Malware Archives • Page 28 of 129 • Daily CyberSecurity

RedTiger Infostealer Weaponizes Python Red-Teaming Tool to Hack Discord Accounts and Steal Crypto Wallets RedTiger Discord Theft, Python Red-Teaming

RedTiger Discord Theft, Python Red-Teaming

RedTiger Infostealer Weaponizes Python Red-Teaming Tool to Hack Discord Accounts and Steal Crypto Wallets

Do Son October 28, 2025

Netskope Threat Labs has discovered a rapidly spreading Python-based infostealer dubbed RedTiger, which is being repurposed from...

NetSupport RAT Campaign Abuses ClickFix to Infect Hosts; 3 Threat Clusters Use RMM for Covert Access TAG-150 CastleLoader, ClickFix MaaS NetSupport RAT ClickFix, Multi-Cluster RMM

TAG-150 CastleLoader, ClickFix MaaS NetSupport RAT ClickFix, Multi-Cluster RMM

NetSupport RAT Campaign Abuses ClickFix to Infect Hosts; 3 Threat Clusters Use RMM for Covert Access

Do Son October 27, 2025

eSentire’s Threat Response Unit (TRU) has exposed a major wave of malicious campaigns abusing the NetSupport Manager...

Agenda Ransomware Bypasses EDR by Deploying Linux Binary on Windows via Splashtop; Steals Veeam Credentials ahost.exe DLL Sideloading Signed Application Abuse PS1Bot, malware ransomware attacks bill

ahost.exe DLL Sideloading Signed Application Abuse PS1Bot, malware ransomware attacks bill

Agenda Ransomware Bypasses EDR by Deploying Linux Binary on Windows via Splashtop; Steals Veeam Credentials

Do Son October 27, 2025

Trend Research has uncovered a highly sophisticated ransomware campaign by the Agenda group, also known as Qilin,...

YouTube Ghost Network Exposed: Coordinated Channels Spread Infostealer Malware via Game/Software Cracks

Do Son October 27, 2025

Check Point Research (CPR) has uncovered a sophisticated, large-scale malware distribution campaign on YouTube, dubbed the “YouTube...

Python RAT Disguised as Minecraft Client Uses Telegram Bot API for Cross-Platform Command & Control Python RAT Telegram, Minecraft Lure

Python RAT Disguised as Minecraft Client Uses Telegram Bot API for Cross-Platform Command & Control

Do Son October 27, 2025

Researchers from Netskope have uncovered a new cross-platform Python-based Remote Access Trojan (RAT) disguised as a popular...

Warlock Ransomware Hits US Firms Exploiting SharePoint Zero-Day, Linked to China’s CamoFei APT Warlock Ransomware, SharePoint Zero-Day

Warlock Ransomware Hits US Firms Exploiting SharePoint Zero-Day, Linked to China’s CamoFei APT

Do Son October 24, 2025

Researchers from Symantec and Carbon Black have published a detailed analysis of Warlock ransomware, a newly emerging...

PhantomCaptcha Spyware Targets Ukraine NGOs with Fake Cloudflare Lure to Deploy WebSocket RAT

Do Son October 24, 2025

Researchers from SentinelLABS, in collaboration with the Digital Security Lab of Ukraine, have exposed a coordinated spearphishing...

Pakistan-Linked TransparentTribe APT Deploys AI-Assisted DeskRAT Malware Against India’s BOSS Linux Systems

Do Son October 24, 2025

The Sekoia Threat Detection & Research (TDR) Team has identified a new wave of cyber espionage activity...

Symantec Exposes Chinese APT Overlap: Zingdoor, ShadowPad, and KrustyLoader Used in Global Espionage Chinese APT Overlap, Zingdoor ShadowPad

Symantec Exposes Chinese APT Overlap: Zingdoor, ShadowPad, and KrustyLoader Used in Global Espionage

Do Son October 23, 2025

Symantec’s investigation uncovered a complex web of interconnected Chinese espionage operations, with infrastructure and tooling overlapping multiple...

