malware
Police takes down 300 servers in ransomware supply-chain crackdown
In the latest phase of Operation Endgame, an international law enforcement operation, national authorities from seven countries seized 300 servers and 650 domains used to launch ransomware attacks. “From 19 to 22 May, authorities took down some 300 servers worldwide, neutralised 650 domains, and issued international arrest warrants against 20 targets, dealing a direct blow […]
Hackers use fake Ledger apps to steal Mac users’ seed phrases
Cybercriminal campaigns are using fake Ledger apps to target macOS users and their digital assets by deploying malware that attempts to steal seed phrases that protect access to digital cryptocurrency wallets. Ledger is a popular hardware-based wallet designed to store cryptocurrency offline (cold storage) and in a secure manner. A seed or recovery phrase is a set […]
Lumma infostealer malware operation disrupted, 2,300 domains seized
Earlier this month, a coordinated disruption action targeting the Lumma malware-as-a-service (MaaS) information stealer operation seized thousands of domains and part of its infrastructure backbone worldwide. This effort involved multiple tech companies and law enforcement authorities, resulting in Microsoft’s seizure of approximately 2,300 domains after legal action against the malware on May 13, 2025. At the […]
SK Telecom says malware breach lasted 3 years, impacted 27 million numbers
SK Telecom says that a recently disclosed cybersecurity incident in April, first occurred all the way back in 2022, ultimately exposing the USIM data of 27 million subscribers. SK Telecom is the largest mobile network operator in South Korea, holding roughly half of the national market. On April 19, 2025, the company detected malware on its networks and […]
Fake KeePass password manager leads to ESXi ransomware attack
Threat actors have been distributing trojanized versions of the KeePass password manager for at least eight months to install Cobalt Strike beacons, steal credentials, and ultimately, deploy ransomware on the breached network. WithSecure’s Threat Intelligence team discovered the campaign after they were brought in to investigate a ransomware attack. The researchers found that the attack […]
Printer maker Procolored offered malware-laced drivers for months
For at least half a year, the official software supplied with Procolored printers included malware in the form of a remote access trojan and a cryptocurrency stealer. Procolored is a digital printing solutions provider making Direct-to-Film (DTF), UV DTF, UV, and Direct-to-Garment (DTG) printers. It is particularly known for affordable and efficient fabric printing solutions. […]
Ransomware gangs increasingly use Skitnet post-exploitation malware
Ransomware gang members increasingly use a new malware called Skitnet (“Bossnet”) to perform stealthy post-exploitation activities on breached networks. The malware has been offered for sale on underground forums like RAMP since April 2024, but according to Prodaft researchers, it started gaining significant traction among ransomware gangs since early 2025. Prodaft told GeekFeed they have observed […]
iClicker hack targeted students with malware via fake CAPTCHA
The website of iClicker, a popular student engagement platform, was compromised in a ClickFix attack that used a fake CAPTCHA prompt to trick students and instructors into installing malware on their devices. iClicker is a subsidiary of Macmillan and is a digital classroom tool that allows instructors to take attendance, ask live questions or surveys, […]
Supply chain attack hits npm package with 45,000 weekly downloads
An npm package named ‘rand-user-agent’ has been compromised in a supply chain attack to inject obfuscated code that activates a remote access trojan (RAT) on the user’s system. The ‘rand-user-agent‘ package is a tool that generates randomized user-agent strings, which is helpful in web scraping, automated testing, and security research. Although the package has been […]
Malicious PyPi package hides RAT malware, targets Discord devs since 2022
A malicious Python package targeting Discord developers with remote access trojan (RAT) malware was spotted on the Python Package Index (PyPI) after more than three years. Named “discordpydebug,” the package was masquerading as an error logger utility for developers working on Discord bots and was downloaded over 11,000 times since it was uploaded on March 21, 2022, even […]