Malware Archives • Page 20 of 129 • Daily CyberSecurity

The Ghost in the Kernel: How HoneyMyte Weaponized a Rootkit to Hijack Asian Governments HoneyMyte (Mustang Panda), ToneShell Rootkit

The Ghost in the Kernel: How HoneyMyte Weaponized a Rootkit to Hijack Asian Governments

Do Son January 1, 2026

The notorious cyber-espionage group HoneyMyte (also known as Mustang Panda or Bronze President) has dramatically upgraded its...

“RondoDoX” Strikes Back: Exposed Logs Reveal Massive 9-Month Campaign Targeting Next.js and IoT AccountDumpling Phishing Google AppSheet Abuse AI-Generated Malware PureRAT Campaign RondoDoX Botnet, Next.js React2Shell EchoGather, Paper Werewolf Salt Typhoon, Telecom Espionage BreachForums, Conor Fitzpatrick Ransomware Negotiation, DOJ Investigation MirrorFace group - Earth Kasha Emperor Dragonfly

AccountDumpling Phishing Google AppSheet Abuse AI-Generated Malware PureRAT Campaign RondoDoX Botnet, Next.js React2Shell EchoGather, Paper Werewolf Salt Typhoon, Telecom Espionage BreachForums, Conor Fitzpatrick Ransomware Negotiation, DOJ Investigation MirrorFace group - Earth Kasha Emperor Dragonfly

“RondoDoX” Strikes Back: Exposed Logs Reveal Massive 9-Month Campaign Targeting Next.js and IoT

Do Son December 31, 2025

The RondoDoX botnet has resurfaced with a potent new arsenal, shifting its sights from simple routers to...

EmEditor Compromised: “WALSHAM” Imposter Poisons Official Installer with Spyware Kali365 phishing platform EmEditor Supply Chain Attack, WALSHAM INVESTMENTS LIMITED EggStreme, fileless malware North Korea Cybercrime, Remote IT Job Fraud RedDelta APT

Kali365 phishing platform EmEditor Supply Chain Attack, WALSHAM INVESTMENTS LIMITED EggStreme, fileless malware North Korea Cybercrime, Remote IT Job Fraud RedDelta APT

EmEditor Compromised: “WALSHAM” Imposter Poisons Official Installer with Spyware

Do Son December 29, 2025

In a major supply chain security incident, the popular text editor EmEditor has confirmed that its official...

“Prefix Swap” Panic: Sophisticated “Jackson” Imposter Infiltrates Maven Central Maven Prefix Swap, jackson-databind Malware Effective Malware Cleaner

Maven Prefix Swap, jackson-databind Malware Effective Malware Cleaner

“Prefix Swap” Panic: Sophisticated “Jackson” Imposter Infiltrates Maven Central

Do Son December 29, 2025

The Java ecosystem, long considered a fortress compared to the wild west of npm, has been breached...

The “D” is for Danger: How a Tiny Typo in MAS Activation Hijacks Your PC WHILL Wheelchair Hijacking, CVE-2025-14346 MAS typosquatting malware, get.activate.win vs get.activated.win OpenShift GitOps RCE, Cluster Takeover Flaw Twonky Server, CVE-2025-13315 AI agents CVE-2024-52875 PoC

WHILL Wheelchair Hijacking, CVE-2025-14346 MAS typosquatting malware, get.activate.win vs get.activated.win OpenShift GitOps RCE, Cluster Takeover Flaw Twonky Server, CVE-2025-13315 AI agents CVE-2024-52875 PoC

The “D” is for Danger: How a Tiny Typo in MAS Activation Hijacks Your PC

Do Son December 26, 2025

The well-known activation tool MAS offers a PowerShell command that allows users to load an activation script...

“LotusBail” Trap: 56,000 Developers Downloaded a Fake WhatsApp API That Works perfectly—While Stealing Everything

Do Son December 25, 2025

A new investigation by Koi Security has exposed a highly sophisticated supply chain attack lurking in the...

