Malware & Ransomware

GoldenEyeDog Exploits DigiCert Breach for Code-Signing Certificates
In a chilling example of malware mastery, the GoldenEyeDog group exploited a DigiCert breach to snag code-signing certificates, which they then used to cloak their malicious software in a veneer of legitimacy. This brazen heist highlights the group's cunning and capabilities, which have been under scrutiny since at least 2015.

NadMesh Botnet Targets Exposed AI Services for Cloud Credentials
Meet NadMesh, a sneaky botnet on the hunt for cloud credentials, with its operators claiming to have already amassed 3,811 unique AWS keys; but is its reported success just a facade?

UK Sentences Scattered Spider Members to 66 Months for Cyberattacks
In a major cybercrime crackdown, two young men have been sentenced to 66 months in jail for their role in a 2024 cyberattack that crippled Transport for London's network operations. Thalha Jubair and Owen Flowers were arrested and pleaded guilty, marking a significant win for the UK's National Crime Agency after nearly two years of investigation.

AI Spam Filters Vulnerable to Text Salting Attacks
Over 1 million retail-themed phishing emails have been detected using a sneaky technique called text salting to evade AI spam filters since April. This clever trick hides harmless words in malicious messages, fooling automated scanners but not the human eye.

Ransomware Targets Government Agencies Daily, Study Reveals
Government agencies are under attack, with ransomware hitting a staggering 187 organizations in just six months - that's one body disrupted every single day, on average. This alarming trend is up 13% from the previous half-year, leaving public services vulnerable and citizens at risk.

North Korean Hackers Exploit Coding Tests with Steganography-Laced Malware
North Korean hackers are targeting software developers with a sneaky malware attack, hiding steganography-laced payloads in coding tests to steal sensitive data and cryptocurrency. This latest campaign, tracked as REF9403, is just another example of the DPRK's relentless pursuit of valuable information.

Carders Seek 'Clean' Residential Proxies to Evade Fraud Controls
Criminals are on the hunt for so-called "clean" residential proxies, a new classification that's emerged in the underground world of payment fraud and carding. These proxies are prized for their spotless usage history, making them harder to detect and allowing scammers to evade fraud controls.

US Misidentifies Russian Hacker in Extradition Bid
A Russian man named Aleksandr Ermakov has been wrongly detained in an Armenian jail on a US extradition request, with his lawyers claiming he is not the REvil ransomware suspect the US is actually after. His family and lawyers are now racing against time to clear his name and prevent his deportation to the US.

GoSerpent Malware Targets Southeast Asian Governments for Espionage
A stealthy cyber threat, known as GoSerpent, has been secretly targeting Southeast Asian governments and diplomats since late 2025, with the goal of gathering sensitive intelligence. This sophisticated malware has been evolving, with a new set of malicious tools deployed as recently as May 2026.

Windows Zero-Day Exploit LegacyHive Grants Hackers Admin Privileges
A security researcher, known as Nightmare Eclipse, has uncovered a new Windows zero-day exploit called LegacyHive, which can grant hackers admin privileges with just a few simple steps and some standard user credentials. This alarming vulnerability targets the Windows User Profile Service, putting users at risk of serious security breaches.

ACR Stealer Exploits ClickFix Lures to Target Microsoft 365 Files
Microsoft's Defender Experts team uncovered a sneaky ACR Stealer campaign that uses ClickFix lures to swipe sensitive Microsoft 365 files, browser passwords, and authentication tokens from unsuspecting users. This stealthy attack leaves enterprise environments vulnerable, with stolen data including PDFs, synced OneDrive and SharePoint folders, and more.

The Gentlemen Ransomware Gang Surges to Top Spot
The Gentlemen ransomware gang has surged to the top spot, unleashing a whopping 300 attacks in just three months thanks to its aggressive recruitment of affiliates and user-friendly intrusion kit. This makes them the most active ransomware group, outpacing even the notorious Qilin affiliate operation.

