Malware Archives • Page 2 of 129 • Daily CyberSecurity

Poisoned Code: Stealthy Malicious Go Module Backdoor Discovered in Long-Running Typosquat

Ddos May 25, 2026

Open-source software repositories remain a top target for modern cybercriminals. Recently, Socket’s Threat Research Team uncovered a...

In-Memory Financial Theft: Inside Banana RAT’s Operator-Driven Attacks on Brazilian Banks Banana RAT Banking Trojan SHADOW-WATER-063 MaaS

In-Memory Financial Theft: Inside Banana RAT’s Operator-Driven Attacks on Brazilian Banks

Ddos May 25, 2026

A sophisticated, highly focused banking trojan is actively undermining the security controls of financial institutions across South...

Cloud Under Siege: Persistent P2Pinfect Botnet Activity Discovered in Kubernetes Environments

Ddos May 24, 2026

Security researchers have discovered a stealthy cloud threat hiding inside enterprise cloud environments. Specifically, FortiGuard Labs recently...

Legitimate Software Abused: Stealthy ValleyRAT Malware Campaign Targets Enterprise Users

Ddos May 24, 2026

A dangerous new ValleyRAT malware campaign is currently targeting unsuspecting corporate users across the internet. Specifically, threat...

Malicious JS Lifecycle Hooks Found Hiding Inside PHP Composer Packages PHP Supply Chain Attack Socket Composer Malicious Postinstall

Malicious JS Lifecycle Hooks Found Hiding Inside PHP Composer Packages

Ddos May 23, 2026

Security researchers at Socket have uncovered a coordinated attack targeting PHP Composer packages by hiding malicious JavaScript...

Supply Chain Storm: Over 700 Laravel Lang Versions Poisoned with Malicious RCE Backdoor Laravel Lang Supply Chain Attack laravel-lang RCE Backdoor

Laravel Lang Supply Chain Attack laravel-lang RCE Backdoor

Supply Chain Storm: Over 700 Laravel Lang Versions Poisoned with Malicious RCE Backdoor

Ddos May 23, 2026

A major software supply-chain storm is brewing in the PHP ecosystem. Security firm Socket has exposed a...

WantToCry Ransomware Leverages Exposed SMB for Remote Encryption Loops WantToCry Remote Ransomware SMB Brute Force Attacks

WantToCry Ransomware Leverages Exposed SMB for Remote Encryption Loops

Ddos May 23, 2026

A newly analyzed ransomware campaign is turning traditional endpoint defense playbooks upside down by executing its entire...

Malware-as-a-Service Exposed: Cisco Talos Unmasks Developer Behind Prolific “BadIIS” Web Server Toolkit BadIIS Malware as a Service

Malware-as-a-Service Exposed: Cisco Talos Unmasks Developer Behind Prolific “BadIIS” Web Server Toolkit

Ddos May 22, 2026

A sweeping forensic threat intelligence report has exposed the inner workings of a sophisticated, highly commercialized cybercriminal...

Bypassing Terminal Protections: New SHub “Reaper” Variant Abuses AppleScript to Loot macOS Endpoints SHub Stealer Reaper Variant macOS AppleScript Mitigation Bypass

SHub Stealer Reaper Variant macOS AppleScript Mitigation Bypass

Bypassing Terminal Protections: New SHub “Reaper” Variant Abuses AppleScript to Loot macOS Endpoints

Ddos May 22, 2026

Information stealers targeting macOS have continued to proliferate over the last two years, with threat actors iterating...

Predating Stuxnet: How the “fast16” Malware Secretly Sabotaged Nuclear Weapons Simulations fast16 Sabotage Malware Nuclear Weapon Simulation Tampering

fast16 Sabotage Malware Nuclear Weapon Simulation Tampering

Predating Stuxnet: How the “fast16” Malware Secretly Sabotaged Nuclear Weapons Simulations

Ddos May 21, 2026

In the annals of cyber warfare, Stuxnet has long been considered the premier example of malware specifically...

PawsRunner Steganography Loader PureLogs Infostealer Campaign

New PawsRunner Steganography Loader Evades EDR to Deploy PureLogs Infostealer

Ddos May 21, 2026

The use of steganography—the ancient art of hiding secret messages inside seemingly ordinary files—is experiencing a massive...

Bypassing MFA: Gremlin Stealer Evolves into Advanced Memory-Resident Session Hijacker Gremlin Stealer Unit 42 Session Hijacking Malware

Bypassing MFA: Gremlin Stealer Evolves into Advanced Memory-Resident Session Hijacker

Ddos May 21, 2026

Information stealers are no longer just basic, entry-level scripts designed to lift saved passwords from standard browser...

