Tag: malware
Hijacked npm and Go Packages Deploy Python Infostealer via VS Code Tasks
Researchers have identified two compromised npm packages and a cluster of malicious Go packages that abuse Visual Studio Code task mechanisms to…
DOJ Seizes Nearly 400 Illegal World Cup Streaming Domains
U.S. authorities took down close to 400 sites illegally broadcasting World Cup matches, warning that pirate streams expose viewers to malware and…
SimpleHelp Auth Bypass Exploited to Deploy Djinn Stealer and TaskWeaver
Attackers are actively exploiting a critical authentication bypass in SimpleHelp RMM software to install two previously undocumented malware families targeting developer credentials,…
Google Play Blocked 1.75 Million Bad Apps and 266 Million Risky Installs in 2025
Google's annual Android security report details how AI-enhanced review, expanded fraud protection, and real-time scanning kept malicious apps off devices at scale…
Chrome Launches Device Bound Session Credentials to Block Cookie Theft
Google's DBSC feature ties authentication sessions to hardware security modules, making exfiltrated cookies useless to attackers. It is now publicly available on…
Cisco Talos Uncovers BadIIS Malware-as-a-Service Ecosystem Tied to Chinese-Speaking Cybercrime
Cisco Talos researchers have identified a commodity BadIIS malware variant powering a mature malware-as-a-service operation used by Chinese-speaking threat actors to conduct…
Alleged Kimwolf Botmaster ‘Dort’ Arrested in Canada, Faces U.S. Charges
Jacob Butler, a 23-year-old Ottawa man, has been arrested by Canadian police and charged in both Canada and the United States for…
Operation FlutterBridge: New macOS Backdoor Spreads via Google Ads
Unit 42 researchers have identified a macOS malvertising campaign delivering a Flutter-based backdoor called FlutterShell, capable of browser hijacking, shell command execution,…
AI Agent Skills Need Supply-Chain Audits, Unit 42 Research Finds
A new audit primitive called Behavioral Integrity Verification scanned nearly 50,000 agent skills and found that 80 percent deviate from their declared…
Popa Android Botnet Tied to Publicly Traded Israeli Proxy Firm
Researchers from multiple security firms have linked the Popa botnet, which routes traffic through millions of compromised TV boxes, to NetNut, a…
Malicious Skills Persist on ClawHub Despite AI Agent Marketplace Scanning
Unit 42 researchers found five undetected malicious skills in OpenClaw's ClawHub marketplace between February and May 2026, including macOS infostealers and novel…
How Windows COM Becomes a Weapon: A Technical Primer from Cisco Talos
Cisco Talos breaks down how threat actors exploit the Component Object Model for lateral movement, persistence, evasion, and more, offering reverse-engineering guidance…