Malware & Threats
Fake CAPTCHA pages instruct victims to paste malicious commands in the Windows Terminal instead of the Run dialog.
Hi, what are you looking for?
The threat actor is focused on collecting credentials, SSH keys, cryptocurrency wallets, and development tooling.
Fake CAPTCHA pages instruct victims to paste malicious commands in the Windows Terminal instead of the Run dialog.
Threat actors replace legitimate commands on the cloned installation webpages with malicious commands.
The malware targets browser and cryptocurrency wallet data, along with system information and user files.
Employees seeking free versions of paid software may unknowingly install malware-laced “cracked” apps that can steal credentials, deploy cryptominers, or open the door to...
Using Windows shortcut files, the APT deployed a new implant, a loader, a propagation tool, and two backdoors.
Other noteworthy stories that might have slipped under the radar: cyber valuations surge, OpenAI disrupts malicious AI use, ShinyHunters claims Odido breach.
Aeternum operates on smart contracts, making its command-and-control (C&C) infrastructure difficult to disrupt.
Already added to CISA’s KEV catalog, the flaw allows attackers to bypass authentication and gain administrative privileges.
The UNC2814 threat actor has been active since at least 2017, targeting organizations across 42 countries.
Written in C++ and Python, the malware exfiltrates system information, browser data, and steals files.
The malicious code propagates like a worm, poisons AI assistants, exfiltrates secrets, and contains a destructive dead switch.
The FBI has confirmed that the Ploutus malware, which has been around for over a decade, is still being used in the wild.
The malware leverages Gemini to analyze on-screen elements and ensure that it remains on the device even after a reboot.
Security researchers have seen the vulnerabilities being exploited to deliver shells, conduct reconnaissance, and download malware.
The malware has been preinstalled on many devices but it has also been distributed through Google Play and other app stores.
GTIG and Mandiant said the zero-day tracked as CVE-2026-22769 has been exploited by UNC6201 since at least 2024.
Attackers are using DNS requests to deliver a RAT named ModeloRAT to targeted users.
With more than 37 million combined downloads, the extensions expose users to tracking and personal information theft.
Transparent Tribe (APT36) is targeting Indian defense and government sectors with GETA, ARES, and Desk RATs in a new wave of economic cyber espionage.
Available via Telegram, researchers warn ZeroDayRAT is a ‘complete mobile compromise toolkit’ comparable to kits normally requiring nation-state resources to develop.