Ecosystem Poisoned: Mini Shai-Hulud Worm Hijacks @antv npm Packages to Target CI/CD Pipelines AntV npm Supply Chain Attack Mini Shai-Hulud npm Worm

AntV npm Supply Chain Attack Mini Shai-Hulud npm Worm

Ecosystem Poisoned: Mini Shai-Hulud Worm Hijacks @antv npm Packages to Target CI/CD Pipelines

Ddos May 21, 2026

A massive, fast-moving software supply chain attack has struck the global JavaScript development ecosystem. Over the past...

Secret Blizzard Transforms Kazuar into a Modular P2P Botnet Ecosystem Kazuar P2P Botnet Secret Blizzard Malware Evolution

Secret Blizzard Transforms Kazuar into a Modular P2P Botnet Ecosystem

Ddos May 20, 2026

The Russian state-sponsored cyber-espionage threat group widely known as Secret Blizzard is fundamentally rewriting its technical playbook....

Velvet Chollima Leaves Backend Keys Inside Critical GitLab Dead-Drop Malware Velvet Chollima GitLab Malware Tralert FX EV Certificate

Velvet Chollima Leaves Backend Keys Inside Critical GitLab Dead-Drop Malware

Ddos May 20, 2026

A routine investigation into a low-detection installer has blown the doors off a highly organized, financially motivated...

Kimsuky Core Upgrades Weaponize Rust Backdoors and VSCode Remote Tunneling Kimsuky HelloDoor Backdoor VSCode Tunneling Espionage

Kimsuky Core Upgrades Weaponize Rust Backdoors and VSCode Remote Tunneling

Ddos May 20, 2026

The prolific Korean-speaking threat actor known as Kimsuky is executing a major tactical evolution, incorporating modern programming...

Multi-Stage PyInstaller Loader Weaponizes AMSI Patching to Deploy XWorm RAT NATS-as-C2 Sysdig CVE-2026-33017 Langflow RCE Microsoft Phone Link Hijack CloudZ Pheno Plugin Insider Threat BlackCat (ALPHV) OFAC Sanctions DPRK IT Workers Transparent Tribe APT36 React2Shell, EtherRAT SideWinder Espionage, Netlify Phishing DDNS Abuse, C2 Infrastructure Hacking Health Club

NATS-as-C2 Sysdig CVE-2026-33017 Langflow RCE Microsoft Phone Link Hijack CloudZ Pheno Plugin Insider Threat BlackCat (ALPHV) OFAC Sanctions DPRK IT Workers Transparent Tribe APT36 React2Shell, EtherRAT SideWinder Espionage, Netlify Phishing DDNS Abuse, C2 Infrastructure Hacking Health Club

Multi-Stage PyInstaller Loader Weaponizes AMSI Patching to Deploy XWorm RAT

Ddos May 20, 2026

A comprehensive deep dive by the research team at Point Wild has laid bare the internal mechanics...

Unmasked Origin: Infamous “OrBit” Linux Rootkit Exposed as a Fork of Open-Source Medusa OrBit Linux Rootkit Medusa Userland LD_PRELOAD Hooking

Unmasked Origin: Infamous “OrBit” Linux Rootkit Exposed as a Fork of Open-Source Medusa

Ddos May 19, 2026

In July 2022, security researchers dropped the first analysis of OrBit, a sophisticated, then-undocumented Linux userland rootkit....

Chinese APT FamousSparrow Weaponizes Evolved Deed RAT Against Azerbaijani Energy Infrastructure FamousSparrow Deed RAT ProxyNotShell Exchange Exploitation

FamousSparrow Deed RAT ProxyNotShell Exchange Exploitation

Chinese APT FamousSparrow Weaponizes Evolved Deed RAT Against Azerbaijani Energy Infrastructure

Ddos May 19, 2026

A relentless cyber-espionage operation has targeted an Azerbaijani oil and gas company, demonstrating that advanced persistent threats...

Shai-Hulud Returns: Massive npm Supply Chain Attack Hijacks AntV Ecosystem to Scrape GitHub Runner Memory Mini Shai-Hulud npm Worm AntV Ecosystem Supply Chain Attack

Mini Shai-Hulud npm Worm AntV Ecosystem Supply Chain Attack

Shai-Hulud Returns: Massive npm Supply Chain Attack Hijacks AntV Ecosystem to Scrape GitHub Runner Memory

Ddos May 19, 2026

A massive and highly coordinated supply chain assault is currently ripping through the JavaScript developer ecosystem. Security...

Critical Alert 1 Active Exploit Detected Today