Malware Archives • Page 31 of 131 • Daily CyberSecurity

Major Threat: Vidar Stealer v2.0 Bypasses Chrome AppBound Encryption with Multithreaded Memory Injection Vidar 2.0 AppBound Bypass, Multithreaded Stealer

Vidar 2.0 AppBound Bypass, Multithreaded Stealer

Major Threat: Vidar Stealer v2.0 Bypasses Chrome AppBound Encryption with Multithreaded Memory Injection

Do Son October 23, 2025

Researchers at Trend Micro have released an in-depth analysis of Vidar Stealer v2.0, a major overhaul of...

Lumma Infostealer MaaS Campaign Uses NSIS/AutoIt and MEGA Cloud to Steal Credentials via Pirated Software Lumma MaaS, NSIS AutoIt

Lumma Infostealer MaaS Campaign Uses NSIS/AutoIt and MEGA Cloud to Steal Credentials via Pirated Software

Do Son October 23, 2025

Researchers at the Genians Security Center (GSC) have uncovered an active Lumma Infostealer campaign leveraging AutoIt scripts,...

Spy vs. Spy: Mercenary Spyware Targets the Developers Who Build It Mercenary spyware, developer target Serbian Spyware

Spy vs. Spy: Mercenary Spyware Targets the Developers Who Build It

Do Son October 22, 2025

Developer Jay Gibson recently contacted TechCrunch to recount his experience of being targeted by a state-sponsored spyware...

PassiveNeuron Cyberespionage Resurfaces: APT Abuses MS SQL Servers to Deploy Stealthy Neursite Backdoor

Do Son October 22, 2025

Kaspersky researchers have uncovered new details about PassiveNeuron, a long-running cyberespionage campaign targeting government, financial, and industrial...

COLDRIVER APT Bounces Back: Deploys ‘ROBOT’ Malware Family Days After LOSTKEYS Exposure Malware development overview

COLDRIVER APT Bounces Back: Deploys ‘ROBOT’ Malware Family Days After LOSTKEYS Exposure

Do Son October 22, 2025

Google’s Threat Intelligence Group (GTIG) has uncovered a major post-exposure evolution in the operations of COLDRIVER—a Russian...

Warning: Xubuntu Website Compromised to Deliver Malware Xubuntu supply chain attack

Warning: Xubuntu Website Compromised to Deliver Malware

Do Son October 21, 2025

The official website of Xubuntu, a Linux distribution derived from Ubuntu, appears to have been compromised by...

shell-quote command injection AI-Driven Vulnerabilities Q1 2026 Cyber Threats vm2 Sandbox Escape Node.js RCE upKeeper Privilege Escalation CVE-2026-2449 Pharos Controls Vulnerability Root Access Exploit Cybersecurity Vulnerability Roundup CVSS 10.0 Flaws Shadow Archives CVE-2026-0866 MS-Agent Prompt Injection CVE-2026-2256 basic-ftp Path Traversal CVE-2026-27699 telnetd Root Vulnerability CVE-1999-0073 Regression USR-W610 Vulnerabilities End-of-Life IoT Security IceWarp Security Update IceWarp Vulnerabilities Airleader Master Vulnerability CVE-2026-1358 ZLAN5143D Vulnerability CISA ICS Advisory Acronis Cyber Protect Vulnerability CVE-2025-30411 WAGO 852 Vulnerability OT Network Security SandboxJS Vulnerability Sandbox Escape (CVSS 10.0) Kubernetes Local Path Provisioner CVE-2025-62878 CISA Unresponsive Vendors Avation & RISS Vulnerabilities KiloView Vulnerability CVE-2026-1453 OpenClaw RCE vulnerability Johnson Controls Vulnerability CVE-2025-26385 SandboxJS Vulnerability CVE-2026-23830 ibaPDA Vulnerability CVE-2025-14988 Protobuf Vulnerability CVE-2026-0994 AVEVA Process Optimization Vulnerability CVE-2025-61937 ConnectWise PSA Vulnerability CVE-2026-0695 Aruba VIA Vulnerability CVE-2025-37186 aiohttp v3.13.3, Denial of Service (DoS) SmarterMail RCE, CVE-2025-52691 Airoha RACE, Headphone Jacking HPE OneView RCE CVE-2025-37164 FreePBX Auth Bypass, PBX Takeover ScreenConnect Config Flaw, Untrusted Extensions Ruby SAML Auth Bypass, XML Parser Differential Devolutions SQL Injection, Password Manager Flaw Vivotek Unauthenticated RCE, EOL IP Camera Flaw Lynx+ Critical Flaw, Unauthenticated Reset Firebox Default Credentials, CVE-2025-59396 Veeder-Root RCE, Critical ATG Flaw ArcGIS Server SQLi Watchdoc RCE, CVE-2025-58384 Delta DIALink Daikin Security Gateway, authentication bypass Frostbyte10, industrial controller security SunPower, vulnerability Ubiquiti UniFi Connect, EV Station Vulnerabilities Adobe Experience Manager, RCE Vulnerability UniFi Access, Command Injection LDAPNightmare - CVE-2025-1316

GlassWorm Supply Chain Worm Uses Invisible Unicode and Solana Blockchain for Stealth C2

Do Son October 20, 2025

Cybersecurity researchers at Koi Security have discovered the world’s first self-propagating malware targeting VS Code extensions on...

SEQRITE Labs Uncovers “CAPI Backdoor” Campaign Targeting Russia’s Automobile and E-Commerce Sectors CAPI Banking Trojan, LNK Persistence

SEQRITE Labs Uncovers “CAPI Backdoor” Campaign Targeting Russia’s Automobile and E-Commerce Sectors

Do Son October 20, 2025

Researchers at SEQRITE Labs have uncovered a targeted spear-phishing campaign aimed at organizations in Russia’s automobile and...

