Hundreds of C&C servers were disrupted in an operation involving law enforcement and several cybersecurity companies.
The post Microsoft and Allies Smash Shared Infrastructure of Amadey and StealC Malware appeared first on SecurityWeek.
Mistic is used by Woodgnat, an initial access broker working with Qilin, Interlock, Rhysida, Akira, 8Base, and Black Basta.
The post New βMisticβ RAT Opens Door to Several Ransomware Families appeared first on SecurityWeek.
CryptoBandits uses a local SOCKS5 proxy for traffic routing, blending data theft with remote code execution.
The post CryptoBandits Malware Doubles as a Backdoor, Abuses Tor appeared first on SecurityWeek.
The Android malware allows its operators to take control of infected devices and harvest sensitive information.
The post Rokarolla Banking Trojan Targets 200 Applications appeared first on SecurityWeek.
The attackers deployed a new Go-based backdoor that uses Microsoft Teams servers for command-and-control.
The post Microsoft Teams Relay Servers Abused in DragonForce Ransomware Attack appeared first on SecurityWeek.
Researchers say the OnyxC2 malware targets more than 200 applications and extensions while evading detection through encrypted payloads, DLL sideloading, and in-memory execution techniques.
The post OnyxC2 Stealer Offers Cybercriminals Enterprise-Grade Theft for $250 a Month appeared first on SecurityWeek.
A PowerShell script included in patch files appears to be triggering false positives by multiple security engines.
The post Siemens Says Desigo CC Files Flagged as Malware by Security Engines appeared first on SecurityWeek.
As attackers increasingly favor stolen credentials over exploits, infostealers have become a primary source of access for ransomware and other cybercrime operations.
The post Infostealers Turn Millions of Devices Into Credential Theft Machines appeared first on SecurityWeek.
Researchers warn GreyVibeβs extensive use of ChatGPT, Gemini, and other AI tools offers a glimpse into how future cybercriminal and state-aligned groups will operate.
The post Russia-Linked βGreyVibeβ Attackers Use AI to Supercharge Cyberattacks appeared first on SecurityWeek.
Delivered via phishing lures, the malware combines financial theft with data exfiltration and remote access.
The post New BTMOB Android Malware Enables Full Device Takeover appeared first on SecurityWeek.
Published within a 15-minute window, the malicious tags introduced backdoors to exfiltrate CI secrets.
The post Laravel-Lang Packages Poisoned for Malware Delivery appeared first on SecurityWeek.
β―Fox Tempest provides a service that cybercriminals use to distribute ransomware and other malware disguised as legitimate software.
The post Microsoft Disrupts Malware-Signing Service Run by βFox TempestβΒ appeared first on SecurityWeek.
Attackers are increasingly abusing Microsoftβs decades-old MSHTA utility to stealthily deliver stealers, loaders, and persistent malware through phishing, fake software downloads, and LOLBIN-based attack chains.
The post Legacy Windows Tool MSHTA Fuels Surge in Silent Malware Attacks appeared first on SecurityWeek.
At least one threat actor has adopted the recently released malware source code in attacks against NPM developers.
The post First Shai-Hulud Worm Clones Emerge appeared first on SecurityWeek.
The hacking group is encouraging miscreants to use the code in supply chain attacks, promising monetary rewards.
The post TeamPCP Ups the Game, Releases Shai-Hulud Wormβs Source Code appeared first on SecurityWeek.
CRPx0 is a complex, stealthy malware campaign that targets macOS and Windows systems, and appears to have Linux capabilities in development.
The post Free OnlyFans Lure Used to Spread Cross-Platform CRPx0 Malware appeared first on SecurityWeek.
The malware framework targets web applications and cloud environments, including AWS, Docker, Kubernetes, and more.
The post βPCPJackβ Worm Removes TeamPCP Infections, Steals Credentials appeared first on SecurityWeek.
The software developer has identified the impacted systems, removed potentially compromised files, and validated installation packages.
The post Vendor Says Daemon Tools Supply Chain Attack Contained appeared first on SecurityWeek.
The persistent, evasive implant provides remote access, surveillance, and credential exfiltration capabilities.
The post Sophisticated Quasar Linux RAT Targets Software Developers appeared first on SecurityWeek.
Hackers delivered malware via a customer chat channel, infected an analystβs system, and accessed the internal support portal.
The post DigiCert Revokes Certificates After Support Portal Hack appeared first on SecurityWeek.
Login