Malware Archives • Page 26 of 131 • Daily CyberSecurity

Russian Tomiris APT Adopts “Polyglot” Strategy, Hijacking Telegram/Discord as Covert C2 for Diplomatic Spies Tomiris APT, Polyglot C2

Russian Tomiris APT Adopts “Polyglot” Strategy, Hijacking Telegram/Discord as Covert C2 for Diplomatic Spies

Do Son December 1, 2025

A notorious threat actor known as “Tomiris” has returned with a revamped arsenal, launching a focused campaign...

ShadowV2 Mirai Botnet Launched Coordinated IoT Test Attack During Global AWS Outage ShadowV2 Mirai, AWS Outage Attack

ShadowV2 Mirai Botnet Launched Coordinated IoT Test Attack During Global AWS Outage

Do Son December 1, 2025

While IT teams worldwide scrambled to restore services during a massive AWS outage in October, a new...

Bloody Wolf APT Expands to Central Asia, Deploys NetSupport RAT via Custom Java Droppers and Geo-Fencing Harvester APT Linux Backdoor OT Cyberattack Iranian APT Operation Olalampo MuddyWater APT Prince of Persia APT, Tonnerre v50 Patchwork APT, DLL Sideloading Subtle Snail, cyber espionage ShadowSilk, cyber espionage Volt Typhoon APT Group - Chinese Cybersecurity Firm

Harvester APT Linux Backdoor OT Cyberattack Iranian APT Operation Olalampo MuddyWater APT Prince of Persia APT, Tonnerre v50 Patchwork APT, DLL Sideloading Subtle Snail, cyber espionage ShadowSilk, cyber espionage Volt Typhoon APT Group - Chinese Cybersecurity Firm

Bloody Wolf APT Expands to Central Asia, Deploys NetSupport RAT via Custom Java Droppers and Geo-Fencing

Do Son December 1, 2025

A shapeshifting advanced persistent threat (APT) group known as Bloody Wolf has expanded its hunting grounds. Following...

Silent Threat: How Malicious Calendars & ‘Promptware’ Target 4M+ Devices Daily

Do Son November 28, 2025

A new investigation by Bitsight TRACE has uncovered a subtle yet scalable attack vector: malicious calendar subscriptions....

Hidden Theft: ‘Crypto Copilot’ Chrome Extension Drains Solana Wallets on X Crypto Copilot, Solana Scam

Hidden Theft: ‘Crypto Copilot’ Chrome Extension Drains Solana Wallets on X

Do Son November 27, 2025

A new threat is targeting the Solana ecosystem, preying on traders looking for speed and convenience on...

Fragging Your Data: Fake ‘Battlefield 6’ Cracks & Trainers Spread Infostealers Battlefield 6 Malware, Fake Game Cracks

Fragging Your Data: Fake ‘Battlefield 6’ Cracks & Trainers Spread Infostealers

Do Son November 27, 2025

The highly anticipated October release of EA’s Battlefield 6 has become a digital minefield for gamers. Bitdefender...

Hidden Danger in 3D: Malicious Blender Files Unleash StealC V2 Infostealer Ollama Heap Leak CVE-2026-5757 Anritsu Vulnerability Authentication Bypass Gootloader Malware Malformed ZIP Evasion Blender Malware, StealC V2 Lectora, XSS CVE-2025-9125 HFS RCE, Template Injection Arch Linux Malware, CHAOS RAT CVE-2024-56404 - CVE-2024-39327 CVE-2025-2538

Ollama Heap Leak CVE-2026-5757 Anritsu Vulnerability Authentication Bypass Gootloader Malware Malformed ZIP Evasion Blender Malware, StealC V2 Lectora, XSS CVE-2025-9125 HFS RCE, Template Injection Arch Linux Malware, CHAOS RAT CVE-2024-56404 - CVE-2024-39327 CVE-2025-2538

Hidden Danger in 3D: Malicious Blender Files Unleash StealC V2 Infostealer

Do Son November 27, 2025

Morphisec has issued a critical alert regarding a sophisticated malware campaign targeting 3D artists, game developers, and...

