Tag: malware operations
239 articles
Malware Exploits APK Flaws to Evade Android Static Analysis
Malware developers have found a sneaky trick to evade detection on Android devices, exploiting APK flaws to hide their malicious code from static analysis - and over 3,000 malware samples have already adopted this tactic. This widespread technique allows malware to fly under the radar, posing a significant threat to Android users.
Zero-Day Exploits Multiply as Hacker Creativity Surges
Feeling overwhelmed by the endless stream of cybersecurity threats? Every Thursday morning, you're faced with a daunting question: how to stay informed without getting bogged down by a never-ending parade of old and new threats.
Obsidian Plugin Abuse Enables PHANTOMPULSE RAT in Finance, Crypto Attacks
Beware of the notebook that's supposed to keep your secrets safe - researchers have discovered a sneaky new attack that uses Obsidian plugin abuse to slip a powerful Trojan into your system. This novel social engineering campaign targets finance and crypto sectors with a previously unknown RAT called PHANTOMPULSE.
Ransomware Targets Carmakers with Growing Ferocity
Ransomware attacks on carmakers have doubled in just one year, now accounting for over two-fifths of all cyber-attacks targeting the industry, signaling a significant shift in the threat landscape. This rapid escalation demands a new level of resilience from firms that design, build, and sell motor vehicles.
Freight Hackers Exploit Code-Signing Service to Bypass Security Defenses
Thieves have found a sneaky way to disguise their malicious tools as trusted software by using a third-party code-signing service, making it harder for defenders to spot the threat. This new tactic allows them to cloak their malware in legitimacy, complicating the work of security teams trying to keep cargo safe from theft.
CERT-UA Warns of Data-Theft Malware Campaign Targeting Ukraine's Healthcare and Government
A sinister new malware campaign has set its sights on Ukraine's healthcare and government institutions, putting sensitive information at risk and threatening the very clinics and emergency hospitals people rely on. CERT-UA has sounded the alarm on this data-theft operation, which has already compromised municipal healthcare institutions and government bodies with stealthy malware.
AgingFly Malware Targets Ukraine Govt, Hospitals in Data Heist
A newly discovered malware called AgingFly is targeting Ukraine's government and hospitals, stealing sensitive online identity keys and putting public services at risk. This fresh threat siphons authentication data from popular web browsers and messaging apps, sparking urgent concern.
WordPress Plugin Suite Compromised, Malware Deployed on Thousands of Sites
Thousands of websites have been unwittingly turned into malware gateways due to a massive compromise of over 30 WordPress plugins in the EssentialPlugin package, highlighting a disturbing vulnerability in the internet ecosystem. This security breach has left countless sites exposed, raising urgent questions about accountability and prevention.
Malware Abuses Signed Software to Disable Antivirus Protections
Thousands of vulnerable endpoints across schools, utilities, governments, and hospitals have fallen prey to a sneaky malware that masquerades as legitimate software, only to disable antivirus protections and wreak havoc with SYSTEM-level privileges. This stealthy attack has left countless organizations defenseless against further threats.
n8n Workflow Automation Platform Exploited to Deliver Malware via Phishing Emails
Imagine a tool designed to streamline your work being turned against you - that's what happened when threat actors exploited the popular n8n workflow automation platform to deliver malware via phishing emails, starting as early as October 2025. This clever tactic uses trusted infrastructure to evade defenses, turning productivity tools into a conduit for harm.
Ransomware Disrupts Autovista's Automotive Data Services
A ransomware infection has crippled Autovista's automotive data services in Europe and Australia, forcing customers to choose between isolating the affected vendor or patiently waiting for a resolution. Autovista has called in outside experts to help contain and clean up the breach.
Industrial Automation Systems Face Rising Cyber Threats Globally
As cyber threats escalate globally, industrial automation systems are becoming a prime target, leaving factories and control rooms vulnerable to attack - but who's sounding the alarm and answering the call? A recent industry snapshot for Q4 2025 sheds light on the rising threat landscape, revealing key infection vectors, malware trends, and regional hotspots.
