cryptomining Archives • Daily CyberSecurity

AI Honeypots Snare Decentralized Cryptominer Dropper P2P cryptominer malware threat Ollama endpoint attacks IoT Botnets DDoS Attacks

AI Honeypots Snare Decentralized Cryptominer Dropper

Do Son June 1, 2026

Security analysts recently discovered a sophisticated digital hazard targeting artificial intelligence environments. Specifically, the Akamai Security Intelligence...

Active Exploitation in the Wild: Critical Qinglong Bypasses Fuel Covert Cryptomining Campaign Qinglong Vulnerability Active Exploitation GhostGrab Hybrid Malware, Monero Mining

Qinglong Vulnerability Active Exploitation GhostGrab Hybrid Malware, Monero Mining

Active Exploitation in the Wild: Critical Qinglong Bypasses Fuel Covert Cryptomining Campaign

Do Son May 4, 2026

Security researchers at Snyk have issued a warning regarding active, in-the-wild exploitation of Qinglong (青龙), a widely...

Phorpiex’s New P2P Upgrade Makes This 15-Year-Old Botnet Unstoppable Phorpiex Botnet P2P Malware Resilience

Phorpiex’s New P2P Upgrade Makes This 15-Year-Old Botnet Unstoppable

Do Son April 8, 2026

In the fast-moving world of cybercrime, few names carry as much historical weight as Phorpiex. Also known...

The Crypto-Con: Unmasking the Multi-Layered “REF1695” Mining Operation CNB Bot Malware REF1695 Threat Actor

The Crypto-Con: Unmasking the Multi-Layered “REF1695” Mining Operation

Do Son April 7, 2026

Cybersecurity researchers have shed light on a sophisticated, financially motivated threat actor that has been quietly building...

Weaver E-cology RCE CVE-2026-22679 CVE-2026-20127 Cisco SD-WAN Exploitation AI-Driven Cyberattack ARXON Malware React Server Components Vulnerability CVE-2025-55182 FortiWeb Auth Bypass, Unauthenticated Admin Takeover RayInitiator Bootkit, LINE VIPER CVE-2025-59689 Department of the Treasury cybersecurity - CVE-2025-0108 PoC CVE-2025-31103 Dior Data Breach SK Telecom data breach, long-term intrusion

React Under Siege: Two IPs Drive 56% of Critical CVE-2025-55182 Attacks

Do Son February 4, 2026

Two months after the disclosure of a catastrophic vulnerability in React Server Components, the attack landscape has...

“SymPy” Imposter: Typosquatting Attack Turns Math Library into Crypto Miner sympy-dev Malware PyPI Supply Chain Attack

“SymPy” Imposter: Typosquatting Attack Turns Math Library into Crypto Miner

Do Son January 23, 2026

A deceptive new supply chain attack has been uncovered in the Python ecosystem, where a malicious package...

Stealth Cryptominer Uses USB LNK and DLL Side-Loading to Deploy “Smart Mining” Evasion USB LNK Cryptominer, Smart Mining Evasion

Stealth Cryptominer Uses USB LNK and DLL Side-Loading to Deploy “Smart Mining” Evasion

Do Son December 5, 2025

In an era dominated by cloud vulnerabilities and phishing emails, a classic threat vector has made a...

AI-Generated Malware Attacks 230,000 Exposed Ray AI Clusters in Massive ShadowRay 2.0 Botnet Campaign FortiClient EMS exploitation Cisco FIRESTARTER Backdoor Arcane Door Campaign Dell RecoverPoint Zero-Day UNC6201 Espionage Notepad++ Compromise Supply Chain Attack Magento SessionReaper CVE-2025-54236 ShadowRay 2.0, AI-Generated Malware WordPress Auth Bypass, CVE-2025-5947 Exploited EcoStruxure Vulnerabilities, Industrial Control System UNC5820 - CVE-2014-2120 - CVE-2021-44207

