall into that category. First of all, you would need to create malware specifically for macOS. Even then, the system updates…
Global Security News, malware, News, Ransomware
Zorab Ransomware Impersonates STOP Djvu ransomware decryptor
Cybersecurity researchers have issued a warning about a cunning tactic employed by the Zorab ransomware, where it masquerades as a decryptor for the STOP Djvu ransomware family. This deceptive approach lures unsuspecting victims into further encryption, potentially doubling their data hostage situation. Zorab Ransomware: Key Information Feature Description Initial Discovery Late 2019 Original Function Malware…
Global Security News, malware, Tutorials, virus
How To Recognize And Avoid A Fake Virus And Malware Warning
In this post, we will show you how to recognize and avoid a fake virus and malware warning. For a long time, malware has been a nuisance for many computer users. Unfortunately, it seems that this won’t change anytime soon. While you browse the internet using your computer, you may run into some occasional infection…
Breaking News, Chrome, cyber crime, Global Security News, malware
Chrome extension “Safery” steals Ethereum wallet seed phrases
Malicious Chrome extension “Safery: Ethereum Wallet” steals users’ seed phrases while posing as a legit crypto wallet still available online. Socket’s Threat Research Team discovered a malicious Chrome extension called “Safery: Ethereum Wallet,” posing as a legitimate crypto wallet but designed to steal users’ seed phrases. The Chrome extension was uploaded to the Chrome Web…
cyber crime, Global Security News, infostealer, malware, operation endgame, police
Operation Endgame Hits Rhadamanthys, VenomRAT, Elysium Malware, seize 1025 servers
Europol-led Operation Endgame seizes 1,025 servers and arrests a key suspect in Greece, disrupting three major global malware and hacking tools, including Rhadamanthys, VenomRAT and Elysium botnet.
Botnet, Breaking News, cyber crime, Global Security News, hacking, malware
A new round of Europol’s Operation Endgame dismantled Rhadamanthys, Venom RAT, and Elysium botnet
Europol’s Operation Endgame dismantles Rhadamanthys, Venom RAT, and Elysium botnet in a global crackdown on cybercriminal infrastructures. Europol and Eurojust have launched a new phase of Operation Endgame, carried out between November 10 and 13, 2025, dismantling major malware families including Rhadamanthys Stealer, Venom RAT, and the Elysium botnet as part of a global effort…
Cybersecurity, Global Security News, malware, Security
Top 3 Malware Families in Q4: How to Keep Your SOC Ready
Q3 showed sharp growth in malware activity as Lumma AgentTesla and Xworm drove access and data theft forcing SOC teams toward quicker behavior checks
Botnet, Breaking News, cyber crime, Cybercrime, Global Security News, malware, North America
New Danabot Windows version appears in the threat landscape after May disruption
DanaBot returns after 6 months with a new Windows variant (v669), marking its comeback after being disrupted by Operation Endgame in May. DanaBot has resurfaced with a new variant (version 669) targeting Windows systems, six months after Operation Endgame disrupted its activity in May, according to Zscaler ThreatLabz. The researchers identified a set of command…
Bitcoin, Crypto, Cybersecurity, Global Security News, malware, Security
DarkComet Spyware Resurfaces Disguised as Fake Bitcoin Wallet
Old DarkComet RAT spyware is back, hiding inside fake Bitcoin wallets and trading apps to steal credentials via keylogging.
Android, Global Security News, malware, Scams and Fraud, Security
Hackers Use KakaoTalk and Google Find Hub in Android Spyware Attack
North Korea-linked KONNI hackers used KakaoTalk and Google Find Hub to spy on victims and remotely wipe Android devices in a targeted phishing campaign.
