#malware

#malware

Malicious ads in Google results can deliver Claude Mac malware via Terminal commands, appearing legitimate and running largely in memory.

Malicious Hugging Face model repos can impersonate legitimate releases, inflate popularity, and deliver credential-stealing malware to Windows systems through deceptive setup files.

A typosquatted Hugging Face repo impersonated OpenAI’s Privacy Filter and delivered a Rust-based Windows infostealer via loader scripts and PowerShell execution.

Phishing messages impersonate Apple to trick iPhone users into clicking links that steal Apple ID and payment details or deliver malware.

Federal agencies are being pushed to patch critical vulnerabilities within three days due to faster AI-enabled exploitation.

Quasar Linux (QLNX) is a Linux backdoor designed to steal developer credentials across the software supply chain.

Meta patched two WhatsApp vulnerabilities affecting iOS, Android, and Windows users, enhancing security against risky files and links.

A China-nexus APT group, UAT-8302, targets government entities in South America and southeastern Europe using advanced malware like NosyDoor.

Daemon Tools' official website is distributing trojanized installers, enabling a supply chain attack with remote control capabilities since April 8th.

CloudZ Trojan targets Microsoft Phone Link to steal sensitive information through a plugin, posing a significant threat to users.

BlueNoroff hackers exploit fake Zoom calls and fileless malware to steal credentials from Web3 and cryptocurrency organizations.

Threat actors exploit AI distribution platforms to distribute malware through trojanized shared files, relying on social engineering tactics to deceive users.

Four SAP NPM packages were compromised with malicious code, targeting cloud application workflows and stealing sensitive credentials.

Over 70 extensions in the Open VSX marketplace are likely linked to GlassWorm malware, designed to steal sensitive information and deploy malware.

GopherWhisper is a newly identified APT using legitimate services for command-and-control communication and data exfiltration, primarily targeting a Mongolian government entity.

A US federal agency was infected with malware due to vulnerabilities in Cisco firewalls linked to a China-backed espionage campaign.

Vercel experienced a data breach affecting customer accounts, with evidence of prior compromises suggesting broader security implications.

Vercel identified additional compromised customer accounts linked to a security incident involving unauthorized access to its internal systems.

Browser extensions disguised as TikTok video downloaders are compromising user data, highlighting vulnerabilities in enterprise security.

Google Antigravity's vulnerabilities have attracted both security researchers and cybercriminals, leading to risks of remote code execution and malware delivery.

A new variant of LOTUSLITE malware targets India's banking sector, focusing on espionage rather than financial gain.

The Gentlemen ransomware group uses SystemBC malware to target over 1,570 victims, employing sophisticated tactics for initial access and lateral movement.

Gmail users are warned about fake alerts designed to hijack phones and steal personal information.

A ClickFix campaign targets macOS users with an AppleScript infostealer that collects sensitive data from various browsers and cryptocurrency wallets.

Over two dozen fake cryptocurrency apps targeting iOS users have been found in the Apple App Store, aimed at stealing recovery phrases and private keys.

Hackers exploit Android's overlay feature to capture PINs and monitor user interactions across over 800 apps using banking trojans.

Threat actors are exploiting QEMU for ransomware and remote access tool deployment, with increased activity observed since late 2025.

Kubernetes faces a surge in cyberattacks, with a 282% increase in attempts, particularly targeting the IT sector and crypto exchanges.

ZionSiphon malware targets Israeli water treatment systems, showcasing a trend in politically motivated attacks on critical infrastructure.

Threat actors exploit vulnerabilities in TBK DVR and TP-Link routers to deploy Mirai-botnet variants, targeting IoT devices for large-scale attacks.

Attackers are exploiting n8n workflows to deliver malware while evading detection and blending into normal business activities.

Malicious WordPress plugins with backdoors compromised thousands of websites, demonstrating a supply-chain attack and leading to their permanent removal.