Skip to main content

Tag: malware

703 articles

Cracked laptop screen with eerie glow, snake-like cord morphing into menacing stone face.

Microsoft Uncovers Storm-1175's Medusa Ransomware Link

Microsoft just dropped a crucial report linking Storm-1175, a notorious threat actor, to high-velocity Medusa ransomware attacks that exploit flaws in networked systems. This newly uncovered connection raises the alarm for anyone building, defending, or relying on these systems to stay vigilant against Medusa ransomware attacks.

Analyst 207
Credential Theft Evolves, Outpaces Breach Monitoring Defenses

Credential Theft Evolves, Outpaces Breach Monitoring Defenses

Imagine the keys to your online kingdom being quietly copied and stolen before you even notice - that's the alarming reality of credential theft, where infostealers are harvesting sensitive info at scale, often bypassing traditional defenses. Simple breach monitoring just can't keep up with this modern threat.

Analyst 207
Ransomware Attacks Evolve to Exploit Stolen Data for Double Extortion

Ransomware Attacks Evolve to Exploit Stolen Data for Double Extortion

Ransomware attacks have taken a sinister turn, now using stolen data to blackmail victims into paying up - not just by encrypting their files, but by threatening to expose sensitive information to the world. This double extortion tactic adds a whole new level of pressure, forcing victims to weigh the cost of a data breach against the cost of a ransom.

Analyst 207
Storm Infostealer Decrypts Credentials to Evade Detection

Storm Infostealer Decrypts Credentials to Evade Detection

Meet Storm, a sneaky new infostealer that's taking password theft to the next level by remotely decrypting stolen credentials, allowing hackers to slip past security defenses undetected. This game-changing tactic lets stolen passwords be used immediately, bypassing local security controls that would normally sound the alarm.

Analyst 207
Akira Ransomware Executes Attacks in Under 60 Minutes

Akira Ransomware Executes Attacks in Under 60 Minutes

Akira ransomware has become alarmingly efficient, capable of executing a full-scale attack in under 60 minutes - leaving organizations with an incredibly tight window to detect and respond to threats. This lightning-fast strike highlights the urgent need for robust security measures to counter the rapidly evolving ransomware landscape.

Analyst 207
Bugs Chain Into Massive Backdoors, Threats Multiply

Bugs Chain Into Massive Backdoors, Threats Multiply

When small flaws are linked together, they can create massive backdoors - and the latest ThreatsDay Bulletin is sounding the alarm on this rapidly escalating threat landscape. The result? A multiplying list of active problems demanding attention now.

Analyst 207
Phantom Stealer Emerges as Sophisticated Stealer-as-a-Service Tool

Phantom Stealer Emerges as Sophisticated Stealer-as-a-Service Tool

Imagine your entire online life being stolen and sold for just a few hundred dollars - that's the harsh reality with Phantom Stealer, a powerful and stealthy tool that's making it easy for cybercriminals to get their hands on your sensitive information. This sophisticated .NET-based stealer can harvest everything from login credentials to payment card details, putting your digital identity at risk.

Analyst 207
WhatsApp Abused in Critical Multi-Stage Attack Warns Microsoft

WhatsApp Abused in Critical Multi-Stage Attack Warns Microsoft

Beware: a simple WhatsApp message can be the gateway for hackers to take control of your entire corporate network, as Microsoft warns of a new multi-stage social-engineering campaign exploiting the popular messaging app's security vulnerabilities. Stay vigilant - your harmless "ping" could be the weakest link in your security chain!

Analyst 207
Google Launches Critical Android Developer Verification to Combat Alarming App Threats

Google Launches Critical Android Developer Verification to Combat Alarming App Threats

Google's new Android Developer Verification is a game-changer in the fight against malicious apps, aiming to restore trust and keep bad actors at bay. By verifying developers worldwide, Google is taking a crucial step towards ensuring a safer app store experience for the billions of Android users.

Analyst 207
Malware Alert: Critical Axios NPM Hack Spreads Devastating Cross-Platform Threats

Malware Alert: Critical Axios NPM Hack Spreads Devastating Cross-Platform Threats

A critical security breach has hit Axios, a widely-used JavaScript library with over 100 million weekly downloads, leaving developers and users vulnerable to devastating cross-platform threats. This shocking incident raises a crucial question: can even the most trusted software sources be considered secure?

Analyst 207
Dort Unmasked: Alarming Rise of Kimwolf Botmaster Threat

Dort Unmasked: Alarming Rise of Kimwolf Botmaster Threat

Meet Dort, the mysterious mastermind behind the notorious Kimwolf botnet, a cybercrime powerhouse wreaking havoc on the internet. As the true identity and motives of this elusive threat actor remain shrouded in mystery, one thing is certain: their malicious activities have sent shockwaves through the cybersecurity landscape.

Analyst 207
Critical Telecom Threats Resurface in Alarming New Campaigns

Critical Telecom Threats Resurface in Alarming New Campaigns

Stay vigilant, as the latest telecom threat campaigns are emerging with renewed ferocity, exploiting familiar attack methods in new and sophisticated ways. Are you prepared for the next big threat and equipped to safeguard your digital landscape?

