malware
-
Blog
Discord flaw lets hackers reuse expired invites in malware campaign
Hackers are hijacking expired or deleted Discord invite links to redirect users to malicious sites that deliver remote access trojans and information-stealing malware. The campaign relies on a flaw in the Discord invitation system to leverage multi-stage infections that evade multiple antivirus engines. “Reviving” expired Discord invites Discord invite links are URLs that allow someone to join a specific Discord server. They…
Read More » -
Blog
Hackers exploited Windows WebDav zero-day to drop malware
An APT hacking group known as ‘Stealth Falcon’ exploited a Windows WebDav RCE vulnerability in zero-day attacks since March 2025 against defense and government organizations in Turkey, Qatar, Egypt, and Yemen. Stealth Falcon (aka ‘FruityArmor’) is an advanced persistent threat (APT) group known for conducting cyberespionage attacks against Middle East organizations. The flaw, tracked under CVE-2025-33053, is a remote code execution…
Read More » -
Blog
DanaBot malware operators exposed via C2 bug added in 2022
A vulnerability in the DanaBot malware operation introduced in June 2022 update led to the identification, indictment, and dismantling of their operations in a recent law enforcement action. DanaBot is a malware-as-a-service (MaaS) platform active from 2018 through 2025, used for banking fraud, credential theft, remote access, and distributed denial of service (DDoS) attacks. Zscaler’s ThreatLabz researchers who discovered the vulnerability, dubbed…
Read More » -
Blog
New Secure Boot flaw lets attackers install bootkit malware, patch now
Security researchers have disclosed a new Secure Boot bypass tracked as CVE-2025-3052 that can be used to turn off security on PCs and servers and install bootkit malware. The flaw affects nearly every system that trusts Microsoft’s “UEFI CA 2011” certificate, which is pretty much all hardware that supports Secure Boot. Binarly researcher Alex Matrosov discovered the CVE-2025-3052 flaw after finding…
Read More » -
Blog
Developers beware: Malware has been found in a dozen popular NPM packages – here’s what you need to know
More than a dozen NPM packages, with a combined million weekly downloads, have been compromised to deliver malware. Node Package Manager (NPM) is the widely-used default package manager for the JavaScript runtime environment, Node.js, and is used to install libraries, share packages, manage dependencies, run scripts, and more. A newly-discovered Remote Access Trojan (RAT) enables an attacker to execute shell…
Read More » -
Blog
OpenAI is clamping down on ChatGPT accounts used to spread malware
OpenAI has taken down a host of ChatGPT accounts linked to state-sponsored threat actors as it continues to tackle malicious use of its AI tools. The ten banned accounts, which have links to groups in China, Russia, and Iran, were used to support cyber crime campaigns, the company revealed late last week. “By using AI as a force multiplier for…
Read More » -
Blog
BADBOX 2.0 Android malware infects millions of consumer devices
The FBI is warning that the BADBOX 2.0 malware campaign has infected over 1 million home Internet-connected devices, converting consumer electronics into residential proxies that are used for malicious activity. The BADBOX botnet is commonly found on Chinese Android-based smart TVs, streaming boxes, projectors, tablets, and other Internet of Things (IoT) devices. “The BADBOX 2.0 botnet consists of millions of infected devices…
Read More » -
Blog
New PathWiper data wiper malware hits critical infrastructure in Ukraine
A new data wiper malware named ‘PathWiper’ is being used in targeted attacks against critical infrastructure in Ukraine, aimed at disrupting operations in the country. The payload was deployed through a legitimate endpoint administration tool, indicating that attackers had achieved administrative access to the system through a prior compromise. Cisco Talos researchers who discovered the attack attributed it with high…
Read More » -
Blog
Hackers are using fake Booking.com sites to infect summer travelers with dangerous malware — how to stay safe
Summer is here and if you haven’t booked your holiday travel plans yet, you’re going to want to be extra careful when doing so. The reason being, hackers are now using popular booking sites to infect unsuspecting travelers with dangerous password-stealing malware. According to the cybersecurity firm Malwarebytes, a new campaign has been spotted online that uses malicious links on…
Read More » -
Blog
Police takes down AVCheck site used by cybercriminals to scan malware
An international law enforcement operation has taken down AVCheck, a service used by cybercriminals to test whether their malware is detected by commercial antivirus software before deploying it in the wild. The service’s official domain at avcheck.net now displays a seizure banner with the crests of the U.S. Department of Justice, the FBI, the U.S. Secret Service, and the Dutch…
Read More »