16 Jul, 2026

New PathWiper data wiper malware hits critical infrastructure in Ukraine

A new data wiper malware named ‘PathWiper’ is being used in targeted attacks against critical infrastructure in Ukraine, aimed at disrupting operations in the country. The payload was deployed through a legitimate endpoint administration tool, indicating that attackers had achieved administrative access to the system through a prior compromise. Cisco Talos researchers who discovered the attack attributed […]

2 mins read

FBI: BADBOX 2.0 Android malware infects millions of consumer devices

The FBI is warning that the BADBOX 2.0 malware campaign has infected over 1 million home Internet-connected devices, converting consumer electronics into residential proxies that are used for malicious activity. The BADBOX botnet is commonly found on Chinese Android-based smart TVs, streaming boxes, projectors, tablets, and other Internet of Things (IoT) devices. “The BADBOX 2.0 botnet consists […]

5 mins read

US offers $10M for tips on state hackers tied to RedLine malware

The U.S. Department of State has announced a reward of up to $10 million for any information on government-sponsored hackers with ties to the RedLine infostealer malware operation and its suspected creator, Russian national Maxim Alexandrovich Rudometov. The same bounty covers leads on state hackers’ use of this malware in cyber operations targeting critical infrastructure […]

3 mins read

Hacker targets other hackers and gamers with backdoored GitHub code

A hacker targets other hackers, gamers, and researchers with exploits, bots, and game cheats in source code hosted on GitHub that contain hidden backdoors to give the threat actor remote access to infected devices. This campaign was discovered by Sophos researchers, whom a client contacted to estimate the danger of a remote access trojan called […]

3 mins read

Android malware Crocodilus adds fake contacts to spoof trusted callers

The latest version of the ‘Crocodilus’ Android malware has introduced a new mechanism that adds a fake contact to an infected device’s contact list to deceive victims when they receive calls from the threat actors. This feature was introduced along with several others, mostly evasion-focused improvements, as the malware appears to have expanded its targeting […]

3 mins read

Police takes down AVCheck site used by cybercriminals to scan malware

An international law enforcement operation has taken down AVCheck, a service used by cybercriminals to test whether their malware is detected by commercial antivirus software before deploying it in the wild. The service’s official domain at avcheck.net now displays a seizure banner with the crests of the U.S. Department of Justice, the FBI, the U.S. […]

3 mins read

Interlock ransomware gang deploys new NodeSnake RAT on universities

The Interlock ransomware gang is deploying a previously undocumented remote access trojan (RAT) named NodeSnake against educational institutes for persistent access to corporate networks. QuorumCyber researchers report seeing NodeSnake’s deployment in at least two cases targeting universities in the UK in January and March 2025. The two malware samples significantly differ, indicating active development to […]

2 mins read

Dozens of malicious packages on NPM collect host and network data

60 packages have been discovered in the NPM index that attempt to collect sensitive host and network data and send it to a Discord webhook controlled by the threat actor. According to Socket’s Threat Research team, the packages were uploaded to the NPM repository starting May 12 from three publisher accounts. Each of the malicious packages contains […]

2 mins read

Police takes down 300 servers in ransomware supply-chain crackdown

In the latest phase of Operation Endgame, an international law enforcement operation, national authorities from seven countries seized 300 servers and 650 domains used to launch ransomware attacks. “From 19 to 22 May, authorities took down some 300 servers worldwide, neutralised 650 domains, and issued international arrest warrants against 20 targets, dealing a direct blow […]

3 mins read

Hackers use fake Ledger apps to steal Mac users’ seed phrases

Cybercriminal campaigns are using fake Ledger apps to target macOS users and their digital assets by deploying malware that attempts to steal seed phrases that protect access to digital cryptocurrency wallets. Ledger is a popular hardware-based wallet designed to store cryptocurrency offline (cold storage) and in a secure manner. A seed or recovery phrase is a set […]

3 mins read