Tag: malware operations
239 articles
ClawHub Skills Co-opt AI Agents in Secret Crypto Mining Operation
Meet ClawSwarm, a mysterious crypto mining operation that masquerades as a collection of harmless OpenClaw skills, with 9,800 downloads and counting. Researchers uncovered thirty suspicious skills published by a single user, "imaflytok", on ClawHub, a registry and marketplace for OpenClaw skills.
VECT 2.0 Ransomware Exploits Flaw to Permanently Destroy Large Files
VECT 2.0 ransomware has a devastating flaw that can permanently destroy large files, including routine documents and databases, by exploiting a bug in its encryption process. This flaw kicks in even for files as small as 128 KB, making it a serious threat to valuable data.
Vect Ransomware Exposed as Data Wiper, Not Recovery Tool
Meet Vect, a so-called ransomware that's actually a data wiper, making full recovery impossible - even for the attackers themselves. This destructive malware permanently destroys files larger than 128KB, rendering it useless for data recovery and a serious threat to enterprise assets.
VECT 2.0 Ransomware Exposes Flaw, Irreparably Destroys Large Files
Meet VECT 2.0, a malicious ransomware that doesn't just hold your files hostage - it destroys them, leaving you with no way to recover even if you pay up. This cunning malware wreaks havoc on large files across Windows, Linux, and ESXi hosts, causing irreversible damage.
Ransomware Groups Clash in Turf War, Exposing Each Other's Operations
In a shocking display of cyber turf warfare, ransomware groups are clashing and exposing each other's operations, with one group, KryBit, firing back at 0APT with a defiant message. The online battle began when 0APT claimed to have taken down three rival groups, but its boasts only sparked a retaliatory strike.
Threat Actors Formalize Operational Security Playbook
Cybercrime players are now treating operational security as a sophisticated game-changer, and it's time for you to level up your security strategy beyond just using VPNs. A battle-tested three-tier infrastructure model has emerged, separating exposure, execution, and monetization to safeguard high-stakes operations.
GlassWorm Malware Resurfaces Through 73 OpenVSX Extensions
Researchers at Socket have uncovered a sneaky new wave of GlassWorm malware, this time hiding in 73 OpenVSX extensions that behave like sleepers - seemingly harmless at first, but turning malicious after a stealthy update. Six of these extensions have already been activated, unleashing malware on unsuspecting developers.
North Korean Hackers Exploit Fake Zoom Meetings to Target Crypto Executives
North Korean hackers are using a sneaky tactic to target crypto executives: they pose as legitimate meeting attendees, harvesting video and audio to make future scams more convincing. They start by sending Calendly invites for fake catch-up meetings, then swap the link with a fake Zoom or Teams URL to gain their victim's trust.
Fast16 Malware Exposes Pre-Stuxnet Cyber Warfare Roots
Meet fast16, a sneaky malware framework that's been around since 2005 - five years before the infamous Stuxnet - and is designed to quietly sabotage high-precision software by subtly altering numerical results. This stealthy approach can cause systems to fail, wear out faster, or produce false conclusions, making it a chilling precursor to modern cyber warfare.
Researchers Expose 73 Fake VS Code Extensions Spreading GlassWorm v2 Malware
Malicious VS Code extensions are putting developers at risk, with 73 fake extensions discovered spreading GlassWorm v2 malware, allowing attackers to stealthily retrieve and execute payloads after activation. These extensions act as loaders, using obfuscated JavaScript to achieve the same malicious outcomes as their binary-based counterparts.
Researchers Uncover Fast16 Malware That Preceded Stuxnet
Meet fast16.sys, a sneaky kernel driver that intercepts and modifies executable code as it's read from disk, giving its creators unprecedented control over the storage stack and filesystem. This boot-start filesystem component was a game-changer in its time, and researchers are still unraveling its secrets.
Microsoft Teams Used to Deploy Sophisticated Snow Malware
Cyber attackers have cleverly used Microsoft Teams to deploy a sophisticated malware suite, dubbed Snow, by tricking victims into installing a fake anti-spam patch that ultimately led to prolonged access, credential theft, and domain compromise. They started by creating a sense of urgency through email bombing, then followed up with a direct message on Microsoft Teams.
