Click any tag below to further narrow down your results
Links
The cyber group Tomiris has changed its strategy, using public services like Telegram and Discord for command-and-control in attacks against government entities in Central Asia. Their recent campaigns involve spear-phishing emails and malware that targets high-value political infrastructure, employing a variety of custom and open-source tools.
Google found a new malware called PROMPTFLUX that uses Visual Basic Script to modify itself by interacting with its Gemini AI model. This malware seeks to evade detection by generating obfuscated code and is still in the development phase, lacking the ability to compromise networks. Security experts debate its effectiveness and significance.
A new malware called GlassWorm has been discovered targeting macOS systems through compromised OpenVSX extensions. The attack, which involved pushing malicious updates to four extensions, aims to steal passwords, crypto-wallet data, and developer credentials. Users who downloaded the affected extensions should clean their systems and change their passwords.
UNC1069, a North Korean threat group, has been exploiting social engineering tactics and AI tools to infiltrate cryptocurrency companies. Their recent attack involved a compromised Telegram account, a fake Zoom meeting with a deepfake video, and multiple malware families to harvest sensitive data. The operation highlights a significant evolution in their methods since 2018.
OpenClaw has added VirusTotal's malware scanning to its ClawHub marketplace after finding 341 malicious skills in its platform. This integration scans all published skills for known malware, but experts warn it won't catch all threats, particularly those using prompt injection techniques.
The North Korean group UNC1069 has intensified its focus on financial institutions, employing advanced AI tools for social engineering attacks. They utilize new malware to exploit vulnerabilities and steal sensitive data from victims, including credentials and browser information.
Cybersecurity experts found a new Android spyware, RadzaRat, disguised as a file manager app. It grants hackers full control over devices, including keylogging capabilities, and is undetectable by antivirus programs. The malware is easily accessible online and can be deployed by anyone with basic skills.
This article analyzes a series of DNG image exploits discovered between July 2024 and February 2025, targeting the Quram library on Samsung devices. The exploits bypassed security by leveraging WhatsApp to deliver malicious images, ultimately aiming to execute code within a specific Samsung system service.
This article analyzes a malicious Visual Studio Code extension that implements ransomware-like behavior. It highlights how the extension encrypts files, uploads sensitive data, and communicates with a command and control server via a private GitHub repository. The piece questions how such obvious malware passed the marketplace review.
Threat actors are using a recently patched vulnerability in Microsoft WSUS, known as CVE-2025-59287, to distribute ShadowPad malware. This backdoor, linked to Chinese hacking groups, allows attackers to execute commands and install additional malicious tools on compromised systems.
This tool generates Windows PE executables that trigger YARA rule matches, helping users validate their malware detection signatures. It automates the creation of test files based on specific patterns, ensuring effective scanning and rule accuracy. Safe to use, the executables exit immediately without executing harmful code.
Lumma Stealer, a malware that once infected 395,000 Windows computers, has reemerged after law enforcement disrupted its operations. Using deceptive tactics like fake CAPTCHAs, it tricks users into installing the malware themselves. The infrastructure has quickly rebuilt, posing a renewed threat worldwide.
A report from Zscaler reveals that over 239 malicious Android apps were downloaded 42 million times from Google Play between June 2024 and May 2025. The rise in malware includes banking trojans and spyware, with a notable shift towards social engineering tactics. India, the U.S., and Canada are the top targets, while adware has become the most detected threat.
The article discusses two new dark large language models (LLMs), WormGPT 4 and KawaiiGPT, which help less-skilled cybercriminals automate attacks like phishing and malware creation. WormGPT 4 is sold on underground forums, while KawaiiGPT is freely available on GitHub, making it easy for aspiring hackers to access powerful tools. Researchers warn these models lower the skill barrier for cybercrime, posing a significant digital risk.
WormGPT 4 offers lifetime access for $220, enabling users to generate malware and phishing tools without needing advanced skills. While it simplifies certain cybercrime tasks, human intervention is still necessary to bypass security measures. Another model, KawaiiGPT, is even more accessible as it's free on GitHub.
Google warns that various threat actors, including those linked to Russia and China, are exploiting a critical flaw in WinRAR to gain access and deploy malware. This vulnerability, CVE-2025-8088, allows attackers to execute malicious code by manipulating archive files, leading to widespread attacks on multiple targets.
