Malware

Monolock Ransomware Reportedly Being Sold by Threat Actors on Dark Web Forums

Monolock ransomware has appeared for sale on underground forums, with operators advertising version 1.0 and offering stolen corporate credentials alongside the malware. First observed in late September, the campaign spreads through phishing messages that deliver malicious Microsoft Word documents, which, when opened, trigger an embedded macro to download the ransomware binary from a compromised host. […]

Monolock Ransomware Reportedly Being Sold by Threat Actors on Dark Web Forums Read More »

New GlassWorm Uses Invisible, Obfuscated Code to Attack VS Code Extensions on OpenVSX Marketplace

Over the last week, cybersecurity experts have observed the rise of GlassWorm, a sophisticated malware campaign that targets VS Code extensions available on the OpenVSX Marketplace. This attack demonstrates a concerning evolution in supply chain security within developer ecosystems. As of October 2025, more than 35,800 installations have been affected, and the number continues to

New GlassWorm Uses Invisible, Obfuscated Code to Attack VS Code Extensions on OpenVSX Marketplace Read More »

Hackers Abuse ASP.NET Machine Keys to Compromise IIS Servers and Install Malicious Modules

Security researchers have uncovered a widespread campaign where attackers exploited publicly available ASP.NET machine keys to break into Windows IIS web servers, then installed a malicious IIS module to hijack traffic and profit from fake search rankings. The group, tracked as REF3927, leveraged keys published in places like Microsoft documentation and online forums, making many

Hackers Abuse ASP.NET Machine Keys to Compromise IIS Servers and Install Malicious Modules Read More »

Threat Actors Breach Xubuntu Website to Distribute Malicious Windows Executable

Cybercriminals have compromised the official Xubuntu website, redirecting torrent download links to a malicious ZIP archive that delivers Windows-based malware. The attack, detected on October 18, 2025, underscores ongoing security weaknesses in community-managed Linux distribution platforms, particularly as users shift from outdated operating systems. Instead of legitimate Xubuntu ISO torrents, unsuspecting users were offered a

Threat Actors Breach Xubuntu Website to Distribute Malicious Windows Executable Read More »

Cavalry Werewolf APT Targets Multiple Industries Using FoalShell and StallionRAT Malware

Between May and August 2025, a technically advanced threat campaign targeted Russia’s public sector and several critical industries, focusing primarily on energy, mining, and manufacturing, [SEO keywords: Cavalry Werewolf APT, cyber threat, FoalShell, StallionRAT]. Analysts attribute the operations to the group known as Cavalry Werewolf, also tracked as YoroTrooper and Silent Lynx. The attackers used

Cavalry Werewolf APT Targets Multiple Industries Using FoalShell and StallionRAT Malware Read More »

Researchers Uncover PassiveNeuron APT Using Neursite and NeuralExecutor Malware

Cybersecurity analysts at Kaspersky have identified a sophisticated cyber espionage operation called PassiveNeuron, targeting government, financial, and industrial sectors across Asia, Africa, and Latin America. The campaign uses two previously unseen malware families named Neursite and NeuralExecutor, indicating a well-organized threat group focused on stealthy, long-term access. Discovery of PassiveNeuron Campaign Kaspersky first detected traces

Researchers Uncover PassiveNeuron APT Using Neursite and NeuralExecutor Malware Read More »

Hackers Exploit Citrix Flaw and Deploy Snappybee Malware to Breach European Telecom Network

A European telecommunications company has reportedly fallen victim to a cyberattack linked to a China-based espionage group known as Salt Typhoon. The incident, uncovered by Darktrace, occurred in early July 2025 when the attackers exploited a Citrix NetScaler Gateway vulnerability to gain unauthorized access to the organization’s internal network. Salt Typhoon: A Persistent and Evolving

Hackers Exploit Citrix Flaw and Deploy Snappybee Malware to Breach European Telecom Network Read More »

Google Uncovers Three New Russian Malware Families Developed by COLDRIVER Hackers

Google’s Threat Intelligence Group (GTIG) has revealed new details about the Russian-linked hacking group known as COLDRIVER, uncovering three newly developed malware families that reflect the group’s increasing cyber activity since May 2025. According to GTIG’s research, COLDRIVER has significantly expanded its malware arsenal just days after its previously known malware, LOSTKEYS, was publicly exposed.

Google Uncovers Three New Russian Malware Families Developed by COLDRIVER Hackers Read More »

PolarEdge Botnet Expands, Targeting Cisco, ASUS, QNAP, and Synology Routers

Cybersecurity researchers have uncovered the inner workings of a router-focused botnet called PolarEdge, which targets devices from Cisco, ASUS, QNAP, and Synology. First reported by Sekoia in February 2025, PolarEdge uses a TLS-based ELF implant to take control of vulnerable routers and expose them to remote commands, creating a network of compromised devices for purposes

PolarEdge Botnet Expands, Targeting Cisco, ASUS, QNAP, and Synology Routers Read More »

New .NET CAPI Backdoor Targets Russian Automotive and E-Commerce Firms via Phishing ZIPs

Cybersecurity researchers have uncovered a fresh phishing campaign that appears aimed at organizations in Russia’s automotive and e-commerce sectors, using a previously unseen .NET implant, named CAPI Backdoor. According to Seqrite Labs, attackers distributed a ZIP attachment to trigger infection, and the ZIP artifact was uploaded to VirusTotal on October 3, 2025. image import–phishing-zip-sample Attack

New .NET CAPI Backdoor Targets Russian Automotive and E-Commerce Firms via Phishing ZIPs Read More »