Malware Archives • Page 32 of 131 • Daily CyberSecurity

New Stealit Infostealer Abuses Node.js SEA Feature and Telegram C2 in Malware-as-a-Service Campaign Stealit Node.js SEA, Telegram C2

New Stealit Infostealer Abuses Node.js SEA Feature and Telegram C2 in Malware-as-a-Service Campaign

Do Son October 13, 2025

FortiGuard Labs has identified a new and active Stealit malware campaign that abuses the Node.js Single Executable...

Massive RDP Botnet Unleashed: 100,000+ IPs in Coordinated Global Scanning Campaign Targeting US RDP Botnet, Coordinated Scanning CVE-2024-21888 & CVE-2024-21893

RDP Botnet, Coordinated Scanning CVE-2024-21888 & CVE-2024-21893

Massive RDP Botnet Unleashed: 100,000+ IPs in Coordinated Global Scanning Campaign Targeting US

Do Son October 13, 2025

GreyNoise Intelligence has issued an alert about a massive coordinated botnet operation targeting Remote Desktop Protocol (RDP)...

New Rust Backdoor ChaosBot Uses Discord as Covert C2 Channel to Target Financial Services ChaosBot Discord C2, Rust Backdoor

New Rust Backdoor ChaosBot Uses Discord as Covert C2 Channel to Target Financial Services

Do Son October 13, 2025

The eSentire Threat Response Unit (TRU) identified a new Rust-based backdoor—dubbed ChaosBot—deployed inside a financial services organization’s...

Akira Ransomware Revives SonicWall Flaw CVE-2024-40766, Uses ‘UnPAC the Hash’ to Breach Networks

Do Son October 13, 2025

Between July and August 2025, global security teams have observed a resurgence in Akira ransomware incidents targeting...

North Korean APT “Contagious Interview” Floods npm Registry with 338 Malicious Packages to Steal Crypto North Korean Laptop Farm DPRK Insider Threat North Korea WMD Cyber Funding, Australia Sanctions Insider threat, North Korean hackers Kimsuky, cyber-espionage NPM Malware, North Korea Cyber-espionage North Korea, Remote IT Job Scam Laptop Farm - DriverEasy - Kimsuky Watering Hole Attack

North Korean Laptop Farm DPRK Insider Threat North Korea WMD Cyber Funding, Australia Sanctions Insider threat, North Korean hackers Kimsuky, cyber-espionage NPM Malware, North Korea Cyber-espionage North Korea, Remote IT Job Scam Laptop Farm - DriverEasy - Kimsuky Watering Hole Attack

North Korean APT “Contagious Interview” Floods npm Registry with 338 Malicious Packages to Steal Crypto

Do Son October 11, 2025

The Socket Threat Research Team has sounded the alarm on an escalating wave of malicious npm activity...

RondoDox Botnet Unleashed: New Malware Uses ‘Exploit Shotgun’ to Target 50+ Router and IoT Flaws AdaptixC2 Abuse, Russian Cybercrime RondoDox Botnet, Exploit Shotgun China Cyber Power, Red Hackers Nvidia cyberattack

AdaptixC2 Abuse, Russian Cybercrime RondoDox Botnet, Exploit Shotgun China Cyber Power, Red Hackers Nvidia cyberattack

RondoDox Botnet Unleashed: New Malware Uses ‘Exploit Shotgun’ to Target 50+ Router and IoT Flaws

Do Son October 10, 2025

Trend Micro has uncovered a rapidly expanding botnet campaign dubbed RondoDox, which is targeting a wide spectrum...

Chaos Ransomware Evolves to C++, Uses Destructive Extortion to Delete Large Files and Hijack Bitcoin Clipboard Chaos-C++ Ransomware, Destructive Extortion

Chaos-C++ Ransomware, Destructive Extortion

Chaos Ransomware Evolves to C++, Uses Destructive Extortion to Delete Large Files and Hijack Bitcoin Clipboard

Do Son October 9, 2025

FortiGuard Labs has identified a new, highly destructive variant of the Chaos ransomware, marking a major shift...

