Malware

Keylogger Found Harvesting Credentials on Top US Bank’s Employee Store Bank Employee Store Breach Sansec Keylogger

Bank Employee Store Breach Sansec Keylogger

Keylogger Found Harvesting Credentials on Top US Bank’s Employee Store

Do Son January 17, 2026

Security researchers at Sansec have discovered an active keylogger planted on the employee merchandise store of a...

40,000 Hits in 4 Hours: RondoDox Botnet Storms HPE OneView GUARDIANWALL MailSuite Exploit CVE-2026-32661 FileZen Vulnerability CVE-2026-25108 Ivanti EPMM Vulnerability Dormant Backdoor Fortinet Authentication Bypass CVE-2026-24858 VMware vCenter Server Flaw CVE-2025-21590

GUARDIANWALL MailSuite Exploit CVE-2026-32661 FileZen Vulnerability CVE-2026-25108 Ivanti EPMM Vulnerability Dormant Backdoor Fortinet Authentication Bypass CVE-2026-24858 VMware vCenter Server Flaw CVE-2025-21590

40,000 Hits in 4 Hours: RondoDox Botnet Storms HPE OneView

Do Son January 16, 2026

Check Point Research uncovered a massive, automated assault on HPE OneView. Researchers observed a botnet launching over...

Trusted Tool Turned Traitor: Signed ‘ahost.exe’ Weaponized to Sideload Malware ahost.exe DLL Sideloading Signed Application Abuse PS1Bot, malware ransomware attacks bill

ahost.exe DLL Sideloading Signed Application Abuse PS1Bot, malware ransomware attacks bill

Trusted Tool Turned Traitor: Signed ‘ahost.exe’ Weaponized to Sideload Malware

Do Son January 16, 2026

A routine utility often bundled with developer tools has been weaponized by cybercriminals to bypass security scanners...

SHADOW#REACTOR Malware Builds Remcos RAT via Text Files TanStack Typosquatting npm Supply Chain Attack Axios Supply Chain Attack npm Poisoning eScan Supply Chain Attack Antivirus Compromise APT-36, NCERT WhatsApp Advisory FBI alert, Salesforce Salt Typhoon, APT group ConnectWise ScreenConnect hack Nation-state cyberattack FortiGate Leak - zkLend vulnerability - TRIPLESTRENGTH Threat Actor Group Dark Storm

TanStack Typosquatting npm Supply Chain Attack Axios Supply Chain Attack npm Poisoning eScan Supply Chain Attack Antivirus Compromise APT-36, NCERT WhatsApp Advisory FBI alert, Salesforce Salt Typhoon, APT group ConnectWise ScreenConnect hack Nation-state cyberattack FortiGate Leak - zkLend vulnerability - TRIPLESTRENGTH Threat Actor Group Dark Storm

SHADOW#REACTOR Malware Builds Remcos RAT via Text Files

Do Son January 15, 2026

Security researchers have uncovered a sophisticated new malware framework that is slipping past enterprise defenses by hiding...

VoidLink: The “Cloud-First” Malware Hunting Your Linux Servers Lotus Wiper Digital Sabotage G_Wagon Malware NPM Supply Chain Attack IMAPLoader malware ResolverRAT Malware Evasion

Lotus Wiper Digital Sabotage G_Wagon Malware NPM Supply Chain Attack IMAPLoader malware ResolverRAT Malware Evasion

VoidLink: The “Cloud-First” Malware Hunting Your Linux Servers

Do Son January 14, 2026

A new, highly sophisticated malware framework has emerged from the shadows, specifically engineered to infest the modern...

Spy, Steal, Lock: deVixor Android Trojan Hits Banking & Crypto Users deVixor Malware Android Banking Trojan

deVixor Malware Android Banking Trojan

Spy, Steal, Lock: deVixor Android Trojan Hits Banking & Crypto Users

Do Son January 14, 2026

A sophisticated new threat has emerged in the mobile banking landscape, combining the stealth of a spy...

