Tag: malware
697 articles
npm registry Must-Have Fixes Make It Safer
A recent wave of phishing and malware-laced npm packages has pushed GitHub to tighten registry security—introducing mandatory 2FA for popular maintainers, trusted publishing rules, and sweeping takedowns—to stop attackers from slipping malicious updates into countless JavaScript projects. These changes aim to make the ecosystem safer without losing the openness that powers modern development.
Iran-backed hackers: Exclusive Dangerous Espionage
Think that job email was real? Researchers warn Iran‑linked hackers are using fake recruitment pages to deliver MiniJunk backdoors and MiniBrowse stealers to European aerospace and related sectors, so organizations and applicants should harden hiring workflows and treat unsolicited offers with caution.
lateral movement: Stunning 18-Minute Risky Surge
Attackers now break out in a median of just 18 minutes, not hours, so organizations must embrace zero-trust, strong identity controls, segmentation and automated detection to stop breaches before they can spread.
Formbook: Exclusive Devastating Phishing Risk
From a biotech lab in Minsk to a tour operator in Almaty, dozens of organizations across Belarus, Kazakhstan and Russia were targeted by a tailored phishing campaign that deployed the notorious Formbook trojan—now linked by researchers to a new actor called ComicForm and possibly tied to SectorJ149. The case is a sharp reminder that proven malware plus savvy social engineering lets small groups steal credentials across sectors, so adding MFA, least‑privilege controls and behavioral monitoring is more important than ever.
fake IC3 pages: Must-See Dangerous Warning
Scammers are cloning the FBI’s IC3 complaint portal, turning the place victims go for help into a data‑harvesting trap. Before you report, verify fbi.gov links, use bookmarks, and follow official contact methods to keep your information safe.
ClickFix lures: Must-Have Critical Warning
DPRK-linked hackers are swapping code-focused bait for ClickFix-style tickets that trick marketing and trading teams into installing BeaverTail and InvisibleFerret malware, putting funds and customer systems at risk. It’s a wake-up call to treat phishing as a financial-security issue—tighten email defenses, role-based access, and training beyond engineering.
Ivanti EPMM Urgent: Must-Have Fixes for Risky Flaws
Urgent: CISA found attackers exploited Ivanti EPMM flaws to push multiple malware families — if your organization uses this MDM, patch immediately and rotate admin credentials. Lock down management access with MFA and monitor console activity now to prevent a potentially wide-scale breach.
Gamaredon and Turla: Stunning Dangerous Alliance
New research shows Russian state-linked groups Gamaredon and Turla are sharing malware and techniques to scale espionage against Ukrainian government, military and aid organizations — a troubling coordination that widens Moscow’s reach while making defense and attribution much harder.
Ivanti EPMM Critical Risk: Exclusive Malware Warning
CISA is warning that threat actors have exploited critical Ivanti EPMM flaws (CVE-2025-4427/4428) to drop stealthy loaders and listeners that give attackers remote control and a wide blast radius. If you manage EPMM, patch now, lock down access and credentials, and start looking for suspicious listener and remote-execution activity before it’s too late.
CountLoader: Stunning Risky Loader Threat
CountLoader — a flexible, multi‑version loader now favored by Russian ransomware affiliates and initial access brokers — is being used to deliver dangerous toolsets like Cobalt Strike, AdaptixC2 and PureHVNC. Stay vigilant: layered defenses, behavioral detection, and rapid containment are essential to stop these faster, harder‑to‑detect intrusions.
cyber espionage: Dangerous Exclusive Threat to Trade
China-backed hackers impersonated a U.S. congressman to snoop on trade deliberations, using tailored spear-phishing to harvest credentials and gain persistent access to policymakers, think tanks and law firms. Proofpoint warns this stealthy campaign undermines trust in policymaking and shows why stronger email defenses, MFA and tighter operational security are urgently needed.
self-replicating worm: Stunning Risk to Dev Supply Chains
A self-replicating worm has infected nearly 200 NPM packages, stealing developer tokens and publishing them to public GitHub repos so each install can expose even more credentials. If you use open-source dependencies, now’s the time to audit builds, rotate keys, and lock down your developer workflows before the next propagation wave hits.
