Skip to main content

Tag: malware

703 articles

Motherboard components and UEFI firmware chip in a well-lit lab setting.

Microsoft-Signed Linux UEFI Shims Expose Secure Boot Bypass Risk

A newly discovered vulnerability in 11 Microsoft-signed Linux UEFI shims could allow hackers to bypass Secure Boot and deploy malicious code during system startup, putting your device at risk of infection with UEFI bootkits or other malware. This security flaw enables attackers to execute untrusted code during boot, making it a critical threat to your system's security.

Analyst 207
Laptop screen displays virtual private network setup on neutral desk in office.

US Treasury Disrupts Ransomware Networks with Sanctions on VPN, Malware Providers

The US Treasury has cracked down on ransomware networks by sanctioning a VPN provider and its administrator, who allegedly helped cybercrime groups hide their tracks and evade detection. This move aims to disrupt the tools and services that enable devastating attacks causing billions of dollars in losses to US critical infrastructure providers.

Analyst 207
Person working in office with router and cables in background.

AI Models Expose Millions to Phantom Squatting Phishing Threat

Millions are now at risk of falling prey to a new, rapidly evolving phishing threat called phantom squatting, where attackers exploit AI-generated links to create malicious websites that can evade detection. By registering domains invented by large language models, hackers can create seemingly trustworthy sites that are actually designed to steal sensitive information or spread malware.

Analyst 207
Browser window with generic extension interface on a laptop screen in a home office setting.

Malware Exploits Google Notes Extension to Steal Crypto Wallet Addresses

Malware actors are using a fake Google Notes extension to secretly steal cryptocurrency wallet addresses, and it's being delivered through sneaky unsigned installers that disguise the threat as a harmless utility. This stealthy operation, dubbed Silent Swap, uses a malicious Chromium extension to gain broad access to your browsing data and clipboard.

Analyst 207
Laptop and workstation setup with a blank screen amidst a clean environment.

Shai-Hulud Malware Targets Python Packages, Exposes Developer Secrets

Hundreds of thousands of downloads of 19 popular Python packages were compromised in a massive supply-chain attack that stole developer secrets, courtesy of the Shai-Hulud malware. The malicious packages, disguised as useful bioinformatics and science tools, were actually designed to expose sensitive information.

Analyst 207
Cluttered home office desk with Mac computer and blurred screen, suburban neighborhood visible through window.

Malvertising Campaign Spreads FlutterShell Backdoor to macOS Users

macOS users beware: a sneaky malware called FlutterShell is spreading through malicious ads and infected desktop apps, allowing hackers to take control of your device and steal sensitive data. This stealthy backdoor can execute commands, access files, and even siphon off browser session info - all while masquerading as legitimate software.

Analyst 207
Laptop screen shows ChatGPT-like interface with suspicious URL and blurred malware prompt.

Hackers Exploit ChatGPT Features in Malware Phishing Campaigns

Hackers are exploiting ChatGPT's features to create convincing phishing pages that trick victims into downloading malware, using the platform's code-rendering feature to build fake pages that appear legitimate. These attacks cleverly use trusted ChatGPT domains to evade detection, making them harder to spot.

Analyst 207
Person sitting at laptop with browser window open showing fake ChatGPT outage message.

Threat Actors Exploit ChatGPT Sharing Feature to Deliver Malware

Malicious actors are exploiting ChatGPT's sharing feature to spread malware, using convincing fake outage messages to trick users into downloading malicious desktop applications. They even hijacked Google ads to make their scam look legit.

Analyst 207
Dimly lit Apple laptop on cluttered desk with crypto wallet and password notes nearby, hint of backdoor vulnerability in…

Reaper Stealer Targets macOS Users with Password, Wallet Theft and Backdoor Attacks

macOS users beware: Reaper Stealer malware is on the loose, stealing passwords, crypto-wallets, and installing backdoors on infected machines. This triple-threat attack puts Apple platform users and their defenders on high alert.

Analyst 207
Law enforcement officers in uniform gather around a table and map of the Middle East and North Africa, discussing and…

INTERPOL Disrupts Cybercrime Networks with 'Operation Ramz' Arrests

In a major crackdown on cybercrime, INTERPOL's Operation Ramz has led to over 200 arrests and identified 382 suspects across 13 countries in the Middle East and North Africa, disrupting phishing, malware, and online fraud networks that cost the region dearly. The operation resulted in the seizure of 53 servers and uncovered nearly 8,000 intelligence packages linked to over 3,800 victims.

Analyst 207
Developer installing software on laptop at cluttered desk with subtle signs of malware in the background.

Node-ipc Package Infected with Credential-Stealing Malware

A malicious update to the widely-used node-ipc library has infected thousands of projects with credential-stealing malware, posing a significant supply-chain risk for developer environments and CI systems. With over 690,000 weekly downloads, this single compromised library could be exfiltrating sensitive data from countless unsuspecting users.

Analyst 207
Cluttered financial workspace with computer and papers in modern office setting.

Banking Trojan Targets Crypto Firms with Sophisticated Attacks

A new banking Trojan, dubbed TCLBanker, is wreaking havoc on crypto and finance platforms, allowing hackers to remotely control infected systems and steal sensitive info. This sophisticated attack, linked to North Korea's notorious Lazarus Group, has already led to the largest crypto platform hack of 2026.

Analyst 207
Software development workspace with laptop, tools, and notes, set against a blurred cityscape with natural light.