Global Security News, Guest blog, Law & order, malware, North America, Ransomware
Russian hacker admits helping Yanluowang ransomware infect companies
A Russian hacker accused of helping ransomware gangs break into businesses across the United States is set to plead guilty, according to recently filed federal court documents. 25-year-old Aleksey Olegovich Volkov worked as an “initial access broker”, a cybercriminal specialist who focuses on the earliest stage of an attack: gaining the first foothold inside a…
Android, Breaking News, cyber crime, Global Security News, malware, Security
Fantasy Hub: Russian-sold Android RAT boasts full device espionage as MaaS
Researchers found Fantasy Hub, a Russian MaaS Android RAT that lets attackers spy, steal data, and control devices via Telegram. Zimperium researchers uncovered Fantasy Hub, a Russian-sold Android RAT offered as Malware-as-a-Service, enabling spying, device control, and data theft via Telegram. The malware allows operators to take over infected devices, gathering SMS messages, contacts, call…
cyber attack, Cybersecurity, data breach, Global Security News, malware, Security
Fake NPM Package With 206K Downloads Targeted GitHub for Credentials
Veracode Threat Research exposed a targeted typosquatting attack on npm, where the malicious package @acitons/artifact stole GitHub tokens. Learn how this supply chain failure threatened the GitHub organisation’s code.
Breaking News, Cyber warfare, Exploits, Global Security News, intelligence, malware, Security
North Korea-linked Konni APT used Google Find Hub to erase data and spy on defectors
North Korea-linked APT Konni posed as counselors to steal data and wipe Android phones via Google Find Hub in Sept 2025. Genians Security Center researchers warn that the North Korea-linked Konni APT group (aka Kimsuky, Earth Imp, TA406, Thallium, Vedalia, and Velvet Chollima) posed as counselors to hack Android and Windows, stealing data and wiping phones…
Global Security News, malware, News, Ransomware
Hackers now use SEO Malware to launch coordinated attacks
Sophos recently uncovered a concerning tactic cybercriminals are employing: leveraging SEO (Search Engine Optimization) techniques to launch coordinated attacks and deliver malware. This method, dubbed “Gootloader,” utilizes both search engine optimization tactics and social engineering manipulation to push compromised websites to the top of search results, particularly targeting users in France, Germany, South Korea, and…
Breaking News, GlassWorm malware, Global Security News, hacking, malware, Security
GlassWorm malware has resurfaced on the Open VSX registry
GlassWorm malware resurfaces in Open VSX and GitHub, infecting VS Code extensions weeks after its removal from the official marketplace. GlassWorm malware has resurfaced on the Open VSX registry and newly appeared in GitHub repositories, infecting three more VS Code extensions just weeks after its removal from the official marketplace, Koi Security researchers warn. In…
Android, Cybersecurity, Global Security News, malware, Samsung, Security
LANDFALL Spyware Targeted Samsung Galaxy Phones via Malicious Images
Unit 42 discovered LANDFALL, commercial-grade Android spyware, which used a hidden image vulnerability (CVE-2025-21042) to remotely spy on Samsung Galaxy users via WhatsApp. Update your phone now.
