Malware

APT-C-23 resurfaces targeting Israel with Micropsia malware.

New campaign delivers Atomic Stealer to macOS via Script Editor in ClickFix variant attack.

New Chaos malware variant targets misconfigured cloud deployments, adds SOCKS proxy capability.

North Korean state-sponsored hacker accidentally exposes stolen data and credentials.

Threat actor advertises Session ID hijacking service for $5,000 USD in Monero.

Threat actor c00lssh advertises bulletproof VPS/RDP hosting services starting at $5.

Suspicious domains and IP address associated with system updater malware infrastructure identified.

Masjesu DDoS botnet targets IoT devices across Vietnam, Brazil, India, Iran, Kenya, and Ukraine.

Malicious .pth file discovered in litellm v1.82.8 PyPI package executes on Python startup.

ClickFix campaign uses fake CAPTCHAs to deploy Node.js RAT malware via Tor to steal crypto.

Kaspersky 2025 financial threat report shows infostealers surge while banking malware declines, with phishing shifting

Iran-linked hackers disrupt U.S. critical infrastructure by targeting internet-exposed PLCs.

US government warns of Iranian state-sponsored threat actors targeting industrial PLCs.

Daily dark web threat intelligence digest covering breaches, CVEs, and threat actor activity.

DOJ disrupts Russian military intelligence DNS hijacking operation via court order.

Microsoft attributes Medusa ransomware deployments to Storm-1175 exploiting N-day and zero-day vulnerabilities.

REF1695 group deploys Monero mining malware via fake non-profit installers since late 2023.

Max-severity RCE vulnerability CVE-2025-59528 in Flowise AI platform actively exploited.

Threat actor JINKUSU advertises OMNITRIX IMAP service for unauthorized email monitoring and manipulation.

APT28 exploits MikroTik and TP-Link routers in global DNS hijacking campaign for credential theft.

APT28 exploits routers to hijack DNS and conduct credential-stealing man-in-the-middle attacks.

Two WHQL-signed Windows kernel drivers found with arbitrary code execution vulnerability via IOCTL.

pcTattleTale stalkerware maker Bryan Fleming sentenced to $5K fine and supervised release.

CVE-2026-35616: FortiClient EMS pre-auth API bypass actively exploited in the wild.

DPRK-linked Kimsuky group uses GitHub as C2 in multi-stage LNK-based attacks on South Korean targets.

BreachForums database and source code offered for sale by DF owner Knox.

UAT-10608 exploits React2Shell flaw in Next.js apps for automated credential theft.

Infostealers harvesting billions of credentials and session cookies render traditional breach monitoring ineffective.

TeamPCP compromised LiteLLM PyPI packages to inject infostealer malware targeting developer credentials.

36 malicious NPM packages posing as Strapi plugins targeted Guardarian users.

North Korean UNC1069 targets Node.js maintainers with social engineering to compromise NPM packages.

Scammers deploy QR code phishing texts impersonating state courts to steal payment and personal data.

BreachForums clone 'pwnforums' launched on clearnet and dark web.

Hackers exploit React2Shell CVE in Next.js apps to steal credentials from 766 compromised hosts.

North Korean UNC1069 compromised Axios npm maintainer via social engineering to publish malicious package versions.

UNC1069 targets Node.js maintainers via fake LinkedIn/Slack profiles to compromise npm packages.

Russian darknet forum Rehub infrastructure details leaked including IP and domain.

SentinelOne AI EDR blocks zero-day; Axios supply chain attack hits npm/PyPI; Chrome zero-day exploited.

New ransomware group Krybit emerges with multiple Tor infrastructure.

New ransomware group Krybit emerges with Tor-based infrastructure.

Insikt Group report on 2025 LAC cybercrime landscape reveals 452 ransomware incidents targeting Brazil, Mexico,

China-linked TA416 targets European governments with PlugX malware and OAuth phishing.

Incogniton anti-detect browser promoted on cybercrime forum with free tier.

North Korean hackers abuse GitHub to spy on South Korean firms using LNK files and PowerShell.

SecurityWeek roundup: Android rootkit, ChatGPT data leak, water facility ransomware, FBI breach.

UNC1069 social engineered Axios npm maintainer to publish trojanized package versions.

SparkCat malware variant found on iOS and Android app stores steals crypto wallet recovery phrases.

Unit 42 uncovers campaign targeting military entities using NATO exercise and defense conference lures.

SentinelOne's AI-powered EDR detected Axios NPM supply chain attack within 89 seconds of suspected North Korean

Iranian threat actors shift from custom wiper malware to identity abuse and MDM weaponization.