16 Jul, 2026

Self-propagating supply chain attack hits 187 npm packages

Security researchers have identified at least 187 npm packages compromised in an ongoing supply chain attack, with a malicious self-propagating payload to infect other packages. The coordinated worm-style campaign dubbed ‘Shai-Hulud’ started yesterday with the compromise of the @ctrl/tinycolor npm package, which receives over 2 million weekly downloads. Since then, the campaign has expanded significantly and now includes packages […]

6 mins read

New FileFix attack uses steganography to drop StealC malware

A newly discovered FileFix social engineering attack impersonates Meta account suspension warnings to trick users into unknowingly installing the StealC infostealer malware. FileFix is a new variant of the ClickFix family of attacks, which uses social engineering attacks to trick users into pasting malicious commands into operating system dialog boxes as supposed “fixes” for problems. The FileFix technique was […]

4 mins read

Hackers hide behind Tor in exposed Docker API breaches

A threat actor targeting exposed Docker APIs has updated its malicious tooling with more dangerous functionality that could lay the foundation for a complex botnet. The activity was first reported in June by cybersecurity company Trend Micro. whose researchers analyzed scripts and malicious code that dropped a cryptominer and relied on the Tor network to hide […]

3 mins read

VirusTotal finds hidden malware phishing campaign in SVG files

VirusTotal has discovered a phishing campaign hidden in SVG files that create convincing portals impersonating Colombia’s judicial system that deliver malware. VirusTotal detected this campaign after it added support for SVGs to its AI Code Insight platform. VirusTotal’s AI Code Insight feature analyzes uploaded file samples using machine learning to generate summaries of suspicious or malicious […]

2 mins read

Brokewell Android malware delivered through fake TradingView ads

Cybercriminals are abusing Meta’s advertising platforms with fake offers of a free TradingView Premium app that spreads the Brokewell malware for Android. The campaign targets cryptocurrency assets and has been running since at least July 22nd through an estimated 75 localized ads. Brokewell has been around since early 2024 and features a broad set of capabilities that […]

2 mins read

TamperedChef infostealer delivered through fraudulent PDF Editor

Threat actors have been using multiple websites promoted through Google ads to distribute a convincing PDF editing app that delivers an info-stealing malware called TamperedChef. The campaign is part of a larger operation with multiple apps that can download each other, some of them tricking users into enrolling their system into residential proxies. More than […]

4 mins read

New Android malware poses as antivirus from Russian intelligence agency

A new Android malware posing as an antivirus tool software created by Russia’s Federal Security Services agency (FSB) is being used to target executives of Russian businesses. In a new report from Russian mobile security firm Dr. Web, researchers track the new spyware as ‘Android.Backdoor.916.origin,’ finding no links to known malware families. Among its various […]

2 mins read

Fake Mac fixes trick users into installing new Shamos infostealer

A new infostealer malware targeting Mac devices, called ‘Shamos,’ is targeting Mac devices in ClickFix attacks that impersonate troubleshooting guides and fixes. The new malware, which is a variant of the Atomic macOS Stealer (AMOS), was developed by the cybercriminal group “COOKIE SPIDER,” and is used to steal data and credentials stored in web browsers, […]

3 mins read

“Rapper Bot” malware seized, alleged developer identified and charged

The U.S. Department of Justice (DoJ) announced charges against the alleged developer and administrator of the “Rapper Bot” DDoS-for-hire botnet. Ethan Foltz, 22, of Eugene, Oregon, allegedly rented the botnet to cybercriminals eho targeted various organizations. The botnet operation itself was seized as part of ‘Operation PowerOff ‘on August 6, during a raid at Foltz’s residence in Oregon. […]

2 mins read

ERMAC Android malware source code leak exposes banking trojan infrastructure

The source code for version 3 of the ERMAC Android banking trojan has been leaked online, exposing the internals of the malware-as-a-service platform and the operator’s infrastructure. The code base was discovered in an open directory by Hunt.io researchers while scanning for exposed resources in March 2024. They located an archive named Ermac 3.0.zip, which contained the malware’s code, including backend, […]

3 mins read