Malware Archives - Page 19 Of 31

North Korean hackers use 197 npm packages to spread updated OtterCookie malware

November 29, 2025

A North Korean threat group linked to the Contagious Interview activity has continued its aggressive malware distribution by uploading 197 additional malicious packages to the npm registry since last month. Researchers at Socket confirmed that these packages have been downloaded more than 31000 times. Each of them is designed to install a modified version of […]

North Korean hackers use 197 npm packages to spread updated OtterCookie malware Read More »

Bloody Wolf expands Java based NetSupport RAT attacks in Kyrgyzstan and Uzbekistan

November 27, 2025

A growing cyber espionage campaign linked to the threat group known as Bloody Wolf has widened its reach in Central Asia as the attackers continue delivering the NetSupport RAT through deceptive Java based loaders. The campaign, which initially focused on Kyrgyzstan in June 2025, has expanded to include Uzbekistan by October 2025, according to Group

Bloody Wolf expands Java based NetSupport RAT attacks in Kyrgyzstan and Uzbekistan Read More »

Shai Hulud v2 spreads from npm to Maven, exposing thousands of secrets

November 27, 2025

A new wave of the Shai Hulud supply chain attack has now moved beyond the npm ecosystem and into Maven, exposing thousands of sensitive credentials and widening the reach of one of the most impactful attacks of the year. Security researchers have confirmed that the second phase of the operation has compromised more than 830

Shai Hulud v2 spreads from npm to Maven, exposing thousands of secrets Read More »

RomCom deploys Mythic Agent malware via SocGholish fake update attacks

November 26, 2025

Cybersecurity researchers have discovered that the Russia-linked threat actor RomCom attempted to compromise a U.S.-based civil engineering company using a JavaScript loader known as SocGholish, delivering the sophisticated Mythic Agent malware. According to Arctic Wolf Labs researcher Jacob Faires, this marks the first observed instance of a RomCom payload being distributed via SocGholish. The campaign

RomCom deploys Mythic Agent malware via SocGholish fake update attacks Read More »

JackFix spreads multiple stealers via fake Windows Update pop ups on adult sites.

November 25, 2025

A newly uncovered malware campaign is exploiting adult themed phishing sites and deceptive ClickFix style lures to trick users into executing malicious Windows commands disguised as urgent security updates. Cybersecurity researchers from Acronis have identified the activity, warning that the threat actors are using highly convincing fake Windows update screens to distribute multiple information stealers.

JackFix spreads multiple stealers via fake Windows Update pop ups on adult sites. Read More »

ToddyCat’s new tools steal Outlook emails and Microsoft 365 tokens, threatening users and organizations.

November 25, 2025

The threat group known as ToddyCat has introduced new techniques designed to infiltrate corporate email systems and extract sensitive data from targeted organizations. According to a technical report by Kaspersky, the group is now using a custom tool called TCSectorCopy to obtain access to Microsoft Outlook data and OAuth 2.0 tokens. Kaspersky noted that this

ToddyCat’s new tools steal Outlook emails and Microsoft 365 tokens, threatening users and organizations. Read More »

Hackers use Blender 3D assets to spread StealC V2 malware, threatening creators and users

November 25, 2025

Cybersecurity analysts have uncovered a new threat campaign in which attackers are weaponizing Blender Foundation files to distribute an upgraded version of the StealC information stealer, known as StealC V2. The activity has been ongoing for at least six months, according to Morphisec researcher Shmuel Uzan, who reported that malicious .blend files were discovered on

Hackers use Blender 3D assets to spread StealC V2 malware, threatening creators and users Read More »

ShadowPad Malware Exploits a WSUS Vulnerability to Gain Full System Access

November 24, 2025

A recently addressed security flaw in Microsoft Windows Server Update Services, also known as WSUS, is being actively abused by attackers to deploy the advanced ShadowPad malware. According to a report from the AhnLab Security Intelligence Center, the threat actors used CVE 2025 59287 as the initial entry point into targeted Windows servers. Attackers Use

ShadowPad Malware Exploits a WSUS Vulnerability to Gain Full System Access Read More »

ShadowRay 2.0 Uses an Unpatched Ray Vulnerability to Create a Self Spreading GPU Cryptomining Botnet

November 21, 2025

A new wave of cyber attacks has emerged as Oligo Security reports active exploitation of a long standing security weakness in the Ray open source AI framework. This flaw, identified as CVE 2023 48022 with a critical 9.8 rating, is being used to compromise Ray clusters equipped with NVIDIA GPUs. The compromised infrastructure is then

ShadowRay 2.0 Uses an Unpatched Ray Vulnerability to Create a Self Spreading GPU Cryptomining Botnet Read More »

Tsundere Botnet Expands by Using Game Lures and an Ethereum Based C2 System on Windows

November 21, 2025

Security analysts have revealed new insights about the Tsundere botnet, a rapidly expanding malware operation that targets Windows systems. Active since mid 2025, the threat uses JavaScript based payloads delivered from a remote command and control server, allowing attackers to execute arbitrary commands and flexibly modify botnet behavior. Propagation and Infection Mechanisms Although its initial

Tsundere Botnet Expands by Using Game Lures and an Ethereum Based C2 System on Windows Read More »