malware

A supply chain attack called Mini Shai-Hulud compromised multiple npm packages in the @antv ecosystem, injecting credential-stealing malware. Developers using affected packages risk stolen tokens, data exfiltration, and persistent malware infections.

Cybersecurity researchers have discovered fake GitHub repositories impersonating DeepSeek TUI to deliver malware. The campaign uses compressed archives and multi-stage payloads to bypass detection, disable Windows Defender, and establish persistent access on infected systems.

Hackers are using fake Claude AI installer pages and Google Ads to spread malware, steal credentials, and infect Windows and macOS systems.

Hackers compromised official DAEMON Tools installers with malware in a major supply chain attack affecting users worldwide. Learn how to stay protected.

A new malware campaign disguised as an Instagram growth tool is stealing login credentials. Learn how "imad213" works and how to protect your account.

FIN6 cybercrime group uses fake resumes hosted on AWS to deliver More_eggs malware via LinkedIn. Learn how they target recruiters and evade detection.

A dangerous new malware named GIFTEDCROOK is targeting Ukrainian government systems. Disguised in phishing emails, this malware is designed to steal sensitive browser data and exfiltrate it through Telegram, making it hard to detect. Cybersecurity experts are warning that this attack is part of a growing trend in cyber-espionage by threat actors.

Cybercriminals are using fake file conversion tools to infect users' devices with malware. The FBI has issued an urgent warning about free Word to PDF converters that secretly install malicious software, leading to identity theft, ransomware attacks, and data breaches.

Cybersecurity researchers have identified a significant rise in phishing attacks utilizing Webflow, a legitimate website builder. These attacks target sensitive login information for various cryptocurrency wallets and corporate webmail platforms. With a tenfold increase in phishing traffic between April and September 2024, the campaigns highlight the growing sophistication of cybercriminals leveraging legitimate tools to deceive users.

TeamTNT, a notorious hacking group specializing in cryptojacking, has unleashed a new wave of cyberattacks aimed at cloud-native environments. Exploiting exposed Docker APIs, the group is deploying malware and cryptominers, utilizing breached Docker instances for cryptocurrency mining and renting the compromised infrastructure for profit. This multi-stage campaign highlights the need for vigilant cloud security to prevent unauthorized access and cryptomining activity.