On the James River, Petersburg, VA, June of 1864, during the American Civil War, General Benjamin Butler, of the US Army, deployed a new weapon into the field that effectively altered the nature of kinetic battles. The later named “Siege of Petersburg,” was the first recorded instance of the Gatling gun being used in battle.…
Category: malware
AI, Cybersecurity, Global Security News, malware
McAfee Vs Norton – Which Is Better?
Here, we will compare McAfee vs Norton and show you the better option. Computer viruses and malware attacks continue to menace the digital world. Such attacks occur multiple billions of times yearly, with numbers as high as eight billion and above. If you’re not protecting your device against viruses and malware, you’re at the mercy…
AI, Exploits, Global Security News, malware, Network Security, Risk Management
KadNap bot compromises 14,000+ devices to route malicious traffic
KadNap malware infects 14,000+ edge devices, mainly Asus routers, turning them into a stealth proxy botnet used to route malicious internet traffic. KadNap malware infects more than 14,000 edge devices, mainly ASUS routers, and turns them into a proxy botnet used to route malicious traffic. First detected in August 2025, the campaign heavily targets the…
AI, china, Cybersecurity, Endpoint, Exploits, Global Security News, Government & Policy, malware, Network Security, Risk Management, Russia
12 ways attackers abuse cloud services to hack your enterprise
Attackers are increasingly abusing trusted SaaS platforms, cloud infrastructure, and identity systems to blend malicious activity into legitimate enterprise traffic. Adversaries are pushing command and control (C2) through high-reputation services, including OpenAI and AWS, to blend in with normal business traffic and evade blocklists. The shift from “living off the land” to “living off the…
AI, Global Security News, malware
Evil evolution: ClickFix and macOS infostealers
Across three recent campaigns, Sophos X-Ops notes shifts in both lures and malware capabilities, as threat actors leveraging ClickFix techniques increasingly target macOS users with infostealers Categories: Threat Research Tags: MacOS, infostealer, clickfix, MacSync, Social engineering
AI, APAC, Apps, Endpoint, Exploits, Global Security News, malware, Network Security, Risk Management
March Patch Tuesday: Three high severity holes in Microsoft Office
Three high severity holes in Microsoft’s Office suite headline the 78 issues listed in the March Patch Tuesday releases, which, grateful CSOs will notice, contain no surprise zero day vulnerabilities. Still, Jack Bicer, director of vulnerability research at Action1, says these Office-related flaws should be treated “with urgency.” “Productivity tools remain one of the most…
Global Security News, malware, Russia
New ‘BlackSanta’ EDR killer spotted targeting HR departments
For more than a year, a Russian-speaking threat actor targeted human resource (HR) departments with malware that delivers a new EDR killer named BlackSanta. […]
Global Security News, malware
New BeatBanker Android malware poses as Starlink app to hijack devices
A new Android malware named BeatBanker can hijack devices and tricks users into installing it by posing as a Starlink app on websites masquerading as the official Google Play Store. […]
AI, Cybersecurity, Exploits, Global Security News, malware
Threat intelligence by ESET is a game changer
Cyber threats have gained the upper hand on many global organizations, attacking through a relentless cycle of new phishing scams, malware attacks and deepfake incidents. As new-age IT and cybersecurity projects continue to proliferate, CIOs, CISOs, and their teams are embracing a variety of cutting-edge strategies to add intelligence to the ever-growing volume of data,…
AI, Apps, Data Breaches, Endpoint, Global Security News, malware, Network Security, Risk Management
Fake OpenClaw npm Package Installs GhostClaw Malware
A malicious npm package is targeting developers by posing as a legitimate command-line tool while secretly deploying an infostealer and a remote access trojan (RAT). The package, @openclaw-ai/openclawai, masquerades as an OpenClaw Installer utility but instead initiates a multi-stage malware operation. Once executed, it attempts to steal credentials, cryptocurrency wallets, SSH keys, browser data, and…
AI, Cybersecurity, Exploits, Global Security News, malware, Network Security
FBI says even in an AI-powered world, security basics still matter
Artificial intelligence may be enhancing cyber threats, but the defensive approach to those AI-amplified attacks remains the same, a top FBI official said Tuesday. “We have seen actors both criminal and nation-state, they’re absolutely using AI to their advantage,” said Jason Bilnoski, deputy assistant director at the FBI’s cyber division. “But the way attacks unfold…
AI, Data Breaches, Endpoint, Exploits, Global Security News, Government & Policy, malware, Network Security
Attackers exploit FortiGate devices to access sensitive network information
Attackers are exploiting FortiGate devices to breach networks and steal configuration data containing service account credentials and network details. SentinelOne researchers warn that attackers are exploiting vulnerabilities or weak credentials in FortiGate devices to gain initial access to corporate networks. Once inside, they extract configuration files that may contain service account credentials and information about…
Global Security News, malware, Russia
Russian Threat Actor Sednit Resurfaces With Sophisticated Toolkit
After several years of using simple implants, the Russia-affiliated actor is back with two new sophisticated malware tools.
