Click any tag below to further narrow down your results
Links
Lumma Stealer, a malware that once infected 395,000 Windows computers, has reemerged after law enforcement disrupted its operations. Using deceptive tactics like fake CAPTCHAs, it tricks users into installing the malware themselves. The infrastructure has quickly rebuilt, posing a renewed threat worldwide.
A new malware called GlassWorm has been discovered targeting macOS systems through compromised OpenVSX extensions. The attack, which involved pushing malicious updates to four extensions, aims to steal passwords, crypto-wallet data, and developer credentials. Users who downloaded the affected extensions should clean their systems and change their passwords.
Google found a new malware called PROMPTFLUX that uses Visual Basic Script to modify itself by interacting with its Gemini AI model. This malware seeks to evade detection by generating obfuscated code and is still in the development phase, lacking the ability to compromise networks. Security experts debate its effectiveness and significance.
This article investigates a Russian phishing campaign that uses a fake payment confirmation email to deploy the Phantom stealer malware. It details the multi-stage infection process, including the malicious ISO and executable files involved, and highlights the types of data targeted, such as credentials and cryptocurrency information.
North Korean hackers are using spear phishing emails that mimic human rights organizations and financial institutions to distribute malware. This campaign, called "Operation Poseidon," is linked to the Konni hacking group and aims to exploit vulnerabilities in email security through deceptive links. Cybersecurity experts warn that these sophisticated tactics make such attacks difficult to defend against.
A fake VS Code extension called "ClawdBot Agent" was found to be a trojan that installs malware on Windows machines without user interaction. Although it appeared legitimate, it secretly connected to a remote server to deliver malicious payloads. The investigation reveals sophisticated tactics and multiple layers of redundancy in the attack.
The Kimwolf botnet has compromised over 2 million Android devices, primarily targeting streaming boxes to turn them into residential proxies. Recent reports detail its expansion and connection to a network of compromised routers, which allows threat actors to conduct DDoS attacks and sell proxy services. Cybersecurity firms have identified significant increases in bot activity and vulnerabilities in residential proxy networks.
WormGPT 4 offers lifetime access for $220, enabling users to generate malware and phishing tools without needing advanced skills. While it simplifies certain cybercrime tasks, human intervention is still necessary to bypass security measures. Another model, KawaiiGPT, is even more accessible as it's free on GitHub.
Albiriox is a new Android malware that gives attackers full control over infected devices, enabling financial fraud. It spreads through deceptive SMS messages and fake apps, using advanced techniques to evade detection. The malware is part of a subscription-based service offered by Russian-speaking cybercriminals.
Some Notepad++ users are experiencing security incidents where the software may be involved in facilitating unauthorized access. The situation is still developing, and while only a few organizations have reported issues, users should monitor specific processes and network activity related to the application.
RedTiger is a new malware designed to steal data from Discord users, particularly targeting French gamers. It captures authentication tokens, payment information, and can even access webcams. The malware operates stealthily, evading detection and maintaining access even if passwords are changed.
A malware campaign is using fake guides for OpenAI's Atlas browser to lure macOS users into downloading an infostealer named AMOS. Victims are tricked into executing a malicious command that harvests sensitive data and installs a backdoor for remote access. Basic cybersecurity practices can help prevent these attacks.
Nitrogen ransomware has a major flaw that prevents victims' files from being decrypted, even if they pay the ransom. A programming error causes the gang's decryptor to overwrite the necessary public key, leaving both victims and criminals without access to the data. This coding mistake highlights the destructive potential of ransomware.
Researchers at Microsoft discovered a backdoor named SesameOp that misuses the OpenAI Assistants API for command-and-control communications. This malware employs sophisticated techniques to maintain stealth and persistence while executing commands within compromised systems. The findings highlight how threat actors adapt to new technologies for malicious purposes.
The Konni hacker group is targeting blockchain developers with AI-generated PowerShell malware. Their attacks involve sending malicious links via Discord that deliver a backdoor capable of compromising sensitive assets like API credentials and cryptocurrency. Researchers have identified the malware as being developed with AI assistance, indicating a shift in their tactics.