Cybercriminals Explore AI's Dark Potential
Cybercriminals are increasingly exploring the dark side of artificial intelligence, and a recent study offers a glimpse into their private conversations, revealing a mix of curiosity, experimentation, and concern. By analyzing over 160 cybercrime forum discussions, researchers shed light on how offenders perceive and discuss AI's potential for cybercrime.
Malicious Chrome Extensions Infiltrate Web Store, Compromise User Data
Malicious Chrome extensions, masquerading as harmless tools, have infiltrated the official Web Store, putting millions of users' data at risk by stealing sensitive tokens, planting backdoors, and running ad fraud. Over 100 of these rogue add-ons have been identified, highlighting a growing threat in a marketplace we thought was safe.
Malicious Chrome Extensions Uncover Massive User Data Theft
Over 100 malicious Chrome extensions were secretly working together to steal user data, hijack online sessions, and inject ads into browsing experiences, all controlled by a single hidden command center. This massive data theft operation highlights the alarming risks of unchecked access to our online lives.
Ransomware Gang 0APT Targets Rival Krybit with Exposure Threat
Ransomware gangs are turning on each other, and the gloves are off - 0APT has publicly threatened to expose individuals tied to rival gang Krybit, escalating their rivalry to a whole new level of personal and public. This shocking move reveals the cutthroat world of cybercrime, where even thieves don't always agree.
Mirax RAT Exploits Meta Ads to Hijack 220,000 Devices
Meet Mirax RAT, a sneaky Android malware that's hijacked over 220,000 devices by exploiting Meta Ads, giving strangers full control over unsuspecting users' phones. This malicious code has rapidly spread to hundreds of thousands of social accounts, showcasing the alarming power of mainstream ad platforms in the wrong hands.
Malicious Chrome Extensions Exfiltrate User Data
Malicious actors have hijacked 108 Google Chrome extensions, quietly harvesting user data and turning every webpage into a playground for ad injection and code execution - putting around 20,000 users at risk. This sneaky campaign, discovered by cybersecurity researchers, uses a single command-and-control system to wreak havoc on unsuspecting browsers.
JanelaRAT Malware Strikes Latin American Banks with 14,739 Attacks
Latin American banks faced a staggering 14,739 attacks from the JanelaRAT malware in 2025, putting sensitive information at risk and raising the stakes for financial institutions and their customers. This surge in attacks highlights the growing threat of JanelaRAT, a modified malware family that continues to target banks in countries like Brazil and Mexico.
FBI dismantles W3LL phishing service, arrests developer
In a groundbreaking cross-border operation, the FBI and Indonesian authorities joined forces to dismantle the notorious W3LL phishing service, seizing key infrastructure and arresting an alleged developer. This historic collaboration marks a significant win in the fight against cybercrime, and raises hopes for a safer online landscape.
Impersonator Exploits Slack to Target Linux Developers
A clever impersonator tricked Linux developers on Slack by posing as a trusted official, leading them to click a link that seemed harmless but actually handed over their credentials and development environment. This sneaky attack used Google-hosted pages to disguise a bogus root certificate, catching developers off guard.
Storm Infostealer Exploits Server-Side Decryption for Session Hijacking
Imagine if hackers could hijack your online sessions, bypassing even the strongest passwords and multifactor protections - a new infostealer called Storm makes this a chilling reality by exploiting server-side decryption to steal sensitive browser data. This sneaky malware allows attackers to take over your accounts, all without needing to crack your password.
Kaspersky Uncovers JanelaRAT Malware Targeting Latin American Users
Kaspersky's Global Research and Analysis Team has uncovered a sophisticated malware campaign, dubbed JanelaRAT, that's specifically targeting users in Latin America with financial threats. This evolved malware has been detailed in a recent report, revealing its updated functionality and infection chain.
OpenAI Disrupts macOS App Signing Process After Supply Chain Breach
OpenAI recently took swift action to protect its users by revoking a macOS app certificate after discovering a malicious library had been downloaded through a GitHub Actions workflow used to sign its applications. This move highlights the vulnerability of even trusted software signing processes to supply chain breaches, and the importance of staying vigilant in macOS app security.