#malware
#malware

1 hour ago

Information security

Government, Scientific Entities Hit via Daemon Tools Supply Chain Attack

17 hours ago

Information security

DAEMON Tools Supply Chain Attack Compromises Official Installers with Malware

Information security

1,800 Hit in Mini Shai-Hulud Attack on SAP, Lightning, Intercom

1 hour ago

Government, Scientific Entities Hit via Daemon Tools Supply Chain Attack

A sophisticated supply chain attack targets organizations through malicious code in Daemon Tools software, affecting multiple countries and sectors.

17 hours ago

DAEMON Tools Supply Chain Attack Compromises Official Installers with Malware

A supply chain attack on DAEMON Tools has compromised installers to deliver malicious payloads, affecting users globally since April 2026.

1,800 Hit in Mini Shai-Hulud Attack on SAP, Lightning, Intercom

Over 1,800 developers were impacted by the Mini Shai-Hulud supply chain attack affecting multiple package ecosystems.

more#supply-chain-attack

#cybersecurity

fromArs Technica

14 hours ago

Information security

Widely used Daemon Tools disk app backdoored in monthlong supply-chain attack

19 hours ago

Information security

Kaspersky suspects Chinese hackers planted a backdoor into Daemon Tools in 'widespread' attack | TechCrunch

fromComputerworld

22 hours ago

Information security

Stealthy malware abuses Microsoft Phone Link to siphon SMS OTPs from enterprise PCs

Information security

Trellix Source Code Repository Breached

DigiCert Revokes Certificates After Support Portal Hack

DigiCert revoked certificates fraudulently obtained through a cyberattack targeting its support portal, affecting multiple customer accounts.

China-Linked Hackers Target Asian Governments, NATO State, Journalists, and Activists

A new China-aligned espionage campaign targets government and defense sectors in Asia and Europe, exploiting vulnerabilities in Microsoft Exchange and IIS servers.

fromArs Technica

14 hours ago

Widely used Daemon Tools disk app backdoored in monthlong supply-chain attack

A minimalistic backdoor and a complex backdoor called QUIC RAT were identified in targeted attacks on various organizations.

19 hours ago

Kaspersky suspects Chinese hackers planted a backdoor into Daemon Tools in 'widespread' attack | TechCrunch

A backdoor in Daemon Tools has been identified, allowing hackers to target thousands of Windows computers and plant additional malware.

fromComputerworld

22 hours ago

Stealthy malware abuses Microsoft Phone Link to siphon SMS OTPs from enterprise PCs

A new .NET trojan and Pheno plugin exploit Microsoft's Phone Link to capture mobile authentication codes from Windows systems without compromising phones.

Trellix Source Code Repository Breached

Trellix experienced a breach of its source code repository but found no evidence of exploitation or impact on its source code distribution process.

DigiCert Revokes Certificates After Support Portal Hack

DigiCert revoked certificates fraudulently obtained through a cyberattack targeting its support portal, affecting multiple customer accounts.

China-Linked Hackers Target Asian Governments, NATO State, Journalists, and Activists

A new China-aligned espionage campaign targets government and defense sectors in Asia and Europe, exploiting vulnerabilities in Microsoft Exchange and IIS servers.

New WhatsApp Flaws Could Affect Billions of Users After Meta Security Patch

Meta patched two WhatsApp vulnerabilities affecting iOS, Android, and Windows users, enhancing security against risky files and links.

18 hours ago

China-Linked UAT-8302 Targets Governments Using Shared APT Malware Across Regions

A China-nexus APT group, UAT-8302, targets government entities in South America and southeastern Europe using advanced malware like NosyDoor.

Microsoft Warns of Sophisticated Phishing Campaign Targeting US Organizations

Microsoft warns of a phishing campaign using a 'code of conduct review' theme targeting organizations in the US.

Phishing Campaign Hits 80+ Orgs Using SimpleHelp and ScreenConnect RMM Tools

An active phishing campaign using legitimate RMM software has targeted over 80 organizations since April 2025, enabling persistent remote access.

3 days ago

New Bluekit Phishing Kit Features AI Assistant

Bluekit is a sophisticated phishing kit with AI capabilities, automated domain registration, and extensive templates for various online services.

Bluekit combines AI and phishing in a new all-in-one platform

Bluekit integrates AI into phishing tools, offering templates and centralized management for streamlined cybercrime operations.

19 hours ago

Microsoft Warns of Sophisticated Phishing Campaign Targeting US Organizations

Microsoft warns of a phishing campaign using a 'code of conduct review' theme targeting organizations in the US.

