North Korea’s Modular Malware Strategy Hides Attribution, Defies Takedowns

North Korea’s cyber program is shifting from monolithic “families” to a modular, portfolio-style malware ecosystem designed to survive exposure, frustrate attribution, and keep operations running under constant pressure. Years of sanctions, coordinated…

·

cyber security, Cyber Security News, Malware

¶¶¶¶¶

Poisoned Axios Package Spreads Cross-Platform Malware via Phantom Dependency

Hackers hijacked the npm account of Axios’s lead maintainer. They used it to push two malicious releases that silently installed a cross‑platform remote access trojan (RAT) on macOS, Windows, and Linux systems. Axios is one of the JavaScript ecosystem’…

·

cyber security, Cyber Security News, Malware

¶¶¶¶¶

36 Malicious Strapi npm Packages Deliver Redis RCE, Persistent C2 Malware

A coordinated supply chain attack has been uncovered involving 36 malicious npm packages masquerading as Strapi CMS plugins, delivering a range of payloads including Redis remote code execution (RCE), credential harvesting, and persistent command-and-c…

·

cyber security, Cyber Security News, Malware

¶¶¶¶¶

Fake ChatGPT Ad Blocker Chrome Extension Caught Spying on Users

A fake Chrome browser extension called ‘ChatGPT Ad Blocker’ was harvesting conversations of ChatGPT users in the name of offering an ad-free experience.

·

Ad Blocker, ChatGPT, Chrome, Extension, Malware, OpenAI, SCAM, Scams and Fraud, Security, Spying

¶¶¶¶¶

Microsoft Warns of WhatsApp Attachments Spreading Backdoor on Windows PCs

Microsoft warns of a WhatsApp attachments spreading VBS malware that installs backdoors on Windows PCs, giving hackers remote access and control systems.

·

cybersecurity, Fraud, Malware, Microsoft, SCAM, Scams and Fraud, Security, Social Engineering, VBS, WhatsApp

¶¶¶¶¶

Yurei Ransomware Uses Common Tools, Adds Stranger Things References

Team Cymru details the Yurei ransomware campaign, using standard tools and a few Stranger Things–named payloads to breach and encrypt systems.

·

Cyber Crime, Cyber-Attacks, cybersecurity, Malware, Ransomware, Security, Stranger Things, Team Cymru, Toolkit, Yurei

¶¶¶¶¶

Storm Infostealer Sold as Service, Targets Browsers, Wallets and Accounts

New research from Varonis Threat Labs reveals Storm infostealer, a malicious subscription service that bypasses Google Chrome encryption.…

·

Chrome, Cyber Attack, cybersecurity, Infostealer, Malware, Security, Storm, Varonis

¶¶¶¶¶

RFQ Malware Campaign Uses DOCX, RTF, JS, and Python

Hackers are abusing DOCX, RTF, JavaScript, PowerShell, and Python to deliver an in‑memory Cobalt Strike beacon in a stealthy spear‑phishing campaign that impersonates Boeing procurement under the tag NKFZ5966PURCHASE. The operation chains six stages, r…

·

cyber security, Cyber Security News, Malware

¶¶¶¶¶

TA416 Broadens Europe Spy Campaign With Web Bugs and Malware

China-aligned threat actor TA416 has resumed large-scale espionage against European governments. It is now expanding to Middle Eastern diplomatic targets, combining web bug reconnaissance with constantly evolving malware delivery chains that culminate …

·

cyber security, Cyber Security News, Malware

¶¶¶¶¶

Ethereum-Based EtherRAT, EtherHiding Power Stealthy Malware Campaigns

Hackers are abusing the Ethereum blockchain to hide and control a new Node.js backdoor called EtherRAT, using a stealthy technique known as EtherHiding to make their command‑and‑control (C2) infrastructure difficult to disrupt. EtherRAT, previously pro…

·

cyber security, Cyber Security News, Malware

¶¶¶¶¶

1010.cx

1010.cx

Category: Malware