China-Linked JDY Botnet Expands to 1,500+ Devices for Cyber Reconnaissance
Cybersecurity researchers have warned of a "resurgence and expansion" of JDY, a covert network associated with China-nexus state-sponsored threat actors.
Malware
20 articles
New SilabRAT Trojan Hijacks Sessions to Steal Crypto
MaaS trojan SilabRAT uses HVNC and browser cloning to hijack sessions and steal crypto
China-linked JDY botnet expands targeting of U.S. military networks
The JDY botnet, a malware network previously associated with Chinese threat actors like Volt Typhoon, has significantly expanded its targeting scope and reco...
“AI Worms”, researchers demonstrate autonomous malware capable of adapting to any online device
A study by the University of Toronto shows how artificial intelligence can power autonomous worms capable of tailoring attacks against Windows, Linux and IoT...
Every set of AI guardrails can be broken by the right prompt
Companies that build AI systems wrap them in guardrails meant to block harmful output, including deepfakes, malware, and instructions for making biological w...
Miasma Worm Compromises 73 Microsoft GitHub Repositories
The Miasma worm compromised 73 Microsoft GitHub repos, spreading via AI coding tools and stealing cloud credentials from developers and CI/CD systems. A self...
GitHub disables Microsoft repos pushing password-stealing malware
Microsoft removed 73 repositories across its Azure, microsoft, Azure-Samples, and MicrosoftDocs organizations on GitHub, disrupting continuous integration pi...
MagicAd Android Malware Bypasses Restrictions to Flood Devices With Ads
Android.MagicAd, a stealthy Android trojan family that circumvents operating-system safeguards to push intrusive ads from the background.
Researchers Build Self-Replicating AI Worm That Operates Entirely on Local, Open-Weight Models
University of Toronto researchers have built and tested a proof-of-concept AI-driven computer worm that uses a locally hosted open-weight large language mode...
AI worm prototype shows attackers don’t need Mythos to take over your network
Researchers from the University of Toronto developed a computer worm prototype powered by an AI agent that successfully self-replicated to different systems ...
NFCShare Android malware spreads via fake banking app updates on GitHub
New variants of the NFCShare Android malware are being distributed as fake updates for legitimate banking apps hosted on GitHub. [.
New Shai-Hulud attack trojanizes 19 science-focused PyPI packages
Hackers compromised 19 packages on the PyPI, collectively downloaded hundreds of thousands of times, in a new Shai-Hulud supply-chain attack that delivered m...
Hackers Clone Ghidra, dnSpy and Other Tool Sites to Spread Malware
Hackers are cloning Ghidra, dnSpy, ILSpy and other free tool sites to spread Malware like RemusStealer, crypto clippers and loaders through fake downloads.
WhatsApp Catches Spyware Firm NSO Defying No-Hacking Court Order
The Meta-owned communications app is filing a federal court contempt order against NSO. The post WhatsApp Catches Spyware Firm NSO Defying No-Hacking Court O...
Lucid Stealer Hits 18 Browsers, Crypto Wallets, and Discord Tokens
A new, fully featured Lucid Stealer build that combines large-scale credential theft with hidden remote access. The sample, distributed through Telegram-link...
C0XMO botnet spreads via DD-WRT router flaw, kills rival malware
A new variant of the Gafgyt botnet called C0XMO is targeting DD-WRT router firmware and can move to other device types with various CPU architectures. [.
IronWorm malware, similar to Shai-Hulud, hits 57 projects across 9 organizations
The malware targets developer credentials and cryptocurrency and self-propagates on npm.
Miasma Malware Hits 32 Red Hat Packages via Compromised GitHub Account
32 Red Hat npm packages compromised by Miasma malware expose cloud tokens, CI/CD secrets and developer credentials in supply chain attack.
IronWorm and New Miasma Worm Variant Hit npm in Supply Chain Attacks
Multiple software supply chain attacks have hit the npm ecosystem, with threat actors using both malicious and poisoned versions of over 50 legitimate packag...
Android Spyware Asin Targets Arabic Users via Fake News, PDF and War Map Apps
Arabic-speaking users have emerged as the target of a new Android spyware codenamed Asin, according to findings from ESET. The Slovakian cybersecurity compan...