This article outlines a method to create a Rust binary that behaves harmlessly under normal circumstances but runs a hidden program on a specific target host. It discusses the encryption of the hidden program and how to derive a decryption key from unique host data, ensuring the hidden code remains concealed. The approach is relevant for targeted malware and software licensing.
The Kimwolf botnet has compromised over 2 million Android devices, primarily targeting streaming boxes to turn them into residential proxies. Recent reports detail its expansion and connection to a network of compromised routers, which allows threat actors to conduct DDoS attacks and sell proxy services. Cybersecurity firms have identified significant increases in bot activity and vulnerabilities in residential proxy networks.
A fake VS Code extension called "ClawdBot Agent" was found to be a trojan that installs malware on Windows machines without user interaction. Although it appeared legitimate, it secretly connected to a remote server to deliver malicious payloads. The investigation reveals sophisticated tactics and multiple layers of redundancy in the attack.
DetonatorAgent is a tool designed for Red Teamers to execute files and collect EDR logs during security assessments. It helps determine if malware remains undetected and works alongside RedEdr to improve testing reliability. The agent operates via a REST API and allows for the execution of various file types while capturing relevant EDR alerts.
North Korean hackers are using spear phishing emails that mimic human rights organizations and financial institutions to distribute malware. This campaign, called "Operation Poseidon," is linked to the Konni hacking group and aims to exploit vulnerabilities in email security through deceptive links. Cybersecurity experts warn that these sophisticated tactics make such attacks difficult to defend against.
Malcontent is a tool designed to detect supply-chain malware using context analysis and differential methods. It supports various file formats and programming languages, analyzing Linux programs primarily, but also works with macOS and Windows. It features three modes: analyze, diff, and scan, allowing for in-depth examination of program capabilities and risks.
The U.S. Department of Justice has charged 54 individuals linked to a multi-million dollar ATM jackpotting conspiracy involving malware called Ploutus. Many of the suspects are tied to the Venezuelan gang Tren de Aragua, which is implicated in various criminal activities, including funding terrorism. The indictments detail methods of hacking ATMs to steal cash and launder money.
This article explores the use of AI models, particularly Claude Opus 4.6, to detect hidden backdoors in binary executables. While some success was noted, with a 49% detection rate for obvious backdoors, the approach remains unreliable for production use due to high false positives and limitations in analyzing complex binaries.
Google released an urgent update for Chrome to fix two vulnerabilities that can be exploited by simply visiting malicious web pages. Users should ensure they're on version 143.0.7499.146 or later to stay protected from potential attacks.
The article details a targeted malware attack disguised as a freelance job opportunity on LinkedIn. It breaks down how the malicious code was embedded in a GitLab repository and outlines key warning signs for developers to watch for to avoid similar scams.
The Kimwolf botnet, known for infecting over 2 million devices, has reportedly gained unauthorized access to the control panel of Badbox 2.0, a major botnet linked to advertising fraud. This access allows Kimwolf to deploy its malware on devices connected to Badbox 2.0, raising concerns about the spread of malicious software.
Bitdefender Labs found that 17% of the OpenClaw AI skills examined in February 2026 are malicious. These skills, masquerading as useful tools, are used to steal crypto keys and install malware on macOS, with one user linked to 199 harmful scripts.
Researchers found insecure bootstrap scripts in legacy Python packages that could allow attackers to exploit a domain takeover. The scripts fetch an outdated installation package from a now-available domain, which poses a risk of executing malicious code. Some affected packages have removed the scripts, but others, like slapos.core, still include them.
This article investigates a Russian phishing campaign that uses a fake payment confirmation email to deploy the Phantom stealer malware. It details the multi-stage infection process, including the malicious ISO and executable files involved, and highlights the types of data targeted, such as credentials and cryptocurrency information.
Google Chrome's new autofill feature can now store sensitive information like passports and vehicle IDs, making form-filling faster. However, experts warn that this could increase risks if a user's Google account is compromised, as all that data is concentrated in one place. The cybersecurity community advises against storing sensitive information in browsers due to rising malware threats.
A malware campaign is using fake guides for OpenAI's Atlas browser to lure macOS users into downloading an infostealer named AMOS. Victims are tricked into executing a malicious command that harvests sensitive data and installs a backdoor for remote access. Basic cybersecurity practices can help prevent these attacks.
Attackers are using a new method called "Browser-in-the-Browser" to create convincing fake login windows that steal usernames and passwords. These pop-ups look legitimate and can trick users, but employing a password manager and being cautious with links can help protect your accounts.
