malware
CISA warns that RESURGE malware can be dormant on Ivanti devices
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released new details about RESURGE, a malicious implant used in zero-day attacks exploiting CVE-2025-0282 to breach Ivanti Connect Secure devices. The update focuses on the implant’s undetected latency on the appliances and its “sophisticated network-level evasion and authentication techniques” that enable covert communication with the attacker. […]
Arkanix Stealer pops up as short-lived AI info-stealer experiment
An information-stealing malware operation named Arkanix Stealer, promoted on multiple dark web forums towards the end of 2025, was likely developed as an AI-assisted experiment. The project included a control panel and a Discord server for communication with users, but the author took them down without notification, just two months after the operation began. Arkanix offered many […]
PromptSpy is the first known Android malware to use generative AI at runtime
Researchers have discovered the first known Android malware to use generative AI in its execution flow, using Google’s Gemini model to adapt its persistence across different devices. In a report today, ESET researcher Lukas Stefanko explains how a new Android malware family named “PromptSpy” is abusing the Google Gemini AI model to help it achieve persistence on infected […]
CISA orders feds to patch actively exploited Dell flaw within 3 days
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) ordered government agencies to patch their systems within three days against a maximum-severity Dell vulnerability that has been under active exploitation since mid-2024. According to security researchers from Mandiant and the Google Threat Intelligence Group (GTIG), this hardcoded-credential vulnerability (CVE-2026-22769) in Dell’s RecoverPoint (a solution used for VMware virtual machine backup and […]
Nigerian man gets eight years in prison for hacking tax firms
A Nigerian national was sentenced to eight years in prison for hacking multiple tax preparation firms in Massachusetts and filing fraudulent tax returns seeking over $8.1 million in refunds. 37-year-old Matthew Abiodun Akande was arrested in October 2024 at London’s Heathrow Airport and extradited to the United States in March 2025. He was indicted by a federal […]
Chinese hackers exploiting Dell zero-day flaw since mid-2024
A suspected Chinese state-backed hacking group has been quietly exploiting a critical Dell security flaw in zero-day attacks that started in mid-2024. Security researchers from Mandiant and the Google Threat Intelligence Group (GTIG) revealed today that the UNC6201 group exploited a maximum-severity hardcoded-credential vulnerability (tracked as CVE-2026-22769) in Dell RecoverPoint for Virtual Machines, a solution used for VMware […]
New Keenadu backdoor found in Android firmware, Google Play apps
A newly discovered and sophisticated Android malware called Keenadu has been found embedded in firmware from multiple device brands, enabling it to compromise all installed applications and gain unrestricted control over infected devices. According to a report from cybersecurity company Kaspersky, Keenadu has multiple distribution mechanisms, including compromised firmware images delivered over-the-air (OTA), via other […]
Infostealer malware found stealing OpenClaw secrets for first time
With the massive adoption of the OpenClaw agentic AI assistant, information-stealing malware has been spotted stealing files associated with the framework that contain API keys, authentication tokens, and other secrets. OpenClaw (formerly ClawdBot and MoltBot) is a local-running AI agent framework that maintains a persistent configuration and memory environment on the user’s machine. The tool can access local […]
New ClickFix attack abuses nslookup to retrieve PowerShell payload via DNS
Threat actors are now abusing DNS queries as part of ClickFix social engineering attacks to deliver malware, making this the first known use of DNS as a channel in these campaigns. ClickFix attacks typically trick users into manually executing malicious commands under the guise of fixing errors, installing updates, or enabling functionality. However, this new […]
Fake job recruiters hide malware in developer coding challenges
A new variation of the fake recruiter campaign from North Korean threat actors is targeting JavaScript and Python developers with cryptocurrency-related tasks. The activity has been ongoing since at least May 2025 and is characterized by modularity, which allows the threat actor to quickly resume it in case of partial compromise. The bad actor relies […]