GRU Unit 29155 Uses SocGholish to Target US Firm RomCom, SocGholish

GRU Unit 29155 Uses SocGholish to Target US Firm

Do Son November 26, 2025

In a significant escalation of the cyber threat landscape, Arctic Wolf Labs has identified a campaign where...

Zero-Detection RelayNFC Android Malware Turns Phones Into Remote Card Readers RelayNFC Malware NFC Relay Fraud

Zero-Detection RelayNFC Android Malware Turns Phones Into Remote Card Readers

Do Son November 26, 2025

Cyble Research and Intelligence Labs (CRIL) has identified a rapidly evolving NFC relay malware campaign targeting mobile...

CISA Emergency Alert: Commercial Spyware Exploiting Zero-Click and Malicious QR Codes to Hijack Messaging Apps Commercial Spyware, Messaging App Compromise

Commercial Spyware, Messaging App Compromise

CISA Emergency Alert: Commercial Spyware Exploiting Zero-Click and Malicious QR Codes to Hijack Messaging Apps

Do Son November 25, 2025

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent nationwide alert warning that multiple cyber...

ToddyCat APT Steals Microsoft 365 Cloud Email by Dumping OAuth Tokens from Memory and Copying Locked OST Files ToddyCat OAuth Token Theft, Outlook OST Stealer

ToddyCat OAuth Token Theft, Outlook OST Stealer

ToddyCat APT Steals Microsoft 365 Cloud Email by Dumping OAuth Tokens from Memory and Copying Locked OST Files

Do Son November 25, 2025

Kaspersky Lab has published new findings revealing how the ToddyCat APT group has significantly upgraded its cyber-espionage...

Kimsuky APT Deploys Dual KimJongRAT Payloads, Switching Between PE/PowerShell Based on Windows Defender Status threat group Earth Koshchei

Kimsuky APT Deploys Dual KimJongRAT Payloads, Switching Between PE/PowerShell Based on Windows Defender Status

Do Son November 25, 2025

A newly published investigation by the ENKI WhiteHat Threat Research Team reveals a rapidly expanding and increasingly...

Brazilian Banking Trojan Uses Python WhatsApp Worm and IMAP C2 for In-Memory Credential Theft WhatsApp Worm, Brazilian Banking Trojan LAPSUS$ Alliance, Scattered Spider Ransomware, Cybercrime RedCurl APT group Russian Cyberespionage, ApolloShadow Malware

WhatsApp Worm, Brazilian Banking Trojan LAPSUS$ Alliance, Scattered Spider Ransomware, Cybercrime RedCurl APT group Russian Cyberespionage, ApolloShadow Malware

Brazilian Banking Trojan Uses Python WhatsApp Worm and IMAP C2 for In-Memory Credential Theft

Do Son November 25, 2025

A massive, fast-spreading phishing and malware operation is hitting Brazil, leveraging WhatsApp Web session hijacking, Python-based automation,...

North Korea’s Operation DreamJob Hits Europe: WhatsApp Job Lure Delivers Evolved MISTPEN/BURNBOOK Backdoors TanStack Typosquatting npm Supply Chain Attack Axios Supply Chain Attack npm Poisoning eScan Supply Chain Attack Antivirus Compromise APT-36, NCERT WhatsApp Advisory FBI alert, Salesforce Salt Typhoon, APT group ConnectWise ScreenConnect hack Nation-state cyberattack FortiGate Leak - zkLend vulnerability - TRIPLESTRENGTH Threat Actor Group Dark Storm