Security researchers found a harmful extension in the Open VSX registry that installs a remote access trojan called SleepyDuck. Initially released as harmless, the extension was updated shortly after gaining 14,000 downloads, enabling it to access user systems and exfiltrate data. Users are warned to be cautious when downloading extensions from unverified sources.
North Korean hackers are using Google’s Find Hub to track and factory reset Android devices of South Korean targets. They initiate attacks via spear-phishing on KakaoTalk, leading to data theft and device wipes to prevent recovery and spread malware to victims' contacts.
Researchers have uncovered a new Windows malware campaign using Pulsar RAT and Stealerv37. This malware can steal passwords, crypto, and gaming accounts while allowing hackers to interact with victims through a live chat window. It evades detection by running entirely in memory and hijacking trusted system tools.
The hacker group MuddyWater has launched a new spear-phishing campaign using a Rust-based implant called RustyWater, targeting various sectors in the Middle East. This campaign involves malicious Word documents that deploy the malware, which can gather system information and maintain persistence on infected machines. The move marks a shift from traditional tools to more sophisticated, custom malware.
A new attack is tricking Mac users into downloading malware through a fake job application process on a bogus website. Victims are lured with false job offers and prompted to install a fake FFmpeg update, which actually installs a backdoor called Flexible Ferret. This malware gives attackers ongoing access to the infected system.
Arctic Wolf offers a hands-on cyber range to test its Aurora Endpoint Defense against real malware and attack simulations. Users can see how the solution provides protection, detection, and response across various scenarios. The goal is to reduce the risk and impact of cyber breaches.
A new report reveals that the TamperedChef malware campaign tricks users into downloading malicious installers disguised as legitimate software. The attackers use social engineering techniques and compromised code-signing certificates to deliver a JavaScript backdoor that enables remote access and control. Affected sectors include healthcare, construction, and manufacturing, with a concentration of infections in the U.S.
The "Stanley" toolkit allows criminals to create malicious Chrome extensions that can overlay phishing pages on legitimate sites while masking the true URL. By masquerading as useful tools, these extensions trick users into granting permissions, making them vulnerable to credential theft. This poses significant risks in remote work environments where browser security is paramount.
Threat actors are using phishing emails with weaponized attachments to deploy malware aimed at Russia and Belarus' defense sector. The malware establishes a backdoor via OpenSSH and a customized Tor service, facilitating remote access while avoiding detection. Environmental checks ensure it only activates on genuine user systems.
Cybersecurity researchers revealed two malware campaigns using cracked software and compromised YouTube accounts. CountLoader is a stealthy loader delivering various payloads, while GachiLoader deploys malware through obfuscated scripts on YouTube, demonstrating advanced evasion techniques.
Cybersecurity researchers uncovered a campaign using malicious Blender files to deliver the StealC V2 information stealer. Users download infected .blend files from sites like CGTrader, which execute harmful scripts when opened, compromising their data. The attack takes advantage of Blender's Auto Run feature, allowing attackers to bypass security measures.
Researchers believe a massive fraudulent gambling network, active for 14 years, is likely backed by a nation-state. It targets government and private organizations in the US and Europe, exploiting vulnerabilities in websites to support its operations. The infrastructure includes over 328,000 domains and costs millions to maintain.
Over 149 million stolen usernames and passwords were discovered online, affecting platforms like TikTok, Netflix, and several financial services. The data leak, found by cybersecurity researcher Jeremiah Fowler, highlights the risks of infostealer malware and the importance of password security. It took a month to take the exposed database offline, raising concerns about the potential for automated attacks.
North Korean hackers are using malicious Microsoft Visual Studio Code projects to deliver a backdoor that allows remote code execution. By tricking victims into cloning Git repositories and opening them in VS Code, the attackers exploit task configuration files to run harmful JavaScript payloads. This ongoing campaign targets software engineers, particularly in cryptocurrency and fintech sectors.