“Contagious Interview” Goes macOS: North Korean Hackers Deploy Stealthy “DriverFixer” Stealer DriverFixer0428, Contagious Interview Cache Smuggling, ClickFix Evasion North Korean Cyber Espionage

DriverFixer0428, Contagious Interview Cache Smuggling, ClickFix Evasion North Korean Cyber Espionage

“Contagious Interview” Goes macOS: North Korean Hackers Deploy Stealthy “DriverFixer” Stealer

Do Son December 25, 2025

A notorious North Korean cyber-espionage campaign known for targeting job seekers has expanded its arsenal with a...

“Casting Call” for Malware: APT37 Poses as TV Writers to Hack Targets APT37 Artemis, Korean TV Casting Phishing

“Casting Call” for Malware: APT37 Poses as TV Writers to Hack Targets

Do Son December 24, 2025

A notorious threat group is auditioning victims for a new cyber-espionage campaign, masquerading as television production staff...

The Notarized Nightmare: New MacSync Stealer Bypasses Gatekeeper to Hijack Mac Devices OSX/Amos Stealer Electron ASAR Trojan MioLab Malware macOS Security MacSync Stealer macOS Malware ambar-src npm Malware Supply Chain Typosquatting Matryoshka Mac Malware ClickFix Crypto Scam Infostealer Evolution macOS Malware Predator Spyware Intellexa Anti-Analysis XCSSET macOS Malware, Xcode Supply Chain

OSX/Amos Stealer Electron ASAR Trojan MioLab Malware macOS Security MacSync Stealer macOS Malware ambar-src npm Malware Supply Chain Typosquatting Matryoshka Mac Malware ClickFix Crypto Scam Infostealer Evolution macOS Malware Predator Spyware Intellexa Anti-Analysis XCSSET macOS Malware, Xcode Supply Chain

The Notarized Nightmare: New MacSync Stealer Bypasses Gatekeeper to Hijack Mac Devices

Do Son December 24, 2025

The cat-and-mouse game between Apple’s security protocols and malware authors has taken a stealthy turn. A new...

“Webrat” Trap: Hackers Lure Junior Security Researchers with Fake GitHub Exploits Webrat Malware, Fake PoC Exploits

“Webrat” Trap: Hackers Lure Junior Security Researchers with Fake GitHub Exploits

Do Son December 24, 2025

A cunning malware campaign initially designed to trick gamers has evolved into a dangerous trap for aspiring...

Iranian “Prince of Persia” APT Resurfaces with Telegram-Controlled Stealth Malware Harvester APT Linux Backdoor OT Cyberattack Iranian APT Operation Olalampo MuddyWater APT Prince of Persia APT, Tonnerre v50 Patchwork APT, DLL Sideloading Subtle Snail, cyber espionage ShadowSilk, cyber espionage Volt Typhoon APT Group - Chinese Cybersecurity Firm

Harvester APT Linux Backdoor OT Cyberattack Iranian APT Operation Olalampo MuddyWater APT Prince of Persia APT, Tonnerre v50 Patchwork APT, DLL Sideloading Subtle Snail, cyber espionage ShadowSilk, cyber espionage Volt Typhoon APT Group - Chinese Cybersecurity Firm

Iranian “Prince of Persia” APT Resurfaces with Telegram-Controlled Stealth Malware

Do Son December 23, 2025

After years of radio silence that led many to believe they had disbanded, one of Iran’s most...

“React2Shell” Exploited: New EtherRAT Malware Hunts for Crypto via Node.js NATS-as-C2 Sysdig CVE-2026-33017 Langflow RCE Microsoft Phone Link Hijack CloudZ Pheno Plugin Insider Threat BlackCat (ALPHV) OFAC Sanctions DPRK IT Workers Transparent Tribe APT36 React2Shell, EtherRAT SideWinder Espionage, Netlify Phishing DDNS Abuse, C2 Infrastructure Hacking Health Club

NATS-as-C2 Sysdig CVE-2026-33017 Langflow RCE Microsoft Phone Link Hijack CloudZ Pheno Plugin Insider Threat BlackCat (ALPHV) OFAC Sanctions DPRK IT Workers Transparent Tribe APT36 React2Shell, EtherRAT SideWinder Espionage, Netlify Phishing DDNS Abuse, C2 Infrastructure Hacking Health Club

“React2Shell” Exploited: New EtherRAT Malware Hunts for Crypto via Node.js

Do Son December 23, 2025

A new, sophisticated malware campaign is sweeping across the internet, leveraging a recently disclosed vulnerability to install...

