Malware & Threats
Part entrepreneurial adventure, part security history, Bernardo Quintero's 'Infected' documents how the VirusTotal side project became a threat-intel cornerstone.
Hi, what are you looking for?
Google has filed a lawsuit against the Badbox 2.0 botnet operators, after identifying over 10 million infected Android devices.
Part entrepreneurial adventure, part security history, Bernardo Quintero's 'Infected' documents how the VirusTotal side project became a threat-intel cornerstone.
Microsoft researchers catches Russia's Star Blizzard hackers spear-phishing with QR codes and WhatsApp group chats.
North Korea-linked Lazarus Group is targeting freelance software developers to compromise the supply chain.
Law enforcement turns the PlugX malware’s own self-delete mechanism against it, nuking the China-linked trojan from thousands of US machines.
Patch Tuesday: Adobe ships patches for more than a dozen security defects in a wide range of software products.
Patch Tuesday: Microsoft's January Patch Tuesday rollout includes fixes for 160 security defects, the largest number of CVEs addressed in any single month since...
Apparently malicious NPM packages linked to Snyk raised some concerns, but the security firm clarified that it’s part of a research project.
Attackers have been exploiting a second vulnerability in BeyondTrust’s remote management solutions, CISA warns.
Infostealer malware allowed threat actors to compromise Telefonica employees’ credentials and access the company’s internal ticketing system.
A fake proof-of-concept (PoC) exploit for a recent LDAP vulnerability distributes information stealer malware.
The latest version of the Banshee macOS information stealer no longer checks if the infected systems have the Russian language installed.
Google Cloud’s Mandiant has linked the exploitation of CVE-2025-0282, a new Ivanti VPN zero-day, to Chinese cyberspies.
Ivanti confirms zero-day exploitation of a remotely exploitable code execution flaw in its Connect Security product line.
Close to $500 million in cryptocurrency from over 332,000 addresses was stolen in 2024 using wallet drainer malware.
The FireScam Android infostealer monitors app notifications and harvests credentials and financial data and sends it to a Firebase database.
Noteworthy stories that might have slipped under the radar: McDonald’s API hacking, Netflix fined nearly $5 million in Netherlands, experimental malware killing ICS process.
Bitsight has discovered a BadBox botnet consisting of over 190,000 Android devices, mainly Yandex smart TVs and Hisense smartphones.
Juniper Networks says a Mirai botnet is ensnaring session smart router devices that are using default passwords.
FBI says HiatusRAT’s operators were seen scanning for web cameras and DVR systems affected by years-old vulnerabilities.
Israeli forensics firm Cellebrite has been linked to an Android zero-day used to secretly install spyware on Serbian journalists' phones.