The Kimwolf botnet has infected over 2 million devices by exploiting vulnerabilities in residential proxy networks. It spreads through compromised Android TV boxes and digital photo frames, allowing attackers to relay malicious traffic and launch DDoS attacks. Security experts warn that the risk from unsecured proxy networks is escalating.
A coordinated effort has released over 67,000 fake npm packages since early 2024, aimed at flooding the registry rather than stealing data. The malicious packages use JavaScript scripts that require manual execution to propagate, creating a self-replicating network that burdens the platform. Researchers link this activity to a monetization scheme involving TEA tokens.
Security researchers identified and removed a fake VSCode extension masquerading as Prettier. The extension was designed to deploy Anivia Stealer malware, but swift action limited its impact to just a handful of users. Developers are warned to be cautious with third-party tools.
Google is introducing developer verification requirements to enhance security on the Android platform, addressing issues with scams and malware. The update considers feedback from various user groups, including students and experienced users, offering tailored solutions for each. Early access to the new verification process is starting for developers.
SolyxImmortal is a Python-based malware designed to steal sensitive information from Windows users. It collects credentials, documents, and keystrokes while maintaining a low profile by using Discord webhooks for data exfiltration. The malware ensures persistence on infected systems without requiring administrative privileges.
RedTiger is a new malware designed to steal data from Discord users, particularly targeting French gamers. It captures authentication tokens, payment information, and can even access webcams. The malware operates stealthily, evading detection and maintaining access even if passwords are changed.
Researchers found a harmful Chrome extension called Crypto Copilot that secretly siphons Solana from users during transactions. It injects hidden fees into swaps on the Raydium exchange, transferring funds to an attacker's wallet without user knowledge. The extension remains available for download, despite its malicious behavior.
This article discusses the unique security challenges faced by developer endpoints and highlights Koi Security's approach to managing these risks. It emphasizes the need for specialized tools that cater to developers without disrupting their workflows, especially in light of recent malware threats.
Some Notepad++ users are experiencing security incidents where the software may be involved in facilitating unauthorized access. The situation is still developing, and while only a few organizations have reported issues, users should monitor specific processes and network activity related to the application.
Europol coordinated a crackdown on three cybercrime operations, targeting the malware Rhadamanthys, the Elysium botnet, and VenomRAT. Police arrested a key suspect in Greece and seized over 1,000 servers, revealing millions of stolen credentials from infected computers. Rhadamanthys gained prominence after the takedown of another malware, Lumma, earlier this year.
Valkyrie Stealer is a sophisticated malware that targets Windows systems to harvest sensitive information, including credentials and browser data. It employs advanced evasion techniques to avoid detection in virtualized environments and features a modular architecture for flexible data theft. The developer, known as Lawxsz, actively promotes the malware through various online platforms.
This article introduces a tool that allows users to extract locked files from browsers without triggering lock checks. It exploits memory-mapped section handles, making it stealthy and non-destructive. The author emphasizes that this method should only be used for authorized security research and not for illegal activities.
This article examines how the Russian threat group Primitive Bear uses a recently discovered WinRAR vulnerability (CVE-2025-6218) to launch malware attacks targeting Ukrainian entities. The analysis highlights the group's methodology, including the use of deceptive file names to trick victims into executing malicious scripts.
The article discusses the "Premier Pass-as-a-Service" model, highlighting the collaboration between China-aligned APT groups Earth Estries and Earth Naga. This partnership complicates detection and attribution of cyberattacks, as the two groups share access to compromised assets, targeting critical sectors across various regions.
Albiriox is a new Android malware that gives attackers full control over infected devices, enabling financial fraud. It spreads through deceptive SMS messages and fake apps, using advanced techniques to evade detection. The malware is part of a subscription-based service offered by Russian-speaking cybercriminals.
A Russia-aligned hacking group, UAC-0184, is using Viber to deliver malware to Ukrainian military and government targets. They exploit war-themed phishing emails to deploy Hijack Loader, which installs Remcos RAT for remote control and data theft.
A recent study reveals that over 90% of parked domains now redirect visitors to malicious content, a sharp increase from less than 5% a decade ago. Users who mistakenly visit these sites are often targeted with scams or malware, especially if using residential IP addresses. The report highlights the risks of typosquatting and the complex web of redirects that lead to harmful sites.
The SmartTube YouTube client for Android TV was hacked after the developer's signing keys were compromised, allowing malware to be injected into the app. Users are advised to avoid recent versions and check for unauthorized access to their Google Accounts. The developer plans to release a safe update soon.
