WhatsApp malware campaign delivers VBS payloads and MSI backdoors
A malware campaign uses WhatsApp messages to deliver VBS scripts that initiate a multi-stage infection chain. The attack leverages renamed Windows tools and ...
Campaigns
20 articles
Silver Fox Expands Asia Cyber Campaign with AtlasCross RAT and Fake Domains
Chinese-speaking users are the target of an active campaign that uses typosquatted domains impersonating trusted software brands to deliver a previously undo...
Fake Installers to Monero: A Multi-Tool Mining Operation
Elastic Security Labs dissects a long-running operation deploying RATs, cryptominers, and CPA fraud through fake installer lures, tracking its evolution acro...
Pro-Russian hackers pose as Ukraine's cyber agency to target government, businesses
A pro-Russian hacker group impersonated Ukraine’s national cyber incident response team in a phishing campaign targeting government agencies, businesses, and...
Researchers say credential-stealing campaign used AI to build evasion ‘at every stage’
DeepLoad logs keystrokes, buries details behind reams of AI-generated code, and re-infect hosts days after being blocked, according to ReliaQuest. The post R...
China-Linked groups target Southeast Asian government with advanced malware in 2025
China-linked groups hit a Southeast Asian government in 2025, deploying multiple malware families in a sophisticated cyber campaign. In 2025, three China-lin...
DeepLoad Malware Uses ClickFix and WMI Persistence to Steal Browser Credentials
A new campaign has leveraged the ClickFix social engineering tactic as a way to distribute a previously undocumented malware loader referred to as DeepLoad.
ShinyHunters marks BreachForums departure with user database leak
Infamous cybercrime marketplace BreachForums had its latest database impacting over 300,000 users exposed by the ShinyHunters threat operation as it exited t...
Dark Web Market Lists Alleged 375TB Lockheed Martin Data for $600M
A dark web market known as Threat Market is listing 375TB of Lockheed Martin data, which it claims was provided by a group calling itself ‘APT Iran.
DeepLoad Malware Combines ClickFix With AI-Generated Code to Avoid Detection
Researchers at ReliaQuest warn of persistent malware campaign targeting enterprise credentials
Telnyx Python SDK Backdoored on PyPI to Steal Cloud Credentials
The popular Telnyx Python SDK on PyPI to deploy a multi‑stage credential‑stealing operation that targets cloud infrastructure, Kubernetes clusters, and devel...
New macOS Infinity Stealer uses Nuitka Python payload and ClickFix
Infinity Stealer targets macOS via fake Cloudflare CAPTCHA, using Nuitka; first such campaign per Malwarebytes. Researchers at Malwarebytes spotted a new mac...
Three China-Linked Clusters Target Southeast Asian Government in 2025 Cyber Campaign
Three threat activity clusters aligned with China have targeted a government organization in Southeast Asia as part of what has been described as a "complex ...
CanisterWorm Targets Docker, Kubernetes, and Redis to Steal Secrets
A financially motivated cybercrime group known as TeamPCP is actively exploiting poorly secured cloud environments using a self-propagating malware called “C...
European Commission data stolen in a cyberattack on the infrastructure hosting its web sites
The European Commission is continuing to investigate the theft of data from its cloud infrastructure earlier this week. On Thursday, the Commission revealed ...
TeamPCP Pushes Malicious Telnyx Versions to PyPI, Hides Stealer in WAV Files
TeamPCP, the threat actor behind the supply chain attack targeting Trivy, KICS, and litellm, has now compromised the telnyx Python package by pushing two mal...
Fake VS Code alerts on GitHub spread malware to developers
A large-scale campaign is targeting developers on GitHub with fake Visual Studio Code (VS Code) security alerts posted in the Discussions section of various ...
New Wave of AiTM Phishing Targets TikTok for Business
Push Security has uncovered a new AiTM phishing campaign targeting TikTok for Business accounts using Google and TikTok themed login pages
TeamPCP Targets Telnyx Package in Latest PyPI Software Supply Chain Attack
Socket and Endor Labs discovered a new TeamPCP campaign leading to the delivery of credential-stealing malware
Latvia accuses Russia of of disinformation campaign targeting Baltic states
Russian media outlets and Telegram channels have circulated allegations that the Baltic states opened their airspace to Ukrainian drones targeting Russian te...