Analyst 207
Malware Strikes: Critical Wiper Attack Targets Iran

Malware Strikes: Critical Wiper Attack Targets Iran

A new wave of malware has struck, targeting Iran with a destructive wiper attack that wipes data from infected systems, blurring the lines between cybercrime and cyberwarfare. This brazen threat, dubbed CanisterWorm, exploits weak cloud security to spread its digital destruction.

Analyst 207
Chinese Hackers Exclusive: Dangerous Malware Threat

Chinese Hackers Exclusive: Dangerous Malware Threat

Curious about reports linking Chinese hackers to a new, dangerous malware strain? Get our exclusive breakdown of what it means for your security—and practical steps to stay one step ahead.

Analyst 207
BeaverTail and OtterCookie: Stunning Critical Threat

BeaverTail and OtterCookie: Stunning Critical Threat

Cisco Talos warns a North Korean group is fusing BeaverTail’s credential-theft with OtterCookie’s browser persistence into single, stealthier JavaScript malware that’s harder to spot — defenders should start hunting for blended behaviors and tighten basics like MFA, patching, and anomaly detection now.

Analyst 207
EtherHiding: Exclusive Risky Crypto Heist Warning

EtherHiding: Exclusive Risky Crypto Heist Warning

What if the blockchain meant to protect your funds became a hiding place for thieves? Google warns North Korea-linked hackers are using EtherHiding—embedding malware in Ethereum transactions—to siphon crypto, forcing defenders to rethink how they detect and stop attacks.

Analyst 207
Rhysida ransomware: Stunningly Dangerous Threat

Rhysida ransomware: Stunningly Dangerous Threat

Microsoft revoked more than 200 fraudulent certificates after attackers used fake Teams installers to deliver the Oyster backdoor and Rhysida ransomware — a reminder that even seemingly trusted files can be malicious. Treat unexpected downloads with suspicion, enforce layered defenses, and prioritize timely revocation and certificate hygiene to stay safer.

Analyst 207
incident response Must-Have: Effortless Unified Guide

incident response Must-Have: Effortless Unified Guide

When alerts start piling up, the difference between chaos and control is a unified incident response that brings IT, security and continuity together. Treat incident response as an organization-wide capability—clear roles, shared visibility and practiced coordination turn noisy alerts into fast, confident action.

Analyst 207
self-replicating worm: Shocking, Devastating NPM Breach

self-replicating worm: Shocking, Devastating NPM Breach

Imagine your everyday npm install quietly stealing your keys — researchers traced a self‑replicating worm to at least 187 NPM packages that exfiltrates developer credentials to GitHub each time an infected package is installed. This outbreak shows how fragile the software supply chain is and why immediate credential rotation, strict dependency hygiene, and better package vetting are essential.

Analyst 207
bulletproof hosting: Stunning Risks Evade Sanctions

bulletproof hosting: Stunning Risks Evade Sanctions

KrebsOnSecurity reveals how Stark Industries — a bulletproof hosting service tied to Kremlin-linked cyberattacks — slipped past EU sanctions by rebranding and shifting assets into shell companies, showing how adaptable abuse networks outpace enforcement. If sanctions are to matter, Europe needs faster cross-border coordination, tougher pressure on registrars and clear rules on who really owns these services.

Analyst 207
NoRobot malware: Exclusive Dangerous Threat

NoRobot malware: Exclusive Dangerous Threat

When LostKeys was exposed this spring, Coldriver didn’t fold — they reinvented, rolling out a lean, modular strain called NoRobot that sneaks past signatures, steals credentials, and blends into normal traffic. Defenders now need behavior-based detection, stronger identity controls like MFA, and faster threat-sharing to keep up with this smarter, stealthier pivot.

Analyst 207
Lumma Stealer: Shocking Risky Reputation Exposure

Lumma Stealer: Shocking Risky Reputation Exposure

A rival cybercrime group has publicly doxxed the operators behind Lumma Stealer, ripping away their secrecy and wreaking reputational havoc while creating both intelligence opportunities—and dangerous misinformation—for defenders, victims, and investigators.

Analyst 207
three new malware families: Exclusive Critical Threat

three new malware families: Exclusive Critical Threat

Heads-up: Google TAG says Russia-linked COLDRIVER has churned out three new malware families and is retooling them within days—an accelerated development pace that makes signature-based defenses brittle and raises the urgency for MFA, behavior-based EDR, and proactive threat hunting.

Analyst 207
Snappybee malware: Alarming Risky Breach of EU Telecoms

Snappybee malware: Alarming Risky Breach of EU Telecoms

A major European telecom was breached after attackers exploited a Citrix NetScaler flaw to deploy Snappybee — a modular espionage toolkit tied to the China-linked Salt Typhoon group — showing how trusted remote-access appliances can become gateways for stealthy data theft. The incident is a wake-up call to prioritize patching, segmentation, and behavioral detection before the next exploit hits.

Analyst 207