Security Affairs

OCTOBER 13, 2024

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. Over 300,000!

Malware 127

Malware DDOS Cryptocurrency Education 127

eSecurity Planet

OCTOBER 22, 2024

These malware scams lure individuals with fake conference invitations designed to mimic legitimate meeting requests and exploit users’ trust. Cybercriminals employ social engineering techniques to trick you into believing you must resolve fictitious technical issues.

Scams 123

Scams Malware Phishing Social Engineering 123

Krebs on Security

NOVEMBER 12, 2024

Satnam Narang , senior staff research engineer at Tenable , says the danger with stolen NTLM hashes is that they enable so-called “pass-the-hash” attacks, which let an attacker masquerade as a legitimate user without ever having to log in or know the user’s password. This bug has earned a CVSS severity rating of 9.8 (10

Authentication 273

Authentication Engineering Malware Passwords 273

Security Affairs

OCTOBER 29, 2024

Suspected Russia-linked espionage group UNC5812 targets Ukraine’s military with Windows and Android malware via Telegram. Google TAG and Mandiant observed a Russia-linked group, tracked as UNC5812, targeting Ukraine’s military with Windows and Android malware via the Telegram channel “ Civil Defense.”

Malware 124

Malware Social Engineering Software Mobile 124

Tech Republic Security

FEBRUARY 27, 2025

Trends in cybersecurity across 2024 showed less malware and phishing, though more social engineering. CrowdStrike offers tips on securing your business.

Social Engineering 208

Social Engineering Engineering Phishing Malware 208

SecureWorld News

MAY 9, 2025

Google's Threat Intelligence Group (GTIG) has identified a new malware strain, dubbed "LOSTKEYS," attributed to the Russian state-sponsored hacking group COLDRIVER. The introduction of LOSTKEYS signifies a strategic shift towards deploying malware for direct data exfiltration. Cedric Leighton , CNN Military Analyst; U.S.

Malware 84

Malware Social Engineering Engineering Government 84

Tech Republic Security

MAY 13, 2025

By downloading what they believe is an AI-generated video, victims have installed malware that can steal their data or offer attackers remote access to infected devices.

Malware 132

Malware Artificial Intelligence Social Engineering Engineering 132

Schneier on Security

SEPTEMBER 20, 2024

This is really interesting. It’s a phishing attack targeting GitHub users, tricking them to solve a fake Captcha that actually runs a script that is copied to the command line.

Social Engineering 322

Social Engineering Engineering Phishing Malware 322

Penetration Testing

OCTOBER 27, 2024

The ReliaQuest Threat Research Team uncovered an intensified social engineering campaign tied to the ransomware group Black Basta.

Social Engineering 97

Social Engineering Engineering Ransomware Cybersecurity 97

Schneier on Security

DECEMBER 7, 2020

Clever tactic : This new malware was discovered by researchers at Dutch cyber-security company Sansec that focuses on defending e-commerce websites from digital skimming (also known as Magecart) attacks.

Media 327

Media Malware Social Engineering Engineering 327

Security Affairs

DECEMBER 1, 2024

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape.

Malware 75

Malware Social Engineering Antivirus Engineering 75

Security Affairs

APRIL 20, 2025

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malicious NPM Packages Targeting PayPal Users New Malware Variant Identified: ResolverRAT Enters the Maze Nice chatting with you: what connects cheap Android smartphones, WhatsApp and cryptocurrency theft?

Malware 83

Malware Cryptocurrency Engineering Encryption 83

Tech Republic Security

DECEMBER 12, 2023

Recruiters and anyone else involved in hiring processes should be knowledgeable about this social engineering attack threat. Get the details.

Social Engineering 204

Social Engineering Engineering Malware Big data 204

SecureList

APRIL 16, 2025

Instead, they rely on the default severity in the rule, which is often set randomly or based on an engineer’s opinion without a clear process. Detection engineering program Before diving into the program-level approach, we will first present the detection engineering lifecycle that forms the foundation of the proposed program.