Breaking News, Exploits, Global Security News, hacking, hacking news, information security news, malware
Nine NuGet packages disrupt DBs and industrial systems with time-delayed payloads
Nine NuGet packages by “shanhai666” can deploy delayed payloads to disrupt databases and industrial systems. Socket’s Threat Research Team discovered nine malicious NuGet packages, published between 2023 and 2024 by “shanhai666,” that can deploy time-delayed payloads to disrupt databases and industrial control systems. Scheduled to trigger in August 2027 and November 2028, the packages were…
Breaking News, Cybercrime, data breach, Exploits, Global Security News, hacking, malware
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 70
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter SesameOp: Novel backdoor uses OpenAI Assistants API for command and control Weaponized Military Documents Deliver Advanced SSH-Tor Backdoor to Defense Sector Gootloader Returns: What Goodies Did They Bring? Ransomvibing appears in VS Code extensions …
APT, Asia Pacific, Cyber warfare, Global Security News, hacking, intelligence, malware
China-linked hackers target U.S. non-profit in long-term espionage campaign
A China-linked group targeted a U.S. non-profit to gain long-term access, part of wider attacks on U.S. entities tied to policy matters. China-linked hackers breached a U.S. policy-focused nonprofit in April 2025, maintaining weeks of access. They used DLL sideloading via vetysafe.exe, a tactic used by other Chinese APT groups like Space Pirates, Kelp, and…
Breaking News, Exploits, Global Security News, malware, Mobile, Security
LANDFALL spyware exploited Samsung zero-day CVE-2025-21042 in Middle East attacks
A now-patched Samsung Galaxy flaw, tracked as CVE-2025-21042, was exploited as a zero-day to deploy LANDFALL spyware in targeted attacks in Middle East. Samsung patched a flaw exploited as a zero-day, tracked as CVE-2025-21042 (CVSS score of 8.8), to deploy LANDFALL spyware on Galaxy devices in Middle East attacks. “Unit 42 researchers have uncovered a…
cyber attack, Global Security News, malware, Scams and Fraud, Security
“I Paid Twice” Scam Infects Booking.com Users with PureRAT via ClickFix
Cybersecurity firm Sekoia reports a widespread fraud where criminals compromise hotel systems (Booking.com, Expedia and others) with PureRAT malware, then use stolen reservation data to phish and defraud guests.
APT, Cyber warfare, Exploits, Global Security News, hacking, hacking news, malware
Russia-linked APT InedibleOchotense impersonates ESET to deploy backdoor on Ukrainian systems
Russia-linked group InedibleOchotense used fake ESET installers in phishing attacks on Ukrainian targets in May 2025. Russia-linked group InedibleOchotense used trojanized ESET installers in phishing attacks against Ukrainian entities detected in May 2025. The campaign used emails and Signal messages to deliver trojanized ESET installers that installed both legitimate software and the Kalambur backdoor. “Another…
Breaking News, cyber crime, Exploits, Global Security News, hacking, malware
Clop Ransomware group claims the breach of The Washington Post
The Clop Ransomware group claims the breach of The Washington Post and added the American daily newspaper to its Tor data leak site. The Clop Ransomware group announced the hack of the prestigious American daily newspaper The Washington Post. The cybercrime group created a page for the university on its Tor data leak site and announced it will…
AI, Artificial Intelligence, Breaking News, Emerging Tech, Global Security News, malware, Security
Google sounds alarm on self-modifying AI malware
Google warns malware now uses AI to mutate, adapt, and collect data during execution, boosting evasion and persistence. Google’s Threat Intelligence Group (GTIG) warn of a new generation of malware that is using AI during execution to mutate, adapt, and collect data in real time, helping it evade detection more effectively. Cybercriminals increasingly use AI…
Data loss, Global Security News, Guest blog, Law & order, malware
“Pay up or we share the tapes”: Hackers target massage parlour clients in blackmail scheme
South Korean police have uncovered a hacking operation that stole sensitive data from massage parlours and blackmailed their male clientele. Read more in my article on the Hot for Security blog.
backdoor, cyber attacks, Global Security News, malware, Security
Cavalry Werewolf Hit Russian Government with New ShellNET Backdoor
Doctor Web uncovers a targeted cyberattack on a Russian government body by the Cavalry Werewolf group using a new ShellNET backdoor and Telegram-based control.
