malware
Japan’s largest taxi operator shuts systems after cyberattack
Japan’s largest taxi operator, Nihon Kotsu, announced that its systems were compromised in a cyberattack, forcing the company to shut down part of its infrastructure. The incident occurred over the weekend, early Saturday morning, and impacted operations, including the company’s taxi dispatch system, which remains offline as of today. Nihon Kotsu is Japan’s largest taxi […]
New CrashStealer malware poses as Apple crash reporting tool
A new macOS information-stealing malware called CrashStealer pretends to be Apple’s crash-reporting tool to steal credentials, keychain data, and crypto wallets. Malware researchers started tracking the malware in May, when it appeared to still be in development, but observed it being used in attacks in early July. CrashStealer has a typical infostealer capability set that […]
RedHook Android malware now uses Wireless ADB for shell access
A new version of the RedHook Android malware abuses the Android Wireless Debugging (Wireless ADB) mechanism in a novel way to gain shell-level privileges without requiring a computer connection. Researchers at cybersecurity company Group-IB analyzed the new release of the mobile malware and say that it significantly expands its capabilities compared to the previous variant […]
‘Ghostcommit’ hides prompt injection in images to fool AI agents, steal secrets
Researchers have built a pull request that steals a repository’s secrets by hiding the malicious instruction inside a PNG that AI code reviewers never open. The reviewer waves the change through. Later, a coding agent reads the picture, opens the repo’s .env, and writes every key into the source as a harmless-looking list of numbers. […]
Chinese hackers develop LONGLEASH malware to expand ORB network
Chinese hackers tracked as ‘UAT-7810’ are actively evolving their malware to expand their Operational Relay Box (ORB) network by compromising internet-facing networking devices, primarily unpatched Ruckus routers. According to Cisco Talos researchers, the ORB network serves as a secure relay infrastructure for other China-aligned advanced persistent threats (APTs), including UAT-5918. This type of infrastructure, which […]
New ChocoPoC malware targets researchers via trojanized PoC exploits
Multiple weaponized proof-of-concept (PoC) exploits on GitHub were found delivering a Python-based remote access trojan (RAT) named ChocoPoC that can execute commands and steal sensitive data in a campaign believed to target cybersecurity researchers. Hiding malware in PoC exploits for various vulnerabilities is not new, as there are examples of threat actors posing as real security researchers and taking […]
Malicious PyPI packages give hackers control of Telegram bot servers
A campaign active since last November has been targeting Python developers building Telegram bots with trojanized Pyrogram forks that allow attackers to read arbitrary files on compromised servers. At least eight packages have been published on the Python Package Index (PyPI) with a hidden backdoor that is activated by helper modules when importing Pyrogram or […]
Critical SimpleHelp flaw exploited to deploy new stealer malware
Hackers are exploiting a recently disclosed critical vulnerability (CVE-2026-48558) in SimpleHelp to deploy Djinn Stealer, a previously undocumented cross-platform information stealer targeting Windows, macOS, and Linux. The SimpleHelp platform is primarily used by managed service providers (MSPs), IT departments, helpdesks, and system administrators for remote monitoring and management (RMM). Earlier this month, offensive security company […]
New macOS malware embeds fake errors to confuse AI analysis tools
A newly discovered macOS malware dubbed “Gaslight” is designed to confuse AI-assisted malware analysis tools by hiding prompt injection strings and fake debugging data within the executable. Cybersecurity researchers are increasingly using AI-powered tools to assist with malware analysis and reverse engineering. The malware contains strings that attempt to gaslight AI-assisted analysis tools into believing there is […]
Malicious Edge extension abuses Native Messaging as bridge to malware
A malicious Microsoft Edge extension dubbed ‘Edgecution’ has been used in a ransomware attack to escape the browser sandbox and deploy a Python-based backdoor. Access to the local system is obtained by leveraging the Chrome Native Messaging protocol that allows browser extensions to interact with native desktop applications, such as a password manager communicating with […]