Engineering 73

Engineering Threat Detection Firewall Digital transformation 73

Malwarebytes

APRIL 24, 2025

Then you’re like millions of other users now at risk from a new form of cybercrime – malware that can read your credit or debit card and hand its data over to an attacker. The malware, which cybersecurity company Cleafy calls SuperCard X, uses a feature now found in most Android phones: near-field communication (NFC).

Malware 98

Malware Banking Software Social Engineering 98

The Hacker News

NOVEMBER 28, 2024

A popular open-source game engine called Godot Engine is being misused as part of a new GodLoader malware campaign, infecting over 17,000 systems since at least June 2024.

Engineering 138

Engineering Malware 138

SecureWorld News

MARCH 13, 2025

A recent report from Tenable highlights how DeepSeek R1, an open-source AI model, can generate rudimentary malware, including keyloggers and ransomware. While the AI-generated malware required manual debugging to function properly, its mere existence signals an urgent need for security teams to adapt their defenses.

Malware 111

Malware Cybersecurity Cyber threats Threat Detection 111

The Hacker News

OCTOBER 8, 2024

Users searching for game cheats are being tricked into downloading a Lua-based malware that is capable of establishing persistence on infected systems and delivering additional payloads.

Engineering 135

Engineering Malware 135

Tech Republic Security

AUGUST 23, 2024

A new malware called NGate allows cybercriminals to steal near field communication data from Android phones via sophisticated social engineering. The data is relayed to the fraudsters before being used to steal cash.

Social Engineering 209

Social Engineering Malware Engineering Banking 209

Security Affairs

OCTOBER 11, 2024

Observed ChatGPT behavior mainly involved reconnaissance, threat actors used the OpenAI’s platform to seek info on companies, services, and vulnerabilities, similar to search engine queries. The group used the chatbot to receive support in Android malware development and to create a scraper for the social media platform Instagram.

Malware 139

Malware Social Engineering Engineering Hacking 139

Krebs on Security

AUGUST 2, 2022

Compounding the problem, several remaining malware-based proxy services have chosen to block new registrations to avoid swamping their networks with a sudden influx of customers. com , a malware-based proxy network that has been in existence since at least 2010. Last week, a seven-year-old proxy service called 911[.]re

Malware 322

Malware Cybercrime Internet Internet 322

Penetration Testing

NOVEMBER 11, 2024

Cado Security Labs has uncovered a targeted GuLoader malware campaign aimed at European industrial and engineering companies.

Engineering 117

Engineering Malware Cybersecurity 117

Tech Republic Security

FEBRUARY 15, 2024

Whether an infection is the result of a disgruntled employee, hardware vulnerability, software-based threat, social engineering penetration, robotic attack or human error, all organizations must be prepared to immediately respond effectively to such an issue if the corresponding damage is to be minimized.

Malware 179

Malware Social Engineering Engineering Software 179

Krebs on Security

NOVEMBER 9, 2024

“This is social engineering at the highest level and there will be failed attempts at times. “In terms of overall social engineering attacks, the more you have a relationship with someone the more they’re going to trust you,” Donahue said. Don’t be discouraged. dot-gov emails get hacked.

Hacking 291

Hacking Accountability Government Social Engineering 291

Krebs on Security

JUNE 1, 2023

This post is a deep dive on “ Megatraffer ,” a veteran Russian hacker who has practically cornered the underground market for malware focused code-signing certificates since 2015. More recently, it appears Megatraffer has been working with ransomware groups to help improve the stealth of their malware. WHO IS MEGATRAFFER?

Malware 311

Malware Cybercrime Software Accountability 311

Krebs on Security

APRIL 18, 2023

For the past seven years, a malware-based proxy service known as “ Faceless ” has sold anonymity to countless cybercriminals. The proxy lookup page inside the malware-based anonymity service Faceless. Microsoft’s Bing search engine says gaihnik@mail.ru Image: spur.us. Image: Darkbeast/Ke-la.com.

