Tag: malware
703 articles

Microsoft-Signed Linux UEFI Shims Expose Secure Boot Bypass Risk
A newly discovered vulnerability in 11 Microsoft-signed Linux UEFI shims could allow hackers to bypass Secure Boot and deploy malicious code during system startup, putting your device at risk of infection with UEFI bootkits or other malware. This security flaw enables attackers to execute untrusted code during boot, making it a critical threat to your system's security.

US Treasury Disrupts Ransomware Networks with Sanctions on VPN, Malware Providers
The US Treasury has cracked down on ransomware networks by sanctioning a VPN provider and its administrator, who allegedly helped cybercrime groups hide their tracks and evade detection. This move aims to disrupt the tools and services that enable devastating attacks causing billions of dollars in losses to US critical infrastructure providers.

AI Models Expose Millions to Phantom Squatting Phishing Threat
Millions are now at risk of falling prey to a new, rapidly evolving phishing threat called phantom squatting, where attackers exploit AI-generated links to create malicious websites that can evade detection. By registering domains invented by large language models, hackers can create seemingly trustworthy sites that are actually designed to steal sensitive information or spread malware.

Malware Exploits Google Notes Extension to Steal Crypto Wallet Addresses
Malware actors are using a fake Google Notes extension to secretly steal cryptocurrency wallet addresses, and it's being delivered through sneaky unsigned installers that disguise the threat as a harmless utility. This stealthy operation, dubbed Silent Swap, uses a malicious Chromium extension to gain broad access to your browsing data and clipboard.

Shai-Hulud Malware Targets Python Packages, Exposes Developer Secrets
Hundreds of thousands of downloads of 19 popular Python packages were compromised in a massive supply-chain attack that stole developer secrets, courtesy of the Shai-Hulud malware. The malicious packages, disguised as useful bioinformatics and science tools, were actually designed to expose sensitive information.

Malvertising Campaign Spreads FlutterShell Backdoor to macOS Users
macOS users beware: a sneaky malware called FlutterShell is spreading through malicious ads and infected desktop apps, allowing hackers to take control of your device and steal sensitive data. This stealthy backdoor can execute commands, access files, and even siphon off browser session info - all while masquerading as legitimate software.

Hackers Exploit ChatGPT Features in Malware Phishing Campaigns
Hackers are exploiting ChatGPT's features to create convincing phishing pages that trick victims into downloading malware, using the platform's code-rendering feature to build fake pages that appear legitimate. These attacks cleverly use trusted ChatGPT domains to evade detection, making them harder to spot.

Threat Actors Exploit ChatGPT Sharing Feature to Deliver Malware
Malicious actors are exploiting ChatGPT's sharing feature to spread malware, using convincing fake outage messages to trick users into downloading malicious desktop applications. They even hijacked Google ads to make their scam look legit.

Reaper Stealer Targets macOS Users with Password, Wallet Theft and Backdoor Attacks
macOS users beware: Reaper Stealer malware is on the loose, stealing passwords, crypto-wallets, and installing backdoors on infected machines. This triple-threat attack puts Apple platform users and their defenders on high alert.

INTERPOL Disrupts Cybercrime Networks with 'Operation Ramz' Arrests
In a major crackdown on cybercrime, INTERPOL's Operation Ramz has led to over 200 arrests and identified 382 suspects across 13 countries in the Middle East and North Africa, disrupting phishing, malware, and online fraud networks that cost the region dearly. The operation resulted in the seizure of 53 servers and uncovered nearly 8,000 intelligence packages linked to over 3,800 victims.

Node-ipc Package Infected with Credential-Stealing Malware
A malicious update to the widely-used node-ipc library has infected thousands of projects with credential-stealing malware, posing a significant supply-chain risk for developer environments and CI systems. With over 690,000 weekly downloads, this single compromised library could be exfiltrating sensitive data from countless unsuspecting users.

Banking Trojan Targets Crypto Firms with Sophisticated Attacks
A new banking Trojan, dubbed TCLBanker, is wreaking havoc on crypto and finance platforms, allowing hackers to remotely control infected systems and steal sensitive info. This sophisticated attack, linked to North Korea's notorious Lazarus Group, has already led to the largest crypto platform hack of 2026.