The article discusses how AI agents could spread harmful instructions, similar to the Morris worm that infected early Internet computers. These "prompt worms" exploit AI's nature of following commands, potentially leading to widespread security issues. Researchers warn that this new type of contagion could emerge as AI systems communicate with each other.
Nitrogen ransomware has a major flaw that prevents victims' files from being decrypted, even if they pay the ransom. A programming error causes the gang's decryptor to overwrite the necessary public key, leaving both victims and criminals without access to the data. This coding mistake highlights the destructive potential of ransomware.
GoBruteforcer is a botnet attacking cryptocurrency databases to brute-force user passwords for various services. Its operators exploit weak credentials and misconfigured servers to expand their control, utilizing a mix of common usernames and a persistent malware infrastructure. Recent activities also show attempts to identify blockchain accounts with funds.
VoidLink is a Linux command-and-control implant that targets multiple cloud environments for credential theft and data exfiltration. It shows signs of being generated by an AI coding agent, with unusual documentation and logging patterns. This raises concerns about the accessibility and sophistication of malware development.
Researchers found that hackers are using the React2Shell vulnerability to compromise NGINX web servers, redirecting traffic for malicious purposes. This can lead to malware infections and damage to an organization's reputation. CSOs are advised to secure server configurations and apply the latest security patches.
DumpBrowserSecrets is a tool that extracts sensitive data from various web browsers, including Chrome, Firefox, and Edge. It retrieves information like cookies, credentials, and browsing history using a combination of executable and DLL components. The tool can handle both Chromium-based and non-Chromium browsers for data extraction and decryption.
MacPersistenceChecker is a macOS app that identifies all items set to run automatically on your system. It helps detect malware and unwanted software by scoring each persistence mechanism based on risk factors. Users can analyze and decide what to keep or remove.
Researchers revealed a nine-month campaign exploiting the React2Shell vulnerability to build the RondoDox botnet. The botnet scans for vulnerable devices and installs various malware, including cryptocurrency miners and a Mirai variant. Organizations are urged to update software and implement security measures to defend against these attacks.
OpenClaw, a popular AI agent, has been linked to security issues due to malware found in numerous user-created add-ons on its ClawHub marketplace. Security researchers identified hundreds of malicious skills that trick users into downloading harmful software that can steal sensitive information. The platform's creator is implementing measures to mitigate these risks, but vulnerabilities remain.
Researchers found that open source packages on npm and PyPI were infected with malware that stole wallet credentials from dYdX developers and users. The malicious code captured seed phrases and device fingerprints, leading to potential irreversible theft of cryptocurrency. The attack affected multiple versions of the compromised packages.
This article discusses methods for evading Endpoint Detection and Response (EDR) systems using LLVM's obfuscation techniques. It explores both traditional post-compilation evasion strategies and a newer compile-time obfuscation approach that complicates reverse engineering. The piece highlights the current challenges in effective evasion despite these advancements.
A security audit of ClawHub found 341 malicious skills, primarily linked to a single campaign called ClawHavoc. These skills disguise themselves as legitimate tools but deliver trojans capable of stealing sensitive information from users. The attack leverages common installation practices to bypass security measures.
Attackers exploited vulnerabilities in SolarWinds Web Help Desk to steal high-privilege credentials from various organizations. Microsoft is investigating which specific flaws were used, as multiple recent and old CVEs are in play. Security teams are advised to apply patches and monitor for unauthorized remote management tools.
A new ClickFix campaign targets the hospitality sector in Europe, using fake Windows BSOD screens to trick users into executing malware. Attackers send phishing emails impersonating Booking.com, leading victims to a convincing fake website that prompts them to run malicious commands. Once executed, the malware grants remote access and can spread within the network.
A zero-day vulnerability in Samsung's Android image processing library allowed the deployment of LandFall spyware through malicious images sent via WhatsApp. This spyware targets specific Galaxy models and can record calls, track locations, and access personal data.
The Eclipse Foundation revoked some access tokens from its Open VSX project after a report revealed they were exposed in public repositories. This vulnerability could have allowed attackers to manipulate or distribute malicious extensions. New token prefixes and stricter security measures are being implemented to prevent future incidents.
CyberVolk's new ransomware, VolkLocker, has significant flaws that allow victims to recover their files without paying the ransom. It targets Windows and Linux systems and includes a built-in timer that threatens to delete user files if payment isn't made in time. The group is also expanding its services to include a remote access trojan and keylogger.