Phishing Campaign Hits 80+ Orgs Using SimpleHelp and ScreenConnect RMM Tools

An active phishing campaign using legitimate RMM software has targeted over 80 organizations since April 2025, enabling persistent remote access.

3 days ago

New Bluekit Phishing Kit Features AI Assistant

Bluekit is a sophisticated phishing kit with AI capabilities, automated domain registration, and extensive templates for various online services.

Bluekit combines AI and phishing in a new all-in-one platform

Bluekit integrates AI into phishing tools, offering templates and centralized management for streamlined cybercrime operations.

Popular Daemon Tools utility exploited in supply chain attack

Daemon Tools' official website is distributing trojanized installers, enabling a supply chain attack with remote control capabilities since April 8th.

fromZDNET

Trojan abuses Microsoft Phone Link app to steal your passwords

CloudZ Trojan targets Microsoft Phone Link to steal sensitive information through a plugin, posing a significant threat to users.

#north-korea

Information security

ScarCruft Hacks Gaming Platform to Deploy BirdCall Malware on Android and Windows

Information security

North Korean Hackers Use AppleScript, ClickFix in Fresh macOS Attacks

North Korea targets macOS users in latest heist

North Korean criminals use social engineering and fake software updates to steal Apple users' credentials and cryptocurrency.

ScarCruft Hacks Gaming Platform to Deploy BirdCall Malware on Android and Windows

A North Korea-aligned hacking group compromised a gaming platform to target ethnic Koreans in China using a backdoor called BirdCall.

North Korean Hackers Use AppleScript, ClickFix in Fresh macOS Attacks

North Korean hackers are targeting macOS users in financial organizations using social engineering techniques to install information-stealing malware.

North Korea targets macOS users in latest heist

North Korean criminals use social engineering and fake software updates to steal Apple users' credentials and cryptocurrency.

Microsoft Details Phishing Campaign Targeting 35,000 Users Across 26 Countries

A large-scale credential theft campaign targeted over 35,000 users using legitimate email services and code of conduct-themed lures.

Silver Fox Deploys ABCDoor Malware via Tax-Themed Phishing in India and Russia

A China-based cybercrime group is targeting organizations in Russia and India with a new malware called ABCDoor via phishing emails.

Brazilian LofyGang Resurfaces After Three Years With Minecraft LofyStealer Campaign

A Brazilian cybercrime group targets Minecraft players with LofyStealer malware disguised as a hack called 'Slinky'.

Silver Fox Deploys ABCDoor Malware via Tax-Themed Phishing in India and Russia

A China-based cybercrime group is targeting organizations in Russia and India with a new malware called ABCDoor via phishing emails.

Brazilian LofyGang Resurfaces After Three Years With Minecraft LofyStealer Campaign

A Brazilian cybercrime group targets Minecraft players with LofyStealer malware disguised as a hack called 'Slinky'.

New Global Scam Uses Fake Meeting Links to Run PowerShell Malware

BlueNoroff hackers exploit fake Zoom calls and fileless malware to steal credentials from Web3 and cryptocurrency organizations.

#open-source

fromDeveloper Tech News

Open-source registries hit by 'Mini Shai-Hulud' supply chain attacks

The 'Mini Shai-Hulud' worm targets developer credentials across multiple ecosystems, exploiting vulnerabilities in popular packages to steal sensitive information.

Malicious Python package poses new supply chain threat

The open-source package elementary-data was compromised, leading to the publication of a malicious version that stole sensitive user credentials.

Fake Linux Foundation leader using Slack to phish devs

A malware campaign targets open source developers via Slack, impersonating a Linux Foundation official to steal credentials and compromise systems.

fromDeveloper Tech News

Open-source registries hit by 'Mini Shai-Hulud' supply chain attacks

The 'Mini Shai-Hulud' worm targets developer credentials across multiple ecosystems, exploiting vulnerabilities in popular packages to steal sensitive information.

Malicious Python package poses new supply chain threat

The open-source package elementary-data was compromised, leading to the publication of a malicious version that stole sensitive user credentials.

Fake Linux Foundation leader using Slack to phish devs

A malware campaign targets open source developers via Slack, impersonating a Linux Foundation official to steal credentials and compromise systems.

more#open-source

#software-supply-chain

Poisoned Ruby Gems and Go Modules Exploit CI Pipelines for Credential Theft

A software supply chain attack campaign uses sleeper packages to push malicious payloads for credential theft and tampering.