Malicious Chrome Extension Drains Crypto via Secret API Keys MEXC API Automator Malware Crypto Wallet Drainer

MEXC API Automator Malware Crypto Wallet Drainer

Malicious Chrome Extension Drains Crypto via Secret API Keys

Do Son January 14, 2026

A seemingly helpful tool for cryptocurrency traders has been exposed as a sophisticated wallet-draining trap. Socket’s Threat...

“TryCloudflare” Abuse: AsyncRAT Exploits Free Tunnels to Build Stealthy WebDAV Network AsyncRAT Malware Cloudflare Tunnel Abuse

AsyncRAT Malware Cloudflare Tunnel Abuse

“TryCloudflare” Abuse: AsyncRAT Exploits Free Tunnels to Build Stealthy WebDAV Network

Do Son January 13, 2026

A sophisticated campaign distributing the AsyncRAT Remote Access Trojan is turning a trusted internet service into a...

RustyWater Rising: MuddyWater Drops PowerShell for Stealthy Rust Implants axios Supply Chain Attack WAVESHAPER.V2 SnappyBee Malware Salt Typhoon Stately Taurus ScoringMathTea RAT, Lazarus Reflective DLL

axios Supply Chain Attack WAVESHAPER.V2 SnappyBee Malware Salt Typhoon Stately Taurus ScoringMathTea RAT, Lazarus Reflective DLL

RustyWater Rising: MuddyWater Drops PowerShell for Stealthy Rust Implants

Do Son January 12, 2026

The notorious MuddyWater APT group has overhauled its arsenal, ditching its traditional scripting tools for a sophisticated...

Collateral Damage: Microsoft Defender Blocks Official MAS Script in Malware War Microsoft Activation Scripts block, Trojan:PowerShell/FakeMas.DA!MTB

Microsoft Activation Scripts block, Trojan:PowerShell/FakeMas.DA!MTB

Collateral Damage: Microsoft Defender Blocks Official MAS Script in Malware War

Do Son January 9, 2026

Microsoft is evidently cognizant of the Microsoft Activation Scripts (MAS), a popular open-source utility; moreover, the corporation...

Guloader Malware Rides Wave of Fake Performance Reports Layoff Phishing Scam Remcos RAT Malware Aruba Phishing, Phishing-as-a-Service PyPI, phishing CVE-2024-25608 PyPI Phishing, Credential Theft

Layoff Phishing Scam Remcos RAT Malware Aruba Phishing, Phishing-as-a-Service PyPI, phishing CVE-2024-25608 PyPI Phishing, Credential Theft

Guloader Malware Rides Wave of Fake Performance Reports

Do Son January 9, 2026

Cybercriminals are weaponizing workplace anxiety in a new sophisticated phishing campaign. The AhnLab Security Intelligence Center (ASEC)...

NodeCordRAT: The Trojan Hiding in NPM to Steal Crypto via Discord NodeCordRAT NPM Supply Chain Attack

NodeCordRAT NPM Supply Chain Attack

NodeCordRAT: The Trojan Hiding in NPM to Steal Crypto via Discord

Do Son January 9, 2026

The open-source ecosystem has once again been weaponized, this time targeting developers working with cryptocurrency libraries. In...

LockBit 5.0 Sustains Global Ransomware Dominance LockBit 5.0 Ransomware Ransomware-as-a-Service (RaaS)

LockBit 5.0 Ransomware Ransomware-as-a-Service (RaaS)

LockBit 5.0 Sustains Global Ransomware Dominance

Do Son January 9, 2026

The hydra of the cybercrime world has grown another head. Since its emergence in late 2019, the...

