Threat actors are abusing Visual Studio Code extension dependencies in the Open VSX registry to distribute the GlassWorm malware loader through 72 malicious extensions targeting developers.
A sophisticated supply chain attack dubbed ForceMemo is leveraging stolen GitHub tokens to inject malware into hundreds of Python repositories, marking a dangerous escalation in the ongoing GlassWorm campaign targeting software developers. The Attack Chain According to StepSecurity research, the attackers are targeting Python projects including Django applications, machine learning research code, Streamlit dashboards, and…
A newly discovered botnet called KadNap is turning ASUS routers and edge networking devices into covert proxies for cybercriminal operations. Since August 2025, the malware has infected over 14,000 devices across the globe, with researchers from Black Lotus Labs (Lumen Technologies) revealing a sophisticated command-and-control (C2) infrastructure that leverages a customized version of the Kademlia…
Trend Micro researchers have uncovered a large-scale malware distribution campaign using over 100 GitHub repositories to spread BoryptGrab, an information stealer that targets browser credentials, cryptocurrency wallets, and sensitive files while deploying reverse SSH backdoors for persistent access. The campaign leverages the trust users place in GitHub to distribute malware disguised as legitimate software tools,…
A massive malware distribution campaign has been discovered leveraging more than 100 GitHub repositories to spread the BoryptGrab information stealer. According to Trend Micro research, the campaign targets Windows users through deceptive downloads masquerading as legitimate software tools and gaming cheats. The Attack Chain The threat actors behind this campaign have deployed an extensive network…
Pakistan-aligned threat actor Transparent Tribe (APT36) has embraced AI-assisted malware development to flood Indian government networks with disposable, polyglot implants—a technique security researchers are calling “vibeware” or Distributed Denial of Detection (DDoD). AI-Powered Malware Industrialization According to Bitdefender’s research, APT36 has shifted from sophisticated, handcrafted implants to high-volume, AI-generated malware written in obscure programming languages…
Security researchers at Securonix have uncovered a sophisticated multi-stage malware campaign dubbed VOID#GEIST that delivers three separate remote access trojans (RATs) through an elaborate infection chain designed to evade detection. A Modular Attack Framework Unlike traditional malware that relies on standalone executables, VOID#GEIST employs a modular pipeline comprising batch scripts for orchestration, PowerShell for stealthy…
Akamai SIRT discovers Zerobot botnet actively exploiting CVE-2025-68613 in n8n workflow automation platform, marking a shift from traditional IoT targeting to enterprise infrastructure.
A sophisticated supply chain attack has been uncovered targeting Go developers through a malicious module that impersonates the legitimate golang.org/x/crypto library. The attack demonstrates how threat actors are increasingly exploiting namespace confusion to compromise developer environments and deploy persistent backdoors. The Attack Mechanism Security researchers at Socket discovered the malicious module github[.]com/xinfeisoft/crypto, which masquerades as…
A sophisticated phishing campaign has been discovered that transforms web browsers into comprehensive surveillance platforms by masquerading as a Google Account security page. According to Malwarebytes researchers, this attack represents one of the most fully-featured browser-based surveillance toolkits observed in the wild. Attack Methodology The attack begins with a convincing replica of a Google Account…