PyTorch Lightning Compromised in PyPI Supply Chain Attack to Steal Credentials

Malicious versions of the Lightning Python package were released, enabling credential theft through an automated attack chain.

Poisoned Ruby Gems and Go Modules Exploit CI Pipelines for Credential Theft

A software supply chain attack campaign uses sleeper packages to push malicious payloads for credential theft and tampering.

more#software-supply-chain

PyTorch Lightning Compromised in PyPI Supply Chain Attack to Steal Credentials

Malicious versions of the Lightning Python package were released, enabling credential theft through an automated attack chain.

Hugging Face, ClawHub Abused for Malware Distribution

Threat actors exploit AI distribution platforms to distribute malware through trojanized shared files, relying on social engineering tactics to deceive users.

#supply-chain-attacks

Ongoing supply chain attacks worm into SAP npm packages

Supply chain attacks have compromised multiple npm packages, including those from SAP and Intercom, with credential-stealing malware affecting developers.

fromInfoWorld

Don't pay VECT a ransom - your big files are likely gone

Organizations affected by Trivy and LiteLLM compromises that paid Vect likely received little data recovery, according to Check Point Research.

Ongoing supply chain attacks worm into SAP npm packages

Supply chain attacks have compromised multiple npm packages, including those from SAP and Intercom, with credential-stealing malware affecting developers.

fromInfoWorld

more#supply-chain-attacks

Don't pay VECT a ransom - your big files are likely gone

Organizations affected by Trivy and LiteLLM compromises that paid Vect likely received little data recovery, according to Check Point Research.

SAP NPM Packages Targeted in Supply Chain Attack

Four SAP NPM packages were compromised with malicious code, targeting cloud application workflows and stealing sensitive credentials.

Dozens of Open VSX Extension Clones Linked to GlassWorm Malware

Over 70 extensions in the Open VSX marketplace are likely linked to GlassWorm malware, designed to steal sensitive information and deploy malware.

Software development

fromArs Technica

Open source package with 1 million monthly downloads stole user credentials

Developers must uninstall version 0.23.3 of elementary-data due to security vulnerabilities and follow specific remediation steps.

China-Linked APT GopherWhisper Abuses Legitimate Services in Government Attacks

GopherWhisper is a newly identified APT using legitimate services for command-and-control communication and data exfiltration, primarily targeting a Mongolian government entity.

US Federal Agency's Cisco Firewall Infected With 'Firestarter' Backdoor

A US federal agency was infected with malware due to vulnerabilities in Cisco firewalls linked to a China-backed espionage campaign.

Bitwarden NPM Package Hit in Supply Chain Attack

The Bitwarden CLI NPM package was compromised, enabling credential theft through a malicious payload targeting various cloud services and GitHub repositories.

Information security

Bitwarden CLI Compromised in Ongoing Checkmarx Supply Chain Campaign

Bitwarden NPM Package Hit in Supply Chain Attack

The Bitwarden CLI NPM package was compromised, enabling credential theft through a malicious payload targeting various cloud services and GitHub repositories.

Bitwarden CLI Compromised in Ongoing Checkmarx Supply Chain Campaign

Bitwarden CLI was compromised in the Checkmarx supply chain campaign, with malicious code stealing sensitive data from users.

Vercel says some of its customers' data was stolen prior to its recent hack | TechCrunch

Vercel experienced a data breach affecting customer accounts, with evidence of prior compromises suggesting broader security implications.

Vercel Finds More Compromised Accounts in Context.ai-Linked Breach

Vercel identified additional compromised customer accounts linked to a security incident involving unauthorized access to its internal systems.

Malicious pgserve, automagik developer tools found in npm registry

Malicious npm packages aim to steal sensitive data and credentials, potentially leading to complete organizational takeovers.

Another npm supply chain worm hits dev environments

A new npm supply-chain attack targets developer workflows, compromising multiple packages and stealing sensitive data, with similarities to previous CanisterWorm infections.

fromInfoWorld

Malicious pgserve, automagik developer tools found in npm registry

Malicious npm packages aim to steal sensitive data and credentials, potentially leading to complete organizational takeovers.

Another npm supply chain worm hits dev environments

A new npm supply-chain attack targets developer workflows, compromising multiple packages and stealing sensitive data, with similarities to previous CanisterWorm infections.

Malicious TikTok Downloader Extensions Quietly Compromised 130K Users

Browser extensions disguised as TikTok video downloaders are compromising user data, highlighting vulnerabilities in enterprise security.

Google Antigravity in Crosshairs of Security Researchers, Cybercriminals

Google Antigravity's vulnerabilities have attracted both security researchers and cybercriminals, leading to risks of remote code execution and malware delivery.