“VM Isolation is Not Absolute”: Researchers Unmask Sophisticated ESXi “Maestro” Exploit GUARDIANWALL MailSuite Exploit CVE-2026-32661 FileZen Vulnerability CVE-2026-25108 Ivanti EPMM Vulnerability Dormant Backdoor Fortinet Authentication Bypass CVE-2026-24858 VMware vCenter Server Flaw CVE-2025-21590

GUARDIANWALL MailSuite Exploit CVE-2026-32661 FileZen Vulnerability CVE-2026-25108 Ivanti EPMM Vulnerability Dormant Backdoor Fortinet Authentication Bypass CVE-2026-24858 VMware vCenter Server Flaw CVE-2025-21590

“VM Isolation is Not Absolute”: Researchers Unmask Sophisticated ESXi “Maestro” Exploit

Do Son January 8, 2026

In a new report, the Huntress Tactical Response Team details a sophisticated intrusion discovered in December 2025...

GoBruteforcer Returns: How AI Code Snippets Fueled a 50,000-Server Botnet Seedworm Espionage Campaign 2026 ChromElevator Stealer DLL Sideloading SIM Swapping Crypto Theft Lazarus Comebacker, Aerospace Espionage Delete PlugX Malware

Seedworm Espionage Campaign 2026 ChromElevator Stealer DLL Sideloading SIM Swapping Crypto Theft Lazarus Comebacker, Aerospace Espionage Delete PlugX Malware

GoBruteforcer Returns: How AI Code Snippets Fueled a 50,000-Server Botnet

Do Son January 8, 2026

A sophisticated new variant of the GoBruteforcer botnet is on the loose, and it’s capitalizing on a...

CrazyHunter: The “Ruthless” Ransomware Stalking Healthcare CrazyHunter Ransomware Healthcare Cyberattacks

CrazyHunter Ransomware Healthcare Cyberattacks

CrazyHunter: The “Ruthless” Ransomware Stalking Healthcare

Do Son January 8, 2026

A new, highly aggressive ransomware strain is cutting a swath through the healthcare sector, leaving hospitals and...

Popular Chinese Utility Hijacked to Deploy Browser Malware Grafana Exploitation, Coordinated Scanning Arcserve UDP Vulnerabilities

Grafana Exploitation, Coordinated Scanning Arcserve UDP Vulnerabilities

Popular Chinese Utility Hijacked to Deploy Browser Malware

Do Son January 7, 2026

The RedDrip Team at QiAnXin Technology’s Threat Intelligence Center has uncovered a widespread malware campaign hiding inside...

macOS Developers in the Crosshairs: GlassWorm’s Wave 4 Exploits VS Code to Trojanize Hardware Wallets GlassWorm Wave 4, macOS Supply Chain Attack

GlassWorm Wave 4, macOS Supply Chain Attack

macOS Developers in the Crosshairs: GlassWorm’s Wave 4 Exploits VS Code to Trojanize Hardware Wallets

Do Son January 6, 2026

The resilient “GlassWorm” threat actor, known for embedding malicious code into Visual Studio Code extensions, has returned...

The Invisible Predator: How VVS Stealer Abuses Pyarmor to Ghost Discord Accounts VVS Stealer, Pyarmor Obfuscation

VVS Stealer, Pyarmor Obfuscation

The Invisible Predator: How VVS Stealer Abuses Pyarmor to Ghost Discord Accounts

Do Son January 5, 2026

A new, highly sophisticated malware strain is making the rounds on the cybercrime underground, targeting the massive...

Transparent Tribe Weaponizes “JLPT” Tests in New Cyber-Espionage Campaign Against India Operation IconCat, UNG0801 AFP cyberattack -NetWalker Ransomware VShell RAT

Operation IconCat, UNG0801 AFP cyberattack -NetWalker Ransomware VShell RAT

Transparent Tribe Weaponizes “JLPT” Tests in New Cyber-Espionage Campaign Against India

Do Son January 5, 2026

A seemingly harmless notification about a Japanese language proficiency exam has become the latest vector for state-aligned...