A new campaign exploits Google search ads to direct macOS users to malicious ChatGPT and Grok conversations. These chats contain instructions that, when executed, install the AMOS infostealer malware, compromising sensitive information. Users are advised to be cautious and avoid running unknown commands.
Researchers found a malicious npm package named eslint-plugin-unicorn-ts-2 that attempts to deceive AI security scanners. It contains a hidden prompt and exfiltrates sensitive data during installation, highlighting a new tactic in cybercrime where attackers manipulate AI to avoid detection.
Researchers found two harmful VS Code extensions that appear as AI coding assistants but secretly send user data to servers in China. With over 1.5 million installs, they capture file content and modifications without user consent, while also incorporating analytics SDKs to track users.
Researchers tracked Lazarus Group's Chollima division using fake job offers to infiltrate companies. They captured operators in a controlled environment, revealing tools for identity theft and remote access without deploying malware. This highlights the risks of remote hiring for businesses.
The Kimwolf botnet has infected at least 1.8 million devices, primarily targeting Android-based TVs and set-top boxes. It has demonstrated advanced DDoS capabilities and is linked to the AISURU botnet, suggesting that the same hacker group may be behind both. Recent tactics include using Ethereum Name Service for resilience against takedowns.
Researchers have identified a new ransomware called Reynolds that includes a built-in component to exploit a vulnerable driver for evading security measures. This tactic, known as bring your own vulnerable driver (BYOVD), allows the ransomware to disable security programs and operate undetected. The attack also involved a suspicious loader and remote access tools for persistent control over compromised systems.
North Korean hackers behind the Contagious Interview campaign have added 197 new malicious packages to the npm registry, totaling over 31,000 downloads. These packages deliver a variant of the OtterCookie malware, which can capture sensitive information and establish remote access to infected machines. The campaign exploits fake job applications to trick users into installing the malware.
The article discusses a cybercrime campaign where a group called ShadyPanda hijacked popular browser extensions, turning them into malware after years of being trusted. It highlights the vulnerabilities of browser extensions in accessing sensitive SaaS data and offers strategies for organizations to mitigate these risks.
Iranian hacking group APT42 has been conducting a sophisticated campaign against senior defense and government officials, using social engineering tactics and even targeting their families to apply pressure. The malware they deploy operates stealthily, blending with normal activity and employing various techniques to maintain persistence and exfiltrate sensitive data.
Researchers have identified a campaign using GitHub-hosted Python repositories to spread a new JavaScript-based Remote Access Trojan called PyStoreRAT. This malware executes various malicious commands and targets cryptocurrency files, leveraging fake tools to deceive users into downloading it. The operation shows signs of being linked to Eastern European threat actors.
This article details a phishing scheme by DPRK hackers posing as recruiters. It analyzes the malware used in the scam, including code obfuscation techniques and how the attackers gather sensitive information from victims.
This article discusses a phishing scam where attackers impersonate recruiters to invite job seekers to fake interviews. The communication often includes suspicious links and requests for software installations, which can lead to malware infections. It emphasizes the importance of verifying the sender and maintaining updated security measures.
Researchers have identified four new phishing kits—BlackForce, GhostFrame, InboxPrime AI, and Spiderman—that enable large-scale credential theft. These kits utilize advanced techniques, including AI automation and evasion strategies, to deceive users and bypass security measures.
This article explores how large language models (LLMs) can be used for both defensive and offensive purposes in cybersecurity, highlighting the rise of malicious models like WormGPT and WormGPT 4. These tools bypass ethical constraints, making cybercrime more accessible for less skilled attackers. The piece details their capabilities, including generating phishing content and malware, and discusses the implications for the threat landscape.
Profero successfully decrypted DarkBit ransomware, enabling recovery of a victim's files without ransom payment. The attack, linked to Iranian state-sponsored actors, involved a unique encryption method that Profero exploited, ultimately leading to significant data recovery due to the sparse nature of the affected VMware ESXi server files. Profero is offering assistance to future victims but will not publicly release the decryptor.
