16 Jul, 2026

Crypto-stealing malware posing as a meeting app targets Web3 pros

Cybercriminals are targeting people working in Web3 with fake business meetings using a fraudulent video conferencing platform that infects Windows and Macs with crypto-stealing malware. The campaign is dubbed “Meeten” after the name commonly used by the meeting software and has been underway since September 2024. The malware, which has both a Windows and a macOS […]

4 mins read

New Android spyware found on phone seized by Russian FSB

After a Russian programmer was detained by Russia’s Federal Security Service (FSB) for fifteen days and his phone confiscated, it was discovered that a new spyware was secretly installed on his device upon its return. The programmer, Kirill Parubets, was arrested by the FSB after being accused of donating to Ukraine. After regaining access to his […]

3 mins read

New DroidBot Android malware targets 77 banking, crypto apps

A new Android banking malware named ‘DroidBot’ attempts to steal credentials for over 77 cryptocurrency exchanges and banking apps in the UK, Italy, France, Spain, and Portugal. According to Cleafy researchers who discovered the new Android malware, DroidBot has been active since June 2024 and operates as a malware-as-a-service (MaaS) platform, selling the tool for […]

3 mins read

Russian hackers hijack Pakistani hackers’ servers for their own attacks

The notorious Russian cyber-espionage group Turla is hacking other hackers, hijacking the Pakistani threat actor Storm-0156’s infrastructure to launch their own covert attacks on already compromised networks. Using this tactic, Turla (aka “Secret Blizzard”) accessed networks Storm-0156 had previously breached, like in Afghan and Indian government organizations, and deployed their malware tools. According to a report […]

5 mins read

Korea arrests CEO for adding DDoS feature to satellite receivers

South Korean police have arrested a CEO and five employees for manufacturing over 240,000 satellite receivers pre-loaded or later updated to include DDoS attack functionality at a purchaser’s request. While neither company has been named, the two companies have been trading since 2017. In November 2018, the purchasing company made a special request to include […]

2 mins read

BootKitty UEFI malware exploits LogoFAIL to infect Linux systems

Update added below about this bootkit being created by students in Korea’s Best of the Best (BoB) cybersecurity training program. The recently uncovered ‘Bootkitty’ Linux UEFI bootkit exploits the LogoFAIL flaw, tracked as CVE-2023-40238, to target computers running on vulnerable firmware. This is confirmed by firmware security firm Binarly, which discovered LogoFAIL in November 2023 […]

3 mins read

SpyLoan Android malware on Google play installed 8 million times

A new set of 15 SpyLoan Android malware apps with over 8 million installs was discovered on Google Play, targeting primarily users from South America, Southeast Asia, and Africa. The apps were discovered by McAfee, a member of the ‘App Defense Alliance,’ and have now been removed from Android’s official app store. However, their presence on […]

2 mins read

Fake AI video generators infect Windows, macOS with infostealers

Fake AI image and video generators infect Windows and macOS with the Lumma Stealer and AMOS information-stealing malware, used to steal credentials and cryptocurrency wallets from infected devices. Lumma Stealer is a Windows malware and AMOS is for macOS, but both steal cryptocurrency wallets and cookies, credentials, passwords, credit cards, and browsing history from Google Chrome, […]

3 mins read

Phishing emails increasingly use SVG attachments to evade detection

Threat actors increasingly use Scalable Vector Graphics (SVG) attachments to display phishing forms or deploy malware while evading detection. Most images on the web are JPG or PNG files, which are made of grids of tiny squares called pixels. Each pixel has a specific color value, and together, these pixels form the entire image. SVG, […]

3 mins read

Botnet exploits GeoVision zero-day to install Mirai malware

A malware botnet is exploiting a zero-day vulnerability in end-of-life GeoVision devices to compromise and recruit them for likely DDoS or cryptomining attacks. The flaw is tracked as CVE-2024-11120 and was discovered by Piort Kijewski of The Shadowserver Foundation. It is a critical severity (CVSS v3.1 score: 9.8) OS command injection problem, allowing unauthenticated attackers to execute […]

2 mins read