Malware

Trump admin sends heart emoji to commercial spyware makers with lifted Predator sanctions

infosec in brief Also, Korean Air hacked, EmEditor installer hijacked, a perfect 10 router RCE vuln, and more

Security04 Jan 2026 | 11

ATM jackpotting gang accused of unleashing Ploutus malware across US

Latest charges join the mountain of indictments facing alleged Tren de Aragua members

Cyber-crime19 Dec 2025 | 24

React2Shell exploitation spreads as Microsoft counts hundreds of hacked machines

Security boffins warn flaw is now being used for ransomware attacks against live networks

Cyber-crime18 Dec 2025 | 11

SantaStealer stuffs credentials, crypto wallets into a brand new bag

All I want for Christmas … is all of your data

Cyber-crime16 Dec 2025 | 2

Fresh ClickFix attacks use Windows Update trick-pics to steal credentials

Poisoned PNGs contain malicious code

Security24 Nov 2025 | 4

Weaponized file name flaw makes updating glob an urgent job

Infosec In Brief PLUS: CISA issues drone warning; China-linked DNS-hijacking malware; Prison for BTC Samourai; And more

Security23 Nov 2025 | 10

LLM-generated malware is improving, but don't expect autonomous attacks tomorrow

Researchers tried to get ChatGPT to do evil, but it didn't do a good job

Research20 Nov 2025 | 2

Logitech leaks data after zero-day attack

INFOSEC IN BRIEF PLUS: CISA still sitting on telecoms security report; DoorDash phished again; Lumma stealer returns; and more

Security16 Nov 2025 | 1

Gootloader malware back for the attack, serves up ransomware

Move fast - miscreants compromised a domain controller in 17 hours

Cyber-crime06 Nov 2025 | 2

Malware-pwned laptop gifts cybercriminals Nikkei's Slack

Stolen creds let miscreants waltz into 17K employees' chats, spilling info on staff and partners

Cyber-crime06 Nov 2025 | 6

Attackers targeting unpatched Cisco kit notice malware implant removal, install it again

Infosec in brief PLUS: Cyber-exec admits selling secrets to Russia; LastPass isn't checking to see if you're dead; Nation-state backed Windows malware; and more

Security02 Nov 2025 | 1

Invisible npm malware pulls a disappearing act – then nicks your tokens

PhantomRaven slipped over a hundred credential-stealing packages into npm

Security30 Oct 2025 | 18

Android malware types like your gran to steal banking creds

Updated By appearing more human, it evades detection

Cybersecurity Month28 Oct 2025 | 8

Google nukes 3,000 YouTube videos that sowed malware disguised as cracked software

Check Point helps exorcise vast 'Ghost Network' that used fake tutorials to push infostealers

Cyber-crime23 Oct 2025 | 19

How malware vaccines could stop ransomware's rampage

Feature Security pros explore whether infection-spoofing code can immunize Windows systems against attack

Security21 Oct 2025 | 24

Microsoft spots fresh XCSSET malware strain hiding in Apple dev projects

Upgraded nasty slips into Xcode builds, steals crypto, and disables macOS defenses

Security26 Sep 2025 | 2

LockBit's new variant is 'most dangerous yet,' hitting Windows, Linux and VMware ESXi

Operation Cronos didn’t kill LockBit – it just came back meaner

Cyber-crime26 Sep 2025 | 47

Kaspersky: RevengeHotels checks back in with AI-coded malware

Old hotel scam gets an AI facelift, leaving travellers’ card details even more at risk

Research23 Sep 2025 | 2

Suspected Iran-backed attackers targeting European aerospace sector with novel malware

Instead of job offers, victims get MiniJunk backdoor and MiniBrowse stealer

Cyber-crime23 Sep 2025 | 9

Ivanti EPMM holes let miscreants plant shady listeners, CISA says

Unnamed org compromised with two malware sets

Cyber-crime19 Sep 2025 |

HybridPetya: More proof that Secure Boot bypasses are not just an urban legend

Although it hasn't been seen in the wild yet

Research12 Sep 2025 | 23

We're number 1! America now leads the world in surveillanceware investment

Atlantic Council warns US investors are fueling a market that undermines national security

Security11 Sep 2025 | 11

Beijing went to 'EggStreme' lengths to attack Philippines military, researchers say

Ovoid-themed in-memory malware offers a menu for mayhem

Security11 Sep 2025 | 5

Apple slips up on ChillyHell macOS malware, lets it past security . . . for 4 years

'We do believe that this was likely the creation of a cybercrime group,' threat hunter tells The Reg

Research10 Sep 2025 | 15

Shell to pay: Crims invade your PC with CastleRAT malware, now in C and Python

Pro tip, don't install PowerShell commands without approval

Cyber-crime05 Sep 2025 | 4

Malware-ridden apps made it into Google's Play Store, scored 19 million downloads

Everything's fine, the ad slinger assures us

Security26 Aug 2025 | 18

Developer jailed for taking down employer's network with kill switch malware

Pro tip: When taking revenge, don't use your real name

Security22 Aug 2025 | 46

Like burglars closing a door, Apache ActiveMQ attackers patch critical vuln after breaking in

Intruders hoped no one would notice their presence

Cyber-crime19 Aug 2025 | 5

Someone's poking the bear with infostealers targeting Russian crypto developers

If you wanted to hurt Putin’s ransomware racketeers, these info-stealing npm packages are one way to do it

Security18 Aug 2025 | 4

Crooks can't let go: Active attacks target Office vuln patched 8 years ago

CVE-2017-11882 in discontinued Equation Editor still attracting keylogger campaigns despite software being killed off in 2018

Security13 Aug 2025 | 8

Trend Micro offers weak workaround for already-exploited critical vuln in management console

Infosec In Brief PLUS: Crypto mixer founders plead guilty; Another French telco hacked; Meta fights WhatsApp scams; And more!

