Malware

AI-Generated Malware Attacks 230,000 Exposed Ray AI Clusters in Massive ShadowRay 2.0 Botnet Campaign FortiClient EMS exploitation Cisco FIRESTARTER Backdoor Arcane Door Campaign Dell RecoverPoint Zero-Day UNC6201 Espionage Notepad++ Compromise Supply Chain Attack Magento SessionReaper CVE-2025-54236 ShadowRay 2.0, AI-Generated Malware WordPress Auth Bypass, CVE-2025-5947 Exploited EcoStruxure Vulnerabilities, Industrial Control System UNC5820 - CVE-2014-2120 - CVE-2021-44207

FortiClient EMS exploitation Cisco FIRESTARTER Backdoor Arcane Door Campaign Dell RecoverPoint Zero-Day UNC6201 Espionage Notepad++ Compromise Supply Chain Attack Magento SessionReaper CVE-2025-54236 ShadowRay 2.0, AI-Generated Malware WordPress Auth Bypass, CVE-2025-5947 Exploited EcoStruxure Vulnerabilities, Industrial Control System UNC5820 - CVE-2014-2120 - CVE-2021-44207

AI-Generated Malware Attacks 230,000 Exposed Ray AI Clusters in Massive ShadowRay 2.0 Botnet Campaign

Do Son November 19, 2025

Security researchers at Oligo Security have uncovered a massive, fast-evolving cyberattack campaign hijacking exposed Ray AI clusters...

9 Million Installs: Malicious Chrome VPN Extensions Hijack User Traffic Via Remote PAC Proxy Injection Chrome VPN Malware, Traffic Hijacking

Chrome VPN Malware, Traffic Hijacking

9 Million Installs: Malicious Chrome VPN Extensions Hijack User Traffic Via Remote PAC Proxy Injection

Do Son November 19, 2025

Security researchers at LayerX Security have uncovered a long-running malicious campaign involving VPN and ad-blocking browser extensions...

npm Supply Chain Attack: Hackers Use Adspect Cloaking and Fake Crypto CAPTCHA to Deceive Victims and Researchers npm Adspect Cloaking, Fake Crypto CAPTCHA

npm Adspect Cloaking, Fake Crypto CAPTCHA

npm Supply Chain Attack: Hackers Use Adspect Cloaking and Fake Crypto CAPTCHA to Deceive Victims and Researchers

Do Son November 19, 2025

The Socket Threat Research Team has uncovered a highly coordinated malware campaign operating across seven npm packages,...

Iranian APT UNC1549 Infiltrates Aerospace by Hijacking Trusted DLLs and Executing VDI Breakouts PromptMink Campaign AI Agent Deception LIMINAL PANDA UNC1549 DLL Hijacking, VDI Breakout

PromptMink Campaign AI Agent Deception LIMINAL PANDA UNC1549 DLL Hijacking, VDI Breakout

Iranian APT UNC1549 Infiltrates Aerospace by Hijacking Trusted DLLs and Executing VDI Breakouts

Do Son November 19, 2025

The threat group UNC1549, suspected to be linked to Iran, has significantly expanded its cyber-espionage operations across...

Stealth Stealer: New .NET Loader Hides LokiBot Payload in BMP/PNG Images Using Advanced Steganography LokiBot Steganography, .NET Loader PlugX malware YiBackdoor, ransomware

LokiBot Steganography, .NET Loader PlugX malware YiBackdoor, ransomware

Stealth Stealer: New .NET Loader Hides LokiBot Payload in BMP/PNG Images Using Advanced Steganography

Do Son November 19, 2025

The Splunk Threat Research Team (STRT) has uncovered a new variant of a .NET steganographic malware loader...

macOS Wallet Stealer Uncovered: “Nova” Malware Replaces Ledger/Trezor Apps with Phishing Clones for Seed Theft macOS Wallet Stealer, Trezor Ledger Phishing

macOS Wallet Stealer, Trezor Ledger Phishing

macOS Wallet Stealer Uncovered: “Nova” Malware Replaces Ledger/Trezor Apps with Phishing Clones for Seed Theft

Do Son November 19, 2025

A new macOS stealer campaign—internally dubbed “Nova” by researchers—has been uncovered by reverse engineer Bruce, revealing a...

