Android Banking Trojan Linked to Cambodia Scam Compounds Hits 21 Countries
Android banking trojan linked to Cambodia scam compounds uses forced labour to target users in 21 countries, bypassing security to steal funds.
Malware
20 articles
Hacker faux pas uncloaks North Korean IT worker scheme
North Korea had one of its IT worker scams' secrets unravel after a hacker inadvertently executed information-stealing malware on their own computer, accordi...
Chrome 146 introduces device bound session credentials to combat info-stealing malware
DBSC works by cryptographically linking a user's session to their hardware, utilizing the Trusted Platform Module (TPM) on Windows.
New Lua malware LucidRook targets Taiwanese NGOs
The attacks, discovered in October 2025, utilize RAR or 7-Zip archives with lures to deliver a dropper called LucidPawn.
Supply chain attack at CPUID pushes malware with CPU-Z/HWMonitor
Hackers gained access to an API for the CPUID project and changed the download links on the official website to serve malicious executables for the popular C...
To counter cookie theft, Chrome ships device-bound session credentials
Cookie theft follows a well-established pattern. Infostealer malware infiltrates a device, extracts authentication cookies, and exfiltrates them to an attack...
Backdoored Smart Slider 3 Pro Update Distributed via Compromised Nextend Servers
Unknown threat actors have hijacked the update system for the Smart Slider 3 Pro plugin for WordPress and Joomla to push a poisoned version containing a back...
Google Chrome adds infostealer protection against session cookie theft
Google has rolled out Device Bound Session Credentials (DBSC) protection in Chrome 146 for Windows, designed to block info-stealing malware from harvesting s...
Chaos malware evolves to target cloud misconfigurations
First documented in September 2022, Chaos is a cross-platform malware that can run remote shell commands, deploy additional modules, propagate via SSH brute-...
Masjesu botnet: Stealthy DDoS-for-hire service targets IoT devices
Masjesu, also known as XorBot due to its use of XOR encryption, prioritizes low visibility and persistence, deliberately avoiding high-profile targets like D...
Atomic Stealer malware abuses macOS Script Editor in new ClickFix attack
The attackers leverage the applescript:// URL scheme to launch Script Editor with pre-filled malicious code.
Masjesu botnet targets IoT devices while evading high-profile networks
Masjesu is a stealthy DDoS-for-hire botnet targeting IoT devices, active since 2023 and designed to stay hidden by avoiding high-profile networks. Masjesu is...
ClickFix, Malicious DMGs Push notnullOSX to macOS Users
Hackers are abusing ClickFix commands and booby-trapping DMG installers to deliver a new macOS stealer called notnullOSX, built to loot high-value crypto wal...
New macOS Malware notnullOSX Targets Crypto Wallets Over $10K
macOS Malware notnullOSX targets crypto wallets over $10K, using fake apps, Terminal tricks, and backdoors to steal funds and sensitive data.
The long road to your crypto: ClipBanker and its marathon infection chain
Threat actors are distributing a Trojan disguised as Proxifier software; through a multi-stage infection chain, it delivers ClipBanker – malware that replace...
Novel BPFDoor malware variants uncovered
Increasingly stealthy compromise of major telecommunication networks has been enabled by seven new variants of the BPFDoor malware, which have gained statele...
New Chaos Variant Targets Misconfigured Cloud Deployments, Adds SOCKS Proxy
Cybersecurity researchers have flagged a new variant ofmalware called Chaosthat'scapable of hitting misconfigured cloud deployments, marking an expansion of ...
How botnet-driven DDoS attacks evolved in 2H 2025
The second half of 2025 marked a pivotal shift in the world of distributed denial-of-service (DDoS) attacks. Organizations across the globe faced a perfect s...
Masjesu Botnet Emerges as DDoS-for-Hire Service Targeting Global IoT Devices
Cybersecurity researchers have lifted the curtain on a stealthy botnet that's designed for distributed denial-of-service (DDoS) attacks. Called Masjesu, the ...
ComfyUI instances hijacked for cryptomining and proxy botnet
Threat actors are employing a custom Python scanner that continuously probes cloud IP ranges for vulnerable ComfyUI deployments.