FileFix attacks: Urgent Risky Facebook Alert Scam
Beware: a fast-moving campaign called FileFix fakes Facebook security alerts to trick users into downloading tools that actually install the StealC infostealer and follow-on downloaders. Stay cautious—verify alerts inside the official app, never run executables from links, and enable phishing-resistant MFA.
malicious bundlejs: Stunning Devastating npm Alert
Over 40 npm packages were quietly republished with an injected bundle.js that steals credentials, turning trusted modules into stealthy supply‑chain lures. Lock down maintainer accounts, enable MFA and artifact signing, and scan for unexpected postinstall scripts to stop this kind of attack.
SnakeDisk worm: Stunning Risky Thai-Targeted Threat
A China-aligned group called Mustang Panda has paired an updated TONESHELL backdoor with a USB worm named SnakeDisk that only activates for Thailand-based devices to drop a persistent Yokai backdoor — a surgical, geographically targeted campaign that ups the stakes for anyone who plugs in removable media. Stay cautious with USB drives and tighten removable-media policies: this is a reminder that one careless plug can invite long-term access.
UEFI bootkit Nightmare: Exclusive Devastating Threat
HybridPetya blends NotPetya-style destructive tricks with a UEFI bootkit that can survive OS reinstalls and even attempt to bypass Secure Boot, forcing teams and everyday users to rethink recovery and firmware defenses. If you assume reinstalling Windows is enough, this threat is a wake-up call to harden firmware, backups and pre-boot integrity checks.
SEO poisoning: Dangerous, Exclusive Threat to Windows
Search results are being weaponized: lookalike download pages boosted by SEO are tricking Chinese Windows users into installing trojanized installers carrying Hiddengh0st and Winos. Always grab updates from vendor channels, verify installer signatures, and be suspicious of search results that look “too convenient.”
browser-based attacks: Critical Must-Have Defenses
We’ve hardened email — it’s time to treat browsers as the frontline: discover the six browser-based attacks every security team must prioritize now and the practical defenses to keep users, credentials, and networks safe.
RMM tools Must-Have: Stunning Best Defenses
Attackers are weaponizing legitimate remote-management tools with convincing phishing that tricks users into installing or granting access—letting them move laterally, steal data, or deploy ransomware. Learn practical defenses—from behavioral analytics and least-privilege RMM setups to MFA, segmentation, and clear user procedures—that stop these dual-use tools from becoming a corporate catastrophe.
GitHub Pages Risky SEO Attack — Exclusive Warning
Imagine downloading what looks like legitimate software only to find your PC compromised — attackers are using SEO tricks and GitHub Pages to push kkRAT to Chinese-speaking users by creating convincing fake download pages and hijacking search rankings. Fortinet warns this weaponized trust turns routine searches into infection vectors, so stick to vendor sites and double-check every download.
bypass Secure Boot: Stunning Dangerous PoC Reveals Risk
A new proof-of-concept bootkit called HybridPetya shows Secure Boot can be bypassed, reminding us that attackers who gain control before Windows starts can hide, persist, and undermine trust at the firmware level. Patch promptly, inventory firmware, and push for hardware-level protections—because platform security now starts before the OS.
spyware campaign Exclusive Critical Alert for France
Apple quietly warned some French iCloud users they may have been targeted by sophisticated spyware, and CERT-FR confirmed this is the fourth such alert in 2025—suggesting a focused campaign rather than a mass outbreak. If you saw the Apple Security notice, update your devices, review account access and authentication, and consider expert help to secure sensitive communications.
Living Off The Land: Stunning, Risky Evasion Techniques
Attackers are quietly blending in by weaponizing legitimate — often obscure — system tools and even image files to evade detection, forcing defenders to rethink the assumption that “known-good” equals safe. To stay ahead, organizations must expand telemetry, tighten allowlisting, and hunt for suspicious misuse of everyday binaries before trust becomes a vulnerability.
Apple spyware campaign: Exclusive Risky Threat Guide
Worried about your iPhone? Apple warned multiple French users in 2025 they may have been targeted by sophisticated spyware — a wake‑up call to update, tighten protections, and demand clearer rules around commercial surveillance.