Category: cyber-security-news

Claude-Generated Commit Adds PromptMink Malware to Crypto Trading Agent A new threat has quietly taken root in the software development world, using an AI coding assistant as an unknowing participant in a supply chain attack. A malicious npm package campaign called PromptMink surfaced after being introduced into an open-source autonomous crypto trading project through a…

Novel KarstoRAT RAT Enables Webcam Monitoring, Audio Recording, and Remote Payload Execution A newly identified remote access trojan called KarstoRAT has been found in sandbox analyses and malware repositories since early 2026. The malware gives attackers a broad set of remote-control capabilities over compromised Windows machines, including webcam capture, audio recording, keylogging, screenshot theft, and…

New Vect 2.0 RaaS Operation Targets Windows, Linux, and ESXi Systems A new ransomware group known as Vect 2.0 has entered the global cyberthreat landscape, operating as a full Ransomware-as-a-Service (RaaS) platform that targets Windows, Linux, and VMware ESXi systems. The group first appeared in December 2025 and rapidly scaled its activity through February 2026,…

New VECT 2.0 Ransomware Destroys Files Over 128 KB Across Windows, Linux, and ESXi A newly documented ransomware strain called VECT 2.0 has drawn serious attention from the cybersecurity community for a deeply damaging flaw in its design. Unlike typical ransomware that locks files and demands payment for decryption, VECT 2.0 permanently destroys any file…

New BlueNoroff Campaign Uses Fileless PowerShell and AI-Generated Zoom Lures A dangerous new cyber campaign from North Korea’s Lazarus Group is targeting cryptocurrency and Web3 professionals using fake Zoom meeting interfaces, fileless PowerShell scripts, and AI-generated deepfake content. The group behind this activity is BlueNoroff, a financially motivated subgroup known for stealing digital assets. This…

OilRig Hides C2 Configuration in Google Drive Image Using LSB Steganography A well-known Iranian state-sponsored hacking group called OilRig, also tracked as APT34 and Helix Kitten, has been found hiding its command-and-control (C2) server configuration inside a regular-looking image file stored on Google Drive. The threat group used a technique called LSB (Least Significant Bit)…

Vidar Malware Hides Second-Stage Payloads in JPEG and TXT Files to Evade Detection Vidar, one of the most active information-stealing malware families, has taken on a new shape in 2026. Researchers have found that its latest version now conceals second-stage payloads inside JPEG image files and TXT documents, making it much harder for security tools…

‘fast16’ Malware with Sabotage Capabilities Attacking Ultra expensive Targets The fast16 malware is a recently exposed sabotage‑capable threat designed to target extremely high‑value environments and ultra‑expensive systems with precision. It does not behave like common commodity malware that aims for broad infections, but instead focuses on select victims where disruption or long‑term control can cause…

Hackers Use Fake CAPTCHA Pages to Trigger Costly International SMS Fraud Most internet users are familiar with CAPTCHA tests, simple challenges like selecting traffic lights or typing distorted letters to confirm they are human. But cybercriminals have found a way to weaponize this process. Hackers are now building fake CAPTCHA pages that trick users into…

Hackers Use Telegram Bots to Track 900+ Successful React2Shell Exploits A newly exposed server has revealed how a threat actor used automated tools, AI assistance, and Telegram bots to silently hack into more than 900 companies around the world. The operation, built around a tool called “Bissa scanner,” targeted internet-facing web applications at a massive…

Ransomware Hackers Develop Custom Exfiltration Tool to Steal Sensitive Data Ransomware attackers are no longer relying only on widely known tools to steal data. Affiliates linked to the Trigona ransomware group have taken a more calculated approach by building their own custom data exfiltration tool, one that gives them greater precision, speed, and control over…

109 Fake GitHub Repositories Used to Deliver SmartLoader and StealC Malware A large-scale malware distribution campaign has been uncovered involving 109 fake GitHub repositories that were used to trick users into downloading two dangerous malware tools named SmartLoader and StealC. The campaign was carefully built around cloned versions of legitimate open-source projects, making it hard…

Malicious Google Ads Target Crypto Users With Wallet Drainers and Seed Phrase Theft Cybercriminals are now using Google’s own advertising platform to steal cryptocurrency from unsuspecting users. They place fake ads that look exactly like real links to popular crypto applications, and when users click on them, they land on websites designed to drain their…

Microsoft-Signed Binary Used to Sneak LOTUSLITE Into India-Focused Espionage Campaign A state-linked threat group has been caught running a quiet but carefully planned espionage operation against India’s banking sector, using a trusted Microsoft-signed file to slip malware past security defenses. The campaign delivers a new version of the LOTUSLITE backdoor through a technique known as…

SideWinder Uses Fake Chrome PDF Viewer and Zimbra Clone to Steal Government Webmail Credentials A well-known advanced persistent threat group called SideWinder has launched a highly targeted phishing campaign against South Asian government organizations, using a fake Chrome PDF viewer and a pixel-perfect clone of the Zimbra email login portal to steal employee credentials. The…

