Security researchers have uncovered an active malware campaign, named Stealit, that uses a newer Node.js capability to ship malicious code as single-file executables, enabling infections on systems without Node.js installed. Researchers at Fortinet FortiGuard Labs also note some variants are built with the Electron framework, making delivery simpler and more covert. How the malware is […]
A sophisticated Android spyware campaign, known as ClayRat, has been actively targeting users in Russia by exploiting fake apps and deceptive websites. The threat actors are impersonating widely-used apps such as WhatsApp, TikTok, Google Photos, and YouTube to trick victims into installing malware. According to Zimperium researcher Vishnu Pratapagiri, once installed, ClayRat can collect SMS messages, call
ClayRat Spyware Targets Android Users Using Fake WhatsApp, TikTok Apps Read More »
A China aligned threat actor tracked as UTA0388 has run multiple spear phishing campaigns across North America, Asia, and Europe, with the main aim of delivering a Go based implant known as GOVERSHELL. Volexity reported these operations on Wednesday, noting that initial messages impersonated senior researchers and analysts from fabricated organizations, to trick recipients into
From HealthKick to GOVERSHELL: Tracking the Evolution of UTA0388 Espionage Malware Read More »
Security researchers have observed a renewed Mustang Panda campaign that uses a fresh DLL side-loading method to deliver malicious payloads, targeting Tibetan advocacy groups with politically themed lures. The operation first appeared in June, 2025, and combines archive-based phishing, hidden library files, dynamic API resolution, and periodic task scheduling to maintain persistence and execute stolen
Mustang Panda Employs New DLL Side Loading Technique to Deploy Malware Read More »
Shuyal Stealer has quickly become one of the most flexible credential theft tools observed in recent months. First seen in early August, its modular design enables it to target a wide variety of web browsers, including Chromium-based, Gecko-based, and legacy engines, making it a high-risk threat for many environments. Early signs and impact Initial indicators
Shuyal Stealer Targets 19 Browsers to Harvest Login Credentials Read More »
Russian hackers have taken their cyber offensive to a new level by integrating artificial intelligence (AI) into cyber attacks against Ukraine, according to a report published by the State Service for Special Communications and Information Protection of Ukraine (SSSCIP). The report revealed that during the first half of 2025 (H1 2025), hackers began using AI
AI Emerges as Russia’s Latest Cyber Weapon in Its War on Ukraine Read More »
Three leading ransomware groups—DragonForce, LockBit, and Qilin—have officially joined forces, signaling a notable shift in the global cyber threat landscape. This strategic partnership aims to enhance the effectiveness of ransomware operations, according to a report by ReliaQuest shared with The Hacker News. “Following LockBit’s recent return, this alliance is expected to enable the sharing of
LockBit, Qilin, and DragonForce Collaborate to Strengthen Ransomware Operations Read More »
Researchers at Aryaka Threat Research Labs, Aditya K Sood and Varadharajan K, report that attackers impersonate recruiters, sending seemingly legitimate job descriptions and corporate documents that conceal malicious payloads. These lures are designed to look authentic, encouraging recipients to open files that initiate a multi-stage infection. How the attack works The campaign commonly uses ZIP
BatShadow Group Deploys Go-Based ‘Vampire Bot’ Malware Targeting Job Seekers Read More »
Cybersecurity experts have closely monitored the development of XWorm malware, evolving it into a highly adaptable tool capable of executing a broad range of malicious operations on infected systems. Trellix researchers Niranjan Hegde and Sijo Jacob explained, “XWorm’s architecture is modular, consisting of a core client and multiple specialized components known as plugins. Each plugin
XWorm 6.0 Resurfaces with Over 35 Plugins, Upgraded Data Theft Features Read More »
A cybercriminal known as Detour Dog has been exposed as the operator behind large-scale DNS-powered malware campaigns that distribute Strela Stealer, an information-stealing malware. Security researchers from Infoblox have traced the attacker’s infrastructure, revealing how it fuels the spread of a backdoor named StarFish, which acts as the entry point for Strela Stealer infections. Background
Detour Dog Exposed for Operating DNS-Based Malware Factory Linked to Strela Stealer Read More »