AI, Apps, Cybersecurity, Data Breaches, Endpoint, Global Security News, malware, Network Security, Risk Management
Teams Social Engineering Campaign Drops A0Backdoor Malware
Microsoft Teams impersonation and social engineering tactics are being used in an ongoing campaign to deliver a stealthy malware payload known as A0Backdoor. Researchers at BlueVoyant report that the operation combines social engineering techniques, malicious installers, and covert command-and-control (C2) communications to gain persistent access within targeted networks. “The malware’s loader exhibits anti-sandbox evasion, and…
china, Global Security News, malware
China-Linked Hackers Hit Qatar with Backdoor Disguised as War News
China-linked hackers targeted Qatar using fake war news lures to spread PlugX backdoor malware and spy on military and energy sectors.
Cybersecurity, Global Security News, malware
KadNap Malware Infects 14,000+ Edge Devices to Power Stealth Proxy Botnet
Cybersecurity researchers have discovered a new malware called KadNap that’s primarily targeting Asus routers to enlist them into a botnet for proxying malicious traffic. The malware, first detected in the wild in August 2025, has expanded to over 14,000 infected devices, with more than 60% of victims located in the U.S., according to the Black…
AI, Cybersecurity, Exploits, Global Security News, Government & Policy, malware, Russia
APT28 conducts long-term espionage on Ukrainian forces using custom malware
APT28 used BEARDSHELL and COVENANT malware to spy on Ukrainian military personnel, enabling long-term surveillance since April 2024. The Russia-linked group APT28 (aka UAC-0001, aka Fancy Bear, Pawn Storm, Sofacy Group, Sednit, BlueDelta, and STRONTIUM) has used BEARDSHELL and COVENANT malware to conduct long-term surveillance of Ukrainian military personnel. According to ESET, the campaign began in April 2024 and relies on…
Global Security News, malware, Network Security
New KadNap botnet hijacks ASUS routers to fuel cybercrime proxy network
A newly discovered botnet malware called KadNap is targeting primarily ASUS routers and other edge networking devices to turn them into proxies for malicious traffic. […]
Global Security News, malware
Messenger can warn you about sketchy links without knowing what you clicked
Meta’s Advanced browsing protection (ABP) helps Messenger identify and warn users about potentially harmful websites they open from a chat. Malicious sites can try to steal passwords, collect personal information, or install malware. Advanced browsing protection (Source: Meta) “In its standard setting, Safe Browsing uses on-device models to analyze malicious links shared in chats. But…
Global Security News, malware
The New Turing Test: How Threats Use Geometry to Prove ‘Humanness’
Malware is evolving to evade sandboxes by pretending to be a real human behind the keyboard. The Picus Red Report 2026 shows 80% of top attacker techniques now focus on evasion and persistence, including geometry-based cursor tests and CPU timing checks. […]
AI, Data Breaches, Endpoint, Exploits, Global Security News, malware, Network Security, Risk Management
Fake Claude Code Install Pages Spread Infostealer Malware
Threat actors are exploiting a common developer habit — copying installation commands directly from websites — to distribute malware through fake software installation pages. Security researchers at Push Security recently uncovered a campaign targeting users of Anthropic’s Claude Code, a popular command-line AI coding assistant. The attackers are using cloned websites and malicious search advertisements…
AI, Endpoint, Global Security News, malware, Russia
HR, recruiters targeted in year-long malware campaign
An attack campaign targeting HR departments and job recruiters has been stealthily compromising systems, Aryaka researchers have discovered. By avoiding analysis environments and leveraging a specialized module designed to kill antivirus and endpoint detection software, the Russian-speaking attacker(s) behind this campaign have managed to keep their activity largely under the radar. “We currently lack telemetry…
AI, Global Security News, malware, Russia
‘BlackSanta’ EDR Killer Targets HR Workflows
A campaign by Russian-speaking cyberattackers hijacks workflows to deliver security-busting malware, allowing attackers to steal data without detection.
AI, Cybersecurity, Data Breaches, Endpoint, Exploits, Global Security News, Government & Policy, malware, Network Security, Risk Management
OAuth Device Code Phishing: A New Microsoft 365 Account Breach Vector
ANY.RUN’s analysts are observing a sharp increase in phishing activity abusing Microsoft’s OAuth Device Code flow, with more than 180 phishing URLs detected in just one week. This technique represents a shift from credential phishing to token-based account takeover, making detection significantly harder for many SOC teams. Key Takeaways OAuth Device Code phishing is rising rapidly. Campaigns abusing Microsoft’s Device…
AI, Apps, Global Security News, malware
Devs looking for OpenClaw get served a GhostClaw RAT
A malicious npm package posing as an OpenClaw Installer has been caught deploying a remote access trojan (RAT) on victim machines, according to new JFrog research. The package, published under the name “@openclaw-ai/openclawai”, pretends to be an installer for the legitimate CLI tool but instead launches a multi-stage infection chain that steals system credentials, browser…
AI, Global Security News, malware, Russia
APT28 Uses BEARDSHELL and COVENANT Malware to Spy on Ukrainian Military
The Russian state-sponsored hacking group tracked as APT28 has been observed using a pair of implants dubbed BEARDSHELL and COVENANT to facilitate long‑term surveillance of Ukrainian military personnel. The two malware families have been put to use since April 2024, ESET said in a new report shared with The Hacker News. APT28, also tracked as…