Researchers at Microsoft discovered a backdoor named SesameOp that misuses the OpenAI Assistants API for command-and-control communications. This malware employs sophisticated techniques to maintain stealth and persistence while executing commands within compromised systems. The findings highlight how threat actors adapt to new technologies for malicious purposes.
A hacker involved in a scheme to use remote access malware for drug trafficking has been sentenced by the Amsterdam Court of Appeal. The malware, deployed via a USB stick with insider help, enabled the infiltration of port systems, facilitating the smuggling of 210 kilograms of cocaine into the Netherlands.
This article discusses a security flaw in popular AI IDEs like Cursor and Windsurf, which recommended non-existent extensions from Microsoft’s marketplace. The authors proactively claimed vulnerable namespaces on OpenVSX to prevent malicious uploads, securing the environment for developers.
The article details a sophisticated malware operation by North Korean threat actors using npm packages to deliver malicious code. It explains how they utilize GitHub and Vercel to manage and deploy payloads, highlighting various tactics for data theft, including clipboard access, keylogging, and file exfiltration.
The Konni hacker group is targeting blockchain developers with AI-generated PowerShell malware. Their attacks involve sending malicious links via Discord that deliver a backdoor capable of compromising sensitive assets like API credentials and cryptocurrency. Researchers have identified the malware as being developed with AI assistance, indicating a shift in their tactics.
A phishing campaign is impersonating well-known brands like Disney and Mastercard to steal Google Workspace and Facebook business account credentials. The attackers use fake Calendly invitations to lure victims, leading them to phishing pages designed to capture sensitive login information. The campaign employs advanced techniques to bypass security measures, making it a significant threat.
This article details a vulnerability in Triofox that allowed unauthenticated remote access, enabling attackers to bypass authentication and execute arbitrary code. Mandiant discovered that this flaw was exploited by a threat group, allowing them to create admin accounts and run malicious scripts. The issue has been patched in newer versions of the software.
Security researchers found a harmful extension in the Open VSX registry that installs a remote access trojan called SleepyDuck. Initially released as harmless, the extension was updated shortly after gaining 14,000 downloads, enabling it to access user systems and exfiltrate data. Users are warned to be cautious when downloading extensions from unverified sources.
Jake Saunders recounts waking up to an email from his hosting provider about suspicious activity from his server, which turned out to be running cryptocurrency mining software. He discovered that a vulnerability in the Next.js framework, used by his analytics tool Umami, allowed an attacker to exploit his server. After a tense investigation, he confirmed that the malware was contained within a Docker container and hadn't compromised the host system.
North Korean hackers are using Google’s Find Hub to track and factory reset Android devices of South Korean targets. They initiate attacks via spear-phishing on KakaoTalk, leading to data theft and device wipes to prevent recovery and spread malware to victims' contacts.
Researchers have uncovered a new Windows malware campaign using Pulsar RAT and Stealerv37. This malware can steal passwords, crypto, and gaming accounts while allowing hackers to interact with victims through a live chat window. It evades detection by running entirely in memory and hijacking trusted system tools.
NoMoreStealer is a kernel-mode minifilter driver for Windows that monitors file system access to prevent untrusted processes from reaching protected paths. It uses allowlists for process trust and communicates with a Wails frontend for real-time notifications. The project is a demo with several limitations and should be used for educational purposes only.
A new attack is tricking Mac users into downloading malware through a fake job application process on a bogus website. Victims are lured with false job offers and prompted to install a fake FFmpeg update, which actually installs a backdoor called Flexible Ferret. This malware gives attackers ongoing access to the infected system.
Ukrainian Defense Forces were attacked by a charity-themed malware campaign delivering backdoor malware called PluggyApe, likely linked to the Russian threat groups Void Blizzard and Laundry Bear. The campaign used deceptive messages to lure victims into downloading malicious files disguised as documents. CERT-UA warns that mobile devices are increasingly targeted due to their weaker security.
Over 149 million stolen usernames and passwords were discovered online, affecting platforms like TikTok, Netflix, and several financial services. The data leak, found by cybersecurity researcher Jeremiah Fowler, highlights the risks of infostealer malware and the importance of password security. It took a month to take the exposed database offline, raising concerns about the potential for automated attacks.
Dutch authorities arrested a 33-year-old man at Schiphol Airport, believed to be the mastermind behind the AVCheck malware platform. This site, shut down in May 2025, allowed cybercriminals to test their malware against various antivirus systems. The arrest followed an international investigation linked to the platform's takedown.