TanStack Typosquatting npm Supply Chain Attack Axios Supply Chain Attack npm Poisoning eScan Supply Chain Attack Antivirus Compromise APT-36, NCERT WhatsApp Advisory FBI alert, Salesforce Salt Typhoon, APT group ConnectWise ScreenConnect hack Nation-state cyberattack FortiGate Leak - zkLend vulnerability - TRIPLESTRENGTH Threat Actor Group Dark Storm

North Korea’s Operation DreamJob Hits Europe: WhatsApp Job Lure Delivers Evolved MISTPEN/BURNBOOK Backdoors

Do Son November 25, 2025

Orange Cyberdefense’s CyberSOC and CSIRT teams have uncovered a new wave of Operation DreamJob attacks, revealing updated...

China’s APT24 Launches Stealth BADAUDIO Malware, Hitting 1,000+ Domains via Taiwanese Supply Chain Hack APT24 BADAUDIO, Taiwan Supply Chain Hack

China’s APT24 Launches Stealth BADAUDIO Malware, Hitting 1,000+ Domains via Taiwanese Supply Chain Hack

Do Son November 24, 2025

Google’s Threat Intelligence Group (GTIG) has released a comprehensive analysis exposing a long-running and adaptive cyber-espionage campaign...

Sophisticated WhatsApp Worm Uses Fake “View Once” Lure to Hijack Sessions and Deploy Astaroth Banking Trojan

Do Son November 24, 2025

Sophos analysts are tracking a persistent and fast-evolving malware distribution campaign targeting WhatsApp users in Brazil, where...

Next-Gen Threat: Xillen Stealer v4 Targets 100+ Browsers/70+ Wallets with Polymorphic Evasion and DevOps Theft Xillen Stealer, Polymorphic Evasion

Next-Gen Threat: Xillen Stealer v4 Targets 100+ Browsers/70+ Wallets with Polymorphic Evasion and DevOps Theft

Do Son November 24, 2025

Darktrace analysts are sounding the alarm over a rapidly evolving cross-platform information-stealing malware family known as Xillen...

Tsundere Botnet Uncovered: Node.js Malware Uses Ethereum Smart Contract for Unkillable C2 and Runs Cybercrime Marketplace Tsundere Blockchain C2, Node.js Botnet

Tsundere Botnet Uncovered: Node.js Malware Uses Ethereum Smart Contract for Unkillable C2 and Runs Cybercrime Marketplace

Do Son November 24, 2025

Kaspersky’s Global Research & Analysis Team (GReAT) has identified a fast-growing new botnet—dubbed Tsundere—that blends Node.js implants,...

PyPI Typosquat Delivers Multi-Layer Python RAT, Bypassing Scanners with XOR Encryption PyPI supply chain attack Socket malware detection PyPI Typosquat, Python RAT

PyPI supply chain attack Socket malware detection PyPI Typosquat, Python RAT

PyPI Typosquat Delivers Multi-Layer Python RAT, Bypassing Scanners with XOR Encryption

Do Son November 24, 2025

HelixGuard researchers have uncovered a malicious Python package uploaded to PyPI that impersonates the widely used “pyspellchecker”...

Eternidade Stealer: New Python WhatsApp Worm Uses IMAP Email for Covert C2 and Brazilian Bank Overlays Cemu emulator Linux malware Blitz Brigantine AOBackdoor GitHub Malware Campaign StealC Infostealer TamperedChef Malware, SEO Poisoning Carbanak malware RubyGems Supply Chain, Infostealer

Cemu emulator Linux malware Blitz Brigantine AOBackdoor GitHub Malware Campaign StealC Infostealer TamperedChef Malware, SEO Poisoning Carbanak malware RubyGems Supply Chain, Infostealer

Eternidade Stealer: New Python WhatsApp Worm Uses IMAP Email for Covert C2 and Brazilian Bank Overlays

Do Son November 24, 2025

Trustwave SpiderLabs researchers have identified a new and rapidly evolving banking Trojan—dubbed Eternidade Stealer—that hijacks WhatsApp, steals...