Malware

Extreme Stealth: Python Malware Hides Inside PNG-Disguised RAR, Injects Payload into cvtres.exe

• Malware

Extreme Stealth: Python Malware Hides Inside PNG-Disguised RAR, Injects Payload into cvtres.exe

Do Son November 24, 2025 0

Researchers at K7 Labs have discovered a highly obfuscated Python-based malware using multi-layer encoding, disguised archive formats,...

Read More Read more about Extreme Stealth: Python Malware Hides Inside PNG-Disguised RAR, Injects Payload into cvtres.exe

Trojanized VPN Installer Deploys NKNShell Backdoor, Using P2P Blockchain and MQTT Protocols for Covert C2

• Malware

Trojanized VPN Installer Deploys NKNShell Backdoor, Using P2P Blockchain and MQTT Protocols for Covert C2

Do Son November 22, 2025 0

AhnLab SEcurity Intelligence Center (ASEC) has uncovered a new malware distribution campaign compromising the website of a...

Read More Read more about Trojanized VPN Installer Deploys NKNShell Backdoor, Using P2P Blockchain and MQTT Protocols for Covert C2

Sturnus Trojan Bypasses WhatsApp/Signal Encryption & Takes Over Android Devices

• Malware

Sturnus Trojan Bypasses WhatsApp/Signal Encryption & Takes Over Android Devices

Do Son November 21, 2025 0

MTI Security researchers have identified a sophisticated new threat in the mobile landscape: Sturnus, a privately operated...

Read More Read more about Sturnus Trojan Bypasses WhatsApp/Signal Encryption & Takes Over Android Devices

Lazarus Group’s New ScoringMathTea RAT Uses Reflective Plugin Loader and Custom Polyalphabetic Crypto for Espionage

• Malware

Lazarus Group’s New ScoringMathTea RAT Uses Reflective Plugin Loader and Custom Polyalphabetic Crypto for Espionage

Do Son November 20, 2025 0

A new technical deep-dive by malware researcher 0x0d4y reveals the inner workings of ScoringMathTea, a sophisticated remote...

Read More Read more about Lazarus Group’s New ScoringMathTea RAT Uses Reflective Plugin Loader and Custom Polyalphabetic Crypto for Espionage

One Click, 42 Days: Akira Ransomware Used CAPTCHA Decoy to Destroy Cloud Backups and Cripple Storage Firm

• Malware

One Click, 42 Days: Akira Ransomware Used CAPTCHA Decoy to Destroy Cloud Backups and Cripple Storage Firm

Do Son November 20, 2025 0

A newly released analysis from Unit 42 details how a global data storage and infrastructure company was...

Read More Read more about One Click, 42 Days: Akira Ransomware Used CAPTCHA Decoy to Destroy Cloud Backups and Cripple Storage Firm

Sophisticated “The Gentlemen” Ransomware RaaS Emerges with XChaCha20 Encryption and 48 Victims in 3 Months

• Malware

Sophisticated “The Gentlemen” Ransomware RaaS Emerges with XChaCha20 Encryption and 48 Victims in 3 Months

Do Son November 20, 2025 0

The Cybereason Threat Intelligence Team has published an in-depth analysis of a rapidly evolving ransomware group known...

Read More Read more about Sophisticated “The Gentlemen” Ransomware RaaS Emerges with XChaCha20 Encryption and 48 Victims in 3 Months

Next-Gen Stealth: Malware Hides C2 Traffic as Fake LLM API Requests on Tencent Cloud

• Malware

Next-Gen Stealth: Malware Hides C2 Traffic as Fake LLM API Requests on Tencent Cloud

Do Son November 20, 2025 0

The Akamai Hunt team has uncovered a new malware strain that hides its command-and-control (C2) traffic behind...

Read More Read more about Next-Gen Stealth: Malware Hides C2 Traffic as Fake LLM API Requests on Tencent Cloud

Next-Gen Ransomware Targets AWS S3: Five Cloud-Native Variants Exploit Misconfigurations for Irreversible Data Destruction

• Malware

Next-Gen Ransomware Targets AWS S3: Five Cloud-Native Variants Exploit Misconfigurations for Irreversible Data Destruction

Do Son November 20, 2025 0

A new report from Trend Research warns that ransomware operators are rapidly shifting their focus from traditional...

Read More Read more about Next-Gen Ransomware Targets AWS S3: Five Cloud-Native Variants Exploit Misconfigurations for Irreversible Data Destruction

AI-Generated Malware Attacks 230,000 Exposed Ray AI Clusters in Massive ShadowRay 2.0 Botnet Campaign

• Malware
• Vulnerability Report

AI-Generated Malware Attacks 230,000 Exposed Ray AI Clusters in Massive ShadowRay 2.0 Botnet Campaign

Do Son November 19, 2025 0

Security researchers at Oligo Security have uncovered a massive, fast-evolving cyberattack campaign hijacking exposed Ray AI clusters...

Read More Read more about AI-Generated Malware Attacks 230,000 Exposed Ray AI Clusters in Massive ShadowRay 2.0 Botnet Campaign

9 Million Installs: Malicious Chrome VPN Extensions Hijack User Traffic Via Remote PAC Proxy Injection

• Data Leak
• Malware

9 Million Installs: Malicious Chrome VPN Extensions Hijack User Traffic Via Remote PAC Proxy Injection

Do Son November 19, 2025 0

Security researchers at LayerX Security have uncovered a long-running malicious campaign involving VPN and ad-blocking browser extensions...

