Malware Alerts
-
Posted: June 10, 2025Views: 20Discover how a China-linked cyber espionage group, including APT15 and UNC5174, targeted over 70 organizations across government, media, and other sectors. Learn about the malware used, including ShadowPad and GoReShell, and the exploited vulnerabilities.
-
Cybersecurity experts reveal a significant supply chain attack affecting npm and PyPI ecosystems, compromising numerous packages and exposing millions of users to malware. Learn about the affected packages and how to protect yourself.
-
The latest variant of DarkCloud Stealer uses AutoIt scripting and advanced evasion techniques to target financial, healthcare, and e-commerce sectors. With over 120,000 accounts compromised since March 2025, this malware showcases a dangerous blend of legacy scripting abuse and stealthy credential theft.
-
Cybercriminals have devised an alarming new tactic by hiding malware in Google Calendar invites using invisible Unicode characters. This stealthy technique enables the delivery of malicious payloads through trusted platforms—bypassing traditional security mechanisms with a single deceptive character.
-
Cybercriminals are now leveraging steganography to hide ransomware in ordinary JPG image files, deploying Fully Undetectable (FUD) malware that bypasses traditional security solutions. These advanced tactics exploit metadata and pixel data to deliver multi-stage attacks — silently and effectively.
-
As tensions escalate in the wake of the Pahalgam attack, India’s digital frontline is now under coordinated cyber assault. The government’s Computer Emergency Response Team (CERT-In) has issued urgent advisories, calling for heightened vigilance across banks, strategic sectors, and private enterprises. The increased threat environment has prompted a nationwide effort—public and private—to fortify cyber defenses under Operation Sindoor.
-
In a chilling example of cyber exploitation, threat actors are leveraging the tragic Pahalgam attack to deceive Indian government personnel into opening malicious documents. These phishing campaigns aim to install Remote Access Trojans (RATs) and extract sensitive intelligence data from highly sensitive departments.
-
A stealthy new cyberattack campaign is using steganography and a legacy Microsoft Office vulnerability to deliver AsyncRAT — a powerful remote access trojan capable of full system compromise. This multi-stage campaign cleverly embeds malicious code in innocent-looking image files, using advanced evasion tactics to bypass traditional security solutions.
-
A highly advanced Android spyware operation has surfaced, posing as the official app of the Chinese Prosecutor’s Office. Dubbed SpyMax, this malware is part of the SpyNote family and is capable of hijacking nearly every aspect of an Android device—using deceptive UI tactics and exploiting accessibility services.
-
Data poisoning is the new and silent evolution of ransomware that doesn’t lock your files — it changes them. From financial fraud to medical disasters, this dangerous cyberattack is designed to manipulate critical data, leaving businesses, hospitals, and governments confused, vulnerable, and unprepared.