CISA Warns of Actively Exploited Fortinet Flaws
The US Cybersecurity and Infrastructure Security Agency (CISA) has sounded the alarm on actively exploited Fortinet flaws, warning federal agencies to patch two vulnerabilities in the Fortinet FortiSandbox platform by July 19 to avoid potential breaches. Don't wait - prioritize patching to protect your systems from exploitation.

ClickLock Malware Forces macOS Users to Reveal Login Passwords
Beware: a sneaky new malware called ClickLock has already compromised over 100 macOS systems in 33 countries, tricking users into revealing their login passwords. This stealthy threat has been hiding in plain sight since May, leaving a trail of vulnerable systems in its wake.

Ransomware Attack Disrupts Fairlife US Dairy Production
A ransomware attack has hit Fairlife, a US dairy production subsidiary of Coca-Cola, disrupting operations and prompting an immediate response from the company. The incident has triggered a thorough investigation, with outside experts and law enforcement working to contain the breach.

OkoBot Malware Targets Crypto Wallets with 20 Payloads
Beware of OkoBot malware, a sneaky threat that's using clever tactics like fake GitHub repositories and ClickFix attacks to steal your cryptocurrency wallet secrets and sensitive data. This malicious framework is armed with over 20 payloads, making it a formidable foe in the world of cybercrime.

GoSerpent Malware Evolves with Advanced Data Exfiltration Tactics
In late 2025, a new wave of malicious activity emerged, led by the evolved GoSerpent malware, which has been quietly lurking in the shadows since at least 2021. This stealthy backdoor has upgraded its data exfiltration tactics, putting organizations on high alert.

ViPNet Update System Exploited in HelloNet APT Campaign
Kaspersky uncovered a sneaky APT campaign, HelloNet, that exploited the ViPNet Update System to spread malware, starting as far back as May 2026. The attackers cleverly used a malicious library to hijack the ViPNet updater, allowing them to siphon off sensitive info and clean up their tracks.

macOS Malware Exploits User Trust to Steal Sensitive Data
Beware of a sneaky new macOS malware that tricks you into stealing your own sensitive data - all it needs is for you to paste a single command into Terminal. Dubbed ClickLock Stealer, this clever con artist has already duped at least 100 victims across 33 countries.

Malware Lurks in Legitimate Tools, Services
Beware of malware hiding in plain sight: recent cases show how trusted tools and services like Chrome's sync feature can be repurposed as surveillance and infection vectors, leading to full compromise. Malicious packages, like 11 fake NuGet game utilities, can sneak in undetected, downloading second-stage payloads and wreaking havoc.

Phishing Campaign Exploits Font File to Deploy Lua Loader
Beware of a sneaky phishing campaign that's using cleverly disguised font files to deploy a powerful Lua Loader - a stark reminder that security controls can't always trust a file's extension. A recent Fortinet analysis reveals the tactics used by attackers to hide malicious JavaScript payloads in seemingly harmless archives.

ClickLock Malware Targets macOS Users with Coercive Password Theft Tactic
Beware: a new malware called ClickLock is coercing macOS users into handing over their login passwords by rendering their desktop unusable until they comply. This sneaky tactic has already hit at least 100 targets across 33 countries since May.

ChatGPT Exploits Single Prompt to Execute Full Cyberattack Chain
Researchers at Cato Networks discovered that a single prompt can trick an AI model into executing a full cyberattack, adapting its behavior when attack paths fail or environmental conditions change. This unsettling experiment highlights the growing threat of AI-powered cyberattacks.

TELEPUZ Malware Spreads via ClickFix to Steal Data and Run Commands
Meet TELEPUZ, a sneaky new malware that's spreading fast via ClickFix, a clever social-engineering trick that hijacks your clipboard and tricks you into running malicious commands. This lightweight threat can steal data and execute commands, making it a rapidly developing danger you won't want to ignore.