AI, Compliance, Cybersecurity, Data Breaches, Exploits, Global Security News, malware, Network Security, Risk Management
The OT security time bomb: Why legacy industrial systems are the biggest cyber risk nobody wants to fix
When I first secured a production line, part of the control system was still running on an unpatched Windows XP machine tucked under a lab table — right next to the state-of-the-art GMP manufacturing setup that produced millions in value every day. Everyone knew that the system was a risk, but no one was willing…
AI, Apps, Cybersecurity, Global Security News, malware, Risk Management
OpenAI to acquire Promptfoo to strengthen AI agent security testing
OpenAI said it plans to acquire AI testing startup Promptfoo, a move aimed at strengthening security checks for AI agents as enterprises move toward deploying autonomous systems in business workflows. Promptfoo’s tools allow developers to test LLM applications against adversarial prompts, including prompt injection and jailbreak attempts, and to evaluate whether models follow safety and…
AI, Compliance, Data Breaches, Exploits, Global Security News, malware
When AI safety constrains defenders more than attackers
Security teams are being urged to adopt AI copilots for threat modeling, phishing simulations, and SOC workflows. Yet many of the most widely deployed, enterprise-approved AI systems struggle to support realistic defensive scenarios once prompts resemble real-world attack behavior. This is not because such activity is inherently malicious, but because mainstream AI safety models are…
AI, Global Security News, malware, Network Security, Risk Management
Hacker abusing .arpa domain to evade phishing detection, says Infoblox
A threat actor has found a new way to evade phishing detection defenses: Manipulate the .arpa top-level domain (TLD) and IPv6-to-IPv4 tunneling to host phishing content on domains that shouldn’t resolve to an IP address. For the uninitiated, the .arpa domain is an Address and Routing Parameter Area domain meant to be used exclusively for internet infrastructure…
AI, Global Security News, malware
Through the Lens of MDR: Analysis of KongTuke’s ClickFix Abuse of Compromised WordPress Sites
Our analysis of an active KongTuke campaign deploying modeloRAT — malware capable of reconnaissance, command execution, and persistent access — through compromised WordPress sites and fake CAPTCHA lures shows that the group still operates this delivery chain in parallel with the newer CrashFix technique.
Global Security News, malware
Microsoft Teams phishing targets employees with backdoors
Hackers contacted employees at financial and healthcare organizations over Microsoft Teams to trick them into granting remote access through Quick Assist and deploy a new piece of malware called A0Backdoor. […]
AI, Apps, Cybersecurity, Data Breaches, Endpoint, Global Security News, malware, Network Security, privacy, Risk Management
Malicious Chrome Extension Targets imToken Wallet Users
A malicious Chrome extension disguised as a harmless color visualization tool is quietly redirecting users to phishing pages designed to steal cryptocurrency wallet credentials. Socket researchers warn that the extension impersonates the popular imToken wallet brand and tricks victims into entering their seed phrases or private keys. The “… extension automatically opens a threat actor-controlled…
AI, Apps, Data Breaches, Endpoint, Exploits, Global Security News, malware, Network Security, Risk Management
AVideo Zero-Click Flaw Lets Attackers Hijack Live Streams
A flaw in the open-source AVideo platform requires no authentication and allows attackers to remotely execute commands and take over affected servers. Exploitation of the vulnerability “… can lead to full server compromise, data exfiltration (e.g., configuration secrets, internal keys, credentials), and service disruption,” said researchers. Inside the AVideo Server Takeover Risk AVideo is an…
AI, Apps, Data Breaches, Endpoint, Global Security News, malware, Network Security, Risk Management, Russia
CleanMyMac Imposter Site Installs SHub Stealer on Macs
A fake version of the popular Mac utility CleanMyMac is being used to trick users into installing data-stealing malware. The campaign uses a fraudulent website that instructs visitors to manually run a command in Terminal, which secretly installs a macOS infostealer known as SHub Stealer. This malware steals “… sensitive data including saved passwords, browser…
AI, Apps, Exploits, Global Security News, Government & Policy, malware, Risk Management, Russia
Russia-linked hackers target Signal, WhatsApp of officials globally
Russia-linked hackers are targeting Signal and WhatsApp accounts of government and military officials worldwide, warns Dutch intelligence. Dutch intelligence agencies (MIVD and AIVD) warn of a global campaign by Russia-linked threat actors aiming to compromise Signal and WhatsApp accounts. The operation targets government officials, civil servants, and military personnel, highlighting growing cyber risks to sensitive…
AI, Global Security News, malware
Iran’s MuddyWater Hackers Target US Firms with New Dindoor Backdoor
Researchers say Iran’s MuddyWater hackers targeted US companies and an Israeli software firm’s department in a cyber campaign using the Dindoor malware – All this amid the ongoing conflict.
AI, Global Security News, malware
Chinese Cyber Threat Lurks In Critical Asian Sectors for Years
An undefined Chinese-speaking actor wields a combo of custom malware, open source tools, and LOTL binaries against Windows and Linux, likely for spying.
AI, Global Security News, malware
RAR Occasion: Unzipping an Attacker’s Playbook at Cisco Live Amsterdam
Cisco Live Amsterdam 2026 SOC detected, investigated, and neutralized a malicious file delivered via email—leveraging Cisco XDR, Splunk Attack Analyzer, Secure Malware Analytics, and Endace.