Iran APT SpearSpecter Uses Weeks-Long WhatsApp Lures and Fileless TAMECAT Backdoor to Hit Defense KongTuke Microsoft Teams Phishing ModeloRAT Initial Access Broker CVE-2024-38193 - Lazarus Group Threat Actors ScreenConnect

KongTuke Microsoft Teams Phishing ModeloRAT Initial Access Broker CVE-2024-38193 - Lazarus Group Threat Actors ScreenConnect

Iran APT SpearSpecter Uses Weeks-Long WhatsApp Lures and Fileless TAMECAT Backdoor to Hit Defense

Do Son November 18, 2025

Researchers from the Israel National Digital Agency (INDA) have revealed a highly sophisticated, ongoing cyber-espionage operation they...

Advanced macOS DigitStealer Targets M2+ Macs, Hijacking Ledger Live via JXA and DNS-Based C2 digit

digit

Advanced macOS DigitStealer Targets M2+ Macs, Hijacking Ledger Live via JXA and DNS-Based C2

Do Son November 18, 2025

Jamf Threat Labs has uncovered a new macOS infostealer—named DigitStealer—that demonstrates an unusually high degree of sophistication,...

Unit 42 Uncovers Two Massive Global Malware Campaigns Delivering Gh0st RAT Through Large-Scale Software Impersonation Gh0st RAT, Chinese Campaign Typosquat

Gh0st RAT, Chinese Campaign Typosquat

Unit 42 Uncovers Two Massive Global Malware Campaigns Delivering Gh0st RAT Through Large-Scale Software Impersonation

Do Son November 18, 2025

Researchers at Palo Alto Networks Unit 42 have uncovered two expansive and interconnected malware campaigns active throughout...

Amatera Stealer Campaign Uses ClickFix to Deploy Malware, Bypassing EDR by Patching AMSI in Memory Amatera ClickFix, AMSI Bypass

Amatera ClickFix, AMSI Bypass

Amatera Stealer Campaign Uses ClickFix to Deploy Malware, Bypassing EDR by Patching AMSI in Memory

Do Son November 18, 2025

eSentire’s Threat Response Unit (TRU) has uncovered a widespread malware operation leveraging a deceptive social-engineering technique known...

Dragon Breath APT Deploys RoningLoader, Using Kernel Driver and PPL Abuse to Disable Windows Defender

RoningLoader PPL Abuse, Dragon Breath APT

Dragon Breath APT Deploys RoningLoader, Using Kernel Driver and PPL Abuse to Disable Windows Defender

Do Son November 18, 2025

Elastic Security Labs has uncovered a highly sophisticated malware campaign led by the Dragon Breath APT group...

CISA/Europol Warn: Akira Ransomware Profits Hit $244M, Group Expands to Encrypt Nutanix AHV VMs Akira Ransomware, Nutanix AHV Exploit

Akira Ransomware, Nutanix AHV Exploit

CISA/Europol Warn: Akira Ransomware Profits Hit $244M, Group Expands to Encrypt Nutanix AHV VMs

Do Son November 18, 2025

The United States Cybersecurity and Infrastructure Security Agency (CISA), alongside a coalition of global law-enforcement and cybersecurity...

