All Malware Data Breach Privacy APT Vulnerability General
The Hacker News Malware

China-Linked DKnife AitM Framework Targets Routers for Traffic Hijacking, Malware Delivery

Cybersecurity researchers have taken the wraps off a gateway-monitoring and adversary-in-the-middle (AitM) framework dubbed DKnife that's operated by China-nexus threat actors since at least 2019. The framework comprises seven Linux-based implants that are designed to perform dee

The Hacker News Malware

OpenClaw Integrates VirusTotal Scanning to Detect Malicious ClawHub Skills

OpenClaw (formerly Moltbot and Clawdbot) has announced that it's partnering with Google-owned VirusTotal to scan skills that are being uploaded to ClawHub, its skill marketplace, as part of broader efforts to bolster the security of the agentic ecosystem. "All skills published to

The Hacker News Malware

TeamPCP Worm Exploits Cloud Infrastructure to Build Criminal Infrastructure

Cybersecurity researchers have called attention to a "massive campaign" that has systematically targeted cloud native environments to set up malicious infrastructure for follow-on exploitation. The activity, observed around December 25, 2025, and described as "worm-driven," lever

The Hacker News Malware

Bloody Wolf Targets Uzbekistan, Russia Using NetSupport RAT in Spear-Phishing Campaign

The threat actor known as Bloody Wolf has been linked to a campaign targeting Uzbekistan and Russia to infect systems with a remote access trojan known as NetSupport RAT. Cybersecurity vendor Kaspersky is tracking the activity under the moniker Stan Ghouls. The threat actor is kn

The Hacker News Malware

⚡ Weekly Recap: AI Skill Malware, 31Tbps DDoS, Notepad++ Hack, LLM Backdoors and More

Cyber threats are no longer coming from just malware or exploits. They’re showing up inside the tools, platforms, and ecosystems organizations use every day. As companies connect AI, cloud apps, developer tools, and communication systems, attackers are following those same paths.

The Hacker News Malware

Warlock Ransomware Breaches SmarterTools Through Unpatched SmarterMail Server

SmarterTools confirmed last week that the Warlock (aka Storm-2603) ransomware gang breached its network by exploiting an unpatched SmarterMail instance. The incident took place on January 29, 2026, when a mail server that was not updated to the latest version was compromised, the

The Hacker News Malware

From Ransomware to Residency: Inside the Rise of the Digital Parasite

Are ransomware and encryption still the defining signals of modern cyberattacks, or has the industry been too fixated on noise while missing a more dangerous shift happening quietly all around them? According to Picus Labs’ new Red Report 2026, which analyzed over 1.1 million mal

The Hacker News Malware

Reynolds Ransomware Embeds BYOVD Driver to Disable EDR Security Tools

Cybersecurity researchers have disclosed details of an emergent ransomware family dubbed Reynolds that comes embedded with a built-in bring your own vulnerable driver (BYOVD) component for defense evasion purposes within the ransomware payload itself. BYOVD refers to an adversari

The Hacker News Malware

SSHStalker Botnet Uses IRC C2 to Control Linux Systems via Legacy Kernel Exploits

Cybersecurity researchers have disclosed details of a new botnet operation called SSHStalker that relies on the Internet Relay Chat (IRC) communication protocol for command-and-control (C2) purposes. "The toolset blends stealth helpers with legacy-era Linux exploitation: Alongsid

The Hacker News Malware

APT36 and SideCopy Launch Cross-Platform RAT Campaigns Against Indian Entities

Indian defense sector and government-aligned organizations have been targeted by multiple campaigns that are designed to compromise Windows and Linux environments with remote access trojans capable of stealing sensitive data and ensuring continued access to infected machines. The

Kaspersky Malware

The game is over: when “free” comes at too high a price. What we know about RenEngine

We disclose new details about campaigns involving RenEngine and HijackLoader malware. Since March 2025, attackers have been distributing the Lumma stealer in a complex chain of infections, and in February 2026, ongoing attacks using ACR Stealer became known.

Unit42 Malware

Nation-State Actors Exploit Notepad++ Supply Chain

Unit 42 reveals new infrastructure associated with the Notepad++ attack. This expands understanding of threat actor operations and malware delivery. The post Nation-State Actors Exploit Notepad++ Supply Chain appeared first on Unit 42.

Prev 1 ... 13 14 15 16 17 ... 21 Next