Researchers found a sophisticated malware framework called VoidLink that targets Linux machines, particularly in cloud environments. It has over 30 customizable modules for reconnaissance, privilege escalation, and stealth, indicating a shift towards targeting Linux systems by professional threat actors.
The hacker group MuddyWater has launched a new spear-phishing campaign using a Rust-based implant called RustyWater, targeting various sectors in the Middle East. This campaign involves malicious Word documents that deploy the malware, which can gather system information and maintain persistence on infected machines. The move marks a shift from traditional tools to more sophisticated, custom malware.
Researchers believe a massive fraudulent gambling network, active for 14 years, is likely backed by a nation-state. It targets government and private organizations in the US and Europe, exploiting vulnerabilities in websites to support its operations. The infrastructure includes over 328,000 domains and costs millions to maintain.
The article details a supply chain attack on Notepad++, where attackers compromised the update infrastructure between June and September 2025. It outlines various infection chains, unique payloads, and the methods used to gather system information and install malicious software. Kaspersky's solutions successfully blocked these attacks as they unfolded.
Cybersecurity researchers uncovered a campaign using malicious Blender files to deliver the StealC V2 information stealer. Users download infected .blend files from sites like CGTrader, which execute harmful scripts when opened, compromising their data. The attack takes advantage of Blender's Auto Run feature, allowing attackers to bypass security measures.
Hackers exploited a zero-day vulnerability in Triofox, a file-sharing platform, to bypass authentication and deploy malicious payloads. They manipulated HTTP host headers to gain access and configured the system's anti-virus feature to run their own scripts, allowing further exploitation.
Cybersecurity researchers revealed two malware campaigns using cracked software and compromised YouTube accounts. CountLoader is a stealthy loader delivering various payloads, while GachiLoader deploys malware through obfuscated scripts on YouTube, demonstrating advanced evasion techniques.
The Glassworm malware campaign has resurfaced with 24 new malicious packages on OpenVSX and the Microsoft Visual Studio Marketplace. This malware uses hidden code to steal developer credentials and cryptocurrency data while providing remote access to attackers. Despite prior containment efforts, it continues to evade detection and reappear on these platforms.
Arctic Wolf offers a hands-on cyber range to test its Aurora Endpoint Defense against real malware and attack simulations. Users can see how the solution provides protection, detection, and response across various scenarios. The goal is to reduce the risk and impact of cyber breaches.
The "Stanley" toolkit allows criminals to create malicious Chrome extensions that can overlay phishing pages on legitimate sites while masking the true URL. By masquerading as useful tools, these extensions trick users into granting permissions, making them vulnerable to credential theft. This poses significant risks in remote work environments where browser security is paramount.
Threat actors are using phishing emails with weaponized attachments to deploy malware aimed at Russia and Belarus' defense sector. The malware establishes a backdoor via OpenSSH and a customized Tor service, facilitating remote access while avoiding detection. Environmental checks ensure it only activates on genuine user systems.
A new report reveals that the TamperedChef malware campaign tricks users into downloading malicious installers disguised as legitimate software. The attackers use social engineering techniques and compromised code-signing certificates to deliver a JavaScript backdoor that enables remote access and control. Affected sectors include healthcare, construction, and manufacturing, with a concentration of infections in the U.S.
Arizona Attorney General Kris Mayes has filed a lawsuit against the Chinese retailer Temu, accusing it of stealing sensitive customer data and misleading consumers about its products. The lawsuit also raises concerns about Temu's compliance with Chinese laws that could force it to share data with the government. Mayes recommends that Arizonans delete their Temu accounts and check their devices for malware.
This article outlines how to set up a virtual machine designed for malware development practice. It includes steps for downloading the VM, configuring network settings, and accessing coding challenges that allow users to upload binaries for evaluation. User credentials and server startup instructions are also provided.
A new campaign exploits Google search ads to direct macOS users to malicious ChatGPT and Grok conversations. These chats contain instructions that, when executed, install the AMOS infostealer malware, compromising sensitive information. Users are advised to be cautious and avoid running unknown commands.
Researchers found a malicious npm package named eslint-plugin-unicorn-ts-2 that attempts to deceive AI security scanners. It contains a hidden prompt and exfiltrates sensitive data during installation, highlighting a new tactic in cybercrime where attackers manipulate AI to avoid detection.