Malware

China Aligned Threat Group Abuses Windows Group Policy to Deploy Espionage Malware

A previously undocumented China-aligned threat cluster, tracked as LongNosedGoblin, has been linked to a series of cyber espionage operations targeting government organizations in Southeast Asia and Japan. The activity, uncovered by Slovak cybersecurity firm ESET, has been assessed to be active since at least September 2023, with intelligence collection identified as the primary objective. According […]

China Aligned Threat Group Abuses Windows Group Policy to Deploy Espionage Malware Read More »

Kimsuky Spreads DocSwap Android Malware Through QR Phishing Posing as Delivery App

A new Android malware campaign linked to the North Korean threat actor Kimsuky has been uncovered, using QR code based phishing techniques to distribute an updated variant of malware known as DocSwap. The activity was analyzed by South Korean cybersecurity firm ENKI, which reported that the attackers are impersonating a major logistics provider in South

Kimsuky Spreads DocSwap Android Malware Through QR Phishing Posing as Delivery App Read More »

Kimwolf Botnet Hijacks 1.8 Million Android TVs to Launch Massive DDoS Attacks

Cybersecurity researchers have uncovered a large scale distributed denial of service botnet named Kimwolf that has compromised approximately 1.8 million Android based devices, including smart TVs, set top boxes, and tablets. The findings were published by researchers at QiAnXin XLab, who noted possible links between Kimwolf and another notorious botnet known as AISURU. According to

Kimwolf Botnet Hijacks 1.8 Million Android TVs to Launch Massive DDoS Attacks Read More »

GhostPoster Malware Discovered in 17 Firefox Add ons with Over 50,000 Downloads

A newly identified malware campaign named GhostPoster has been uncovered abusing logo image files embedded within browser extensions to deliver malicious JavaScript code. The operation targeted users of Mozilla Firefox through at least 17 compromised add-ons that collectively recorded more than 50,000 downloads before being removed. The findings were disclosed by Koi Security, which identified

GhostPoster Malware Discovered in 17 Firefox Add ons with Over 50,000 Downloads Read More »

China Linked Ink Dragon Hacks Governments Using ShadowPad and FINALDRAFT Malware

A China aligned cyber espionage group tracked as Ink Dragon has intensified its operations against government organizations, with a noticeable focus on European targets since July 2025. The campaign remains active and continues to impact entities across Southeast Asia and South America. Security researchers at Check Point Research are monitoring the activity cluster, which is

China Linked Ink Dragon Hacks Governments Using ShadowPad and FINALDRAFT Malware Read More »

Malicious NuGet Package Posing as Tracer Fody Steals Cryptocurrency Wallet Data

Cybersecurity researchers have identified a malicious NuGet package that impersonates the popular .NET tracing library Tracer.Fody to steal cryptocurrency wallet information. The package, called “Tracer.Fody.NLog,” was uploaded by a user named “csnemess” on February 26, 2020, and has remained on the repository for nearly six years. It closely mimics the legitimate “Tracer.Fody” library maintained by

Malicious NuGet Package Posing as Tracer Fody Steals Cryptocurrency Wallet Data Read More »

React2Shell Vulnerability Actively Exploited to Deploy Linux Backdoors

Cybersecurity researchers have confirmed active exploitation of a critical security flaw known as React2Shell, with threat actors using it to deploy multiple Linux based backdoors, including KSwapDoor and ZnDoor. The findings come from independent investigations conducted by Palo Alto Networks Unit 42 and NTT Security. According to Unit 42, KSwapDoor is a highly sophisticated remote

React2Shell Vulnerability Actively Exploited to Deploy Linux Backdoors Read More »

VolkLocker Ransomware Exposed After Hard Coded Master Key Enables Free Decryption

Cybersecurity researchers have exposed a critical design flaw in a new ransomware strain called VolkLocker, allowing victims to recover their files without paying a ransom. The malware is operated by the pro Russian hacktivist group CyberVolk, also known as GLORIAMIST, and is offered under a ransomware as a service model. The weakness lies in poor

VolkLocker Ransomware Exposed After Hard Coded Master Key Enables Free Decryption Read More »

Phantom Stealer Spreads via ISO Phishing Emails Targeting Russian Finance Sector

Cybersecurity researchers have revealed an active phishing operation targeting multiple sectors across Russia, with a strong focus on finance and accounting organizations. The campaign distributes Phantom Stealer through malicious ISO optical disc images attached to phishing emails. The activity, tracked as Operation MoneyMount ISO, was uncovered by analysts at Seqrite Labs. While finance and accounting

Phantom Stealer Spreads via ISO Phishing Emails Targeting Russian Finance Sector Read More »

Fake OSINT and GPT Utility GitHub Repositories Spread PyStoreRAT Malware Payloads

Cybersecurity researchers have uncovered a new malware distribution campaign that abuses GitHub hosted Python repositories to spread a previously undocumented JavaScript based Remote Access Trojan named PyStoreRAT. The operation relies on fake development tools, OSINT utilities, and GPT related projects to trick analysts and developers into executing malicious loader code. GitHub Repositories Hide Multi Stage

Fake OSINT and GPT Utility GitHub Repositories Spread PyStoreRAT Malware Payloads Read More »