malware Archives • Page 9 of 28 • Daily CyberSecurity

Fake AI Ad Tool “Madgicx Plus” Hijacks Meta Advertiser Accounts LokiBot Steganography, .NET Loader PlugX malware YiBackdoor, ransomware

Fake AI Ad Tool “Madgicx Plus” Hijacks Meta Advertiser Accounts

Do Son September 11, 2025

Cybereason Security Services has uncovered a malicious Chrome extension campaign targeting Meta (Facebook and Instagram) advertisers. Branded...

Luno: A “Self-Healing” Linux Botnet That Mines Crypto and Launches DDoS Attacks Luno botnet, Linux botnet

Luno: A “Self-Healing” Linux Botnet That Mines Crypto and Launches DDoS Attacks

Do Son September 11, 2025

Cyble Research and Intelligence Labs (CRIL) has discovered an active in-the-wild Linux botnet campaign dubbed “Luno,” which...

GONEPOSTAL: New Outlook Backdoor by Russia’s APT28 Uses Email for C2 APT28, GONEPOSTAL

GONEPOSTAL: New Outlook Backdoor by Russia’s APT28 Uses Email for C2

Do Son September 10, 2025

Kroll has identified a new espionage campaign attributed to Russia’s APT28 (Fancy Bear), involving a custom Outlook...

APT37 Expands Arsenal with Rustonotto Backdoor, PowerShell Chinotto, and FadeStealer North Korean Laptop Farm DPRK Insider Threat North Korea WMD Cyber Funding, Australia Sanctions Insider threat, North Korean hackers Kimsuky, cyber-espionage NPM Malware, North Korea Cyber-espionage North Korea, Remote IT Job Scam Laptop Farm - DriverEasy - Kimsuky Watering Hole Attack

North Korean Laptop Farm DPRK Insider Threat North Korea WMD Cyber Funding, Australia Sanctions Insider threat, North Korean hackers Kimsuky, cyber-espionage NPM Malware, North Korea Cyber-espionage North Korea, Remote IT Job Scam Laptop Farm - DriverEasy - Kimsuky Watering Hole Attack

APT37 Expands Arsenal with Rustonotto Backdoor, PowerShell Chinotto, and FadeStealer

Do Son September 10, 2025

Zscaler ThreatLabz has uncovered new details about North Korean-aligned threat actor APT37 (also known as ScarCruft, Ruby...

Malicious npm Packages Impersonate Flashbots SDKs to Steal Ethereum Wallet Credentials Ethereum, npm supply chain

Malicious npm Packages Impersonate Flashbots SDKs to Steal Ethereum Wallet Credentials

Do Son September 9, 2025

Socket’s Threat Research Team has uncovered a coordinated supply chain attack targeting the Ethereum ecosystem through four...

From CastleLoader to CastleRAT: TAG-150’s Multi-Tiered Cyber Arsenal Expands AccountDumpling Phishing Google AppSheet Abuse AI-Generated Malware PureRAT Campaign RondoDoX Botnet, Next.js React2Shell EchoGather, Paper Werewolf Salt Typhoon, Telecom Espionage BreachForums, Conor Fitzpatrick Ransomware Negotiation, DOJ Investigation MirrorFace group - Earth Kasha Emperor Dragonfly

AccountDumpling Phishing Google AppSheet Abuse AI-Generated Malware PureRAT Campaign RondoDoX Botnet, Next.js React2Shell EchoGather, Paper Werewolf Salt Typhoon, Telecom Espionage BreachForums, Conor Fitzpatrick Ransomware Negotiation, DOJ Investigation MirrorFace group - Earth Kasha Emperor Dragonfly

From CastleLoader to CastleRAT: TAG-150’s Multi-Tiered Cyber Arsenal Expands

Do Son September 9, 2025

Security researchers at Insikt Group have uncovered a major advancement in the operations of a newly designated...

NightshadeC2: A New Botnet Is Using “UAC Prompt Bombing” to Bypass Windows Defender NightshadeC2, UAC Prompt Bombing

NightshadeC2: A New Botnet Is Using “UAC Prompt Bombing” to Bypass Windows Defender

Do Son September 8, 2025

Recently, the eSentire Threat Response Unit (TRU) identified a new botnet family dubbed NightshadeC2, deployed through a...

Google to Restrict Android Sideloading in New Security Push Android Zero-Click RCE CVE-2026-0073 Android sideloading CVE-2024-43096, CVE-2024-43770, CVE-2024-43771, CVE-2024-49747 and, CVE-2024-49748

Android Zero-Click RCE CVE-2026-0073 Android sideloading CVE-2024-43096, CVE-2024-43770, CVE-2024-43771, CVE-2024-49747 and, CVE-2024-49748

Google to Restrict Android Sideloading in New Security Push

Do Son September 8, 2025

Google recently announced that beginning in 2026, application developers will gradually be required to undergo identity verification,...

Acronis TRU Uncovers Surge in ScreenConnect Abuse with Dual-RAT Deployment Kali365 phishing platform EmEditor Supply Chain Attack, WALSHAM INVESTMENTS LIMITED EggStreme, fileless malware North Korea Cybercrime, Remote IT Job Fraud RedDelta APT

Kali365 phishing platform EmEditor Supply Chain Attack, WALSHAM INVESTMENTS LIMITED EggStreme, fileless malware North Korea Cybercrime, Remote IT Job Fraud RedDelta APT

Acronis TRU Uncovers Surge in ScreenConnect Abuse with Dual-RAT Deployment

Do Son September 5, 2025

The Acronis Threat Research Unit (TRU) has released new findings on an evolving cyber campaign that abuses...