AI, Global Security News, malware
Fake Claude Code install pages highlight rise of “InstallFix” attacks
Users looking for Anthropic’s Claude Code agentic AI coding tool are being tricked via fake Claude Code install pages into running malware, Push Security researchers have warned. The attackers behind this scheme are faithfully cloning Anthropic’s installation page, hosting it on a lookalike domain, and paying Google to surface those fake pages on the top…
AI, Global Security News, malware
Chrome Extension Turns Malicious After Ownership Transfer, Enabling Code Injection and Data Theft
Two Google Chrome extensions have turned malicious after what appears to be a case of ownership transfer, offering attackers a way to push malware to downstream customers, inject arbitrary code, and harvest sensitive data. The extensions in question, both originally associated with a developer named “akshayanuonline@gmail.com” (BuildMelon), are listed below – QuickLens – Search Screen…
AI, Apps, Global Security News, malware, Russia
Massive GitHub malware operation spreads BoryptGrab stealer
Trend Micro found BoryptGrab stealer spreading through 100+ GitHub repositories, stealing browser data, crypto wallets, system information, and user files. Trend Micro uncovered a campaign distributing the BoryptGrab information stealer through more than 100 GitHub repositories. BoryptGrab is designed to collect browser and cryptocurrency wallet data, system details, and common files. Some variants also deploy…
AI, Apps, Europe, Global Security News, Government & Policy, malware, Network Security, privacy, Russia
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 87
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter Malware Reverse Engineering is no longer a human problem! StegaBin: 26 Malicious npm Packages Use Pastebin Steganography to Deploy Multi-Stage Credential Stealer Inside a fake Google security check that becomes a browser RAT SloppyLemming…
AI, Apps, Global Security News, malware
Week in review: Weaponized OAuth redirection logic delivers malware, Patch Tuesday forecast
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: BlacksmithAI: Open-source AI-powered penetration testing framework BlacksmithAI is an open-source penetration testing framework that uses multiple AI agents to execute different stages of a security assessment lifecycle. BlacksmithAI runs as a hierarchical system in which an orchestrator coordinates task execution…
AI, Cybersecurity, Data Breaches, Europe, Exploits, Global Security News, Government & Policy, malware, Network Security, privacy, Risk Management, Russia, Venture
Security Affairs newsletter Round 566 by Pierluigi Paganini – INTERNATIONAL EDITION
A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. FBI probing intrusion into a system managing sensitive surveillance information Reading White House President Trump’s Cyber…
Global Security News, malware
Termite ransomware breaches linked to ClickFix CastleRAT attacks
Ransomware threat actors tracked as Velvet Tempest are using the ClickFix technique and legitimate Windows utilities to deploy the DonutLoader malware and the CastleRAT backdoor. […]
AI, Cybersecurity, Endpoint, Global Security News, malware, Network Security, Risk Management
ClickFix attackers using new tactic to evade detection, says Microsoft
Threat actors are trying a different tactic to sucker employees into falling for ClickFix phishing attacks that install malware, says Microsoft. Rather than asking potential victims to copy and paste a (malicious) command into the Run dialog, launched by hitting the Windows button plus the letter R, they are being told to use the Windows…
AI, Cybersecurity, Endpoint, Global Security News, malware, Network Security, Risk Management
ClickFix attackers using new tactic to evade detection, says Microsoft
Threat actors are trying a different tactic to sucker employees into falling for ClickFix phishing attacks that install malware, says Microsoft. Rather than asking potential victims to copy and paste a (malicious) command into the Run dialog, launched by hitting the Windows button plus the letter R, they are being told to use the Windows…
AI, Apps, Data Breaches, Endpoint, Exploits, Global Security News, malware, Network Security, Risk Management
WordPress Plugin Flaw Lets Attackers Create Admin Accounts
A vulnerability in a popular WordPress membership plugin could allow attackers to create administrator accounts and completely take over affected websites. The flaw affects the User Registration & Membership plugin and enables unauthenticated attackers to bypass security controls during the account registration process. This vulnerability allows “… unauthenticated attackers to create administrator accounts by supplying…
AI, Data Breaches, Europe, Exploits, Global Security News, Government & Policy, malware, Network Security, Risk Management
Iran-linked MuddyWater deploys Dindoor malware against U.S. organizations
Iran-linked APT MuddyWater targeted U.S. organizations, deploying the new Dindoor backdoor across sectors including banks, airports, and nonprofits. Broadcom’s Symantec Threat Hunter Team uncovered a campaign by the Iran-linked MuddyWater (aka SeedWorm, TEMP.Zagros, Mango Sandstorm, TA450, and Static Kitten) APT group targeting several U.S. organizations. “Activity associated with Iranian APT group Seedworm has been spotted on the networks of multiple…
AI, Apps, Data Breaches, Global Security News, Government & Policy, malware, Network Security, Politics, Risk Management
FBI Investigates Suspicious Activity in Surveillance Platform
The Federal Bureau of Investigation (FBI) is investigating suspicious cyber activity involving systems used to process surveillance and wiretap warrants, raising concerns about the security of highly sensitive law enforcement infrastructure. Although officials say the issue has been contained, the incident highlights the growing cyber risks facing government networks that store and manage critical investigative…
AI, Apps, Cloud Security, Cybersecurity, Data Breaches, Endpoint, Exploits, Global Security News, malware, Network Security, Risk Management
CyberProof 2026 Report Warns of Rising Identity and AI Cyberattacks
