Malware

Cybersecurity experts have uncovered a rapidly growing social engineering method known as ClickFix, which has been increasingly adopted by attackers since early 2024. This technique impacts both Windows and macOS devices, convincing users to unknowingly run harmful commands under the guise of routine troubleshooting steps. According to recent findings, thousands of enterprise and personal systems […]

A new and sophisticated supply chain attack has been uncovered, targeting developers through a malicious Go module package. This package disguises itself as a legitimate SSH brute force tool but secretly collects and transmits stolen credentials to cybercriminal operators. Disguised Package with Hidden Malicious Intent The malicious package, named “golang-random-ip-ssh-bruteforce,” promotes itself as a fast

Threat actors are increasingly using a deceptive method known as ClickFix to spread a powerful backdoor called CORNFLAKE.V3. How ClickFix Works According to Google-owned Mandiant, the campaign is operated by UNC5518, an access-as-a-service group. Attackers lure victims to fake CAPTCHA pages, tricking them into following instructions that ultimately provide attackers with access to their systems.

A newly discovered malware called RingReaper is actively targeting Linux servers, raising serious concerns due to its advanced evasion strategies that undermine traditional endpoint detection and response (EDR) solutions. How RingReaper Operates RingReaper functions as a post-exploitation agent that takes advantage of the Linux kernel’s io_uring interface, a modern asynchronous I/O system designed for high-performance

North Korean Linux Rootkit Leak Exposes Advanced Espionage Tools In a major cybersecurity incident, sensitive hacking tools and technical documentation linked to a North Korean threat actor have been leaked online. The disclosure, first highlighted in Phrack Magazine, includes advanced exploit methods, system compromise logs, and, most concerning, a stealth Linux rootkit capable of bypassing

Palo Alto Networks Releases Comprehensive Malware Analysis Tutorial on Remcos RAT Palo Alto Networks has published a highly detailed malware analysis tutorial, showcasing the dissection of a complex .NET-based loader that ultimately delivers the Remcos remote access trojan (RAT). Abuse of Legitimate Environments The case underlines a growing threat trend: adversaries increasingly misuse legitimate development

Taiwan Servers Compromised by UAT-7237 Using Advanced Custom Tools A newly identified and sophisticated malware campaign is targeting Windows systems through a multi-stage attack framework named PS1Bot. This framework combines PowerShell and C# modules to execute extensive data theft operations while avoiding conventional detection methods. The PS1Bot malware represents an advanced shift in cyberattack tactics,

YouTube Proxyjacking Campaign Exploits Fake Video Download Sites Cybercriminals have intensified their proxyjacking campaigns by targeting users of YouTube video download services, according to recent security research. This attack exploits fake YouTube-to-MP4 conversion websites to distribute proxyware malware, focusing on users seeking free online video conversion tools. The campaign reflects a major evolution in bandwidth