Malware Infects Hundreds of Open-Source Packages in Supply-Chain Attack
A massive supply-chain attack, dubbed "mini Shai-Hulud," has infected hundreds of open-source packages with credential-stealing malware, putting millions of developers and users at risk. The malicious code has been embedded in widely-used libraries and projects, including TanStack's React Router, which alone has over 12 million weekly downloads.

Security Teams Overlook AI-Enabled Threats in Cloud Risk Management
Cyber threats are evolving at an alarming rate, with AI-enabled attackers now launching faster and more sophisticated attacks on cloud and hybrid environments. Security teams must stay vigilant against emerging threats like AI-driven phishing, malware, and credential compromise.

DAEMON Tools Breach Exposes Thousands to Malware
A recent breach at DAEMON Tools exposed thousands to malware, prompting an immediate response from the company to secure its infrastructure and release a clean build of its software. Version 12.6 of DAEMON Tools Lite has been confirmed safe, and users of paid versions can continue using their software as usual.

Malware Worms Into SAP, Intercom and Lightning Developer Tools
Malicious actors struck SAP's JavaScript and cloud application development ecosystem on April 29, releasing poisoned versions of four widely-used npm packages that receive a staggering 572,000 weekly downloads. The compromised packages, which included mbt, @cap-js/db-service, @cap-js/postgres, and @cap-js/sqlite, were published in a brief window of just two hours.

ZionSiphon Malware Targets Water Infrastructure Systems becomes ZionSiphon Malware Infiltrates Water Infrastructure Systems
Imagine malware that's not just a data thief, but a menacing force that can map and disrupt the very plumbing of a city - that's the alarming reality of ZionSiphon, a malicious tool targeting water infrastructure systems with sabotage and scanning capabilities. This sinister malware can scan, disrupt, and wreak havoc on operational-technology water systems, posing a significant threat to public safety.

Malware Targets Water Treatment Systems with Sabotage Capabilities
Meet ZionSiphon, a new and alarming type of malware designed to sabotage water treatment systems by stopping the flow of water, posing a significant threat to operational technology in these environments. This malicious software is purpose-built to disrupt, rather than spy or steal, highlighting a chilling new risk for the industry.

n8n Workflow Automation Platform Exploited to Deliver Malware via Phishing Emails
Imagine a tool designed to streamline your work being turned against you - that's what happened when threat actors exploited the popular n8n workflow automation platform to deliver malware via phishing emails, starting as early as October 2025. This clever tactic uses trusted infrastructure to evade defenses, turning productivity tools into a conduit for harm.

Adware Operation Neutralizes Antivirus on 23,000 Hosts via Signed Updates
Imagine receiving a routine software update that secretly disables your antivirus protection, leaving you vulnerable to cyber threats - that's exactly what happened to 23,000 hosts in a shocking adware operation. Hackers cleverly used signed updates to deliver payloads that neutralized antivirus defenses, putting thousands of systems at risk.

Malware Delivers ClipBanker Through Sophisticated Infection Chain
Beware of a sneaky malware that can swap out the cryptocurrency wallet address you copied with a fake one, just by pasting a malicious software masquerading as Proxifier - putting your digital assets at risk. This Trojan uses a multi-stage infection chain to deliver ClipBanker, a stealthy threat that hijacks your clipboard.

Unit 42 Uncovers Axios Supply Chain Attack's Far-Reaching Consequences
When a trusted software pathway is compromised, the consequences can be far-reaching - as Unit 42's recent analysis of the Axios supply chain attack starkly reveals, threatening digital trust and resilience. The team's detailed examination exposes the attack's full chain, from initial dropper to forensic cleanup.

VMware vSphere Ecosystem Targeted by BRICKSTORM Malware Attacks
Imagine an attacker sneaking past your trusted operating system and into the hidden infrastructure that powers your virtual machines - that's the risk posed by BRICKSTORM malware, which targets the VMware vSphere ecosystem. This stealthy threat allows adversaries to operate undetected, evading traditional endpoint tools by establishing persistence at the virtualization layer.

Akira Ransomware Group Accelerates Attacks, Hits Encryption in Under an Hour
The Akira ransomware group has supercharged its attacks, able to go from gaining a foothold to locking files in under an hour - the time it takes to pour a cup of coffee. This lightning-fast approach drastically shrinks the window for defenders and ups the ante for victims to pay the ransom.