Mustang Panda's New LOTUSLITE Variant Targets India Banks, South Korea Policy Circles

A new variant of LOTUSLITE malware targets India's banking sector, focusing on espionage rather than financial gain.

SystemBC C2 Server Reveals 1,570+ Victims in The Gentlemen Ransomware Operation

The Gentlemen ransomware group uses SystemBC malware to target over 1,570 victims, employing sophisticated tactics for initial access and lateral movement.

fromMail Online

Urgent warning to all 1.8b Gmail users over new account takeover scam

Gmail users are warned about fake alerts designed to hijack phones and steal personal information.

macOS ClickFix attacks deliver AppleScript stealers

A ClickFix campaign targets macOS users with an AppleScript infostealer that collects sensitive data from various browsers and cryptocurrency wallets.

Dozens of Malicious Crypto Apps Land in Apple App Store

Over two dozen fake cryptocurrency apps targeting iOS users have been found in the Apple App Store, aimed at stealing recovery phrases and private keys.

fromTechRepublic

Over 800 Android Apps Targeted in PIN-Stealing Trojan Campaign

Hackers exploit Android's overlay feature to capture PINs and monitor user interactions across over 800 apps using banking trojans.

Hackers Abuse QEMU for Defense Evasion

Threat actors are exploiting QEMU for ransomware and remote access tool deployment, with increased activity observed since late 2025.

Kubernetes attack surface explodes: number of threats quadruples

Kubernetes faces a surge in cyberattacks, with a 282% increase in attempts, particularly targeting the IT sector and crypto exchanges.

Researchers Detect ZionSiphon Malware Targeting Israeli Water, Desalination OT Systems

ZionSiphon malware targets Israeli water treatment systems, showcasing a trend in politically motivated attacks on critical infrastructure.

Mirai Variant Nexcorium Exploits CVE-2024-3721 to Hijack TBK DVRs for DDoS Botnet

Threat actors exploit vulnerabilities in TBK DVR and TP-Link routers to deploy Mirai-botnet variants, targeting IoT devices for large-scale attacks.

New Phishing Attack Turns n8n Into On-Demand Malware Machine

Attackers are exploiting n8n workflows to deliver malware while evading detection and blending into normal business activities.

n8n Webhooks Abused Since October 2025 to Deliver Malware via Phishing Emails

Threat actors are weaponizing n8n to conduct phishing campaigns and deliver malicious payloads through automated emails.

fromTechRepublic

New Phishing Attack Turns n8n Into On-Demand Malware Machine

Attackers are exploiting n8n workflows to deliver malware while evading detection and blending into normal business activities.

n8n Webhooks Abused Since October 2025 to Deliver Malware via Phishing Emails

Threat actors are weaponizing n8n to conduct phishing campaigns and deliver malicious payloads through automated emails.

Malicious WordPress Plugins with Backdoors Compromise Thousands of Websites

Malicious WordPress plugins with backdoors compromised thousands of websites, demonstrating a supply-chain attack and leading to their permanent removal.

Someone planted backdoors in dozens of WordPress plugins used in thousands of websites | TechCrunch

Dozens of WordPress plugins were compromised by a backdoor, distributing malicious code after a change in ownership of the plugin maker.

fromTechRepublic

Malicious WordPress Plugins with Backdoors Compromise Thousands of Websites

Malicious WordPress plugins with backdoors compromised thousands of websites, demonstrating a supply-chain attack and leading to their permanent removal.

Someone planted backdoors in dozens of WordPress plugins used in thousands of websites | TechCrunch

Dozens of WordPress plugins were compromised by a backdoor, distributing malicious code after a change in ownership of the plugin maker.

Obsidian Plugin Abuse Delivers PHANTOMPULSE RAT in Targeted Finance, Crypto Attacks

A social engineering campaign exploits Obsidian to distribute PHANTOMPULSE trojan targeting financial and cryptocurrency sectors.

Adobe fixes PDF zero-day security bug that hackers have exploited for months | TechCrunch

Adobe patched a critical vulnerability in Acrobat DC and Reader DC that allowed hackers to remotely install malware via malicious PDF files.

JanelaRAT Malware Targets Latin American Banks with 14,739 Attacks in Brazil in 2025

JanelaRAT malware targets financial institutions in Latin America, stealing sensitive data and employing advanced infection techniques.

Fake Claude Website Distributes PlugX RAT

A fake Anthropic Claude website distributed a remote access trojan disguised as a legitimate application download.