Skip to main content

Tag: malware operations

434 articles

Security analysts examine a laptop screen in a brightly-lit security operations center with rows of computer servers in the…

GoldenEyeDog Exploits DigiCert Breach for Code-Signing Certificates

In a chilling example of malware mastery, the GoldenEyeDog group exploited a DigiCert breach to snag code-signing certificates, which they then used to cloak their malicious software in a veneer of legitimacy. This brazen heist highlights the group's cunning and capabilities, which have been under scrutiny since at least 2015.

Analyst 207
Dimly lit server room with rows of racked servers and networking gear.

NadMesh Botnet Targets Exposed AI Services for Cloud Credentials

Meet NadMesh, a sneaky botnet on the hunt for cloud credentials, with its operators claiming to have already amassed 3,811 unique AWS keys; but is its reported success just a facade?

Analyst 207
Office email workstation with laptop, papers, and supplies under ordinary lighting.

AI Spam Filters Vulnerable to Text Salting Attacks

Over 1 million retail-themed phishing emails have been detected using a sneaky technique called text salting to evade AI spam filters since April. This clever trick hides harmless words in malicious messages, fooling automated scanners but not the human eye.

Analyst 207
Government office with a barricaded door and encrypted computer screen.

Ransomware Targets Government Agencies Daily, Study Reveals

Government agencies are under attack, with ransomware hitting a staggering 187 organizations in just six months - that's one body disrupted every single day, on average. This alarming trend is up 13% from the previous half-year, leaving public services vulnerable and citizens at risk.

Analyst 207
A coding test setup in a brightly-lit computer lab with a laptop and blank screen.

North Korean Hackers Exploit Coding Tests with Steganography-Laced Malware

North Korean hackers are targeting software developers with a sneaky malware attack, hiding steganography-laced payloads in coding tests to steal sensitive data and cryptocurrency. This latest campaign, tracked as REF9403, is just another example of the DPRK's relentless pursuit of valuable information.

Analyst 207
Formal office setting with laptop, papers, and pen on a desk near a window overlooking a cityscape.

GoSerpent Malware Targets Southeast Asian Governments for Espionage

A stealthy cyber threat, known as GoSerpent, has been secretly targeting Southeast Asian governments and diplomats since late 2025, with the goal of gathering sensitive intelligence. This sophisticated malware has been evolving, with a new set of malicious tools deployed as recently as May 2026.

Analyst 207
Office setting with laptop showing Microsoft 365 interface and scattered papers.

ACR Stealer Exploits ClickFix Lures to Target Microsoft 365 Files

Microsoft's Defender Experts team uncovered a sneaky ACR Stealer campaign that uses ClickFix lures to swipe sensitive Microsoft 365 files, browser passwords, and authentication tokens from unsuspecting users. This stealthy attack leaves enterprise environments vulnerable, with stolen data including PDFs, synced OneDrive and SharePoint folders, and more.

Analyst 207
Rows of computer equipment hum in a brightly-lit, bustling server room.

The Gentlemen Ransomware Gang Surges to Top Spot

The Gentlemen ransomware gang has surged to the top spot, unleashing a whopping 300 attacks in just three months thanks to its aggressive recruitment of affiliates and user-friendly intrusion kit. This makes them the most active ransomware group, outpacing even the notorious Qilin affiliate operation.

Analyst 207
Concerned person sits in front of laptop with blank screen, surrounded by everyday objects.

ClickLock Malware Forces macOS Users to Reveal Login Passwords

Beware: a sneaky new malware called ClickLock has already compromised over 100 macOS systems in 33 countries, tricking users into revealing their login passwords. This stealthy threat has been hiding in plain sight since May, leaving a trail of vulnerable systems in its wake.

Analyst 207
Person sits at cluttered desk with laptop and papers in a home office setting.

OkoBot Malware Targets Crypto Wallets with 20 Payloads

Beware of OkoBot malware, a sneaky threat that's using clever tactics like fake GitHub repositories and ClickFix attacks to steal your cryptocurrency wallet secrets and sensitive data. This malicious framework is armed with over 20 payloads, making it a formidable foe in the world of cybercrime.

Analyst 207
Rows of computer servers and network equipment in a dimly lit server room with organized cables and wires.

GoSerpent Malware Evolves with Advanced Data Exfiltration Tactics

In late 2025, a new wave of malicious activity emerged, led by the evolved GoSerpent malware, which has been quietly lurking in the shadows since at least 2021. This stealthy backdoor has upgraded its data exfiltration tactics, putting organizations on high alert.

Analyst 207
A laptop screen displays a software update, with a subtle shadow of a hand in the background, symbolizing exploitation.

ViPNet Update System Exploited in HelloNet APT Campaign

Kaspersky uncovered a sneaky APT campaign, HelloNet, that exploited the ViPNet Update System to spread malware, starting as far back as May 2026. The attackers cleverly used a malicious library to hijack the ViPNet updater, allowing them to siphon off sensitive info and clean up their tracks.