Socket Uncovers Malicious NuGet Typosquat “Netherеum.All” Exfiltrating Wallet Keys via Solana-Themed C2 NuGet Typosquat, Homoglyph Attack

Socket Uncovers Malicious NuGet Typosquat “Netherеum.All” Exfiltrating Wallet Keys via Solana-Themed C2

Do Son October 23, 2025

Researchers from Socket’s Threat Research Team have uncovered an active homoglyph typosquat on NuGet impersonating the widely...

Chinese Hackers Exploit Exposed ASP.NET Keys to Deploy TOLLBOOTH IIS Backdoor and Kernel Rootkit Mercenary Akula European Financial Targeting AI-Generated Malware React2Shell Exploit UAT-8837 Critical Infrastructure Attack APT36, BOSS Linux BRICKSTORM Malware, China Espionage Curly COMrades, MucorAgent Chinese APT - HTTP Client Tools Shuckworm Cyber Espionage

Mercenary Akula European Financial Targeting AI-Generated Malware React2Shell Exploit UAT-8837 Critical Infrastructure Attack APT36, BOSS Linux BRICKSTORM Malware, China Espionage Curly COMrades, MucorAgent Chinese APT - HTTP Client Tools Shuckworm Cyber Espionage

Chinese Hackers Exploit Exposed ASP.NET Keys to Deploy TOLLBOOTH IIS Backdoor and Kernel Rootkit

Do Son October 23, 2025

Researchers from Elastic Security Labs, in collaboration with Texas A&M University System (TAMUS) Cybersecurity, have uncovered a...

Iran-Linked MuddyWater Deploys Phoenix v4 Backdoor via Compromised Emails and NordVPN Exit Node

Do Son October 23, 2025

Researchers at Group-IB Threat Intelligence have uncovered a new global phishing and espionage campaign conducted by the...

Major Threat: Vidar Stealer v2.0 Bypasses Chrome AppBound Encryption with Multithreaded Memory Injection Vidar 2.0 AppBound Bypass, Multithreaded Stealer

Vidar 2.0 AppBound Bypass, Multithreaded Stealer

Major Threat: Vidar Stealer v2.0 Bypasses Chrome AppBound Encryption with Multithreaded Memory Injection

Do Son October 23, 2025

Researchers at Trend Micro have released an in-depth analysis of Vidar Stealer v2.0, a major overhaul of...

Lumma Infostealer MaaS Campaign Uses NSIS/AutoIt and MEGA Cloud to Steal Credentials via Pirated Software Lumma MaaS, NSIS AutoIt

Lumma Infostealer MaaS Campaign Uses NSIS/AutoIt and MEGA Cloud to Steal Credentials via Pirated Software

Do Son October 23, 2025

Researchers at the Genians Security Center (GSC) have uncovered an active Lumma Infostealer campaign leveraging AutoIt scripts,...

Spy vs. Spy: Mercenary Spyware Targets the Developers Who Build It Mercenary spyware, developer target Serbian Spyware

Spy vs. Spy: Mercenary Spyware Targets the Developers Who Build It

Do Son October 22, 2025

Developer Jay Gibson recently contacted TechCrunch to recount his experience of being targeted by a state-sponsored spyware...

PassiveNeuron Cyberespionage Resurfaces: APT Abuses MS SQL Servers to Deploy Stealthy Neursite Backdoor

Do Son October 22, 2025

Kaspersky researchers have uncovered new details about PassiveNeuron, a long-running cyberespionage campaign targeting government, financial, and industrial...

COLDRIVER APT Bounces Back: Deploys ‘ROBOT’ Malware Family Days After LOSTKEYS Exposure Malware development overview

COLDRIVER APT Bounces Back: Deploys ‘ROBOT’ Malware Family Days After LOSTKEYS Exposure

Do Son October 22, 2025

Google’s Threat Intelligence Group (GTIG) has uncovered a major post-exposure evolution in the operations of COLDRIVER—a Russian...

