XMRig Archives • Daily CyberSecurity

Sophisticated SilentCryptoMiner Variant Delivered via Fake Plugin Overlays Miner-and-RAT

Sophisticated SilentCryptoMiner Variant Delivered via Fake Plugin Overlays

Do Son June 2, 2026

Cybercriminals are currently deploying a dangerous SilentCryptoMiner variant across high-traffic digital entertainment platforms. Specifically, an incident response...

AI Honeypots Snare Decentralized Cryptominer Dropper P2P cryptominer malware threat Ollama endpoint attacks IoT Botnets DDoS Attacks

AI Honeypots Snare Decentralized Cryptominer Dropper

Do Son June 1, 2026

Security analysts recently discovered a sophisticated digital hazard targeting artificial intelligence environments. Specifically, the Akamai Security Intelligence...

RondoDox Botnet Hijacks Everything from IoT to Fortnite RondoDox Botnet Nanomite Anti-Debugging

RondoDox Botnet Hijacks Everything from IoT to Fortnite

Do Son April 21, 2026

A new deep-dive analysis from BitSight has unmasked the RondoDox Botnet, a sophisticated and rapidly evolving threat...

The Crypto-Con: Unmasking the Multi-Layered “REF1695” Mining Operation CNB Bot Malware REF1695 Threat Actor

The Crypto-Con: Unmasking the Multi-Layered “REF1695” Mining Operation

Do Son April 7, 2026

Cybersecurity researchers have shed light on a sophisticated, financially motivated threat actor that has been quietly building...

The 25-Second Heist: Inside FAUX#ELEVATE’s “Inflated” Phishing Attack on French Corporations FAUX#ELEVATE Living-off-the-Land Attack

The 25-Second Heist: Inside FAUX#ELEVATE’s “Inflated” Phishing Attack on French Corporations

Do Son March 31, 2026

Cybersecurity researchers at Securonix have detailed the curtain on a sophisticated new threat campaign dubbed FAUX#ELEVATE. The...

The Rise of Vibecoding: AI-Generated Malware Exploits React2Shell Mercenary Akula European Financial Targeting AI-Generated Malware React2Shell Exploit UAT-8837 Critical Infrastructure Attack APT36, BOSS Linux BRICKSTORM Malware, China Espionage Curly COMrades, MucorAgent Chinese APT - HTTP Client Tools Shuckworm Cyber Espionage

Mercenary Akula European Financial Targeting AI-Generated Malware React2Shell Exploit UAT-8837 Critical Infrastructure Attack APT36, BOSS Linux BRICKSTORM Malware, China Espionage Curly COMrades, MucorAgent Chinese APT - HTTP Client Tools Shuckworm Cyber Espionage

The Rise of Vibecoding: AI-Generated Malware Exploits React2Shell

Do Son February 12, 2026

A new class of cyberattack has been caught in the wild, one where the code isn’t written...

“SymPy” Imposter: Typosquatting Attack Turns Math Library into Crypto Miner sympy-dev Malware PyPI Supply Chain Attack

“SymPy” Imposter: Typosquatting Attack Turns Math Library into Crypto Miner

Do Son January 23, 2026

A deceptive new supply chain attack has been uncovered in the Python ecosystem, where a malicious package...

“RondoDoX” Strikes Back: Exposed Logs Reveal Massive 9-Month Campaign Targeting Next.js and IoT AccountDumpling Phishing Google AppSheet Abuse AI-Generated Malware PureRAT Campaign RondoDoX Botnet, Next.js React2Shell EchoGather, Paper Werewolf Salt Typhoon, Telecom Espionage BreachForums, Conor Fitzpatrick Ransomware Negotiation, DOJ Investigation MirrorFace group - Earth Kasha Emperor Dragonfly

AccountDumpling Phishing Google AppSheet Abuse AI-Generated Malware PureRAT Campaign RondoDoX Botnet, Next.js React2Shell EchoGather, Paper Werewolf Salt Typhoon, Telecom Espionage BreachForums, Conor Fitzpatrick Ransomware Negotiation, DOJ Investigation MirrorFace group - Earth Kasha Emperor Dragonfly

“RondoDoX” Strikes Back: Exposed Logs Reveal Massive 9-Month Campaign Targeting Next.js and IoT

Do Son December 31, 2025

The RondoDoX botnet has resurfaced with a potent new arsenal, shifting its sights from simple routers to...

Stealth Cryptominer Uses USB LNK and DLL Side-Loading to Deploy “Smart Mining” Evasion USB LNK Cryptominer, Smart Mining Evasion

Stealth Cryptominer Uses USB LNK and DLL Side-Loading to Deploy “Smart Mining” Evasion

Do Son December 5, 2025

In an era dominated by cloud vulnerabilities and phishing emails, a classic threat vector has made a...

Tangerine Turkey Cryptomining Worm Spreads Via USB Drives, Hides Payloads with VBScript and LOLBins Tangerine Turkey Cryptominer, VBScript Worm

Tangerine Turkey Cryptominer, VBScript Worm

Tangerine Turkey Cryptomining Worm Spreads Via USB Drives, Hides Payloads with VBScript and LOLBins

Do Son November 3, 2025

The Cybereason Security Services Team has exposed a stealthy, financially motivated campaign dubbed “Tangerine Turkey,” which uses...

Mandiant Uncovers USB-Borne Malware Campaign Deploying Cryptocurrency Miners

Do Son August 21, 2025

Mandiant’s Managed Threat Defense team has released a detailed analysis of a rapidly spreading USB-based malware campaign...