The article discusses the release of the source code for Ermac v3.0, a sophisticated banking Trojan that has been used to steal sensitive information from users. It highlights the potential risks associated with this malware and urges users to be vigilant against security threats.
The article focuses on threat hunting techniques related to Cobalt Strike, a popular tool used for penetration testing and malicious cyber activities. It discusses the importance of identifying and mitigating threats posed by such tools, emphasizing proactive measures to enhance cybersecurity defenses.
APT28, a Russian state-sponsored hacking group, has been using Signal chats to target Ukrainian government entities with new malware families, BeardShell and SlimAgent. These attacks involve phishing tactics to deliver malicious documents that exploit Windows vulnerabilities, allowing for data exfiltration and unauthorized access to sensitive information. CERT-UA has identified these activities, emphasizing the need for vigilance against threats linked to Signal's usage.
A new botnet named Androxgh0st is expanding its operations by exploiting vulnerabilities in university servers in the United States. The botnet is capable of executing various malicious activities, raising concerns about its potential impact on educational institutions and cybersecurity.
The U.S. Department of State is offering a reward of up to $10 million for information leading to the arrest of Maxim Alexandrovich Rudometov, the developer of the RedLine malware. This malware has been used by various cybercriminal groups to steal sensitive information from compromised systems worldwide.
Hong Kong financial firms have recently been targeted by SquidLoader malware, which has been linked to a series of cyberattacks that aim to exfiltrate sensitive data. The malware utilizes various techniques to bypass security measures, raising concerns about the potential risks to the financial sector in the region. It is crucial for companies to enhance their cybersecurity protocols to mitigate such threats.
Threat actors are increasingly exploiting Discord webhooks to launch attacks, allowing them to send malicious payloads and automate harmful actions within servers. This trend highlights the need for heightened security awareness and protective measures against such vulnerabilities in popular communication platforms.
An ongoing infostealer campaign is targeting Mac users through fraudulent GitHub repositories that masquerade as legitimate software downloads. The LastPass TIME team is raising awareness of this threat, which employs SEO tactics to position malicious links prominently in search results, and has already initiated takedown efforts against some of these fraudulent sites.
North Korean hackers have been identified as the creators of NimDoor, a new malware targeting macOS users through fake Zoom updates. This malware exploits vulnerabilities to gain unauthorized access to systems, highlighting ongoing cybersecurity threats from state-sponsored hacking groups.
Russian malware known as Spypress is exploiting vulnerabilities in webmail services to spy on Ukrainian users, particularly targeting Gmail and Yahoo accounts. The malware facilitates unauthorized access to sensitive information, raising significant security concerns amid ongoing conflict.
The article discusses a newly identified backdoor and persistence technique used by cyber attackers, highlighting how it is being hijacked and concealed within systems. It emphasizes the need for organizations to enhance their threat detection capabilities to combat this evolving method of attack. Insights into the implications for cybersecurity and recommendations for mitigation are also provided.
ChaosBot, a new Rust-based malware, utilizes Discord for its command and control operations, showcasing a unique approach to evade traditional cybersecurity measures. By leveraging widely used platforms, it complicates detection and response efforts, raising concerns for security professionals. As the threat landscape evolves, understanding such tactics becomes crucial for effective defense strategies.
Hackers associated with the WinOS 4.0 malware have expanded their operations into Japan and Malaysia, deploying new variants of their malicious software. This increase in activity raises concerns about the potential impact on cybersecurity in these regions, as the malware targets specific vulnerabilities to infiltrate systems.
Researchers from ESET have identified PromptLock, the first known AI-powered ransomware, which is currently a non-functional proof-of-concept. This prototype utilizes OpenAI's gpt-oss-20b model to generate malicious Lua scripts and operates within a controlled environment, highlighting the potential dangers of AI in cybercrime despite no active infections being reported.
A new type of Android malware, dubbed "Godfather," is capable of bypassing sandbox detection to steal sensitive user data from applications, including banking and cryptocurrency wallets. Researchers have noted its ability to impersonate legitimate apps and extract credentials, posing a significant threat to Android users.
