Malware Archives • Page 5 of 131 • Daily CyberSecurity

New PawsRunner Steganography Loader Evades EDR to Deploy PureLogs Infostealer

PawsRunner Steganography Loader PureLogs Infostealer Campaign

New PawsRunner Steganography Loader Evades EDR to Deploy PureLogs Infostealer

Do Son May 21, 2026

The use of steganography—the ancient art of hiding secret messages inside seemingly ordinary files—is experiencing a massive...

Bypassing MFA: Gremlin Stealer Evolves into Advanced Memory-Resident Session Hijacker Gremlin Stealer Unit 42 Session Hijacking Malware

Bypassing MFA: Gremlin Stealer Evolves into Advanced Memory-Resident Session Hijacker

Do Son May 21, 2026

Information stealers are no longer just basic, entry-level scripts designed to lift saved passwords from standard browser...

Ecosystem Poisoned: Mini Shai-Hulud Worm Hijacks @antv npm Packages to Target CI/CD Pipelines AntV npm Supply Chain Attack Mini Shai-Hulud npm Worm

AntV npm Supply Chain Attack Mini Shai-Hulud npm Worm

Ecosystem Poisoned: Mini Shai-Hulud Worm Hijacks @antv npm Packages to Target CI/CD Pipelines

Do Son May 21, 2026

A massive, fast-moving software supply chain attack has struck the global JavaScript development ecosystem. Over the past...

Secret Blizzard Transforms Kazuar into a Modular P2P Botnet Ecosystem Kazuar P2P Botnet Secret Blizzard Malware Evolution

Secret Blizzard Transforms Kazuar into a Modular P2P Botnet Ecosystem

Do Son May 20, 2026

The Russian state-sponsored cyber-espionage threat group widely known as Secret Blizzard is fundamentally rewriting its technical playbook....

Velvet Chollima Leaves Backend Keys Inside Critical GitLab Dead-Drop Malware Velvet Chollima GitLab Malware Tralert FX EV Certificate

Velvet Chollima Leaves Backend Keys Inside Critical GitLab Dead-Drop Malware

Do Son May 20, 2026

A routine investigation into a low-detection installer has blown the doors off a highly organized, financially motivated...

Kimsuky Core Upgrades Weaponize Rust Backdoors and VSCode Remote Tunneling Kimsuky HelloDoor Backdoor VSCode Tunneling Espionage

Kimsuky Core Upgrades Weaponize Rust Backdoors and VSCode Remote Tunneling

Do Son May 20, 2026

The prolific Korean-speaking threat actor known as Kimsuky is executing a major tactical evolution, incorporating modern programming...

Multi-Stage PyInstaller Loader Weaponizes AMSI Patching to Deploy XWorm RAT NATS-as-C2 Sysdig CVE-2026-33017 Langflow RCE Microsoft Phone Link Hijack CloudZ Pheno Plugin Insider Threat BlackCat (ALPHV) OFAC Sanctions DPRK IT Workers Transparent Tribe APT36 React2Shell, EtherRAT SideWinder Espionage, Netlify Phishing DDNS Abuse, C2 Infrastructure Hacking Health Club

NATS-as-C2 Sysdig CVE-2026-33017 Langflow RCE Microsoft Phone Link Hijack CloudZ Pheno Plugin Insider Threat BlackCat (ALPHV) OFAC Sanctions DPRK IT Workers Transparent Tribe APT36 React2Shell, EtherRAT SideWinder Espionage, Netlify Phishing DDNS Abuse, C2 Infrastructure Hacking Health Club

Multi-Stage PyInstaller Loader Weaponizes AMSI Patching to Deploy XWorm RAT

Do Son May 20, 2026

A comprehensive deep dive by the research team at Point Wild has laid bare the internal mechanics...

Unmasked Origin: Infamous “OrBit” Linux Rootkit Exposed as a Fork of Open-Source Medusa OrBit Linux Rootkit Medusa Userland LD_PRELOAD Hooking

Unmasked Origin: Infamous “OrBit” Linux Rootkit Exposed as a Fork of Open-Source Medusa

Do Son May 19, 2026

In July 2022, security researchers dropped the first analysis of OrBit, a sophisticated, then-undocumented Linux userland rootkit....

Chinese APT FamousSparrow Weaponizes Evolved Deed RAT Against Azerbaijani Energy Infrastructure FamousSparrow Deed RAT ProxyNotShell Exchange Exploitation

FamousSparrow Deed RAT ProxyNotShell Exchange Exploitation

Chinese APT FamousSparrow Weaponizes Evolved Deed RAT Against Azerbaijani Energy Infrastructure

Do Son May 19, 2026

A relentless cyber-espionage operation has targeted an Azerbaijani oil and gas company, demonstrating that advanced persistent threats...

Shai-Hulud Returns: Massive npm Supply Chain Attack Hijacks AntV Ecosystem to Scrape GitHub Runner Memory Mini Shai-Hulud npm Worm AntV Ecosystem Supply Chain Attack

Mini Shai-Hulud npm Worm AntV Ecosystem Supply Chain Attack

Shai-Hulud Returns: Massive npm Supply Chain Attack Hijacks AntV Ecosystem to Scrape GitHub Runner Memory

Do Son May 19, 2026

A massive and highly coordinated supply chain assault is currently ripping through the JavaScript developer ecosystem. Security...