Malware 302

Malware Passwords Accountability Advertising 302

Schneier on Security

APRIL 2, 2024

An intentionally placed backdoor in xz Utils, an open-source compression utility, was pretty much accidentally discovered by a Microsoft engineer—weeks before it would have been incorporated into both Debian and Red Hat Linux. The cybersecurity world got really lucky last week. modified the way the software functions.

Social Engineering 359

Social Engineering Engineering Software Encryption 359

eSecurity Planet

MARCH 14, 2025

A recent phishing campaign has raised alarms among cybersecurity professionals after it impersonated Booking.com to deliver a suite of credential-stealing malware. This command, executed via mshta.exe, downloads and launches various malware families, such as XWorm, Lumma Stealer, VenomRAT, AsyncRAT, Danabot, and NetSupport RAT.

Phishing 65

Phishing Malware Social Engineering Authentication 65

Krebs on Security

MARCH 27, 2025

Many successful phishing attacks result in a financial loss or malware infection. Rather, it appears those responsible are promoting them by manipulating the search engine results shown when someone searches for one of these anti-Putin organizations.

Phishing 223

Phishing Government Engineering Internet 223

Krebs on Security

JULY 25, 2023

Now new findings reveal that AVrecon is the malware engine behind a 12-year-old service called SocksEscort , which rents hacked residential and small business devices to cybercriminals looking to hide their true location online. ” According to Kilmer, AVrecon is the malware that gives SocksEscort its proxies.

Malware 244

Malware VPN Internet Internet 244

Security Affairs

AUGUST 18, 2024

Mad Liberator employs social engineering techniques to gain access to the victim’s environment, specifically targeting organizations using remote access tools like Anydesk. However, the social-engineering tactics the group used in the case described above are noteworthy – but they are not unique. ” concludes the report.

Social Engineering 145

Social Engineering Engineering Ransomware Cybercrime 145

SecureList

MARCH 25, 2025

In mid-March 2025, Kaspersky technologies detected a wave of infections by previously unknown and highly sophisticated malware. We quickly analyzed the exploit code, reverse-engineered its logic, and confirmed that it was based on a zero-day vulnerability affecting the latest version of Google Chrome. Generic Trojan.Win64.Agent

Malware 143

Malware Education Technology Media 143

Krebs on Security

MARCH 11, 2025

Rapid7’s lead software engineer Adam Barnett said Windows 11 and Server 2019 onwards are not listed as receiving patches, so are presumably not vulnerable. However, ESET notes the vulnerability itself also is present in newer Windows OS versions, including Windows 10 build 1809 and the still-supported Windows Server 2016.

System Administration 235

System Administration Engineering Internet Internet 235

Security Affairs

NOVEMBER 15, 2024

The Glove Stealer malware exploits a new technique to bypass Chrome’s App-Bound encryption and steal browser cookies. The malware could harvest a huge trove of data from infected systems, including cookies, autofill, cryptocurrency wallets, 2FA authenticators, password managers, and email client information.

Encryption 120

Encryption Password Management Cryptocurrency Social Engineering 120

The Hacker News

DECEMBER 20, 2024

The Lazarus Group, an infamous threat actor linked to the Democratic People's Republic of Korea (DPRK), has been observed leveraging a "complex infection chain" targeting at least two employees belonging to an unnamed nuclear-related organization within the span of one month in January 2024.

Engineering 136

Engineering Malware 136

Malwarebytes

FEBRUARY 4, 2025

This warning comes from our 2025 State of Malware report, which compiled a years worth of intelligence to identify the most pressing cyberattacks on the horizon. You can find the full 2025 State of Malware report here. And if the model works for individuals, theres little reason it wouldnt work for individual business owners.

Artificial Intelligence 144

Artificial Intelligence Small Business Malware Technology 144

Security Affairs

APRIL 17, 2025

to deliver info-stealing malware via fake crypto trading sites like Binance and TradingView. increasingly used in malware campaigns since October 2024, including an ongoing crypto-themed malvertising attack as of April 2025. to deploy malware, shifting from traditional scripts like Python or PHP. Microsoft has observed Node.js

Social Engineering 119

Social Engineering Malware Cryptocurrency Engineering 119