The article delves into the Gentlemen ransomware, exploring its modus operandi and the tactics employed by its operators. It highlights the impact of such ransomware on victims and discusses the broader implications for cybersecurity and ransomware trends.
The article discusses the emergence of GPUGate malware, which utilizes malicious implants in GitHub Desktop to exploit hardware-specific decryption methods. It highlights the malware's targeting of Google Ads specifically in Western Europe and emphasizes the need for increased cybersecurity awareness and measures against such threats.
Trellix's Advanced Research Center has uncovered a previously undetected infostealer malware named Myth Stealer, written in Rust and marketed on Telegram since late December 2024. This malware specifically targets video games, raising concerns about the security of the gaming community.
The article discusses the emergence of ScarCruft, a sophisticated threat actor that employs RokRat malware to conduct cyber espionage and data theft. It details the malware's capabilities and its targeted attacks against high-profile organizations. Additionally, the article emphasizes the importance of cybersecurity measures to counter such threats.
The article discusses a ransomware attack targeting SimpleHelp, compromising its infrastructure and impacting users. This incident highlights the ongoing threats posed by ransomware and the importance of cybersecurity measures for businesses and service providers.
The article discusses the emergence of a new macOS malware known as "AppleProcessHub," which is designed to steal user credentials and sensitive data. It highlights the tactics used by the malware, including its ability to bypass security measures and target specific applications. The piece also emphasizes the importance of user awareness and security practices to mitigate risks associated with such threats.
The article discusses the evolution of malware, highlighting a new variant known as ClickFix that emerged from the notorious MonsterRat. It examines the techniques used by this malware to exploit vulnerabilities and the implications for cybersecurity.
Jeffrey Bowie, CEO of Veritaco, was arrested for allegedly installing malware on hospital computers at St. Anthony Hospital in Oklahoma City. The malware was designed to take screenshots and send them to an external address, raising concerns about insider threats in healthcare cybersecurity.
A new wiper malware, dubbed "PathWiper," has been used in a destructive cyberattack against critical infrastructure in Ukraine. Conducted through a legitimate endpoint administration framework, the attack showcases a sophisticated understanding of the victim's environment by the attackers, likely associated with Russian nation-state actors.
Nearly 270,000 websites have fallen victim to malicious JavaScript injections using a unique obfuscation technique called "JSF-ck." This method encodes JavaScript using only six ASCII characters, allowing attackers to redirect users or display harmful content through iframes. Security experts emphasize the importance of keeping web servers updated and monitoring for signs of compromise.
Hacktivism is experiencing a resurgence, but many groups are increasingly linked to state-sponsored activities rather than independent activism. While some attacks are nuisance-level, others target critical infrastructure, raising concerns about their potential psychological and operational impacts. Experts warn that today's hacktivists can be sophisticated and may serve as tools for nation-states, blurring the lines between genuine activism and government-sponsored cyber operations.
VirusTotal uncovered a phishing campaign that utilizes SVG files to create deceptive portals mimicking Colombia's judicial system, leading users to download malware. The AI Code Insight feature enabled the detection of these previously undetected SVG files, which cleverly employ JavaScript to simulate a legitimate download process. This highlights the growing use of SVGs in cyberattacks and the importance of AI in identifying such threats.
A new malware named SparkKitty has been discovered, targeting iOS and Android devices to steal sensitive images from users' photo galleries, particularly those containing cryptocurrency wallet seed phrases. It has been distributed through official app stores and malicious sites, showcasing advanced techniques to exploit app provisioning systems.
Ransomware strains, such as DarkSide, often have built-in failsafes preventing installation on computers with certain virtual keyboards, particularly those in Russian or Ukrainian languages. By installing these keyboards, users may protect themselves from specific malware, compelling cybercriminals to reconsider their targets due to potential legal repercussions in their home countries. However, this method is not a foolproof solution against all malware threats.