Security10 Aug 2025 | 6

Microsoft researchers bullish on AI security agent even though it let 74% of malware slip through

UPDATED Project Ire promises to use LLMs to detect whether code is malicious or benign

AI + ML06 Aug 2025 | 9

Study finds humans not completely useless at malware detection

Some pinpointed software nasties but were suspicious of printer drivers too

Security05 Aug 2025 | 11

Python-powered malware snags hundreds of credit cards, 200K passwords, and 4M cookies

PXA Stealer pilfers data from nearly 40 browsers, including Chrome

Cyber-crime04 Aug 2025 | 9

Coyote malware abuses Microsoft's UI Automation to hunt banking creds

Some coyotes hunt squirrels, this one hunts users' financial apps

Research24 Jul 2025 | 1

Arch Linux users told to purge Firefox forks after AUR malware scare

The distro's greatest asset is arguably also its greatest weakness

OSes22 Jul 2025 | 41

Stopping the rot when good software goes bad means new rules from the start

Opinion We need more paranoid Androids. And, well, everything else

Applications14 Jul 2025 | 37

Massive browser hijacking campaign infects 2.3M Chrome, Edge users

updated These extensions weren't malware-laced from the start, researcher says

Research08 Jul 2025 | 39

Beware of fake SonicWall VPN app that steals users' credentials

A good reminder not to download apps from non-vendor sites

Cyber-crime24 Jun 2025 | 1

Sneaky Serpentine#Cloud slithers through Cloudflare tunnels to inject orgs with Python-based malware

Phishing, Python and RATs, oh my

Cyber-crime19 Jun 2025 | 2

Minecraft cheaters never win ... but they may get malware

Infostealers posing as popular cheat tools are cropping up on GitHub

Cyber-crime18 Jun 2025 | 7

Dems demand audit of CVE program as Federal funding remains uncertain

Infosec In Brief PLUS: Discord invite links may not be safe; Miscreants find new way to hide malicious JavaScript; and more!

Security15 Jun 2025 | 5

DeepSeek installer or just malware in disguise? Click around and find out

'BrowserVenom' is pure poison

Cyber-crime11 Jun 2025 | 5

Asia dismantles 20,000 malicious domains in infostealer crackdown

Interpol coordinates operation, nabs 32 across Vietnam, Sri Lanka, and Nauru

Cyber-crime11 Jun 2025 | 4

CISO who helped unmask Badbox warns: Version 3 is coming

The botnet’s still alive and evolving

Cyber-crime11 Jun 2025 |

Fresh strain of pro-Russian wiper flushes Ukrainian critical infrastructure

Destructive malware has been a hallmark of Putin's multi-modal war

Security06 Jun 2025 | 9

Uncle Sam puts $10M bounty on RedLine dev and Russia-backed cronies

Any info on Maxim Rudometov and his associates? There's $$$ in it for you

Cyber-crime05 Jun 2025 | 3

More than a hundred backdoored malware repos traced to single GitHub user

Someone went to great lengths to prey on the next generation of cybercrooks

Cyber-crime05 Jun 2025 | 12

Lumma infostealer takedown may have inflicted only a flesh wound as crew keeps pinching and selling data

Infosec In Brief PLUS: Ransomware gang using tech support scam; Czechia accuses China of infrastructure attack; And more!

Security02 Jun 2025 | 3

TeleMessage security SNAFU worsens as 60 government staffers exposed

Infosec In Brief PLUS: Interpol kills more malware; GoDaddy settles in awful infosec case; Giant stolen creds DB exposed

Security26 May 2025 | 11

Suspected creeps behind DanaBot malware that hit 300K+ computers revealed

And the associated fraud'n'spy botnet is about to be shut down

Cyber-crime23 May 2025 | 1

Feds finger Russian 'behind Qakbot malware' that hit 700K computers

Agents thought they shut this all down in 2023, but the duck quacked again

Cyber-crime22 May 2025 | 2

FBI, Microsoft, international cops bust Lumma infostealer service

Credit card theft losses in 2023 alone totaled $36.5M

Cyber-crime21 May 2025 |

Open source text editor poisoned with malware to target Uyghur users

Who could possibly be behind this attack on an ethnic minority China despises?

Security29 Apr 2025 | 19

Cybersecurity CEO accused of running malware on hospital PC blabs about it on LinkedIn

Updated Sometimes, silence is the best option

CSO28 Apr 2025 | 10

Google's email spoofed by cunning phisherfolk who re-used DKIM creds

Infosec In Brief PLUS: Malware developers adopt Node.js; US disinformation warriors disbanded; Gig worker accounts for sale; and more

Personal Tech22 Apr 2025 | 4