Warning: Xubuntu Website Compromised to Deliver Malware Xubuntu supply chain attack

Warning: Xubuntu Website Compromised to Deliver Malware

Do Son October 21, 2025

The official website of Xubuntu, a Linux distribution derived from Ubuntu, appears to have been compromised by...

shell-quote command injection AI-Driven Vulnerabilities Q1 2026 Cyber Threats vm2 Sandbox Escape Node.js RCE upKeeper Privilege Escalation CVE-2026-2449 Pharos Controls Vulnerability Root Access Exploit Cybersecurity Vulnerability Roundup CVSS 10.0 Flaws Shadow Archives CVE-2026-0866 MS-Agent Prompt Injection CVE-2026-2256 basic-ftp Path Traversal CVE-2026-27699 telnetd Root Vulnerability CVE-1999-0073 Regression USR-W610 Vulnerabilities End-of-Life IoT Security IceWarp Security Update IceWarp Vulnerabilities Airleader Master Vulnerability CVE-2026-1358 ZLAN5143D Vulnerability CISA ICS Advisory Acronis Cyber Protect Vulnerability CVE-2025-30411 WAGO 852 Vulnerability OT Network Security SandboxJS Vulnerability Sandbox Escape (CVSS 10.0) Kubernetes Local Path Provisioner CVE-2025-62878 CISA Unresponsive Vendors Avation & RISS Vulnerabilities KiloView Vulnerability CVE-2026-1453 OpenClaw RCE vulnerability Johnson Controls Vulnerability CVE-2025-26385 SandboxJS Vulnerability CVE-2026-23830 ibaPDA Vulnerability CVE-2025-14988 Protobuf Vulnerability CVE-2026-0994 AVEVA Process Optimization Vulnerability CVE-2025-61937 ConnectWise PSA Vulnerability CVE-2026-0695 Aruba VIA Vulnerability CVE-2025-37186 aiohttp v3.13.3, Denial of Service (DoS) SmarterMail RCE, CVE-2025-52691 Airoha RACE, Headphone Jacking HPE OneView RCE CVE-2025-37164 FreePBX Auth Bypass, PBX Takeover ScreenConnect Config Flaw, Untrusted Extensions Ruby SAML Auth Bypass, XML Parser Differential Devolutions SQL Injection, Password Manager Flaw Vivotek Unauthenticated RCE, EOL IP Camera Flaw Lynx+ Critical Flaw, Unauthenticated Reset Firebox Default Credentials, CVE-2025-59396 Veeder-Root RCE, Critical ATG Flaw ArcGIS Server SQLi Watchdoc RCE, CVE-2025-58384 Delta DIALink Daikin Security Gateway, authentication bypass Frostbyte10, industrial controller security SunPower, vulnerability Ubiquiti UniFi Connect, EV Station Vulnerabilities Adobe Experience Manager, RCE Vulnerability UniFi Access, Command Injection LDAPNightmare - CVE-2025-1316

GlassWorm Supply Chain Worm Uses Invisible Unicode and Solana Blockchain for Stealth C2

Do Son October 20, 2025

Cybersecurity researchers at Koi Security have discovered the world’s first self-propagating malware targeting VS Code extensions on...

SEQRITE Labs Uncovers “CAPI Backdoor” Campaign Targeting Russia’s Automobile and E-Commerce Sectors CAPI Banking Trojan, LNK Persistence

SEQRITE Labs Uncovers “CAPI Backdoor” Campaign Targeting Russia’s Automobile and E-Commerce Sectors

Do Son October 20, 2025

Researchers at SEQRITE Labs have uncovered a targeted spear-phishing campaign aimed at organizations in Russia’s automobile and...