Researchers at Mandiant have discovered a new malware strain dubbed "UNC6032," which utilizes AI-generated video content to deceive victims. The malware operates primarily through phishing campaigns, leveraging convincing videos to trick users into downloading malicious software. This highlights a growing trend in cyber threats where AI technology is exploited for malicious purposes.
The article appears to be corrupted or improperly formatted, making it difficult to extract coherent information or insights regarding its content. As a result, the intended analysis or briefing on the "scattered spider threat" is not accessible.
An artist recounts a phishing experience where a seemingly legitimate journalist's email led to the installation of malware on his Mac. After realizing his mistake, he took immediate action to secure his accounts and reported the incident to authorities, while also analyzing the malware to better understand the threat it posed.
A malicious desktop application posing as a ChatGPT client, named PipeMagic, has been found to contain a backdoor that compromises users' security. The fraudulent app can potentially allow attackers to execute harmful commands on infected systems, raising concerns about software authenticity and cybersecurity practices. Users are advised to avoid downloading unverified applications and ensure software comes from trusted sources.
Over 4,000 victims in 62 countries have been targeted by the PXA Stealer malware, which has stolen hundreds of credit card numbers, 200,000 passwords, and over 4 million browser cookies. This Python-based infostealer uses sophisticated phishing techniques and has evolved to evade detection, exfiltrating sensitive data through Telegram-based marketplaces.
The article discusses a new malware identified as "Sparrow," attributed to a Chinese cyber espionage group known as FamousSparrow. This malware poses a significant threat to organizations in the Americas by exploiting vulnerabilities in various systems to conduct surveillance and data theft.
A hacker is exploiting GitHub by distributing backdoored source code, specifically targeting hackers, gamers, and researchers. The malicious repositories, linked to the publisher "ischhfd83," deploy hidden backdoors through various means, leading to the installation of remote access trojans and info-stealers, which pose significant risks to users who compile the code. Sophos researchers warn of the sophisticated multi-step infection process that follows the download of these trojanized files.
CISA has released an analysis detailing malware used in attacks exploiting vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM), specifically an authentication bypass and a code injection issue. The vulnerabilities, already being exploited by a China-nexus espionage group, allow for arbitrary code execution and data exfiltration. CISA recommends immediate patching of affected systems and treating mobile device management solutions as high-value assets.
A North Korean hacking group, dubbed Elusive Comet, has been caught using Zoom's remote control feature to hijack victims' computers during seemingly legitimate business calls. By employing social engineering tactics, they trick individuals into granting remote access, allowing malware installation and data exfiltration.
LastPass has alerted macOS users about a malicious campaign using fake password managers and other software, which deliver the Atomic info-stealing malware through deceptive GitHub repositories. The campaign employs search engine optimization tactics to promote these fraudulent applications, urging users to execute potentially harmful commands that install malware on their systems. Users are advised to only download software from official sources to avoid such threats.
iClicker's website was compromised in a ClickFix attack that used a fake CAPTCHA to trick users into executing a PowerShell script that potentially installed malware on their devices. The attack, targeting college students and instructors, aimed to steal sensitive data, but the malware's specific nature varied based on the visitor type. Users who interacted with the fake CAPTCHA between April 12 and April 16, 2025, are advised to change their passwords and run security checks on their devices.
Microsoft has discovered a new variant of the XCSSET malware targeting macOS systems, which is being used in targeted attacks against specific individuals. This malware exploits vulnerabilities to gain unauthorized access and control over compromised devices, highlighting ongoing threats to macOS users.
Researchers have introduced a new malware technique named "Shade BIOS," which operates directly within a computer's BIOS, circumventing all traditional security measures. By requiring minimal interaction with an operating system, this method allows attackers to execute malicious actions undetected, presenting significant challenges for conventional cybersecurity defenses.
Hellcat ransomware has been found targeting firms by stealing Jira credentials, leading to significant data breaches. The malware is designed to extract sensitive information and poses a serious threat to organizations that rely on Jira for project management and collaboration. Cybersecurity experts are urging companies to enhance their defenses against such sophisticated attacks.