Mustang Panda APT Uses Hidden DLL and EnumFontsW to Launch Stealthy Tibet-Themed Campaign axios Supply Chain Attack WAVESHAPER.V2 SnappyBee Malware Salt Typhoon Stately Taurus ScoringMathTea RAT, Lazarus Reflective DLL

axios Supply Chain Attack WAVESHAPER.V2 SnappyBee Malware Salt Typhoon Stately Taurus ScoringMathTea RAT, Lazarus Reflective DLL

Mustang Panda APT Uses Hidden DLL and EnumFontsW to Launch Stealthy Tibet-Themed Campaign

Do Son October 8, 2025

A new phishing campaign analyzed by malware researcher 0x0d4y has uncovered fresh insights into Mustang Panda’s evolving...

New Shuyal Stealer Malware Targets 19 Browsers, Disables Windows Task Manager for Stealth Shuyal Stealer, Task Manager Evasion

New Shuyal Stealer Malware Targets 19 Browsers, Disables Windows Task Manager for Stealth

Do Son October 8, 2025

Security researchers at Point Wild have uncovered a new information-stealing malware dubbed Shuyal Stealer, which pushes the...

New Yurei Ransomware Emerges: Go-Based Variant Uses Advanced Anti-Forensics for Irreversible Double Extortion Yurei Ransomware, Double Extortion

New Yurei Ransomware Emerges: Go-Based Variant Uses Advanced Anti-Forensics for Irreversible Double Extortion

Do Son October 7, 2025

A new ransomware variant known as Yurei Ransomware has emerged, and according to researchers from CYFIRMA, it...

TamperedChef Malware: Fake PDF Editor Stole Credentials After Two Months of Covert Operation TamperedChef, Malvertising

TamperedChef Malware: Fake PDF Editor Stole Credentials After Two Months of Covert Operation

Do Son October 6, 2025

Cybersecurity researchers at WithSecure’s Strategic Threat Intelligence & Research Group (STINGR) have uncovered a highly sophisticated malware...

XWorm V6.0 Resurfaces: Modular RAT Returns with Ransomware Plugin and Advanced Evasion AccountDumpling Phishing Google AppSheet Abuse AI-Generated Malware PureRAT Campaign RondoDoX Botnet, Next.js React2Shell EchoGather, Paper Werewolf Salt Typhoon, Telecom Espionage BreachForums, Conor Fitzpatrick Ransomware Negotiation, DOJ Investigation MirrorFace group - Earth Kasha Emperor Dragonfly

AccountDumpling Phishing Google AppSheet Abuse AI-Generated Malware PureRAT Campaign RondoDoX Botnet, Next.js React2Shell EchoGather, Paper Werewolf Salt Typhoon, Telecom Espionage BreachForums, Conor Fitzpatrick Ransomware Negotiation, DOJ Investigation MirrorFace group - Earth Kasha Emperor Dragonfly

XWorm V6.0 Resurfaces: Modular RAT Returns with Ransomware Plugin and Advanced Evasion

Do Son October 4, 2025

The latest analysis from Trellix ARC reveals the unexpected return of XWorm, a notorious Remote Access Trojan...

Cavalry Werewolf APT Targets Russian Agencies with FoalShell and Telegram C2 FBI email system hack

Cavalry Werewolf APT Targets Russian Agencies with FoalShell and Telegram C2

Do Son October 3, 2025

The threat actor known as Cavalry Werewolf has been observed ramping up its operations between May and...

WARMCOOKIE Resurfaces After Takedown: New Variant Adds Stealth Handlers, Uses Expired C2 Certificates Kali365 phishing platform EmEditor Supply Chain Attack, WALSHAM INVESTMENTS LIMITED EggStreme, fileless malware North Korea Cybercrime, Remote IT Job Fraud RedDelta APT

Kali365 phishing platform EmEditor Supply Chain Attack, WALSHAM INVESTMENTS LIMITED EggStreme, fileless malware North Korea Cybercrime, Remote IT Job Fraud RedDelta APT

WARMCOOKIE Resurfaces After Takedown: New Variant Adds Stealth Handlers, Uses Expired C2 Certificates

Do Son October 3, 2025

The WARMCOOKIE backdoor has resurfaced with new features, expanded infrastructure, and updated delivery mechanisms, according to a...

