malware
CISA warns of Chinese “BrickStorm” malware attacks on VMware servers
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned network defenders of Chinese hackers backdooring VMware vSphere servers with Brickstorm malware. In a joint malware analysis report with the National Security Agency (NSA) and Canada’s Cyber Security Centre, CISA says it analyzed eight Brickstorm malware samples. These samples were discovered on networks belonging to victim organizations, where […]
Glassworm malware returns in third wave of malicious VS Code packages
The Glassworm campaign, which first emerged on the OpenVSX and Microsoft Visual Studio marketplaces in October, is now in its third wave, with 24 new packages added on the two platforms. OpenVSX and the Microsoft Visual Studio Marketplace are both extension repositories for VS Code–compatible editors, used by developers to install language support, frameworks, tooling, themes, […]
SmartTube YouTube app for Android TV breached to push malicious update
The popular open-source SmartTube YouTube client for Android TV was compromised after an attacker gained access to the developer’s signing keys, leading to a malicious update being pushed to users. The compromise became known when multiple users reported that Play Protect, Android’s built-in antivirus module, blocked SmartTube on their devices and warned them of a risk. The […]
New ShadowV2 botnet malware used AWS outage as a test opportunity
A new Mirai-based botnet malware named ‘ShadowV2’ has been observed targeting IoT devices from D-Link, TP-Link, and other vendors with exploits for known vulnerabilities. Fortinet’s FortiGuard Labs researchers spotted the activity during the major AWS outage in October. Although the two incidents are not connected, the botnet was active only for the duration of the outage, […]
Malicious Blender model files deliver StealC infostealing malware
A Russian-linked campaign delivers the StealC V2 information stealer malware through malicious Blender files uploaded to 3D model marketplaces like CGTrader. Blender is a powerful open-source 3D creation suite that can execute Python scripts for automation, custom user interface panels, add-ons, rendering processes, rigging tools, and pipeline integration. If the Auto Run feature is enabled, […]
ClickFix attack uses fake Windows Update screen to push malware
ClickFix attack variants have been observed where threat actors trick users with a realistic-looking Windows Update animation in a full-screen browser page and hide the malicious code inside images. ClickFix is a social-engineering attack where users are convinced to paste and execute in Windows Command Prompt code or commands that lead to running malware on the system. The attack […]
Multi-threat Android malware Sturnus steals Signal, WhatsApp messages
A new Android banking trojan named Sturnus can capture communication from end-to-end encrypted messaging platforms like Signal, WhatsApp, and Telegram, as well as take complete control of the device. Although still under development, the malware is fully functional and has been configured to target accounts at multiple financial organizations in Europe by using “region-specific overlay templates.” Sturnus […]
RondoDox botnet malware now hacks servers using XWiki flaw
The RondoDox botnet malware is now exploiting a critical remote code execution (RCE) flaw in XWiki Platform tracked as CVE-2025-24893. On October 30, the U.S. Cybersecurity and Information Security Agency (CISA) marked the flaw as actively exploited. Now, a report from vulnerability intelligence company VulnCheck notes that CVE-2025-24893 is being leveraged in attacks by multiple threat actors, including botnet operators […]
Google to flag Android apps with excessive battery use on the Play Store
Google will start taking action on Android apps in the official Google Play store that have high background activity and cause excessive battery draining. Apps that exceed a “bad behavior threshold” may be flagged on Google Play for negatively impacting battery performance and may affect their visibility in the Android ecosystem. Developers have until March 1, 2026, […]
Decades-old ‘Finger’ protocol abused in ClickFix malware attacks
The decades-old “finger” command is making a comeback,, with threat actors using the protocol to retrieve remote commands to execute on Windows devices. In the past, people used the finger command to look up information about local and remote users on Unix and Linux systems via the Finger protocol, a command later added to Windows. While still supported, it’s […]