Breaking News, Cyber warfare, Exploits, Global Security News, hacking, intelligence, malware
Alleged Russia-linked Curly COMrades exploit Windows Hyper-V to evade EDRs
Curly COMrades threat actors exploit Windows Hyper-V to hide Linux VMs, evade EDR tools, and deploy custom malware undetected. Bitdefender researchers, aided by Georgia’s CERT, uncovered that Curly COMrades, a group linked to Russian interests, abused Windows Hyper-V to gain covert, long-term access to victims. Threat actors created hidden Alpine Linux VMs (120MB/256MB) hosting custom…
AI, china, Compliance, Cybersecurity, Data Breaches, Exploits, Global Security News, malware, privacy, Risk Management, Russia
The hack that messed with time, and rogue ransomware negotiators
Time itself comes under attack as a state-backed hacking gang spends two years tunnelling toward a nation’s master clock — with chaos potentially only a tick away. Plus when ransomware negotiators turn to the dark side, what could possibly go wrong? All this and more is discussed in episode 442 of the “Smashing Security” podcast…
china, Global Security News, Law & order, malware, Podcast, Ransomware
Smashing Security podcast #442: The hack that messed with time, and rogue ransom where negotiators
Time itself comes under attack as a state-backed hacking gang spends two years tunnelling toward a nation’s master clock — with chaos potentially only a tick away. Plus when ransomware negotiators turn to the dark side, what could possibly go wrong? All this and more is discussed in episode 442 of the “Smashing Security” podcast…
Cyber Threats, Global Security News, malware, PUP, Tutorials
How To Remove Potentially Unwanted Programs
In this post, we will guide you through the process of removing potentially unwanted programs. In today’s digital landscape, our systems are constantly bombarded with software installations, both intentional and unintentional. While some programs offer valuable tools and functionalities, others, known as Potentially Unwanted Programs (PUPs), can infiltrate your system and cause unwanted behaviour. This…
Android, Global Security News, Google, malware, News
Strandhogg Malware: A Threat to Android Users
Here, I will talk about Strandhogg malware on Android devices. Strandhogg is a critical vulnerability discovered in the Android operating system that allows malicious applications to hijack legitimate apps. This means that a malicious app can steal your data, impersonate legitimate apps to trick you into revealing sensitive information, or even take control of your…
antivirus, Cybercrime, Global Security News, Hacks, malware, Tips & Hacks
31 Best Safety Tips For Online Shopping
This post will show you our compilation of the best safety tips for online shopping. In today’s digital age, online shopping has revolutionized the way we acquire goods and services. The convenience of browsing an endless array of products from the comfort of our homes and having them delivered to our doorstep is unparalleled. However,…
cyber crime, Cybersecurity, Global Security News, malware, Security
Norton Crack Midnight Ransomware, Release Free Decryptor
Norton finds a flaw in the new Midnight ransomware built from Babuk code and releases a free decryptor to help victims recover files without paying a ransom.
api, backdoor, cyber attack, Global Security News, malware, Security
SesameOp Backdoor Abused OpenAI Assistants API for Remote Access
Microsoft researchers found the SesameOp backdoor using OpenAI’s Assistants API for remote access, data theft, and command communication.
backdoor, Breaking News, Emerging Tech, Global Security News, hacking, malware, Security
SesameOp: New backdoor exploits OpenAI API for covert C2
Microsoft found a new backdoor, SesameOp, using the OpenAI Assistants API for stealthy command-and-control in hacked systems. Microsoft uncovered a new backdoor, named SesameOp, that abuses the OpenAI Assistants API for command-and-control, allowing covert communication within compromised systems. Microsoft Incident Response – Detection and Response Team (DART) researchers discovered the backdoor in July 2025 while…
Breaking News, cyber crime, Cybercrime, Exploits, Global Security News, hacking, malware
Crooks exploit RMM software to hijack trucking firms and steal cargo
Hackers target trucking firms with RMM tools to steal freight, teaming with organized crime to loot goods, mainly food and beverages. Cybercriminals are targeting trucking and logistics firms with RMM tools (remote monitoring and management software) to steal freight. Active since June 2025, the group works with organized crime to loot goods, mainly food and…
Breaking News, cyber crime, Cybercrime, Exploits, Global Security News, hacking, malware
Crooks exploit RMM software to hijack trucking firms and steal cargo
Hackers target trucking firms with RMM tools to steal freight, teaming with organized crime to loot goods, mainly food and beverages. Cybercriminals are targeting trucking and logistics firms with RMM tools (remote monitoring and management software) to steal freight. Active since June 2025, the group works with organized crime to loot goods, mainly food and…
Breaking News, cyber crime, Cybercrime, Global Security News, malware, Security
Jabber Zeus developer ‘MrICQ’ extradited to US from Italy
Ukrainian Yuriy Rybtsov, aka MrICQ, a suspected Jabber Zeus developer, was extradited from Italy to the US to face cybercrime charges. Ukrainian national Yuriy Igorevich Rybtsov (41), aka MrICQ, an alleged Jabber Zeus developer, was arrested in Italy, lost his extradition appeal, and has been sent to the US to face cybercrime charges. After a…
APT, cyber attack, cyber crime, Global Security News, malware, Security
New Dante Spyware Linked to Rebranded Hacking Team, Now Memento Labs
Kaspersky researchers uncovered Operation ForumTroll, an attack campaign utilising the new ‘Dante’ spyware developed by Memento Labs, the rebranded Hacking Team. The attacks used a Chrome zero-day vulnerability (CVE-2025-2783) and COM hijacking for persistence, confirming the continued deployment of advanced surveillance tools by the controversial Italian firm.