Researchers Uncover 'fast16' Malware Targeting Engineering Software Years Before Stuxnet
Researchers have uncovered a long-forgotten malware, fast16, that was designed to sabotage engineering software, beating even the infamous Stuxnet by at least five years. This ancient cyber threat, dating back to 2005, was engineered to spread rapidly and produce inaccurate calculations across entire facilities.
npm Ecosystem Faces Rising Threat from Sophisticated Malware Campaigns
The npm ecosystem's security has reached a critical turning point, with sophisticated malware campaigns on the rise and a new baseline of threats emerging since September 2025. Malicious actors are now exploiting developer trust, transforming nuisance attacks into high-consequence supply-chain threats.
CISA Warns of Persistent Cisco Backdoor on Federal Networks
The Cybersecurity and Infrastructure Security Agency (CISA) has detected a sneaky backdoor, dubbed Firestarter, lurking on federal networks, which may not have been fully eliminated by Cisco's recent patches. Federal agencies are now on high alert, urged to hunt for this stealthy malware that could compromise their networks.
Supply-Chain Attacks Target Software Libraries
Supply-chain attacks are now using automation tools to spread malware at alarming speed, with recent incidents showing malicious code can go live in mere hours and be merged into projects in just minutes. This sinister trend highlights the dark side of modern software development's emphasis on speed and automation.
Tropic Trooper Exploits SumatraPDF to Deploy AdaptixC2
Meet Tropic Trooper, a notorious cyber threat group that's been wreaking havoc since 2011, and learn how they've cleverly exploited SumatraPDF to deploy their AdaptixC2 malware. Their latest tactic involves using GitHub as a command-and-control platform to target Chinese-speaking individuals in Taiwan, as well as users in South Korea and Japan.
Malware Targets Developers with Worm-Like Npm Supply Chain Attack
Malware is targeting developers through a sneaky npm supply chain attack, executing malicious code the moment a package is installed, and harvesting sensitive data to spread across ecosystems. Over 6,700 weekly downloads of one affected package show just how widespread the threat could be.
Researchers Uncover Pre-Stuxnet Cyber-Sabotage Malware
Meet fast16, a stealthy cyber-sabotage malware that went undetected until now, marking a new era in covert statecraft. Discovered by SentinelOne researchers, this silent threat has been hiding in plain sight since 2016.
New Malware ZionSiphon Targets Water Plants, Falls Flat
A new piece of malware called ZionSiphon, reportedly targeting Israeli water facilities, has been found to be surprisingly inept, with experts describing it as broken and showing little understanding of its supposed targets. The malware's code includes strings referencing the Israeli water sector and politically charged messaging, but its overall incompetence has downplayed initial alarm.
Hackers Exploit Cisco Firewalls with Persistent Backdoor
A custom implant called Firestarter can infiltrate Cisco network security devices, evading patches and routine reboots by manipulating device boot configuration to restore itself. Only a hard reboot, physically disconnecting the device from its power supply, can clear the persistence mechanism from memory.
Vercel Breach Exposes Wider Fallout in Developer Ecosystem
A recent Vercel breach has sent shockwaves through the developer ecosystem, with threat intel revealing a sophisticated attack that distributed malware to hunt for valuable tokens and keys. The incident has had far-reaching consequences, impacting multiple downstream environments and a small number of accounts.
Trigona Ransomware Exploits Custom Tool for Swift Data Exfiltration
Trigona ransomware attackers have unleashed a custom-built, command-line tool that turbocharges data theft, allowing them to siphon off sensitive information with lightning speed and razor-sharp efficiency. This potent tool is the latest weapon in their arsenal, enabling faster and more efficient data exfiltration from compromised environments.
Checkmarx KICS Tool Compromised in Supply-Chain Breach
A critical vulnerability was discovered in the Checkmarx KICS tool due to a supply-chain breach, where a malicious Docker image was briefly hosted on DockerHub, exposing users to potential security risks between April 22, 2026, 14:17:59 UTC and 15:41:31 UTC. The breach was quickly identified and rectified, with affected tags restored and malicious images removed.