UNC5142 Uses EtherHiding to Deploy Malware via BNB Smart Chain Smart Contracts UNC5142 EtherHiding, Resilient C2

UNC5142 Uses EtherHiding to Deploy Malware via BNB Smart Chain Smart Contracts

Do Son October 20, 2025

A new joint analysis by Mandiant Threat Defense and Google Threat Intelligence Group (GTIG) has exposed a...

FortiGuard Tracks HoldingHands Malware Shift: Cross-Regional APT Uses Task Scheduler Hijack to Evade Detection HoldingHands Rootkit, Cross-Regional APT

HoldingHands Rootkit, Cross-Regional APT

FortiGuard Tracks HoldingHands Malware Shift: Cross-Regional APT Uses Task Scheduler Hijack to Evade Detection

Do Son October 20, 2025

FortiGuard Labs has uncovered a sophisticated cross-regional campaign that has gradually expanded from China to Taiwan, Japan,...

North Korea’s WaterPlum APT Deploys Node.js OtterCandy RAT for Crypto Theft with Anti-Forensic Module North Korean Laptop Farm DPRK Insider Threat North Korea WMD Cyber Funding, Australia Sanctions Insider threat, North Korean hackers Kimsuky, cyber-espionage NPM Malware, North Korea Cyber-espionage North Korea, Remote IT Job Scam Laptop Farm - DriverEasy - Kimsuky Watering Hole Attack

North Korean Laptop Farm DPRK Insider Threat North Korea WMD Cyber Funding, Australia Sanctions Insider threat, North Korean hackers Kimsuky, cyber-espionage NPM Malware, North Korea Cyber-espionage North Korea, Remote IT Job Scam Laptop Farm - DriverEasy - Kimsuky Watering Hole Attack

North Korea’s WaterPlum APT Deploys Node.js OtterCandy RAT for Crypto Theft with Anti-Forensic Module

Do Son October 20, 2025

A new report from NTT Security Japan has spotlighted an evolved malware family known as OtterCandy, attributed...

North Korea’s UNC5342 APT Uses EtherHiding to Store Malware in Blockchain Smart Contracts for Stealthy C2 North Korea EtherHiding, Blockchain C2

North Korea’s UNC5342 APT Uses EtherHiding to Store Malware in Blockchain Smart Contracts for Stealthy C2

Do Son October 20, 2025

Google Threat Intelligence Group (GTIG) has uncovered a new campaign by the North Korean threat actor UNC5342,...

North Korea’s Famous Chollima APT Uses Trojanized Node.js App to Deploy OtterCookie RAT for Crypto Theft

Do Son October 17, 2025

A new report from Cisco Talos has exposed a malware campaign linked to Famous Chollima, a North...

Maverick Fileless Trojan Turns Infected Phones into WhatsApp Worms to Steal Banking and UPI Credentials

Do Son October 17, 2025

Researchers from Kaspersky’s Global Research and Analysis Team (GReAT) have uncovered a massive fileless malware campaign targeting...

Stealth Stealer: PhantomVAI Loader Uses Steganography in Images to Inject Katz Stealer and Evade Sandboxes

Do Son October 16, 2025

Researchers from Palo Alto Networks’ Unit 42 have uncovered a multi-stage phishing campaign delivering a new stealthy...

GhostBat RAT Android Malware Targets Indian Users with Fake RTO Apps and Telegram Bot C2 GhostBat RAT, RTO App Phishing

GhostBat RAT Android Malware Targets Indian Users with Fake RTO Apps and Telegram Bot C2

Do Son October 15, 2025

A new report from Cyble Research and Intelligence Labs (CRIL) has uncovered a sophisticated Android malware campaign...

Sekoia Exposes PolarEdge Backdoor: Custom mbedTLS C2 Compromising Cisco, QNAP, and Synology Devices PolarEdge TLS Backdoor, Custom C2

Sekoia Exposes PolarEdge Backdoor: Custom mbedTLS C2 Compromising Cisco, QNAP, and Synology Devices

Do Son October 15, 2025

Sekoia Threat Detection & Response (TDR) researchers have published an in-depth technical analysis of the PolarEdge Backdoor,...

SVG Smuggling: Fake Colombian Judicial Lure Deploys AsyncRAT via Malicious HTA File SVG Smuggling, AsyncRAT

SVG Smuggling: Fake Colombian Judicial Lure Deploys AsyncRAT via Malicious HTA File

Do Son October 14, 2025

Seqrite Threat Research Labs has uncovered a targeted phishing campaign in Spanish designed to trick Colombian users...

Stealth C2: Hackers Abuse Discord Webhooks for Covert Data Exfiltration in npm, PyPI, and RubyGems Supply Chain Attacks SolyxImmortal Malware Python Info-Stealer Discord Webhook C2, Supply Chain Abuse

SolyxImmortal Malware Python Info-Stealer Discord Webhook C2, Supply Chain Abuse

Stealth C2: Hackers Abuse Discord Webhooks for Covert Data Exfiltration in npm, PyPI, and RubyGems Supply Chain Attacks

Do Son October 14, 2025

The Socket Threat Research Team has uncovered a growing trend among malicious package developers: leveraging Discord webhooks...

Astaroth Malware Uses Steganography in GitHub Images for Covert C2 Backup and Brazilian Bank Theft Astaroth GitHub C2, Steganography

Astaroth Malware Uses Steganography in GitHub Images for Covert C2 Backup and Brazilian Bank Theft

Do Son October 14, 2025

The McAfee Threat Research team has uncovered a new and sophisticated Astaroth malware campaign — using GitHub...