Malware Infects Hundreds of Open-Source Packages in Supply-Chain Attack

A massive supply-chain attack, dubbed "mini Shai-Hulud," has infected hundreds of open-source packages with credential-stealing malware, putting millions of developers and users at risk. The malicious code has been embedded in widely-used libraries and projects, including TanStack's React Router, which alone has over 12 million weekly downloads.

Analyst 207
Security practitioners overlook threats on a large computer screen in a brightly-lit cloud data center.

Security Teams Overlook AI-Enabled Threats in Cloud Risk Management

Cyber threats are evolving at an alarming rate, with AI-enabled attackers now launching faster and more sophisticated attacks on cloud and hybrid environments. Security teams must stay vigilant against emerging threats like AI-driven phishing, malware, and credential compromise.

Analyst 207
Concerned employees in a software development environment examine a computer screen and discuss an issue amidst rows of…

DAEMON Tools Breach Exposes Thousands to Malware

A recent breach at DAEMON Tools exposed thousands to malware, prompting an immediate response from the company to secure its infrastructure and release a clean build of its software. Version 12.6 of DAEMON Tools Lite has been confirmed safe, and users of paid versions can continue using their software as usual.

Analyst 207
Modern workspace with a computer on a clutter-free desk, surrounded by minimal office decor.

Malware Worms Into SAP, Intercom and Lightning Developer Tools

Malicious actors struck SAP's JavaScript and cloud application development ecosystem on April 29, releasing poisoned versions of four widely-used npm packages that receive a staggering 572,000 weekly downloads. The compromised packages, which included mbt, @cap-js/db-service, @cap-js/postgres, and @cap-js/sqlite, were published in a brief window of just two hours.

Analyst 207
Dimly lit control room with computer screens and machinery, eerie shadows cast by flickering fluorescent light.

ZionSiphon Malware Targets Water Infrastructure Systems becomes ZionSiphon Malware Infiltrates Water Infrastructure Systems

Imagine malware that's not just a data thief, but a menacing force that can map and disrupt the very plumbing of a city - that's the alarming reality of ZionSiphon, a malicious tool targeting water infrastructure systems with sabotage and scanning capabilities. This sinister malware can scan, disrupt, and wreak havoc on operational-technology water systems, posing a significant threat to public safety.

Analyst 207
Dimly lit control room with flickering light, laptop screen showing distorted digital landscape, and broken water pipe with…

Malware Targets Water Treatment Systems with Sabotage Capabilities

Meet ZionSiphon, a new and alarming type of malware designed to sabotage water treatment systems by stopping the flow of water, posing a significant threat to operational technology in these environments. This malicious software is purpose-built to disrupt, rather than spy or steal, highlighting a chilling new risk for the industry.

Analyst 207
Robotic arm in a dark industrial setting with a glowing laptop screen showing a phishing email and a nearby smartphone with…

n8n Workflow Automation Platform Exploited to Deliver Malware via Phishing Emails

Imagine a tool designed to streamline your work being turned against you - that's what happened when threat actors exploited the popular n8n workflow automation platform to deliver malware via phishing emails, starting as early as October 2025. This clever tactic uses trusted infrastructure to evade defenses, turning productivity tools into a conduit for harm.

Analyst 207
Dimly lit room with spotlight on laptop screen displaying warning, surrounded by shattered shield fragments and disabled…

Adware Operation Neutralizes Antivirus on 23,000 Hosts via Signed Updates

Imagine receiving a routine software update that secretly disables your antivirus protection, leaving you vulnerable to cyber threats - that's exactly what happened to 23,000 hosts in a shocking adware operation. Hackers cleverly used signed updates to deliver payloads that neutralized antivirus defenses, putting thousands of systems at risk.

Analyst 207
Scissors cut through tangled fiber optic cables with laptop glow in background, surrounded by shredded papers.

Malware Delivers ClipBanker Through Sophisticated Infection Chain

Beware of a sneaky malware that can swap out the cryptocurrency wallet address you copied with a fake one, just by pasting a malicious software masquerading as Proxifier - putting your digital assets at risk. This Trojan uses a multi-stage infection chain to deliver ClipBanker, a stealthy threat that hijacks your clipboard.

Analyst 207
Tangled web of interconnected chains and gears with a broken link highlighted, set against a cityscape at dusk.

Unit 42 Uncovers Axios Supply Chain Attack's Far-Reaching Consequences

When a trusted software pathway is compromised, the consequences can be far-reaching - as Unit 42's recent analysis of the Axios supply chain attack starkly reveals, threatening digital trust and resilience. The team's detailed examination exposes the attack's full chain, from initial dropper to forensic cleanup.

Analyst 207
Dark digital landscape with stormy cloud over virtualized infrastructure and shattered virtual machine in foreground.

VMware vSphere Ecosystem Targeted by BRICKSTORM Malware Attacks

Imagine an attacker sneaking past your trusted operating system and into the hidden infrastructure that powers your virtual machines - that's the risk posed by BRICKSTORM malware, which targets the VMware vSphere ecosystem. This stealthy threat allows adversaries to operate undetected, evading traditional endpoint tools by establishing persistence at the virtualization layer.

Analyst 207
Dark cityscape with cracked clock tower, hooded figure surrounded by papers and broken locks, laptop screen shows countdown…

Akira Ransomware Group Accelerates Attacks, Hits Encryption in Under an Hour

The Akira ransomware group has supercharged its attacks, able to go from gaining a foothold to locking files in under an hour - the time it takes to pour a cup of coffee. This lightning-fast approach drastically shrinks the window for defenders and ups the ante for victims to pay the ransom.

Analyst 207