Wonderland Unleashed: New Android “Dropper” Malware Hijacks Telegram to Drain Bank Accounts Android zero day flaw June 2026 security bulletin RuTaxi Trojan Android Banking Malware Pixel 9 zero-click exploit, Dolby UDC vulnerability CVE-2025-54957 NexusRoute Android RAT, India E-Challan Phishing ClayRat Self-Defense, Android Accessibility Abuse Android Trojan, AntiDot Android Malware "BadPack"

Android zero day flaw June 2026 security bulletin RuTaxi Trojan Android Banking Malware Pixel 9 zero-click exploit, Dolby UDC vulnerability CVE-2025-54957 NexusRoute Android RAT, India E-Challan Phishing ClayRat Self-Defense, Android Accessibility Abuse Android Trojan, AntiDot Android Malware "BadPack"

Wonderland Unleashed: New Android “Dropper” Malware Hijacks Telegram to Drain Bank Accounts

Do Son December 23, 2025

A sophisticated wave of mobile malware is sweeping through Central Asia, marking a dangerous evolution in how...

The Silent Hijacker: New Cellik Android RAT Turns Legitimate Google Play Apps into Surveillance Tools Cellik Android RAT, Google Play Trojan

The Silent Hijacker: New Cellik Android RAT Turns Legitimate Google Play Apps into Surveillance Tools

Do Son December 22, 2025

A sophisticated new Android Remote Access Trojan (RAT) has surfaced in cybercrime networks, offering attackers a “turnkey”...

“ClickFix” Trap: Fake Human Verification Leads to Qilin Ransomware Infection Iranian Cyber Espionage Void Manticore

“ClickFix” Trap: Fake Human Verification Leads to Qilin Ransomware Infection

Do Son December 22, 2025

A deceptive social engineering tactic known as “ClickFix” has evolved into a gateway for major ransomware attacks,...

TikTok’s “Scam-Yourself” Trap: How AuraStealer Malware Tricks Users into Hacking Their Own PCs AuraStealer, Scam-Yourself

TikTok’s “Scam-Yourself” Trap: How AuraStealer Malware Tricks Users into Hacking Their Own PCs

Do Son December 22, 2025

A deep-dive analysis by Gen Digital (Gen Threat Labs) has unveiled AuraStealer, an emerging Malware-as-a-Service (MaaS) that...

The KGB’s All-Seeing Eye: How ResidentBat Spyware Turns Seized Phones into Total Surveillance Tools Honeywell CCTV Vulnerability CVE-2026-1670 EagleMsgSpy Spyware Tool ResidentBat Spyware, Belarusian KGB Surveillance

Honeywell CCTV Vulnerability CVE-2026-1670 EagleMsgSpy Spyware Tool ResidentBat Spyware, Belarusian KGB Surveillance

The KGB’s All-Seeing Eye: How ResidentBat Spyware Turns Seized Phones into Total Surveillance Tools

Do Son December 22, 2025

A new report has exposed a low-tech but highly effective cyber-espionage campaign being waged against civil society...

North Korea’s Kimsuky Upgrades DOCSWAP Malware to Hijack Smartphones via QR Codes Chinese espionage groups APT35 Phishing, Stormshield CTI

North Korea’s Kimsuky Upgrades DOCSWAP Malware to Hijack Smartphones via QR Codes

Do Son December 22, 2025

The notorious North Korean threat group Kimsuky has launched a renewed mobile offensive, deploying an evolved version...

“Caminho” to Compromise: BlindEagle Hackers Hijack Government Emails in Colombia Iranian Cyber Reconnaissance IP Camera Security NCSC Warning Russian Hacktivists Taiwan Cyberattacks China State-Sponsored Hacking state-sponsored threat actor Ransomware RAT Abuse, AnyDesk