Malware

Hackers Abuse c-ares DLL Side-Loading to Evade Security and Deploy Malware

Cybersecurity researchers have uncovered an active malware campaign that abuses a DLL side-loading weakness in a legitimate binary linked to the open-source c-ares library. By exploiting this technique, attackers are able to bypass traditional security controls and deliver a wide range of commodity malware, including trojans, stealers, and remote access tools. How the Attack Works According to […]

Hackers Abuse c-ares DLL Side-Loading to Evade Security and Deploy Malware Read More »

PLUGGYAPE Malware Uses Signal and WhatsApp to Target Ukrainian Defense Forces

Ukraine’s Computer Emergency Response Team (CERT-UA) has revealed details of a recent cyber espionage campaign targeting Ukrainian defense forces using a malware strain known as PLUGGYAPE. The attacks were observed between October and December 2025. CERT-UA has attributed the activity with medium confidence to a Russia aligned threat group tracked as Void Blizzard, also known

PLUGGYAPE Malware Uses Signal and WhatsApp to Target Ukrainian Defense Forces Read More »

New Malware Campaign Spreads Remcos RAT via Multi-Stage Windows Attack

Cybersecurity analysts have uncovered a new malware operation known as SHADOW#REACTOR, which uses a stealthy, multi stage infection chain to deploy the Remcos Remote Administration Tool (RAT). The campaign is designed to establish persistent and covert control over compromised Windows systems while evading traditional detection mechanisms. According to a technical report released by Securonix researchers Akshay

New Malware Campaign Spreads Remcos RAT via Multi-Stage Windows Attack Read More »

New Advanced VoidLink Malware Targets Linux Cloud and Container Environments

Cybersecurity researchers have revealed a previously unknown and highly sophisticated Linux malware framework known as VoidLink, which is purpose built to maintain long term, covert access to cloud based infrastructures. The malware specifically targets Linux systems that form the backbone of modern cloud services and containerized environments. According to a recent analysis published by Check Point

New Advanced VoidLink Malware Targets Linux Cloud and Container Environments Read More »

New MacSync Stealer Uses Signed macOS App to Bypass Gatekeeper and Steal Data

Cybersecurity researchers have uncovered a new and more deceptive variant of the MacSync malware targeting macOS users. Unlike earlier versions that depended on visible user interaction tricks such as ClickFix techniques, this updated strain disguises itself as a legitimately signed and notarised Apple application. By doing so, it successfully bypasses macOS Gatekeeper protections and quietly

New MacSync Stealer Uses Signed macOS App to Bypass Gatekeeper and Steal Data Read More »

MuddyWater Launches RustyWater RAT Through Spear-Phishing Targeting Middle East Sectors

Cybersecurity researchers have uncovered a new spear phishing campaign linked to the Iranian threat actor MuddyWater, also known by multiple aliases, targeting critical sectors across the Middle East. The operation delivers a Rust based remote access trojan called RustyWater, signaling a continued shift toward more advanced and stealthy malware frameworks. Campaign Overview According to a

MuddyWater Launches RustyWater RAT Through Spear-Phishing Targeting Middle East Sectors Read More »

xRAT Malware Targets Windows Users Masquerading as Adult Game

A new malware threat called xRAT, also known as QuasarRAT, has been targeting Windows users across Korea, exploiting popular webhard file-sharing services.The Ahnlab Security Intelligence Center (ASEC) recently detected xRAT being distributed as fake adult games. The remote access trojan (RAT) combines advanced evasion techniques with social engineering, making it particularly dangerous for everyday users. Attackers exploit

xRAT Malware Targets Windows Users Masquerading as Adult Game Read More »

Russian APT28 Launches Credential-Stealing Campaign Targeting Energy and Policy Organizations

Russian state-sponsored threat actors linked to APT28, also known as BlueDelta, have been identified running an ongoing credential-harvesting operation aimed at energy research and policy-related organizations across multiple regions. According to findings, the campaign primarily targeted individuals connected to a Turkish energy and nuclear research body, employees of a European policy think tank, and organizations operating in North

Russian APT28 Launches Credential-Stealing Campaign Targeting Energy and Policy Organizations Read More »

WhatsApp Worm Propagates Astaroth Banking Trojan in Brazil Through Auto-Messaging

Cybersecurity researchers have uncovered a new malware campaign that abuses WhatsApp as a distribution channel to spread the Astaroth banking trojan across Brazil. The operation specifically targets Windows users and represents an evolution in how financial malware is propagated in the region. The campaign has been named Boto Cor-de-Rosa by the Acronis Threat Research Unit.

WhatsApp Worm Propagates Astaroth Banking Trojan in Brazil Through Auto-Messaging Read More »

China-Linked UAT-7290 Targets Telecom Companies with Linux Malware and ORB Nodes

Cybersecurity researchers have attributed a series of espionage driven cyber intrusions to a China linked threat actor tracked as UAT 7290, which has been actively targeting organizations across South Asia and Southeastern Europe. According to a new report published by Cisco Talos, the activity cluster has been operational since at least 2022 and is known

China-Linked UAT-7290 Targets Telecom Companies with Linux Malware and ORB Nodes Read More »