The global cyber threat landscape shifted in 2025, as attackers increasingly abandoned complex malware in favor of faster, more scalable tactics centered on identity compromise, AI-driven automation, and SaaS ecosystem abuse. According to the CyberProof 2026 Global Threat Intelligence Report, attackers are no longer focused on breaking through network perimeters. Instead, they are logging in…
AI, APAC, Apps, Compliance, Cybersecurity, Endpoint, Global Security News, malware, Network Security, Risk Management
Channel M&A Roundup: February 2026 Consolidation Trends
During the month of February, the channel witnessed several key acquisitions and a couple of mergers aimed at increasing revenue and supporting partners. Among the moves are acquisitions by 11:11 Systems, Scale Computing, and Proofpoint, which continue to pursue strategic acquisitions to grow their businesses and expand their services. Proofpoint acquires Acuvity Cybersecurity and compliance…
AI, Cybersecurity, Global Security News, malware
Multi-Stage VOID#GEIST Malware Delivering XWorm, AsyncRAT, and Xeno RAT
Cybersecurity researchers have disclosed details of a multi-stage malware campaign that uses batch scripts as a pathway to deliver various encrypted remote access trojan (RATs) payloads that correspond to XWorm, AsyncRAT, and Xeno RAT. The stealthy attack chain has been codenamed VOID#GEIST by Securonix Threat Research. At a high level, the obfuscated batch script is…
AI, Global Security News, malware
Targeted advertising is also targeting malware
Online ads are increasingly being used a means of introducing malware into organizations, according to The Media Trust. “Malvertising surpassed both email and direct hacks as the leading vector for malware delivery worldwide,” said Chris Olson, CEO of The Media Trust, an ad scanning and filtering company with, perhaps, a vested interest in playing up…
AI, Global Security News, malware
Targeted advertising is also targeting malware
Online ads are increasingly being used a means of introducing malware into organizations, according to The Media Trust. “Malvertising surpassed both email and direct hacks as the leading vector for malware delivery worldwide,” said Chris Olson, CEO of The Media Trust, an ad scanning and filtering company with, perhaps, a vested interest in playing up…
AI, Exploits, Global Security News, malware, Network Security, Risk Management
Microsoft warns of ClickFix campaign exploiting Windows Terminal to deliver Lumma Stealer
Microsoft warns of ClickFix campaign using Windows Terminal to deliver Lumma Stealer via social engineering attacks. Microsoft revealed a new ClickFix campaign where attackers exploit Windows Terminal to run a complex attack chain, ultimately deploying Lumma Stealer malware. The campaign uses social engineering to trick users into executing malicious commands, highlighting growing risks to Windows…
AI, Apps, Endpoint, Global Security News, Government & Policy, malware, Network Security
Iran-nexus APT Dust Specter targets Iraq officials with new malware
A campaign by Iran-linked group Dust Specter is targeting Iraqi officials with phishing emails delivering new malware families. Zscaler ThreatLabz researchers linked the Iran-nexus group Dust Specter to a campaign targeting Iraqi government officials. Threat actors impersonated the country’s Ministry of Foreign Affairs in phishing messages that delivered previously unseen malware, including SPLITDROP, TWINTASK, TWINTALK,…
AI, Cybersecurity, Data Breaches, Global Security News, malware, Network Security
Teenage hacker myth primed for a middle-age criminal makeover
The Hollywood image of criminal hackers being largely teenage ne’er do wells is due for an update. That’s because profit-seeking career criminals — often approaching middle age — make up the largest cohort of today’s cybercriminals, according to an analysis of criminal cases carried out by Orange Cyberdefence. The Orange Group’s cybersecurity unit analysed 418…
AI, Cybersecurity, Exploits, Global Security News, malware, Network Security, Risk Management
U.S. CISA adds Apple, Rockwell, and Hikvision flaws to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Apple, Rockwell, and Hikvision flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Apple, Rockwell, and Hikvision flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the flaws added to the catalog: CVE-2023-43000 (CVSS score of 8.8) Apple Multiple products Use-After-Free Vulnerability CVE-2017-7921 (CVSS…
AI, Compliance, Cybersecurity, Endpoint, Global Security News, malware, Network Security, privacy, Risk Management
Challenges and projects for the CISO in 2026
Sophisticated attacks and the incorporation of AI tools, talent shortages, and tight budgets are some of the challenges commonly cited when it comes to managing cybersecurity in organizations. In a changing environment, the key is no longer to stay one step ahead, but to maintain a resilient infrastructure that ensures a rapid response when —…
AI, Apps, china, Exploits, Global Security News, Government & Policy, malware, Network Security
Google GTIG: 90 zero-day flaws exploited in 2025 as enterprise targets grow
Google’s GTIG reports 90 zero-day vulnerabilities exploited in the wild in 2025, up from 78 in 2024, with a growing share targeting enterprise systems. Google’s Threat Intelligence Group (GTIG) identified 90 zero-day vulnerabilities exploited in the wild in 2025. While slightly below the 100 observed in 2023, the number increased from 78 in 2024, with…
AI, Global Security News, malware
Microsoft Reveals ClickFix Campaign Using Windows Terminal to Deploy Lumma Stealer
Microsoft on Thursday disclosed details of a new widespread ClickFix social engineering campaign that has leveraged the Windows Terminal app as a way to activate a sophisticated attack chain and deploy the Lumma Stealer malware. The activity, observed in February 2026, makes use of the terminal emulator program instead of instructing users to launch the…
AI, Global Security News, malware
Bing AI promoted fake OpenClaw GitHub repo pushing info-stealing malware
Fake OpenClaw installers hosted in GitHub repositories and promoted by Microsoft Bing’s AI-enhanced search feature instructed users to run commands that deployed information stealers and proxy malware. […]
Global Security News, malware
Nation-State Actor Embraces AI Malware Assembly Line
Pakistan’s APT36 threat group has begun using vibe-coding to churn out mediocre malware, but at a scale that could overwhelm defenses.
