Malware & Ransomware News

Threat actors are now using .wav files to deliver malware. This new tactic puts users at risk. Stay aware and protect your systems from these threats.

A trojanized TestDisk installer is being used to deploy ScreenConnect, allowing attackers remote access. This poses a significant risk of data theft and unauthorized control. Stay vigilant against such threats.

A new investigation reveals that the Gentlemen ransomware is leveraging a SystemBC botnet of over 1,570 hosts for sophisticated attacks. This shift indicates a growing threat to corporate environments.

Ransomware attacks on automotive companies have surged, now representing 44% of cyber incidents. This trend highlights the vulnerabilities in the sector's technology reliance. Companies must enhance their defenses to combat this growing threat.

Ransomware negotiations can be stressful for organizations. Understanding the tactics used by cybercriminals is essential for CISOs to protect sensitive data and make informed decisions.

A new malware campaign is delivering both Gh0st RAT and CloverPlus adware simultaneously. This dual threat allows attackers to control systems and generate revenue. Security teams must enhance their defenses against this evolving threat.

FUD Crypt is a new malware-as-a-service that allows hackers to create Microsoft-signed malware easily. This poses a significant risk as it can bypass security measures. Cybersecurity teams must remain vigilant against these sophisticated threats.

A global operation targeting DDoS-for-hire platforms leads to four arrests and the seizure of over 50 domains, disrupting cybercriminal activities worldwide.

A trojanized Slack installer is giving attackers hidden access to your machine. This threat targets millions of users, posing risks to personal and corporate data. Stay vigilant and ensure you download software from official sites.

How It Works The adware, initially perceived as harmless, has morphed into a serious threat. The update from Dragon Boss, rolled out in March 2025, created a method for the malware to maintain persistence on infected systems. This means it can continue to operate even after reboots or system updates. Who's Being Targeted This malware primarily targets users of

A phishing email disguised as a DHL shipment notification tricks users into installing remote access software. This malware can lead to further attacks, including ransomware. Stay vigilant and check email sources carefully.

The PowMix botnet poses a significant threat to the Czech workforce, employing advanced techniques to compromise systems and evade detection. Immediate action is necessary to mitigate risks.

A new tactic called APK malformation is found in over 3000 Android malware samples, complicating detection efforts. This poses significant risks to users. Researchers have released tools to help combat this threat.

ZionSiphon malware targets Israeli water systems, aiming to disrupt operations by altering chlorine and pressure levels. Despite its potential threat, a flaw renders it currently ineffective.

Bluesky's services have been disrupted by a 24-hour DDoS attack, with the hacker group 313 Team claiming responsibility. The situation remains critical as users face ongoing outages.

A new malware called Steaelite combines ransomware and data theft into one tool. It automates attacks, making it a serious threat to organizations. Cybersecurity defenses need to adapt quickly to counter this evolving risk.

The Nexcorium botnet campaign, exploiting TBK DVR vulnerabilities, highlights the growing threat of IoT devices in cyberattacks. Security measures are urgently needed.

Cybercriminals are increasingly exploiting QEMU for ransomware delivery, utilizing hidden virtual machines to evade detection and maintain access to compromised networks. This trend raises significant security concerns.

AgingFly malware has been detected in Ukraine, targeting government and hospital systems to steal sensitive data. This poses a serious security risk to users. Authorities recommend blocking certain file types to mitigate the threat.

Threat actors are using n8n webhooks to deliver malware through phishing emails. This tactic has increased significantly, posing serious risks to users. Security teams must act to mitigate these threats.

Autovista is facing a ransomware attack that's disrupting services in Europe and Australia. Customers are advised to monitor updates and take precautions. The company is working to resolve the issue and restore applications.

A sophisticated adware campaign attributed to Dragon Boss Solutions has compromised over 25,000 endpoints worldwide, raising significant security concerns due to its ability to disable antivirus software and exploit unsecured update channels.

A new infostealer named NWHStealer is spreading through fake VPN sites and gaming mods. It's designed to steal passwords and cryptocurrency wallet information. Users must be cautious when downloading software to avoid falling victim.

A new report reveals that PRC state-sponsored hackers are using Brickstorm malware for persistent access in government and IT systems. Organizations are urged to act on the provided IoCs.

Microsoft's latest update enhances Windows security against RDP threats, introducing new warning dialogs and default restrictions on resource sharing to combat phishing attacks.