The article discusses the exploitation of Microsoft Teams for delivering malware through direct messages, highlighting the tactics employed by cybercriminals to bypass security measures. It emphasizes the need for organizations to enhance their cybersecurity protocols to mitigate such threats.
A new variant of the Coyote Trojan has been identified, which exploits Microsoft UI Automation to carry out banking attacks. This malware is capable of intercepting user inputs and manipulating user interfaces to steal sensitive information from victims. Cybersecurity experts warn that users should be vigilant and take necessary precautions to protect their banking credentials.
A new version of the Atomic macOS info-stealer malware has been discovered, featuring a persistent backdoor that allows attackers to maintain indefinite access to compromised systems. Analyzed by Moonlock, the malware targets macOS files and user data, exploiting phishing tactics and advanced evasion techniques to execute remote commands and survive system reboots.
A recent report highlights a sophisticated fileless malware attack attributed to a Chinese APT group targeting the Philippine military. The malware, dubbed "Eggstreme," operates by utilizing legitimate processes to evade detection, showcasing an evolving threat landscape in cyber warfare.
Spanish authorities have arrested a 25-year-old Brazilian national known as GoogleXcoder, who is accused of leading the GXC Team crime-as-a-service operation that sold phishing kits and Android malware. The GXC Team targeted banks and other organizations, contributing to significant financial losses through their phishing campaigns.
A newly discovered malware prototype named "Skynet" attempts to manipulate AI tools by instructing them to ignore its malicious code. Although the malware's design is rudimentary and ineffective, it highlights emerging trends in the intersection of AI and cybersecurity, raising concerns about future evasion tactics.
A malware campaign targeting Minecraft players has been uncovered, where malicious mods and cheats are used to infect Windows devices with infostealers that steal credentials, authentication tokens, and cryptocurrency wallets. Conducted by the Stargazers Ghost Network, the operation utilizes GitHub to distribute fake mods, reaching thousands of potential victims while evading detection by antivirus software. To protect themselves, players are advised to download mods only from reputable sources and maintain caution when using GitHub links.
Cybersecurity experts warn that malicious PDFs are increasingly being used as delivery mechanisms for phishing attacks, particularly targeting Gmail users. These PDFs can masquerade as legitimate documents but contain links or scripts designed to steal user credentials and sensitive information. Awareness and caution are crucial for users to avoid falling victim to these deceptive tactics.
Trox Stealer is a new malware-as-a-service (MaaS) that has recently emerged, allowing cybercriminals to deploy sophisticated attacks. This analysis delves into its capabilities, distribution methods, and the potential risks it poses to individuals and organizations alike. Understanding Trox Stealer's mechanisms is crucial for enhancing cybersecurity measures against such threats.
Researchers have issued warnings about a new type of malware that is capable of self-replication and spreading across networks without user intervention. This threat poses significant risks to cybersecurity, as it can propagate rapidly, potentially affecting numerous systems simultaneously. Organizations are advised to enhance their security measures to mitigate this emerging threat.
A hacker known as EncryptHub has compromised the early access game Chemia on Steam by injecting info-stealing malware into its files, specifically the HijackLoader and Fickle Stealer. The malware operates in the background, allowing it to harvest sensitive data from users while remaining undetected during gameplay. Users are advised to avoid downloading the game until further notice from the developer or Steam, as it remains unclear if the current version is safe.
A fake version of ChatGPT, disguised as an InVideo AI tool, is tricking users into downloading ransomware. This malicious software locks users out of their systems and demands a ransom for access. The incident highlights the urgent need for vigilance against such deceptive schemes in the AI landscape.
Endgame Gear has reported that malware was embedded in the configuration tool for its OP1w 4k v2 mouse, available on its official website from June 26 to July 9, 2025. Users who downloaded the compromised tool may have been infected with the XRed backdoor, which includes keylogging and data exfiltration capabilities. The company has removed the malware and is implementing new security measures to prevent future incidents.