Rhadamanthys Stealer v0.9.2 Drops: New PNG Payloads and Anti-Analysis Tricks Make Malware Deadlier AI Fraud Schemes TAMECAT Malware APT42 Espionage

AI Fraud Schemes TAMECAT Malware APT42 Espionage

Rhadamanthys Stealer v0.9.2 Drops: New PNG Payloads and Anti-Analysis Tricks Make Malware Deadlier

Do Son October 2, 2025

The notorious Rhadamanthys stealer, first released in 2022, has returned with a powerful new update that underscores...

Backdoor Disguised as SOCKS5 Proxy: Malicious PyPI Package SoopSocks Grants Root Access WHILL Wheelchair Hijacking, CVE-2025-14346 MAS typosquatting malware, get.activate.win vs get.activated.win OpenShift GitOps RCE, Cluster Takeover Flaw Twonky Server, CVE-2025-13315 AI agents CVE-2024-52875 PoC

WHILL Wheelchair Hijacking, CVE-2025-14346 MAS typosquatting malware, get.activate.win vs get.activated.win OpenShift GitOps RCE, Cluster Takeover Flaw Twonky Server, CVE-2025-13315 AI agents CVE-2024-52875 PoC

Backdoor Disguised as SOCKS5 Proxy: Malicious PyPI Package SoopSocks Grants Root Access

Do Son October 1, 2025

The security of the open-source software supply chain was once again tested when JFrog’s security research team...

Klopatra: New Android RAT Uses Hidden VNC and Commercial Obfuscation to Hijack European Banking Accounts Android zero day flaw June 2026 security bulletin RuTaxi Trojan Android Banking Malware Pixel 9 zero-click exploit, Dolby UDC vulnerability CVE-2025-54957 NexusRoute Android RAT, India E-Challan Phishing ClayRat Self-Defense, Android Accessibility Abuse Android Trojan, AntiDot Android Malware "BadPack"

Android zero day flaw June 2026 security bulletin RuTaxi Trojan Android Banking Malware Pixel 9 zero-click exploit, Dolby UDC vulnerability CVE-2025-54957 NexusRoute Android RAT, India E-Challan Phishing ClayRat Self-Defense, Android Accessibility Abuse Android Trojan, AntiDot Android Malware "BadPack"

Klopatra: New Android RAT Uses Hidden VNC and Commercial Obfuscation to Hijack European Banking Accounts

Do Son October 1, 2025

Cleafy’s Threat Intelligence team uncovered a new and highly sophisticated Android Remote Access Trojan (RAT) named Klopatra....

Datzbro Trojan: Spyware-Banking Malware Hijacks Seniors’ Devices with Fake Facebook Lures Datzbro Android Trojan, Senior Scam

Datzbro Trojan: Spyware-Banking Malware Hijacks Seniors’ Devices with Fake Facebook Lures

Do Son October 1, 2025

ThreatFabric researchers uncovered a sophisticated scam campaign that weaponizes social engineering and mobile malware to exploit one...

Weaver E-cology RCE CVE-2026-22679 CVE-2026-20127 Cisco SD-WAN Exploitation AI-Driven Cyberattack ARXON Malware React Server Components Vulnerability CVE-2025-55182 FortiWeb Auth Bypass, Unauthenticated Admin Takeover RayInitiator Bootkit, LINE VIPER CVE-2025-59689 Department of the Treasury cybersecurity - CVE-2025-0108 PoC CVE-2025-31103 Dior Data Breach SK Telecom data breach, long-term intrusion

NCSC Exposes Advanced Bootkit: RayInitiator and LINE VIPER Malware Found on Cisco ASA Devices

Do Son September 30, 2025

The UK’s National Cyber Security Centre (NCSC) has released a detailed malware analysis report exposing RayInitiator and...

Acreed: The New Infostealer Using BNB Smart Chain and Steam Profiles for Stealthy C2 Acreed Infostealer, BNB Smart Chain CVE-2023-20269 exploit

Acreed: The New Infostealer Using BNB Smart Chain and Steam Profiles for Stealthy C2

Do Son September 30, 2025

The cybercriminal underground is witnessing a dramatic shift with the emergence of Acreed, a new infostealer that...