JanaWare ransomware is targeting Turkish citizens through sophisticated phishing tactics and advanced evasion techniques, leveraging a customized version of the Adwind RAT for its operations.

A new variant of the PlugX USB worm is spreading globally, using DLL sideloading techniques to evade detection and target sensitive data across multiple continents.

A new malware, Omnistealer, is stealing passwords and crypto wallets using blockchain technology. Over 300,000 credentials compromised, affecting various sectors. Protect your data now!

Hackers are exploiting the Obsidian Shell Commands plugin to deliver malware to financial sector professionals, utilizing advanced social engineering tactics and sophisticated techniques akin to recent high-profile attacks.

Hackers are exploiting vulnerabilities in Call of Duty: WWII, putting players' PCs at risk. Meanwhile, scammers are targeting families of the incarcerated. Stay alert to protect your data!

A ransomware attack at the Paris museum led to a €600,000 gold heist. Meanwhile, the Shai Hulud worm is compromising npm packages, stealing secrets. Cybersecurity vigilance is crucial.

A new Android banking trojan is linked to forced labor scams affecting mobile banking users. Trafficked individuals are exploited to distribute this malware. Awareness is crucial to combat this alarming trend.

A new social engineering campaign exploits Obsidian to deliver the PhantomPulse RAT, primarily targeting individuals in the financial and cryptocurrency sectors through LinkedIn and Telegram. This highlights significant vulnerabilities in legitimate applications.

Hackers are using MSBuild.exe to launch fileless attacks, evading detection. This trend poses serious risks to organizations relying on traditional security measures. It's crucial to adapt and enhance security strategies to combat these evolving threats.

Scans for the EncystPHP webshell have been detected, targeting vulnerable FreePBX systems. This trend underscores the need for stronger security measures. Stay informed and protect your systems from evolving cyber threats.

VIPERTUNNEL, a Python-based backdoor, is targeting US and UK businesses by disguising itself in fake DLL files and employing advanced obfuscation techniques to evade detection.

APT37, also known as ScarCruft, has been using Facebook to socially engineer targets into downloading RokRAT malware, leveraging trust-building tactics and sophisticated delivery methods.

JanelaRAT, a financial malware, is increasingly targeting users in Latin America with sophisticated phishing tactics and social engineering. Understanding its evolving methods is crucial for prevention.

A new Android malware implant has been discovered using Google Gemini for persistence tasks. This poses a significant risk to Android users, especially those downloading apps from untrusted sources. Stay informed about the evolving tactics of malware developers.

Advantest, a semiconductor testing specialist, has been hit by a ransomware attack. The company is now implementing incident response measures. This incident underscores the rising threat of ransomware in tech.

A fraud investigation has revealed sophisticated Python malware with advanced obfuscation techniques. This poses significant risks to organizations, particularly in finance. Immediate action is needed to mitigate potential threats.

Hackers are exploiting AI trust to deliver the AMOS Stealer, targeting Mac users. This malware uses social engineering to bypass traditional defenses, posing significant risks. Stay informed and protect your devices from this evolving threat.

A new malware, notnullOSX, is targeting cryptocurrency wallets worth over $10,000. Users in Taiwan, Vietnam, and Spain are particularly at risk. This malware tricks victims into downloading it, leading to potential theft of their crypto assets.

The CPUID website has been compromised, delivering trojanized versions of HWMonitor, CPU-Z, and PerfMonitor that deploy the STX RAT. Users downloading these tools may face serious malware risks. Immediate action is advised.

A malicious JavaScript file named cbmjlzan.JS was found in a phishing email. Only 15 antivirus programs flagged it, raising concerns about detection. Stay vigilant against such threats.

Cracked software is a hidden danger in many organizations. Employees often download these versions without realizing the risks. Discover five effective strategies to mitigate these threats.

STX RAT, a new remote access trojan, is targeting the finance sector with advanced stealth tactics, posing a significant threat to sensitive data.

A phishing campaign is exploiting Google Cloud Storage to deliver the Remcos RAT, making detection challenging and increasing risks for users.

A new stealthy malware campaign named RoningLoader has emerged, targeting Chinese-speaking users. It cleverly disguises itself as trusted software to evade detection, posing serious risks to security tools. Organizations must remain vigilant against this sophisticated threat.

A new malware campaign by the Silver Fox APT group is delivering ValleyRAT through a fake Telegram installer. This poses serious risks to users who may unknowingly install it. Stay vigilant and only download software from trusted sources.