FortiClient EMS exploitation Cisco FIRESTARTER Backdoor Arcane Door Campaign Dell RecoverPoint Zero-Day UNC6201 Espionage Notepad++ Compromise Supply Chain Attack Magento SessionReaper CVE-2025-54236 ShadowRay 2.0, AI-Generated Malware WordPress Auth Bypass, CVE-2025-5947 Exploited EcoStruxure Vulnerabilities, Industrial Control System UNC5820 - CVE-2014-2120 - CVE-2021-44207

AI-Generated Malware Attacks 230,000 Exposed Ray AI Clusters in Massive ShadowRay 2.0 Botnet Campaign

Do Son November 19, 2025

Security researchers at Oligo Security have uncovered a massive, fast-evolving cyberattack campaign hijacking exposed Ray AI clusters...

Tangerine Turkey Cryptomining Worm Spreads Via USB Drives, Hides Payloads with VBScript and LOLBins Tangerine Turkey Cryptominer, VBScript Worm

Tangerine Turkey Cryptominer, VBScript Worm

Tangerine Turkey Cryptomining Worm Spreads Via USB Drives, Hides Payloads with VBScript and LOLBins

Do Son November 3, 2025

The Cybereason Security Services Team has exposed a stealthy, financially motivated campaign dubbed “Tangerine Turkey,” which uses...

shell-quote command injection AI-Driven Vulnerabilities Q1 2026 Cyber Threats vm2 Sandbox Escape Node.js RCE upKeeper Privilege Escalation CVE-2026-2449 Pharos Controls Vulnerability Root Access Exploit Cybersecurity Vulnerability Roundup CVSS 10.0 Flaws Shadow Archives CVE-2026-0866 MS-Agent Prompt Injection CVE-2026-2256 basic-ftp Path Traversal CVE-2026-27699 telnetd Root Vulnerability CVE-1999-0073 Regression USR-W610 Vulnerabilities End-of-Life IoT Security IceWarp Security Update IceWarp Vulnerabilities Airleader Master Vulnerability CVE-2026-1358 ZLAN5143D Vulnerability CISA ICS Advisory Acronis Cyber Protect Vulnerability CVE-2025-30411 WAGO 852 Vulnerability OT Network Security SandboxJS Vulnerability Sandbox Escape (CVSS 10.0) Kubernetes Local Path Provisioner CVE-2025-62878 CISA Unresponsive Vendors Avation & RISS Vulnerabilities KiloView Vulnerability CVE-2026-1453 OpenClaw RCE vulnerability Johnson Controls Vulnerability CVE-2025-26385 SandboxJS Vulnerability CVE-2026-23830 ibaPDA Vulnerability CVE-2025-14988 Protobuf Vulnerability CVE-2026-0994 AVEVA Process Optimization Vulnerability CVE-2025-61937 ConnectWise PSA Vulnerability CVE-2026-0695 Aruba VIA Vulnerability CVE-2025-37186 aiohttp v3.13.3, Denial of Service (DoS) SmarterMail RCE, CVE-2025-52691 Airoha RACE, Headphone Jacking HPE OneView RCE CVE-2025-37164 FreePBX Auth Bypass, PBX Takeover ScreenConnect Config Flaw, Untrusted Extensions Ruby SAML Auth Bypass, XML Parser Differential Devolutions SQL Injection, Password Manager Flaw Vivotek Unauthenticated RCE, EOL IP Camera Flaw Lynx+ Critical Flaw, Unauthenticated Reset Firebox Default Credentials, CVE-2025-59396 Veeder-Root RCE, Critical ATG Flaw ArcGIS Server SQLi Watchdoc RCE, CVE-2025-58384 Delta DIALink Daikin Security Gateway, authentication bypass Frostbyte10, industrial controller security SunPower, vulnerability Ubiquiti UniFi Connect, EV Station Vulnerabilities Adobe Experience Manager, RCE Vulnerability UniFi Access, Command Injection LDAPNightmare - CVE-2025-1316

Morte Botnet Unveiled: A Rapidly Growing Loader-as-a-Service Campaign Exploiting Routers and Enterprise Apps

Do Son September 29, 2025

Researchers at CloudSEK Threat Intelligence (TRIAD) have exposed a sophisticated botnet operation that systematically compromises SOHO routers,...