AI, Data Breaches, Global Security News, malware, Network Security, Russia
Phobos Ransomware admin faces up to 20 years after guilty plea
Russian national Evgenii Ptitsyn (43) pleaded guilty in the U.S. for his role in the Phobos ransomware operation. Russian national Evgenii Ptitsyn pleaded guilty in the US to wire fraud conspiracy for his role in the Phobos ransomware scheme. The man was arrested in South Korea in 2024 and extradited to the United States. He…
AI, Apps, Cybersecurity, Exploits, Global Security News, malware, Network Security
Cisco reveals 2 max-severity defects in firewall management software
Cisco released information on a pair of max-severity vulnerabilities in its firewall management software Wednesday that unauthenticated, remote attackers could exploit to obtain the highest level of access to the underlying operating system or on affected devices. The vulnerabilities — CVE-2026-20079 and CVE-2026-20131 — affect the web-based interface of Cisco Secure Firewall Management Center (FMC)…
AI, Global Security News, Government & Policy, malware, Russia
Russian APT targets Ukraine with BadPaw and MeowMeow malware
Researchers uncovered a Russian campaign targeting Ukrainian entities with new malware families BadPaw and MeowMeow delivered through phishing emails. Researchers reported a phishing campaign linked to Russia that targets Ukrainian organizations using two new malware families, BadPaw and MeowMeow. The attack chain begins with a phishing email carrying a link to a ZIP archive. When…
AI, Apps, china, Exploits, Global Security News, malware, Network Security, Risk Management, Russia
Coruna iOS exploit kit moved from spy tool to mass criminal campaign in under a year
Google’s threat intelligence researchers have identified a sophisticated exploit kit targeting iPhones that was first used by a commercial surveillance vendor’s customer before being repurposed by a suspected Russian espionage group and then by Chinese cybercriminals, highlighting what researchers describe as an active secondary market for high-end zero-day exploits. “How this proliferation occurred is unclear,…
AI, Apps, Data Breaches, Endpoint, Exploits, Global Security News, malware, Network Security, Risk Management, Russia
Coruna iOS Exploit Kit Compromises Thousands of iPhones
An iOS exploit framework has revealed how advanced mobile attack tools can move rapidly from surveillance operations to espionage and financial crime. Google’s Threat Intelligence Group (GTIG) identified Coruna, a powerful exploit kit containing 23 vulnerabilities across five exploit chains that were used to compromise thousands of iPhones throughout 2025. “The core technical value of…
AI, Global Security News, malware, Risk Management
That attractive online ad might be a malware trap
Malware increasingly travels through the infrastructure that delivers online advertising. The Media Trust’s Global Report on Digital Trust, Ad Integrity, and the Protection of People describes a digital ad ecosystem where scam campaigns, malicious redirects, and malware delivery appear alongside marketing traffic. The financial impact of these threats continues to grow. Estimated consumer and business…
AI, Global Security News, Government & Policy, malware
Dust Specter Targets Iraqi Officials with New SPLITDROP and GHOSTFORM Malware
A suspected Iran-nexus threat actor has been attributed to a campaign targeting government officials in Iraq by impersonating the country’s Ministry of Foreign Affairs to deliver a set of never-before-seen malware. Zscaler ThreatLabz, which observed the activity in January 2026, is tracking the cluster under the name Dust Specter. The attacks, which manifest in the…
AI, Cybersecurity, Global Security News, malware, Network Security, Risk Management
Threat Coverage Digest: New Malware Reports and 2,400+ Detection Rules
February brought another round of major detection improvements across ANY.RUN’s threat intelligence and sandbox coverage. Alongside new Threat Intelligence reports, our analysts expanded behavioral visibility across dozens of malware families, strengthened detection logic for modern phishing and data-stealing campaigns, and added thousands of new network detection rules. Let’s take a closer look at the updates delivered this month. Threat Intelligence Reports …
AI, Cybersecurity, Global Security News, malware, Russia
APT28-Linked Campaign Deploys BadPaw Loader and MeowMeow Backdoor in Ukraine
Cybersecurity researchers have disclosed details of a new Russian cyber campaign that has targeted Ukrainian entities with two previously undocumented malware families named BadPaw and MeowMeow. “The attack chain initiates with a phishing email containing a link to a ZIP archive. Once extracted, an initial HTA file displays a lure document written in Ukrainian concerning…
AI, Data Breaches, Europe, Global Security News, malware
Operation Leak: FBI and Europol dismantle LeakBase Cybercrime forum
The Federal Bureau of Investigation seized the LeakBase cybercrime forum in an international crackdown led by Europol. The Federal Bureau of Investigation seized the LeakBase cybercrime forum (leakbase[.]la), a platform used to trade hacking tools and stolen data. The action formed part of “Operation Leak,” an international effort coordinated by Europol involving authorities from 14…
AI, china, Cybersecurity, Data Breaches, Europe, Exploits, Global Security News, Government & Policy, malware, Network Security, Risk Management, Russia
State-affiliated hackers set up for critical OT attacks that operators may not detect
Several state-linked threat groups known for breaking into operational technology (OT) networks have shifted their focus over the past year from gaining and maintaining access to actively mapping out ways to disrupt physical industrial processes. The shift poses a significant threat because fewer than one in 10 OT networks have monitoring in place to detect…