Analyst 207
Person working on laptop in cozy setting with Terminal window open.

macOS Malware Exploits User Trust to Steal Sensitive Data

Beware of a sneaky new macOS malware that tricks you into stealing your own sensitive data - all it needs is for you to paste a single command into Terminal. Dubbed ClickLock Stealer, this clever con artist has already duped at least 100 victims across 33 countries.

Analyst 207
Person working on laptop in brightly lit coffee shop with blurred screen.

Malware Lurks in Legitimate Tools, Services

Beware of malware hiding in plain sight: recent cases show how trusted tools and services like Chrome's sync feature can be repurposed as surveillance and infection vectors, leading to full compromise. Malicious packages, like 11 fake NuGet game utilities, can sneak in undetected, downloading second-stage payloads and wreaking havoc.

Analyst 207
Business professional sits at computer with blurred screen in typical workspace.

Phishing Campaign Exploits Font File to Deploy Lua Loader

Beware of a sneaky phishing campaign that's using cleverly disguised font files to deploy a powerful Lua Loader - a stark reminder that security controls can't always trust a file's extension. A recent Fortinet analysis reveals the tactics used by attackers to hide malicious JavaScript payloads in seemingly harmless archives.

Analyst 207
Person sitting at desk with obscured hands and blurred computer screen.

ClickLock Malware Targets macOS Users with Coercive Password Theft Tactic

Beware: a new malware called ClickLock is coercing macOS users into handing over their login passwords by rendering their desktop unusable until they comply. This sneaky tactic has already hit at least 100 targets across 33 countries since May.

Analyst 207
Blurred laptop screen on a home office workstation with a notepad having a faint scribble nearby.

TELEPUZ Malware Spreads via ClickFix to Steal Data and Run Commands

Meet TELEPUZ, a sneaky new malware that's spreading fast via ClickFix, a clever social-engineering trick that hijacks your clipboard and tricks you into running malicious commands. This lightweight threat can steal data and execute commands, making it a rapidly developing danger you won't want to ignore.

Analyst 207
Person sitting at laptop in dimly lit space with screen showing fake progress animation or terminal window.

macOS Stealer Uses Coercion Loop to Force Password Entry

A new macOS stealer malware has hit over 100 victims across 33 countries in just two months, with a clever coercion loop trick that forces users to enter their passwords. The attack starts with a simple paste-and-run lure, where victims unknowingly paste a command into Terminal after visiting a malicious webpage.

Analyst 207
Network equipment and monitoring screens in a dimly lit operations center.

China-Linked Malware Resurfaces in Taiwan with Advanced Backdoors

Meet Daxin, a sneaky kernel-mode rootkit that's been upgraded with advanced backdoors, allowing it to hijack legitimate connections and evade detection by blending into normal network activity. This China-linked malware has a unique trick up its sleeve, monitoring incoming TCP traffic to carry out encrypted communications undetected.

Analyst 207
Government building interior with laptop showing a website, hinting at vulnerability.

PhantomEnigma Campaign Exploits Hijacked Government Sites

The PhantomEnigma campaign has hijacked over 20 Brazilian government websites, turning them into malware delivery channels in a sophisticated multi-stage operation. This sneaky attack exploited trusted infrastructure to fly under the radar, using legitimate links and email accounts to spread malware.

Analyst 207
Laptop on cluttered home office desk with video conferencing installer open, surrounded by papers and a smartphone.

Russian Hackers Trojanize WebEx, Zoom with Starland Malware

Beware of a sneaky new malware campaign that's been targeting over 40 cryptocurrency wallets and popular apps like WebEx and Zoom since June 2025. A financially motivated Russian threat actor is behind the attacks, using trojanized installers to spread the Starland malware.

Analyst 207
Rows of computer servers and networking equipment in a brightly-lit corporate server room.

Spirals Ransomware Encrypts Network in Record Time

In a lightning-fast attack, the newly identified Spirals ransomware gang compromised a network and encrypted its entire system in under 24 hours, showcasing an alarming level of speed and sophistication. The attack began with a simple vulnerability - an exposed IIS server - which allowed hackers to upload a web shell and rapidly escalate their privileges.

Analyst 207
Dental clinic back office with computer workstation and equipment.

Google's Gemini CLI Exploited in Botnet Operation

A Russian-speaking hacker, known as "bandcampro", cleverly exploited Google's open-source Gemini CLI AI tool to create a small but powerful botnet, taking control of eight systems at a dental clinic and breaching the OpenDental database. The AI tool even helped the hacker troubleshoot problems and optimize operations in real-time, making it a highly effective accomplice in the cyber attack.

Analyst 207
Person at desk with laptop and hardware wallet, laptop screen blurred, wallet app shows suspicious recovery page.

OkoBot Malware Targets Hardware Wallets with Seed Phrase Phishing

Beware of OkoBot malware, a sneaky threat that's been targeting hardware wallet users since April 2025, tricking hundreds of victims in over 25 countries into divulging their seed phrases through clever phishing tactics. This malicious software can even infiltrate legitimate wallet apps like Ledger and Trezor, replacing their interfaces with fake recovery pages.

Analyst 207