TeamPCP Open-Sources “Shai-Hulud” AI Supply Chain Malware, Hitting NPM Fleet Shai-Hulud worm NPM supply chain attack

TeamPCP Open-Sources “Shai-Hulud” AI Supply Chain Malware, Hitting NPM Fleet

Do Son May 19, 2026

The threat collective recognized as TeamPCP, historically notorious for orchestrating supply chain incursions within the NPM ecosystem,...

Targeting 2 Million Developers: Malicious Nx Console Extension Hijacks VS Code Marketplace Nx Console Extension Supply Chain Attack VS Code Marketplace Malware 2026

Nx Console Extension Supply Chain Attack VS Code Marketplace Malware 2026

Targeting 2 Million Developers: Malicious Nx Console Extension Hijacks VS Code Marketplace

Do Son May 19, 2026

A brief but dangerous supply chain attack briefly hijacked the official Visual Studio Code marketplace, targeting over...

New “TencShell” Malware Weaponizes Open-Source Rshell via Third-Party Access TencShell Malware Rshell C2 Framework

New “TencShell” Malware Weaponizes Open-Source Rshell via Third-Party Access

Do Son May 18, 2026

Security researchers have exposed a highly stealthy attempted intrusion that weaponized an open-source framework into a potent...

CountLoader Malware Weaponizes EtherHiding to Deploy Stealth Crypto Clippers CountLoader Malware EtherHiding Crypto Clipper

CountLoader Malware Weaponizes EtherHiding to Deploy Stealth Crypto Clippers

Do Son May 18, 2026

A sprawling cybercriminal operation has been intercepted, but not before thousands of machines were quietly infected by...

Gamaredon Exploits WinRAR Path Traversal to Unleash GammaDrop Malware The Gentlemen Ransomware Leak Rocket Database RaaS

Gamaredon Exploits WinRAR Path Traversal to Unleash GammaDrop Malware

Do Son May 18, 2026

A new investigation has unmasked a relentless spearphishing campaign by the Russian-aligned threat actor Gamaredon, exposing their...

Paper Werewolf Unleashed: Custom Stealers and AI-Assisted Loaders Target Global Industrial Hubs Paper Werewolf Espionage PaperGrabber Malware

Paper Werewolf Espionage PaperGrabber Malware

Paper Werewolf Unleashed: Custom Stealers and AI-Assisted Loaders Target Global Industrial Hubs

Do Son May 15, 2026

A new wave of cyber espionage has been unleashed against Russian industrial, financial, and transport sectors, revealing...

Security Alert: Cemu Emulator Linux Releases Compromised via GitHub Backdoor (May 2026) Cemu emulator Linux malware Blitz Brigantine AOBackdoor GitHub Malware Campaign StealC Infostealer TamperedChef Malware, SEO Poisoning Carbanak malware RubyGems Supply Chain, Infostealer

Cemu emulator Linux malware Blitz Brigantine AOBackdoor GitHub Malware Campaign StealC Infostealer TamperedChef Malware, SEO Poisoning Carbanak malware RubyGems Supply Chain, Infostealer

Security Alert: Cemu Emulator Linux Releases Compromised via GitHub Backdoor (May 2026)

Do Son May 13, 2026

The renowned open-source Wii U emulator, Cemu, has promulgated a security bulletin detailing a sophisticated compromise of...

JDownloader Site Breach Installs Rootkits that Kill Your Antivirus Kali365 phishing platform EmEditor Supply Chain Attack, WALSHAM INVESTMENTS LIMITED EggStreme, fileless malware North Korea Cybercrime, Remote IT Job Fraud RedDelta APT

Kali365 phishing platform EmEditor Supply Chain Attack, WALSHAM INVESTMENTS LIMITED EggStreme, fileless malware North Korea Cybercrime, Remote IT Job Fraud RedDelta APT

JDownloader Site Breach Installs Rootkits that Kill Your Antivirus

Do Son May 13, 2026

In a sophisticated supply-chain attack, attackers compromised the official JDownloader website between May 6 and May 7,...

GemStuffer RubyGems Campaign RubyGems Data Exfiltration TanStack npm Compromise Supply Chain Attack DNS Hijacking APT28 (Fancy Bear) OpenVSX Supply Chain Attack Checkmarx Plugin Breach Stryker Cyberattack CISA Alert Trans-Regional Cyber Conflict Operation Epic Fury Cyber Operation MacroMaze APT28 Cyber Espionage Notepad++ Supply Chain Attack Lotus Blossom Group Defense Industrial Base Threats GTIG Report APT28 Operation Neusploit CVE-2026-21509 Bookworm Malware

GemStuffer: Attackers Weaponize RubyGems as a Covert Data Drop for UK Gov Scraping

Do Son May 13, 2026

Security researchers are sounding the alarm on a highly resourceful new campaign dubbed “GemStuffer.” Uncovered by Socket’s...

TrickMo’s Stealthy Upgrade: Android Banking Malware is Pivoting to The Open Network TrickMo banking trojan TON network malware

TrickMo’s Stealthy Upgrade: Android Banking Malware is Pivoting to The Open Network

Do Son May 12, 2026

Modern Android banking malware is undergoing a quiet, dangerous revolution. Rather than flashing new user-facing tricks, threat...