Beyond Simple Scripts: A New XWorm Campaign Uses Multi-Stage Stealth Caminho LSB Steganography, Loader-as-a-Service 2023 Threat Report

Beyond Simple Scripts: A New XWorm Campaign Uses Multi-Stage Stealth

Do Son September 5, 2025

Researchers at the Trellix Advanced Research Center have identified a sophisticated new campaign leveraging the XWorm backdoor,...

NotDoor: A New Backdoor by Russia’s APT28 Is Hiding in Microsoft Outlook Macros APT28, NotDoor

NotDoor: A New Backdoor by Russia’s APT28 Is Hiding in Microsoft Outlook Macros

Do Son September 5, 2025

The intelligence team at LAB52 (S2 Grupo) has uncovered a sophisticated new backdoor campaign attributed to APT28,...

Stealerium: How an Open-Source Infostealer Is Being Used in Phishing Campaigns Stealerium, infostealer

Stealerium: How an Open-Source Infostealer Is Being Used in Phishing Campaigns

Do Son September 4, 2025

Proofpoint threat researchers have uncovered a surge in campaigns distributing Stealerium-based malware, an open-source infostealer first released...

Crypto as a Weapon: Malicious npm Packages Use Ethereum Smart Contracts for C2 GuLoader Malware CloudEye Obfuscation npm, malware Ethereum, npm supply chain OAST techniques StilachiRAT macOS Malware PasivRobber

GuLoader Malware CloudEye Obfuscation npm, malware Ethereum, npm supply chain OAST techniques StilachiRAT macOS Malware PasivRobber

Crypto as a Weapon: Malicious npm Packages Use Ethereum Smart Contracts for C2

Do Son September 4, 2025

Researchers from ReversingLabs have discovered two malicious npm packages leveraging Ethereum smart contracts to conceal and deliver...

DireWolf: The New Ransomware Group Targeting Global Businesses DireWolf execution flow

DireWolf: The New Ransomware Group Targeting Global Businesses

Do Son September 4, 2025

The DireWolf ransomware group, first emerging in May 2025, has rapidly evolved into a formidable cyber threat...

Why Antivirus Software Flags Your Linux ISO as Malware Linux Kernel legacy driver removal Linux kernel x86 page fault, interrupt state asymmetry fix Linux ISO, false positive CVE-2023-6200 - Linux Kernel 6.12 LTS 6.14

Linux Kernel legacy driver removal Linux kernel x86 page fault, interrupt state asymmetry fix Linux ISO, false positive CVE-2023-6200 - Linux Kernel 6.12 LTS 6.14

Why Antivirus Software Flags Your Linux ISO as Malware

Do Son September 2, 2025

The website DistroWatch, known for its coverage of Linux-related developments, has recently highlighted an issue encountered by...

Beyond ClickFix: A New Attack Abuses Windows Search to Deliver MetaStealer ChaCha20 Cipher

Beyond ClickFix: A New Attack Abuses Windows Search to Deliver MetaStealer

Do Son September 2, 2025

For over a year, Huntress researchers have been tracking the rise of ClickFix attacks, a form of...

AI Waifu RAT: A New Malware Masquerades as an AI Assistant to Hijack Your PC AI Waifu RAT, social engineering

AI Waifu RAT: A New Malware Masquerades as an AI Assistant to Hijack Your PC

Do Son September 2, 2025

Security researcher Ryingo has released a detailed analysis of a new malware strain dubbed the “AI Waifu...

Beyond Phishing: Iranian-Aligned Group Abuses Omani Mailbox to Spy on Diplomats Iranian-aligned, spear-phishing

Beyond Phishing: Iranian-Aligned Group Abuses Omani Mailbox to Spy on Diplomats

Do Son September 2, 2025

Recently, researchers at Dream’s Threat Intelligence Team uncovered a sophisticated spear-phishing campaign that leveraged a compromised mailbox...

TAOTH Campaign: Hijacked Software Updates Are Spreading Malware Across Asia Iranian Cyber Reconnaissance IP Camera Security NCSC Warning Russian Hacktivists Taiwan Cyberattacks China State-Sponsored Hacking state-sponsored threat actor Ransomware RAT Abuse, AnyDesk

Iranian Cyber Reconnaissance IP Camera Security NCSC Warning Russian Hacktivists Taiwan Cyberattacks China State-Sponsored Hacking state-sponsored threat actor Ransomware RAT Abuse, AnyDesk

TAOTH Campaign: Hijacked Software Updates Are Spreading Malware Across Asia

Do Son September 1, 2025

Trend Micro researchers have detailed a sophisticated cyber-espionage operation, dubbed TAOTH, which leverages hijacked software updates and...

A Dangerous Loophole in the VS Code Marketplace Is Allowing Malicious Extensions libheif Vulnerability CVE-2025-65586 Trend Micro RCE CVE-2025-69258 SessionReaper CVE-2025-54236 VS Code Marketplace, supply chain attack npm Supply Chain, Toptal Compromise Ruckus AP Vulnerability

libheif Vulnerability CVE-2025-65586 Trend Micro RCE CVE-2025-69258 SessionReaper CVE-2025-54236 VS Code Marketplace, supply chain attack npm Supply Chain, Toptal Compromise Ruckus AP Vulnerability

A Dangerous Loophole in the VS Code Marketplace Is Allowing Malicious Extensions

Do Son September 1, 2025

ReversingLabs researchers have uncovered a dangerous loophole in the Visual Studio Code (VS Code) Marketplace that allows...