China-Linked Actors Abuse DNS in Advanced Espionage Malware
A China-linked cyber espionage malware campaign demonstrates how attackers abuse DNS traffic to maintain stealthy, long-term command-and-control access.
Tag: malware
Read More
Stealth Malware Loaders and AI-Assisted Attacks Reshape
Recent cyber threats highlight a sharp rise in stealth malware loaders and AI-assisted attack techniques, signaling a shift toward quieter, more adaptive initial access strategies that challenge traditional detection models.
Romanian Waters Agency Battles Outage After Ransomware Strike
The Romanian Waters Authority suffered a ransomware attack that disabled key hydrological systems, forced emergency containment actions, and exposed ongoing cybersecurity weaknesses in critical infrastructure.
Fake npm WhatsApp API Library Found Stealing Sensitive Data
A malicious npm package posing as a WhatsApp API library was found harvesting login tokens, messages, and contacts from developers, demonstrating a sophisticated supply chain attack that can persistently link attacker devices to compromised WhatsApp accounts.
Uzbekistan Users Face Wave of Android SMS-Stealing Malware
A new Android SMS stealer campaign is spreading across Uzbekistan, using deceptive apps to capture messages and authentication codes. The attack highlights fast-evolving mobile threats and the need for stronger device security.
Nefilim Ransomware Affiliate Pleads Guilty After Capture
A Ukrainian hacker has pled guilty in the Nefilim ransomware affiliate arrest, confirming his role in targeted extortion campaigns. This article examines the investigation, attack methods, and the broader implications for enterprise cybersecurity teams.
Fake OSINT GitHub Repos Used to Spread PyStoreRAT Malware
Cybercriminals are abusing fake OSINT GitHub repos to distribute PyStoreRAT, a JavaScript-based RAT that delivers diverse malware modules through deceptive open-source tools.
ThreatsDay Bulletin: Spyware Alerts and Emerging Global Malware
This week’s ThreatsDay Bulletin highlights rising spyware alerts, global scanning activity, and new Linux backdoor threats essential insight for defenders and SOC teams.
ClickFix AI Attack Uses Grok and ChatGPT to Deliver Malware
A new ClickFix-style attack abuses Grok and ChatGPT to deliver malware by convincing users to run malicious commands disguised as troubleshooting advice. This article explains how the attack works and how defenders can detect and prevent it.
EtherRAT: North Korean targeting developers via React2Shell
North Korean–linked attackers exploited a critical React2Shell vulnerability (CVE-2025-55182) to deploy a new smart-contract based RAT named EtherRAT. The malware uses Ethereum smart-contracts for C2 resolution, hides payloads through obfuscation, and employs multiple persistence mechanisms — a serious threat to Web3 and developer environments.