A revamped version of the DarkCloud Infostealer has reemerged, according to researchers at eSentire’s Threat Response Unit (TRU). The malware, now at version 4.2, is being actively marketed to cybercriminals and has already been spotted in attacks against the manufacturing sector. DarkCloud’s Return DarkCloud is not new, but the malware…
A cyber-espionage campaign attributed to Iranian threat actor UNC1549 has compromised 34 devices across 11 telecommunications companies, according to new research from Swiss cybersecurity firm PRODAFT. The group, also tracked as Subtle Snail, used LinkedIn recruitment-themed lures to deliver a custom backdoor called MINIBIKE, bypassing detection through infrastructure proxied via…
Security researchers at Zscaler ThreatLabz have uncovered two malicious packages on the Python Package Index (PyPI) that delivered a Remote Access Trojan named SilentSync to Windows systems. The campaign, attributed to an uploader using the handle CondeTGAPIS, highlights the continuing risk of supply-chain attacks inside the Python ecosystem. Zscaler analysts…
A long-dormant macOS backdoor called ChillyHell has resurfaced, according to new research from Jamf Threat Labs. The malware, first documented in 2023, is once again active and evolving, showing signs that threat actors are refining their tactics to bypass Apple’s defenses. ChillyHell’s History ChillyHell was first uncovered in 2023 by…
Researchers at LevelBlue Labs have detailed a new malware campaign that used a fileless loader to deliver AsyncRAT, a widely abused Remote Access Trojan known for credential theft and full remote control of compromised systems. How the Attack Began The investigation revealed that attackers gained initial access through a compromised…
Akamai’s Hunt Team has identified a new strain of malware targeting misconfigured Docker APIs, expanding on a campaign first documented earlier this summer. Unlike earlier versions, which installed cryptocurrency miners, this variant focuses on blocking external access and installing persistence mechanisms, suggesting a larger objective. From Cryptomining to Control The…
Cybersecurity researchers at FortiGuard Labs have discovered a new malware threat called MostereRAT, which is being spread through phishing campaigns targeting Windows devices. Classified as high severity, this Remote Access Trojan (RAT) provides attackers with full control of compromised systems using tools like AnyDesk and TightVNC. How the Malware Works…
Cybersecurity researchers at Huntress have uncovered a malware campaign using a fake AnyDesk installer to spread MetaStealer, relying on the well-known ClickFix social engineering technique. The attack abuses Windows search and user trust in remote access tools to bypass security defenses. How the Scam Works The ClickFix method is a…
Darktrace has reported new malware hijacking Windows Character Map to conduct cryptomining attacks, exposing how everyday processes can be weaponized for hidden exploitation. The attack, detected in July 2025, underscores the growing sophistication of cryptojacking campaigns and the risks they pose to enterprise environments. How the Attack Worked On July…
Google has released its September 2025 Android security update, patching 120 vulnerabilities, including two zero-day flaws already exploited in targeted attacks. The update addresses weaknesses across multiple Android components, with fixes available for devices running supported versions. The Two Zero-Days Under Attack Google confirmed active exploitation of two privilege escalation…