Luno: A “Self-Healing” Linux Botnet That Mines Crypto and Launches DDoS Attacks Luno botnet, Linux botnet

Luno: A “Self-Healing” Linux Botnet That Mines Crypto and Launches DDoS Attacks

Do Son September 11, 2025

Cyble Research and Intelligence Labs (CRIL) has discovered an active in-the-wild Linux botnet campaign dubbed “Luno,” which...

Beyond Cryptominers: A New Malware Strain Is Hijacking Exposed Docker APIs Docker malware, exposed APIs

Beyond Cryptominers: A New Malware Strain Is Hijacking Exposed Docker APIs

Do Son September 10, 2025

The Akamai Hunt Team has discovered a new strain of malware targeting exposed Docker APIs. Unlike earlier...

Mandiant Uncovers USB-Borne Malware Campaign Deploying Cryptocurrency Miners

Do Son August 21, 2025

Mandiant’s Managed Threat Defense team has released a detailed analysis of a rapidly spreading USB-based malware campaign...

The USB Threat Is Back: New Multi-Stage Cryptomining Attack Spreads via Infected Drives GuLoader Malware CloudEye Obfuscation npm, malware Ethereum, npm supply chain OAST techniques StilachiRAT macOS Malware PasivRobber

GuLoader Malware CloudEye Obfuscation npm, malware Ethereum, npm supply chain OAST techniques StilachiRAT macOS Malware PasivRobber

The USB Threat Is Back: New Multi-Stage Cryptomining Attack Spreads via Infected Drives

Do Son August 20, 2025

CyberProof’s MDR analysts have uncovered a multi-stage cryptomining attack delivered via infected USB devices, demonstrating the persistent...

Exposed JDWP Debug Ports Under Attack: Cryptominers Infiltrating Java Apps in Hours Exploit Jupyter Notebooks

Exposed JDWP Debug Ports Under Attack: Cryptominers Infiltrating Java Apps in Hours

Do Son July 4, 2025

The Wiz Research Team has uncovered a stealthy and rapidly executed exploitation chain leveraging a misconfigured Java...

Tor Meets Docker: Sophisticated Crypto-Mining Campaign Hijacks Misconfigured APIs

Do Son June 19, 2025

Trend Micro researchers have uncovered a stealthy new attack method that fuses misconfigured Docker remote APIs with...

AI Interface Hijacked: Open WebUI Exploited for Cryptominers and Stealthy AI Malware Seedworm Espionage Campaign 2026 ChromElevator Stealer DLL Sideloading SIM Swapping Crypto Theft Lazarus Comebacker, Aerospace Espionage Delete PlugX Malware

Seedworm Espionage Campaign 2026 ChromElevator Stealer DLL Sideloading SIM Swapping Crypto Theft Lazarus Comebacker, Aerospace Espionage Delete PlugX Malware

AI Interface Hijacked: Open WebUI Exploited for Cryptominers and Stealthy AI Malware

Do Son June 4, 2025

The Sysdig Threat Research Team (TRT) has uncovered a malicious campaign exploiting a misconfigured Open WebUI instance—an...

Docker Containers Under Attack: New Self-Replicating Dero Cryptominer Dero cryptominer, Docker container hack

Docker Containers Under Attack: New Self-Replicating Dero Cryptominer

Do Son May 22, 2025

Kaspersky Labs has uncovered a disturbing new malware campaign that turns exposed Docker containers into self-replicating Dero...

Malicious VSCode Extensions Caught Mining Crypto with XMRig VSCode extensions, cryptomining

Malicious VSCode Extensions Caught Mining Crypto with XMRig

Do Son April 9, 2025

Visual Studio Code, Microsoft’s open-source and freely available code editor, offers a marketplace for a vast array...

LemonDuck Exploits EternalBlue Vulnerability for Cryptomining Attacks

Do Son October 7, 2024

A recent report from security researchers at Aufa and NetbyteSEC Interns sheds light on the resurgence of...

Critical Alert 1 Active Exploit Detected Today