Breaking News, cyber crime, Global Security News, malware, Mobile, Security
Android Apps misusing NFC and HCE to steal payment data on the rise
Zimperium zLabs found 760+ Android apps abusing NFC and HCE to steal payment data, showing a surge in NFC relay fraud since April 2024. Zimperium zLabs researchers spotted over 760 Android apps abusing Near-Field Communication (NFC) and Host Card Emulation (HCE) to steal payment data and commit fraud, showing rapid growth in NFC relay attacks…
Check Point, Cybersecurity, fraud, Global Security News, malware, Security
YouTube ‘Ghost Network’ Spreads Infostealer via 3,000 Fake Videos
Check Point Research exposed a sophisticated, role-based operation called the YouTube Ghost Network, distributing dangerous Lumma and Rhadamanthys Infostealer malware. Learn how cybercriminals use hijacked channels and bots to triple malicious video output and steal user credentials.
Breaking News, Cybercrime, data breach, Global Security News, malware, Security
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 69
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter Agenda Ransomware Deploys Linux Variant on Windows Systems Through Remote Management Tools and BYOVD Techniques Uncovering Qilin attack methods exposed through multiple cases Mem3nt0 mori – The Hacking Team is back! Insider Threats Loom…
Breaking News, Exploits, Global Security News, hacking, malware, Security
BadCandy Webshell threatens unpatched Cisco IOS XE devices, warns Australian government
Australia warns of attacks on unpatched Cisco IOS XE devices exploiting CVE-2023-20198, allowing BadCandy webshell install. The Australian Signals Directorate (ASD) warns of ongoing attacks on unpatched Cisco IOS XE devices exploiting CVE-2023-20198, allowing BadCandy webshell infections and admin takeover. “Cyber actors are installing an implant dubbed ‘BADCANDY’ on Cisco IOS XE devices that are vulnerable…
APT, Asia Pacific, Breaking News, Cyber warfare, Global Security News, intelligence, malware
China-linked UNC6384 exploits Windows zero-day to spy on European diplomats
A China-linked APT group UNC6384 exploits a Windows zero-day in an active cyber espionage targeting European diplomats. Arctic Wolf Labs researchers uncovered a cyber espionage campaign by China-linked APT UNC6384 targeting diplomatic entities in Hungary, Belgium, and other EU nations. UNC6384 is a China-nexus actor recently detailed by Google TAG, has expanded from targeting Southeast…
CryptoCurrency, cyber crime, Cybersecurity, Global Security News, malware, Security
Russia Cracks Down on Meduza Stealer Developers
Russia arrests developers of the notorious Meduza Stealer MaaS operation. Learn how the group’s ‘fatal error’ led to the crackdown on domestic cybercrime.
CryptoCurrency, cyber crime, Cybersecurity, Global Security News, malware, Security
Russia Arrests Meduza Stealer Developers After Government Hack
Russia arrests developers of the notorious Meduza Stealer MaaS operation. Learn how the group’s ‘fatal error’ led to the crackdown on domestic cybercrime.