malware
U.S. warns of Iranian cyber threats on critical infrastructure
U.S. cyber agencies, the FBI, and NSA issued an urgent warning today about potential cyberattacks from Iranian-affiliated hackers targeting U.S. critical infrastructure. CISA says there are no indications of an ongoing campaign but urges critical infrastructure organizations and other potential targets to monitor their defense due to the current unrest in the Middle East and cyber […]
New wave of ‘fake interviews’ use 35 npm packages to spread malware
A new wave of North Korea’s ‘Contagious Interview’ campaign is targeting job seekers with malicious npm packages that infect dev’s devices with infostealers and backdoors. The packages were discovered by Socket Threat Research, which reports they load the BeaverTail info-stealer and InvisibleFerret backdoor on victims’ machines, two well-documented payloads associated with DPRK actors. The latest attack wave uses […]
Malware on Google Play, App Store stole your photos—and crypto
A new mobile crypto-stealing malware called SparkKitty was found in apps on Google Play and the Apple App Store, targeting Android and iOS devices. The malware is a possible evolution of SparkCat, which Kaspersky discovered in January. SparkCat used optical character recognition (OCR) to steal cryptocurrency wallet recovery phrases from images saved on infected devices. When […]
Godfather Android malware now uses virtualization to hijack banking apps
A new version of the Android malware “Godfather” creates isolated virtual environments on mobile devices to steal account data and transactions from legitimate banking apps. These malicious apps are executed inside a controlled virtual environment on the device, enabling real-time spying, credential theft, and transaction manipulation while maintaining perfect visual deception. The tactic resembles that seen in […]
North Korean hackers deepfake execs in Zoom call to spread Mac malware
The North Korean BlueNoroff hacking group is deepfaking company executives during Zoom calls to trick employees into installing custom malware on their macOS devices. BlueNoroff (aka Sapphire Sleet or TA444) is a North Korean advanced persistent threat (APT) group known for conducting cryptocurrency theft attacks using Windows and Mac malware. Huntress researchers uncovered a new BlueNoroff […]
Hackers exploited Windows WebDav zero-day to drop malware
An APT hacking group known as ‘Stealth Falcon’ exploited a Windows WebDav RCE vulnerability in zero-day attacks since March 2025 against defense and government organizations in Turkey, Qatar, Egypt, and Yemen. Stealth Falcon (aka ‘FruityArmor’) is an advanced persistent threat (APT) group known for conducting cyberespionage attacks against Middle East organizations. The flaw, tracked under CVE-2025-33053, […]
DanaBot malware operators exposed via C2 bug added in 2022
A vulnerability in the DanaBot malware operation introduced in June 2022 update led to the identification, indictment, and dismantling of their operations in a recent law enforcement action. DanaBot is a malware-as-a-service (MaaS) platform active from 2018 through 2025, used for banking fraud, credential theft, remote access, and distributed denial of service (DDoS) attacks. Zscaler’s ThreatLabz researchers […]
New Secure Boot flaw lets attackers install bootkit malware, patch now
Security researchers have disclosed a new Secure Boot bypass tracked as CVE-2025-3052 that can be used to turn off security on PCs and servers and install bootkit malware. The flaw affects nearly every system that trusts Microsoft’s “UEFI CA 2011” certificate, which is pretty much all hardware that supports Secure Boot. Binarly researcher Alex Matrosov […]
FIN6 hackers pose as job seekers to backdoor recruiters devices
In a twist on typical hiring-related social engineering attacks, the FIN6 hacking group impersonates job seekers to target recruiters, using convincing resumes and phishing sites to deliver malware. FIN6 (aka “Skeleton Spider”) is a hacking group that was initially known for conducting financial fraud, including compromising point-of-sale (PoS) systems to steal credit cards. However, in 2019, the […]
Malicious npm packages posing as utilities delete project directories
Two malicious packages have been discovered in the npm JavaScript package index, which masquerades as useful utilities but, in reality, are destructive data wipers that delete entire application directories. The data wiper packages are ‘express-api-sync’ and ‘system-health-sync-api,’ and pose as database syncing and system health monitoring Ttools. According to open-source software security firm Socket, they […]