AI, Apps, Cybersecurity, Exploits, Global Security News, malware, Network Security, Risk Management
14 old software bugs that took way too long to squash
In 2021, a vulnerability was revealed in a system that lay at the foundation of modern computing. An attacker could force the system to execute arbitrary code. Shockingly, the vulnerable code was almost 54 years old — and there was no patch available, and no expectation that one would be forthcoming. Fortunately, that’s because the…
AI, Exploits, Global Security News, Government & Policy, malware
Google uncovers Coruna iOS Exploit Kit targeting iOS 13–17.2.1
Google warns of the Coruna iOS exploit kit, using 23 exploits across five chains to target iPhones running iOS 13–17.2.1, but not the latest iOS. Google’s Threat Intelligence Group has identified a powerful new iOS exploit kit called Coruna (also known as CryptoWaters) that targets Apple iPhones running iOS versions 13.0 through 17.2.1. The kit…
AI, Apps, Exploits, Global Security News, malware, Network Security, Russia
Microsoft leads takedown of Tycoon2FA phishing service infrastructure
The infrastructure hosting the Tycoon2FA service, which Europol said was among the largest phishing operations worldwide, has been taken down by a coalition of IT companies and law enforcement agencies. At least temporarily, this removes access to one more tool for evading multifactor authentication defenses from threat actors. Europol, which coordinated the operation, said Wednesday…
AI, Global Security News, malware
New BoryptGrab Stealer Targets Windows Users via Deceptive GitHub Pages
The BoryptGrab campaign uses fake SEO‑optimized GitHub repositories and deceptive download pages to distribute a data‑stealing malware family that delivers multiple payloads, including a reverse SSH backdoor, to Windows users.
AI, Apps, Exploits, Global Security News, malware, Network Security
Cisco fixes maximum-severity Secure FMC bugs threatening firewall security
Cisco patched two critical Secure FMC vulnerabilities that could let attackers gain root access to managed firewalls. Cisco addressed two maximum-severity vulnerabilities in its Secure Firewall Management Center (FMC) that could allow attackers to gain root access. Cisco Secure Firewall Management Center (FMC) is a centralized management platform for Cisco firewalls. It lets administrators configure,…
AI, Global Security News, malware, Network Security
Fake Zoom, Teams Meeting Invites Use Compromised Certificates to Drop Malware
A new phishing campaign is using stolen certificates from TrustConnect Software PTY LTD to sign malware. By impersonating updates for Zoom and Microsoft Teams, hackers install RMM tools to gain persistent, privileged access to networks
AI, Exploits, Global Security News, malware, Network Security, Risk Management
Attackers are using your network against you, according to Cloudflare
Cloudflare’s inaugural threat intelligence report identifies a series of weaknesses in technology that attackers have abused and industrialized into professional “attack factories,” leaving most organizations unprepared to respond. Attackers are turning the very services victims deploy and pay for into tools for launching large-scale attacks. Researchers say the barrier to entry has vanished, as identities…
Global Security News, malware
Dark Reading Confidential: This Threat Hunter Helped Cops Bust Up An African Cybercrime Syndicate
Dark Reading Confidential Episode 15: Interpol relied on Will Thomas and team to help break up a sprawling cybercrime ring, leading to the arrest of 574 suspects, the recovery of more than $3 million, and the decryption of six malware variants. Here’s his story.
AI, Cybersecurity, Exploits, Global Security News, malware, Risk Management
CVE-2026-21385: Google Patches Qualcomm Zero-Day Exploited in Targeted Android Attacks
Steady cadence of Android zero-days marked as exploited in the wild makes its path to 2026. Following CVE-2025-48633 and CVE-2025-48572, two Android Framework bugs Google flagged for active exploitation, defenders keep seeing the same familiar pattern. Mobile-chain vulnerabilities can move fast from limited attacks to real enterprise risk when patching lags. In March 2026, that…
AI, Global Security News, malware
Multi-Stage “BadPaw” Malware Campaign Targets Ukraine
Malware campaign uses Ukrainian email service for credibility, deploying “BadPaw” to execute attacks
AI, Apps, Cybersecurity, Endpoint, Global Security News, Government & Policy, malware, Network Security, Risk Management
Iranian cyberattacks fail to materialize but threat remains acute
Five days into US and Israel’s war with Iran, the worst predictions for cyber-retaliation have yet to materialize. But Iran has built one of the world’s most active cyber operations, which means this is likely a temporary reprieve, experts warn. At the weekend, both the UK National Cyber Security Centre (NCSC) and the Canadian Centre…
AI, Apps, Cybersecurity, Endpoint, Global Security News, Government & Policy, malware, Network Security, Risk Management
Iranian cyberattacks fail to materialize but threat remains acute
Five days into US and Israel’s war with Iran, the worst predictions for cyber-retaliation have yet to materialize. But Iran has built one of the world’s most active cyber operations, which means this is likely a temporary reprieve, experts warn. At the weekend, both the UK National Cyber Security Centre (NCSC) and the Canadian Centre…
AI, Apps, Compliance, Endpoint, Europe, Global Security News, Government & Policy, malware, Risk Management
Google Workspace vs. Microsoft 365: What’s the best office suite for business?