North Korea’s Contagious Interview APT Uses JSON Keeper and GitLab to Deliver BeaverTail Spyware North Korean Laptop Farm DPRK Insider Threat North Korea WMD Cyber Funding, Australia Sanctions Insider threat, North Korean hackers Kimsuky, cyber-espionage NPM Malware, North Korea Cyber-espionage North Korea, Remote IT Job Scam Laptop Farm - DriverEasy - Kimsuky Watering Hole Attack

North Korean Laptop Farm DPRK Insider Threat North Korea WMD Cyber Funding, Australia Sanctions Insider threat, North Korean hackers Kimsuky, cyber-espionage NPM Malware, North Korea Cyber-espionage North Korea, Remote IT Job Scam Laptop Farm - DriverEasy - Kimsuky Watering Hole Attack

North Korea’s Contagious Interview APT Uses JSON Keeper and GitLab to Deliver BeaverTail Spyware

Do Son November 17, 2025

Security researchers at NVISO have identified a significant evolution in the long-running Contagious Interview malware campaign, a...

Record Supply Chain Attack: 150,000+ Malicious npm Packages Flooded Registry for Token Farming Rewards npm Token Farming, Supply Chain Flooding

npm Token Farming, Supply Chain Flooding

Record Supply Chain Attack: 150,000+ Malicious npm Packages Flooded Registry for Token Farming Rewards

Do Son November 17, 2025

In one of the largest open-source supply chain incidents ever recorded, Amazon Inspector security researchers have uncovered...

Lumma Stealer Resurfaces After Doxxing with New Browser Fingerprinting to Target High-Value Victims Lumma Browser Fingerprinting, Infostealer Resurgence

Lumma Browser Fingerprinting, Infostealer Resurgence

Lumma Stealer Resurfaces After Doxxing with New Browser Fingerprinting to Target High-Value Victims

Do Son November 17, 2025

Trend Micro researchers have observed a significant resurgence in Lumma Stealer activity—also tracked as Water Kurita—despite a...

New Yurei Ransomware Emerges: Go-Based Threat Uses ChaCha20-Poly1305 for Irreversible Double Extortion Yurei Ransomware, GoLang ChaCha20

Yurei Ransomware, GoLang ChaCha20

New Yurei Ransomware Emerges: Go-Based Threat Uses ChaCha20-Poly1305 for Irreversible Double Extortion

Do Son November 17, 2025

Security researchers at AhnLab have identified Yurei, a newly emerging ransomware group first observed in early September...

Sui Blockchain Seed Stealer: Malicious Chrome Extension Hides Mnemonic Exfiltration in Microtransactions Chrome Crypto Stealer, Sui Blockchain Exfiltration

Chrome Crypto Stealer, Sui Blockchain Exfiltration

Sui Blockchain Seed Stealer: Malicious Chrome Extension Hides Mnemonic Exfiltration in Microtransactions

Do Son November 14, 2025

The Socket Threat Research Team has uncovered a highly sophisticated malicious Chrome extension posing as an Ethereum...

macOS Threat: AppleScript (.scpt) Files Emerge as New Stealth Vector for Stealer Malware AppleScript Malware, macOS Supply Chain

AppleScript Malware, macOS Supply Chain

macOS Threat: AppleScript (.scpt) Files Emerge as New Stealth Vector for Stealer Malware

Do Son November 14, 2025

A new malware distribution trend is emerging across the macOS threat landscape, according to fresh research from...

Malware Disguised as SteamCleaner Uses Valid Signature to Inject Node.js RCE Backdoor steam

steam

Malware Disguised as SteamCleaner Uses Valid Signature to Inject Node.js RCE Backdoor

Do Son November 13, 2025

Researchers from the AhnLab Security Intelligence Center (ASEC) have discovered a new malware campaign that abuses a...

Legacy Malware Resurfaces: DarkComet RAT Uses Bitcoin Wallet Lure to Deploy UPX-Packed Payload DarkComet Bitcoin Lure, Legacy RAT

DarkComet Bitcoin Lure, Legacy RAT

Legacy Malware Resurfaces: DarkComet RAT Uses Bitcoin Wallet Lure to Deploy UPX-Packed Payload

Do Son November 13, 2025

The Lat61 Threat Intelligence Team has uncovered a new campaign using Bitcoin-themed lures to distribute DarkComet RAT,...