Malware

Chrome Zero-Day Exploited to Deploy LeetAgent Spyware by Italian Memento Labs

A newly uncovered cyber espionage operation has revealed that a now-patched Google Chrome zero-day vulnerability was exploited to deploy a sophisticated spyware known as LeetAgent. According to research from Kaspersky, the operation has been linked to the Italian IT and security firm Memento Labs, known for developing surveillance tools. Operation ForumTroll and the Chrome Vulnerability […]

Chrome Zero-Day Exploited to Deploy LeetAgent Spyware by Italian Memento Labs Read More »

Researchers Reveal GhostCall and GhostHire, New Malware Chains Linked to BlueNoroff APT

Security researchers have exposed two coordinated malware campaigns, GhostCall and GhostHire, linked to the North Korea-associated Lazarus sub-group BlueNoroff, also tracked under names like APT38, CryptoCore, Genie Spider, Nickel Gladstone, Sapphire Sleet, and Stardust Chollima. The campaigns focus on the Web3 and blockchain ecosystem, and together they form part of a larger, long-running operation Kaspersky

Researchers Reveal GhostCall and GhostHire, New Malware Chains Linked to BlueNoroff APT Read More »

Qilin Ransomware Uses Linux Payload and BYOVD Exploit in Sophisticated Hybrid Attack

Qilin, also tracked as Agenda, Gold Feather, and Water Galura, has become one of the most active ransomware-as-a-service operations since mid-2022. In 2025 the group averaged more than 40 victims per month, peaking at around 100 data-leak posts in June, and reaching 84 victims in both August and September 2025. Cisco Talos data shows significant

Qilin Ransomware Uses Linux Payload and BYOVD Exploit in Sophisticated Hybrid Attack Read More »

Google Warns of Threat Actors Using Fake Job Postings to Spread Malware and Steal Credentials

Cybercriminals have adopted an advanced social engineering approach that takes advantage of the trust job seekers place in employment platforms, as highlighted in a new Google security advisory. Targeting Through Deceptive Recruitment Websites A financially driven threat group based in Vietnam, identified as UNC6229, has been targeting professionals in the digital advertising and marketing sectors.

Google Warns of Threat Actors Using Fake Job Postings to Spread Malware and Steal Credentials Read More »

APT36 Targets Indian Government Using Golang-Based DeskRAT Malware

A Pakistan-linked threat actor, identified as Transparent Tribe (APT36), has been observed launching spear-phishing attacks against Indian government entities using a Golang-based remote access trojan (RAT) called DeskRAT. The campaign, active during August and September 2025, continues a series of operations first highlighted by CYFIRMA in August 2025 and now monitored by Sekoia. Attack MethodologyThe

APT36 Targets Indian Government Using Golang-Based DeskRAT Malware Read More »

Over 3,000 YouTube Videos Used as Malware Traps in Massive Ghost Network Operation

A large, persistent malicious operation has been abusing YouTube to distribute malware, publishing more than 3,000 deceptive videos since 2021. Check Point researchers call it the YouTube Ghost Network, and the volume of these videos has tripled this year. Google has removed a majority of the offending videos, but the campaign highlights how attackers weaponize

Over 3,000 YouTube Videos Used as Malware Traps in Massive Ghost Network Operation Read More »

Self-Spreading GlassWorm Infects VS Code Extensions, Triggers Widespread Supply-Chain Attack

A fast-moving supply-chain worm, dubbed GlassWorm by Koi Security, has been found hiding inside multiple Visual Studio Code extensions on the Open VSX Registry and the Microsoft Extension Marketplace. The campaign highlights how developers, and their tooling, are now prime targets for large scale compromise, because extensions can auto-update and run code on developer machines.

Self-Spreading GlassWorm Infects VS Code Extensions, Triggers Widespread Supply-Chain Attack Read More »

Homoglyph Attack in Fake Nethereum NuGet Package Steals Crypto Wallet Keys

Cybersecurity researchers have revealed a new supply chain attack that targets the NuGet package manager using a malicious typosquat of Nethereum, a well-known Ethereum .NET integration library. The main goal of this attack is to steal crypto wallet keys from unsuspecting developers and users. Malicious Package Discovered The harmful package, named Netherеum.All, was discovered to

Homoglyph Attack in Fake Nethereum NuGet Package Steals Crypto Wallet Keys Read More »

Ukraine Aid Organizations Targeted via Fake Zoom Meetings and Malicious PDF Files

A recent spear-phishing operation, named PhantomCaptcha, has targeted organizations involved in Ukraine’s humanitarian and war relief efforts. Cybersecurity researchers reported that the campaign delivers a remote access trojan (RAT) using WebSocket connections for command-and-control (C2), posing a serious threat to international relief organizations. Scope of the Attack On October 8, 2025, individual members of the

Ukraine Aid Organizations Targeted via Fake Zoom Meetings and Malicious PDF Files Read More »

Iran-Linked MuddyWater Targets Over 100 Organizations in Global Espionage Campaign

Iranian-affiliated cyber group MuddyWater has launched a large-scale espionage campaign targeting more than 100 organizations, mainly across the Middle East and North Africa (MENA) region. The group has reportedly used a compromised email account to distribute a backdoor malware called Phoenix, aiming to infiltrate high-value targets and gather intelligence, according to a technical report by

Iran-Linked MuddyWater Targets Over 100 Organizations in Global Espionage Campaign Read More »