Attackers are using DNS requests to deliver a RAT named ModeloRAT to targeted users.
The post Microsoft Warns of ClickFix Attack Abusing DNS Lookups appeared first on SecurityWeek.
With more than 37 million combined downloads, the extensions expose users to tracking and personal information theft.
The post Over 300 Malicious Chrome Extensions Caught Leaking or Stealing User Data appeared first on SecurityWeek.
Used since at least 2019, DKnife has been targeting the desktop, mobile, and IoT devices of Chinese users.
The post βDKnifeβ Implant Used by Chinese Threat Actor for Adversary-in-the-Middle Attacks appeared first on SecurityWeek.
The malware is known for dropping ransomware and other payloads, and for abusing infected machines to proxy traffic.
The post SystemBC Infects 10,000 Devices After Defying Law Enforcement Takedown appeared first on SecurityWeek.
Palo Alto Networks has not attributed the APT activity to any specific country, but evidence points to China.
The post Cyberspy Group Hacked Governments and Critical Infrastructure in 37 Countries appeared first on SecurityWeek.
Albeit mainly considered a theoretical risk, the flaw has been exploited to disable protections and deliver malware.
The post Critical React Native Vulnerability Exploited in the Wild appeared first on SecurityWeek.
The attacks targeting Europe were analyzed by Ukraineβs CERT-UA and the cybersecurity company Zscaler.
The post Russiaβs APT28 Rapidly Weaponizes Newly Patched Office VulnerabilityΒ appeared first on SecurityWeek.
A hacker published malicious versions of four established VS Code extensions to distribute a GlassWorm malware loader.
The post Open VSX Publisher Account Hijacked in Fresh GlassWorm Attack appeared first on SecurityWeek.
Security leaders share how artificial intelligence is changing malware, ransomware, and identity-led intrusions, and how defenses must evolve.
The post Cyber Insights 2026: Malware and Cyberattacks in the Age of AI appeared first on SecurityWeek.
Of 3,100 unprotected MongoDB instances, half remain compromised, most of them by a single threat actor.
The post Over 1,400 MongoDB Databases Ransacked by Threat Actor appeared first on SecurityWeek.
Hackers compromised a MicroWorld Technologies update server and fed a malicious file to eScan customers.
The post eScan Antivirus Delivers Malware in Supply Chain Attack appeared first on SecurityWeek.
Android users were lured to applications that served a malicious payload hosted in a Hugging Face repository.
The post Hugging Face Abused to Deploy Android RAT appeared first on SecurityWeek.
An LLMjacking operation has been targeting exposed LLMs and MCPs at scale, for commercial monetization.
The post LLMs Hijacked, Monetized in βOperation Bizarre Bazaarβ appeared first on SecurityWeek.
One of the largest residential proxy networks, IPIDEA enrolled devices through SDKs for mobile and desktop.
The post Google Disrupts IPIDEA Proxy NetworkΒ appeared first on SecurityWeek.
Russian and Chinese state-sponsored threat actors have been exploiting CVE-2025-8088 since July 2025.
The post APTs, Cybercriminals Widely Exploiting WinRAR Vulnerability appeared first on SecurityWeek.
Marketed as ChatGPT enhancement and productivity tools, the extensions allow the threat actor to access the victim's ChatGPT data.
The post Chrome, Edge Extensions Caught Stealing ChatGPT Sessions appeared first on SecurityWeek.
Priced $2,000 - $6,000 on a cybercrime forum, the MaaS toolkit promises publication on the Chrome Web Store.
The post βStanleyβ Malware Toolkit Enables Phishing via Website Spoofing appeared first on SecurityWeek.
10 years after disrupting the Ukrainian power grid, the APT targeted Poland with data-wiping malware.
The post Russian Sandworm Hackers Blamed for Cyberattack on Polish Power Grid appeared first on SecurityWeek.
The hackers trick victims into accessing GitHub or GitLab repositories that are opened using Visual Studio Code.
The post North Korean Hackers Target macOS Developers via Malicious VS Code Projects appeared first on SecurityWeek.
Providing cyberespionage and remote code execution capabilities, the malware is executed via DLL sideloading.
The post APT-Grade PDFSider Malware Used by Ransomware Groups appeared first on SecurityWeek.
Login