Read More Read more about 9 Million Installs: Malicious Chrome VPN Extensions Hijack User Traffic Via Remote PAC Proxy Injection

npm Supply Chain Attack: Hackers Use Adspect Cloaking and Fake Crypto CAPTCHA to Deceive Victims and Researchers

• Malware

npm Supply Chain Attack: Hackers Use Adspect Cloaking and Fake Crypto CAPTCHA to Deceive Victims and Researchers

Do Son November 19, 2025 0

The Socket Threat Research Team has uncovered a highly coordinated malware campaign operating across seven npm packages,...

Read More Read more about npm Supply Chain Attack: Hackers Use Adspect Cloaking and Fake Crypto CAPTCHA to Deceive Victims and Researchers

Iranian APT UNC1549 Infiltrates Aerospace by Hijacking Trusted DLLs and Executing VDI Breakouts

• Cyber Security
• Malware

Iranian APT UNC1549 Infiltrates Aerospace by Hijacking Trusted DLLs and Executing VDI Breakouts

Do Son November 19, 2025 0

The threat group UNC1549, suspected to be linked to Iran, has significantly expanded its cyber-espionage operations across...

Read More Read more about Iranian APT UNC1549 Infiltrates Aerospace by Hijacking Trusted DLLs and Executing VDI Breakouts

Stealth Stealer: New .NET Loader Hides LokiBot Payload in BMP/PNG Images Using Advanced Steganography

• Malware

Stealth Stealer: New .NET Loader Hides LokiBot Payload in BMP/PNG Images Using Advanced Steganography

Do Son November 19, 2025 0

The Splunk Threat Research Team (STRT) has uncovered a new variant of a .NET steganographic malware loader...

Read More Read more about Stealth Stealer: New .NET Loader Hides LokiBot Payload in BMP/PNG Images Using Advanced Steganography

macOS Wallet Stealer Uncovered: “Nova” Malware Replaces Ledger/Trezor Apps with Phishing Clones for Seed Theft

• Malware

macOS Wallet Stealer Uncovered: “Nova” Malware Replaces Ledger/Trezor Apps with Phishing Clones for Seed Theft

Do Son November 19, 2025 0

A new macOS stealer campaign—internally dubbed “Nova” by researchers—has been uncovered by reverse engineer Bruce, revealing a...

Read More Read more about macOS Wallet Stealer Uncovered: “Nova” Malware Replaces Ledger/Trezor Apps with Phishing Clones for Seed Theft

Iran APT SpearSpecter Uses Weeks-Long WhatsApp Lures and Fileless TAMECAT Backdoor to Hit Defense

• Cyber Security
• Malware

Iran APT SpearSpecter Uses Weeks-Long WhatsApp Lures and Fileless TAMECAT Backdoor to Hit Defense

Do Son November 18, 2025 0

Researchers from the Israel National Digital Agency (INDA) have revealed a highly sophisticated, ongoing cyber-espionage operation they...

Read More Read more about Iran APT SpearSpecter Uses Weeks-Long WhatsApp Lures and Fileless TAMECAT Backdoor to Hit Defense

Advanced macOS DigitStealer Targets M2+ Macs, Hijacking Ledger Live via JXA and DNS-Based C2

• Malware

Advanced macOS DigitStealer Targets M2+ Macs, Hijacking Ledger Live via JXA and DNS-Based C2

Do Son November 18, 2025 0

Jamf Threat Labs has uncovered a new macOS infostealer—named DigitStealer—that demonstrates an unusually high degree of sophistication,...

Read More Read more about Advanced macOS DigitStealer Targets M2+ Macs, Hijacking Ledger Live via JXA and DNS-Based C2

Unit 42 Uncovers Two Massive Global Malware Campaigns Delivering Gh0st RAT Through Large-Scale Software Impersonation

• Malware

Unit 42 Uncovers Two Massive Global Malware Campaigns Delivering Gh0st RAT Through Large-Scale Software Impersonation

Do Son November 18, 2025 0

Researchers at Palo Alto Networks Unit 42 have uncovered two expansive and interconnected malware campaigns active throughout...

Read More Read more about Unit 42 Uncovers Two Massive Global Malware Campaigns Delivering Gh0st RAT Through Large-Scale Software Impersonation

Amatera Stealer Campaign Uses ClickFix to Deploy Malware, Bypassing EDR by Patching AMSI in Memory

• Malware

Amatera Stealer Campaign Uses ClickFix to Deploy Malware, Bypassing EDR by Patching AMSI in Memory

Do Son November 18, 2025 0

eSentire’s Threat Response Unit (TRU) has uncovered a widespread malware operation leveraging a deceptive social-engineering technique known...

Read More Read more about Amatera Stealer Campaign Uses ClickFix to Deploy Malware, Bypassing EDR by Patching AMSI in Memory

Dragon Breath APT Deploys RoningLoader, Using Kernel Driver and PPL Abuse to Disable Windows Defender

• Cyber Security
• Malware

Dragon Breath APT Deploys RoningLoader, Using Kernel Driver and PPL Abuse to Disable Windows Defender

Do Son November 18, 2025 0

Elastic Security Labs has uncovered a highly sophisticated malware campaign led by the Dragon Breath APT group...

Read More Read more about Dragon Breath APT Deploys RoningLoader, Using Kernel Driver and PPL Abuse to Disable Windows Defender

CISA/Europol Warn: Akira Ransomware Profits Hit $244M, Group Expands to Encrypt Nutanix AHV VMs

• Malware

CISA/Europol Warn: Akira Ransomware Profits Hit $244M, Group Expands to Encrypt Nutanix AHV VMs

Do Son November 18, 2025 0

The United States Cybersecurity and Infrastructure Security Agency (CISA), alongside a coalition of global law-enforcement and cybersecurity...

Read More Read more about CISA/Europol Warn: Akira Ransomware Profits Hit $244M, Group Expands to Encrypt Nutanix AHV VMs