Once upon a time, Microsoft Office ruled the business world. By the late ’90s and early 2000s, Microsoft’s office suite had brushed aside rivals such as WordPerfect Office and Lotus SmartSuite, and there was no competition on the horizon. Then in 2006 Google came along with Google Docs & Spreadsheets, a collaborative online word processing and…
AI, Global Security News, malware
3 Android theft protection additions you should absolutely activate
BRRRRRRRRRREAKING NEWS, y’all: Despite what the internet’s many misleading headlines may lead you to believe, Android security (gasp!) isn’t actually all that scary. You know that by now, right? Any reasonably recent Android device has layers upon layers of built-in protection. You’ve got mountains of Android security settings standing by and waiting to protect you…
Global Security News, malware
Telegram Increasingly Used to Sell Access, Malware and Stolen Logs
Cybercriminals are now increasingly using Telegram to sell corporate access, malware subscriptions, and stealer logs, turning the messaging app into a fast cybercrime hub.
AI, Compliance, Cybersecurity, Data Breaches, Endpoint, Exploits, Global Security News, malware, Network Security, Risk Management
Major Cyber Attacks in February 2026: BQTLock, Thread-Hijack Phishing, and MFA Bypass Evolution
February 2026 brought a surge of sophisticated cyber threats targeting businesses across industries. ANY.RUN’s analysts exposed and explored several major cyber threats this month, providing early visibility into emerging malware families and evolving attack techniques. From new ransomware strains capable of encrypting entire environments in minutes, to fully undetected remote access trojans — the threat…
AI, Global Security News, malware
Want More XWorm?, (Wed, Mar 4th)
And another XWorm[1] wave in the wild! This malware family is not new and heavily spread but delivery techniques always evolve and deserve to be described to show you how threat actors can be imaginative! This time, we are facing another piece of multi-technology malware. Here is a quick overview: The Javascript is a classic obfuscated one: No need…
AI, china, Exploits, Global Security News, Government & Policy, malware, Network Security, Risk Management, Russia
NCSC Warns UK Organisations to Prepare for Potential Iran-Linked Cyber Activity
Geopolitical conflict rarely stays confined to physical battlefields. Increasingly, it spills into the digital domain. The latest escalation of tensions in the Middle East has prompted the UK’s National Cyber Security Centre (NCSC) to issue a warning to organisations to review their cyber security posture and prepare for possible cyber activity linked to Iran. While…
AI, Apps, Exploits, Global Security News, malware
Researchers discover suite of agentic AI browser vulnerabilities
Researchers have discovered multiple vulnerabilities that let attackers to quietly hijack agentic AI browsers. Researchers at Zenity Labs discovered these flaws, which affected multiple AI browsers, including Perplexity’s Comet. Before being patched, an attacker could exploit them via a legitimate calendar invite, using a prompt injection to force the AI browser to act against its…
AI, Global Security News, Government & Policy, malware
Threat actors weaponize OAuth redirection logic to deliver malware
An ongoing phishing campaign is abusing the OAuth authentication redirection mechanism to avoid triggering conventional email and browser defenses, Microsoft researchers have revealed. The attackers are targeting government and public-sector organizations, and redirecting unsuspecting users from trusted login pages to their own infrastructure, to serve malware or capture login credentials. The attack, from the victim’s…
AI, Apps, Exploits, Global Security News, Government & Policy, malware, Risk Management
UAC-0252 Attack Detection: SHADOWSNIFF and SALATSTEALER Fuel Phishing Campaigns in Ukraine
Since January 2026, CERT-UA has been tracking a series of intrusions attributed to UAC-0252 and built around SHADOWSNIFF and SALATSTEALER infostealers. The campaigns rely on well-crafted phishing lures, payload staging on legitimate infrastructure, and user-driven execution of disguised EXE files. Detect UAC-0252 Attacks Covered in CERT-UA#20032 According to the Phishing Trends Q2 2025 research by…
AI, Apps, Endpoint, Exploits, Global Security News, malware
OAuth phishers make ‘check where the link points’ advice ineffective
Microsoft has warned that phishers are exploiting a built-in behavior of the OAuth authentication protocol to redirect victims to malware, using links that point to legitimate identity provider domains such as Microsoft Entra ID and Google Workspace. The links look safe but ultimately lead somewhere that isn’t. “OAuth includes a legitimate feature that allows identity…
AI, Apps, Endpoint, Exploits, Global Security News, malware
OAuth phishers make ‘check where the link points’ advice ineffective
Microsoft has warned that phishers are exploiting a built-in behavior of the OAuth authentication protocol to redirect victims to malware, using links that point to legitimate identity provider domains such as Microsoft Entra ID and Google Workspace. The links look safe but ultimately lead somewhere that isn’t. “OAuth includes a legitimate feature that allows identity…
AI, Global Security News, malware
The Emerging Workload Security Threat, a Retrospective on VoidLink
Explore how VoidLink, a malware framework, targets Kubernetes and AI workloads. Discover why kernel-level runtime security is the new frontline.