Malware
11 articles RSS
DAEMON Tools Lite Backdoored for 27 Days: Supply Chain Attack Targeted Government and Scientific Organizations in Russia, Belarus, and Thailand
Kaspersky found official DAEMON Tools Lite installers trojanized from April 8 to May 5, 2026, deploying a multi-stage backdoor to over a dozen targeted machines. CISA added CVE-2026-8398 to its KEV catalog on May 27.
Microsoft Dismantles Fox Tempest, a Malware-Signing Service That Issued Over a Thousand Fraudulent Certificates Through Azure
Microsoft's Digital Crimes Unit seized signspace.cloud and revoked more than 1,000 fraudulent code-signing certificates after Fox Tempest sold access to Azure Artifact Signing for $5,000–$9,000 per transaction to ransomware groups including Rhysida, Akira, and Qilin.
Flashpoint Report Finds Agentic AI Discussions on Criminal Forums Surged 1,500 Percent as Infostealers Fuel 3.3 Billion Stolen Credentials
Flashpoint's 2026 report documents a 1,500 percent spike in AI-related criminal forum activity, 3.3 billion stolen credentials from infostealers, and a 53 percent rise in ransomware incidents.
Qilin Ransomware Group Targets German Political Party Die Linke, Claiming 1.5 Terabytes of Stolen Data
Qilin ransomware group claims attack on German political party Die Linke, threatening to leak 1.5 terabytes of internal data in what the party calls a hybrid warfare operation.
Two Cybersecurity Professionals Face Up to 20 Years in Prison After Pleading Guilty to Running BlackCat Ransomware Attacks
An incident response manager at Sygnia and a ransomware negotiator at DigitalMint admitted to moonlighting as ALPHV/BlackCat affiliates, targeting five US companies and causing over $9.5 million in losses.
Axios npm Package Compromised in Supply Chain Attack Linked to North Korean Threat Actors, Delivering Cross-Platform RAT to Millions of Developers
Attackers hijacked the primary Axios maintainer's npm account and published two malicious versions that installed a cross-platform remote access trojan, exposing one of the JavaScript ecosystem's most downloaded packages.
TeamPCP Supply Chain Attack Reaches LiteLLM as Compromised AI Proxy Package Triggers 500,000 Credential Exfiltrations
Threat actor TeamPCP used credentials stolen in the Trivy compromise to backdoor LiteLLM versions 1.82.7 and 1.82.8 on PyPI, deploying a multi-stage credential stealer across an estimated 500,000 environments.
Europol Coalition Dismantles Tycoon 2FA Phishing Platform That Bypassed MFA at 500,000 Organizations Monthly
A coordinated operation led by Europol, Microsoft, and law enforcement agencies across six countries seized 330 domains powering the Tycoon 2FA phishing-as-a-service platform, which had accounted for 62 percent of all phishing attempts Microsoft blocked by mid-2025.
Trivy Supply Chain Attack Escalates as TeamPCP Hijacks 75 GitHub Action Tags, Defaced Aqua Security Repositories, and Spreads to npm
Threat actor TeamPCP compromised the widely used Trivy vulnerability scanner through a retained access token from an earlier incomplete remediation, injecting credential-stealing payloads into official releases and GitHub Actions while defacing 44 Aqua Security repositories.
Self-Propagating JavaScript Worm Vandalized Nearly 4,000 Wikipedia Pages in 23 Minutes Before Engineers Contained the Spread
A dormant malicious script planted on Russian Wikipedia in 2024 was inadvertently activated during a Wikimedia security review, modifying thousands of pages and 85 user scripts before engineers locked down editing across all projects.
IBM X-Force 2026 Report Reveals AI-Accelerated Attacks Exploiting Basic Security Gaps as Ransomware Groups Splinter and Multiply
IBM's annual threat index finds vulnerability exploitation now causes 40% of breaches, with 109 ransomware groups active and over 300,000 AI platform credentials stolen.