-
A new Windows stealer dubbed BoryptGrab is being distributed through a large, ongoing campaign abusing fake GitHub repositories that pose as free tools, game cheats, and popular utilities. The malware focuses on stealing browser data, cryptocurrency wa…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A large-scale spear-phishing campaign distributing a VIP Keylogger variant sold as Malware-as-a-Service (MaaS). The campaign employs steganography, in-memory execution, and modular payload design to evade defenses while harvesting credentials across br…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
ClipXDaemon is a new Linux malware family that hijacks cryptocurrency clipboard data in X11 sessions, operating fully offline without any command‑and‑control (C2) infrastructure. It reuses a ShadowHS-style loader built with the public bincrypter framew…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Transparent Tribe (APT36) is moving from traditional, off‑the‑shelf tools to an AI-assisted malware model researchers now call “vibeware,” signaling how large language models are starting to industrialize mediocre but relentless attacks at scale. In i…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Researchers at Acronis have discovered a malicious trojanized version of the Red Alert rocket warning app targeting Israeli Android users. Distributed via fake Home Front Command SMS messages, this spyware steals GPS data, SMS messages, and contact lis…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A highly sophisticated China-linked threat actor, identified as UAT-9244, has been actively targeting critical telecommunications infrastructure across South America since 2024. Security researchers assess with high confidence that UAT-9244 exhibits cl…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Threat actors are abusing interest in Anthropic’s Claude Code tools by setting up fake download pages that ultimately drop a lightweight infostealer via mshta.exe. The campaign shows how a single living‑off‑the‑land binary (LOLBIN) can power an effecti…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A highly coordinated malware campaign that targets cryptocurrency and Web3 professionals through fake venture capital (VC) identities on LinkedIn. The operation combines advanced social engineering with cross-platform payloads and a ClickFix-style fake…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A new phishing campaign is using stolen certificates from TrustConnect Software PTY LTD to sign malware. By impersonating updates for Zoom and Microsoft Teams, hackers install RMM tools to gain persistent, privileged access to networks
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Iran‑nexus APT group “Dust Specter” is targeting Iraqi government officials with AI‑assisted custom .NET malware, using dual attack chains that blend DLL sideloading, in‑memory PowerShell, and ClickFix‑style lures. In January 2026, Zscaler ThreatLabz t…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