Hackers Use CVE-2024-3721 to Infect TBK DVRs With Nexcorium DDoS Malware A newly identified botnet campaign is actively exploiting a critical flaw in TBK digital video recorders to deploy a dangerous piece of malware known as Nexcorium, a Mirai-based threat built to launch large-scale distributed denial-of-service attacks. The vulnerability at the center of this campaign,…

Hackers Target TP-Link Routers With Mirai Malware in CVE-2023-33538 Exploitation Attempts A known security flaw in several end-of-life TP-Link Wi-Fi routers is being actively targeted by hackers trying to install Mirai-based botnet malware on vulnerable devices. The vulnerability, tracked as CVE-2023-33538, affects multiple TP-Link models that no longer receive vendor updates, leaving users with no…

Hackers Target Israeli Desalination Plants With ZionSiphon Sabotage Malware A newly discovered piece of malware called ZionSiphon has raised serious concerns about the security of critical water infrastructure in Israel. The malware was built with a clear focus: to infiltrate and potentially sabotage Israeli water treatment and desalination systems, the very facilities responsible for providing…

Hackers Target Trucking and Freight Firms to Steal Real-World Cargo Shipments A new wave of cyber attacks is hitting trucking carriers and freight brokers, and the goal is not just data theft. Criminals are breaking into logistics companies digitally to steal physical cargo shipments worth millions of dollars in the real world. Cargo theft is…

New Chrome Privacy Analysis Shows How Fingerprinting and Header Leaks Can Expose Users Google Chrome is the most widely used browser in the world, yet a sweeping new analysis reveals it offers users almost no protection against fingerprinting and data leaks that quietly expose their identity to websites and trackers. Published April 14, 2026, the…

Fake Adobe Reader Download Delivers ScreenConnect Through Stealthy In-Memory Loader A newly uncovered attack campaign is tricking users into installing remote access software on their systems by disguising malware as a legitimate Adobe Acrobat Reader download. The attack uses a sophisticated chain of techniques — including in-memory execution, process masquerading, and privilege escalation — to…

1,250+ C2 Servers Mapped Across Russian Hosting Across 165 Providers Cybersecurity researchers have uncovered a large and organized network of malicious infrastructure quietly running inside Russia’s commercial hosting ecosystem. Over a three-month window from January 1 to April 1, 2026, more than 1,250 active command-and-control (C2) servers were detected across 165 Russian infrastructure providers, spanning…

FUNNULL-Linked Triad Nexus Resurfaces With 175+ Rotating CNAME Domains and Global Scam Portals A cybercriminal group tied to the FUNNULL Content Delivery Network has made a calculated return with a far more sophisticated and evasive infrastructure. Known as Triad Nexus, the group has rebuilt its global fraud operation following U.S. Treasury sanctions, deploying over 175…

New JanaWare Ransomware Targets Turkish Users Through Customized Adwind RAT A new ransomware family called JanaWare has begun targeting computer users in Turkey, relying on a customized version of the Adwind remote access trojan (RAT) to gain a foothold on victims’ systems. This campaign stands out because it combines a known cross‑platform RAT with fresh…

25,000+ Endpoints Exposed by Dragon Boss Solutions Update Domain Supply Chain Attack What started as a routine adware alert quickly turned into something far more serious. On the morning of March 22, 2026, security alerts began firing across multiple managed environments, all linked to software signed by a company called Dragon Boss Solutions LLC. The…

Hackers Use Fake Proxifier Installer on GitHub to Spread ClipBanker Crypto-Stealing Malware A dangerous malware campaign has been silently targeting cryptocurrency users by hiding inside a fake version of Proxifier, a popular proxy software tool. Threat actors set up a GitHub repository designed to look like a legitimate Proxifier download, but the installer bundled inside…

Hackers Abuse GitHub and Jira Notifications to Deliver Phishing Through Trusted SaaS Channels Cybercriminals are now weaponizing the very tools that developers and IT teams trust the most. By abusing the automated notification features built into GitHub and Jira, threat actors are delivering convincing phishing emails that originate directly from those platforms’ own servers. What…

Critical WordPress Plugin Flaw Lets Attackers Bypass Authentication and Gain Admin Access A critical security flaw found in a widely used WordPress plugin is putting thousands of websites at serious risk worldwide. Tracked as CVE-2026-1492, this vulnerability affects the User Registration & Membership plugin for WordPress and lets attackers completely bypass the login process to…

Trojanized OpenVSX Extension Spreads GlassWorm Across VS Code, Cursor, and Windsurf A fake developer extension published on the OpenVSX marketplace is silently spreading a known malware strain called GlassWorm to every code editor installed on a developer’s machine. The malicious package disguises itself as a legitimate productivity tool and uses a compiled native binary to…