malware
WP3.XYZ malware attacks add rogue admins to 5,000+ WordPress sites
A new malware campaign has compromised more than 5,000 WordPress sites to create admin accounts, install a malicious plugin, and steal data. Researchers at webscript security company c/side discovered during an incident response engagement for one of their clients that the malicious activity uses the wp3[.]xyz domain to exfiltrate data but have yet to determine the initial […]
FBI wipes Chinese PlugX malware from over 4,000 US computers
The U.S. Department of Justice announced today that the FBI has deleted Chinese PlugX malware from over 4,200 computers in networks across the United States. The malware, controlled by the Chinese cyber espionage group Mustang Panda (also tracked as Twill Typhoon), infected thousands of systems using a PlugX variant with a wormable component that allowed it to […]
Fake LDAPNightmware exploit on GitHub spreads infostealer malware
A deceptive proof-of-concept (PoC) exploit for CVE-2024-49113 (aka “LDAPNightmare”) on GitHub infects users with infostealer malware that exfiltrates sensitive data to an external FTP server. The tactic isn’t novel, as there have been multiple documented cases of malicious tools disguised as PoC exploits on GitHub. However, this case, discovered by Trend Micro, highlights that threat actors continue to […]
Docker Desktop blocked on Macs due to false malware alert
Docker is warning that Docker Desktop is not starting on macOS due to malware warnings after some files were signed with an incorrect code-signing certificate. The first reports of the malware alerts surfaced on January 7, 2025, when macOS users received an unexpected ‘Malware Blocked’ message preventing them from opening the Docker containers management app. […]
Banshee stealer evades detection using Apple XProtect encryption algo
A new version of the Banshee info-stealing malware for macOS has been evading detection over the past two months by adopting string encryption from Apple’s XProtect. Banshee is an information stealer focused on macOS systems. It emerged in mid-2024 as a stealer-as-a-service available to cybercriminals for $3,000. Its source code was leaked on the XSS forums […]
Ivanti zero-day attacks infected devices with custom malware
Hackers exploiting the critical Ivanti Connect Secure zero-day vulnerability disclosed yesterday installed on compromised VPN appliances new malware called ‘Dryhook’ and ‘Phasejam’ that is not currently associated with any threat group. The security issue, now tracked as CVE-2025-0282 is a critical stack-based buffer overflow flaw that impacts Ivanti Connect Secure 22.7R2.5 and older, Ivanti Policy Secure 22.7R1.2 and older, […]
Ivanti warns of new Connect Secure flaw used in zero-day attacks
Ivanti is warning that hackers exploited a Connect Secure remote code execution vulnerability tracked as CVE-2025-0282 in zero-day attacks to install malware on appliances. The company says it became aware of the vulnerabilities after the Ivanti Integrity Checker Tool (ICT) detected malicious activity on customers’ appliances. Ivanti launched an investigation and confirmed that threat actors were actively […]
Eagerbee backdoor deployed against Middle Eastern govt orgs, ISPs
New variants of the Eagerbee malware framework are being deployed against government organizations and internet service providers (ISPs) in the Middle East. Previously, the malware was seen in attacks conducted by Chinese state-backed threat actors who Sophos tracked as ‘Crimson Palace.’ According to a new report by Kaspersky researchers, there’s a potential connection to a threat group they […]
New FireScam Android malware poses as RuStore app to steal data
A new Android malware named ‘FireScam’ is being distributed as a premium version of the Telegram app via phishing websites on GitHub that mimick the RuStore, Russia’s app market for mobile devices. RuStore launched in May 2022 by the Russian internet group VK (VKontakte) as an alternative to Google Play and Apple’s App Store, following […]
Malware botnets exploit outdated D-Link routers in recent attacks
Two botnets tracked as ‘Ficora’ and ‘Capsaicin’ have recorded increased activity in targeting D-Link routers that have reached end of life or are running outdated firmware versions. The list of targets includes popular D-Link devices used by individuals and organizations such as DIR-645, DIR-806, GO-RT-AC750, and DIR-845L. For initial access, the two pieces of malware […]