The USB Threat Is Back: New Multi-Stage Cryptomining Attack Spreads via Infected Drives GuLoader Malware CloudEye Obfuscation npm, malware Ethereum, npm supply chain OAST techniques StilachiRAT macOS Malware PasivRobber

GuLoader Malware CloudEye Obfuscation npm, malware Ethereum, npm supply chain OAST techniques StilachiRAT macOS Malware PasivRobber

The USB Threat Is Back: New Multi-Stage Cryptomining Attack Spreads via Infected Drives

Do Son August 20, 2025

CyberProof’s MDR analysts have uncovered a multi-stage cryptomining attack delivered via infected USB devices, demonstrating the persistent...

New Android Malware Impersonates Indian Banks to Steal Data & Secretly Mine Monero Android Malware, Cryptojacking

New Android Malware Impersonates Indian Banks to Steal Data & Secretly Mine Monero

Do Son August 5, 2025

The McAfee Mobile Research Team has uncovered a sophisticated Android malware campaign that poses a dual threat...

Ongoing Attacks Exploit GeoServer RCE Flaw (CVE-2024-36401) to Install NetCat and XMRig CoinMiner GeoServer RCE, XMRig CoinMiner

Ongoing Attacks Exploit GeoServer RCE Flaw (CVE-2024-36401) to Install NetCat and XMRig CoinMiner

Do Son July 10, 2025

The AhnLab Security Intelligence Center (ASEC) has issued a fresh warning on the ongoing exploitation of a...

XMRig Cryptojacking Surges: New Campaign Uses LOLBAS, Steals Monero Undetected XMRig Cryptojacking, LOLBAS

XMRig Cryptojacking Surges: New Campaign Uses LOLBAS, Steals Monero Undetected

Do Son July 8, 2025

A new wave of XMRig-based cryptojacking malware is making headlines again—leveraging simple scripting, LOLBAS techniques, and stealthy...

Tor Meets Docker: Sophisticated Crypto-Mining Campaign Hijacks Misconfigured APIs

Do Son June 19, 2025

Trend Micro researchers have uncovered a stealthy new attack method that fuses misconfigured Docker remote APIs with...

Librarian Ghouls APT: The Threat Actor Turning Legitimate Tools into a Cybercrime Toolkit

Do Son June 10, 2025

A stealthy Advanced Persistent Threat (APT) group tracked as Librarian Ghouls—also known by aliases Rare Werewolf and...

JINX-0132: Cryptojackers Exploit Misconfigured DevOps Environments Cryptojacking, DevOps Security

JINX-0132: Cryptojackers Exploit Misconfigured DevOps Environments

Do Son June 3, 2025

Wiz Threat Research has uncovered a stealthy cryptojacking operation exploiting misconfigured DevOps environments. Dubbed “JINX-0132”, the campaign...

RedisRaider Worm Exploits Misconfigured Redis for Cryptojacking RedisRaider, cryptojacking

RedisRaider Worm Exploits Misconfigured Redis for Cryptojacking

Do Son May 9, 2025

In a recent revelation by Datadog Security Research, a sophisticated cryptojacking campaign has been uncovered that exploits...

Outlaw Botnet Exploits Weak SSH to Hijack Linux Systems for Crypto Mining Outlaw botnet, Linux crypto mining

Outlaw Botnet Exploits Weak SSH to Hijack Linux Systems for Crypto Mining

Do Son May 1, 2025

While high-profile ransomware and state-backed APT groups often dominate headlines, it’s crucial not to overlook quieter yet...

Critical Alert 3 Active Exploits Detected Today

Critical Alert

XMRig

Sophisticated SilentCryptoMiner Variant Delivered via Fake Plugin Overlays

AI Honeypots Snare Decentralized Cryptominer Dropper

RondoDox Botnet Hijacks Everything from IoT to Fortnite

The Crypto-Con: Unmasking the Multi-Layered “REF1695” Mining Operation

The 25-Second Heist: Inside FAUX#ELEVATE’s “Inflated” Phishing Attack on French Corporations

The Rise of Vibecoding: AI-Generated Malware Exploits React2Shell

“SymPy” Imposter: Typosquatting Attack Turns Math Library into Crypto Miner

“RondoDoX” Strikes Back: Exposed Logs Reveal Massive 9-Month Campaign Targeting Next.js and IoT

Stealth Cryptominer Uses USB LNK and DLL Side-Loading to Deploy “Smart Mining” Evasion

Tangerine Turkey Cryptomining Worm Spreads Via USB Drives, Hides Payloads with VBScript and LOLBins

Mandiant Uncovers USB-Borne Malware Campaign Deploying Cryptocurrency Miners

The USB Threat Is Back: New Multi-Stage Cryptomining Attack Spreads via Infected Drives

New Android Malware Impersonates Indian Banks to Steal Data & Secretly Mine Monero

Ongoing Attacks Exploit GeoServer RCE Flaw (CVE-2024-36401) to Install NetCat and XMRig CoinMiner

XMRig Cryptojacking Surges: New Campaign Uses LOLBAS, Steals Monero Undetected

Librarian Ghouls APT: The Threat Actor Turning Legitimate Tools into a Cybercrime Toolkit

RedisRaider Worm Exploits Misconfigured Redis for Cryptojacking

Outlaw Botnet Exploits Weak SSH to Hijack Linux Systems for Crypto Mining