A sophisticated supply chain worm dubbed SANDWORMMODE is actively targeting the npm ecosystem, compromising at least 19 malicious packages designed to steal developer credentials and CI/CD secrets while automatically spreading across repositories and workflows. Researchers at Socket identified the campaign, which uses typosquatted npm packages and poisoned GitHub Actions to infect developer machines and CI…
Attackers are running a sophisticated malvertising campaign that leverages paid Facebook ads to distribute credential-stealing malware disguised as official Windows 11 updates. The campaign uses convincing fake Microsoft download pages and includes multiple technical countermeasures designed to evade security researchers. How the Attack Works The campaign starts with professional-looking Facebook advertisements featuring Microsoft branding, promoting…
The massive Kimwolf IoT botnet has caused significant disruptions to The Invisible Internet Project (I2P), a decentralized privacy network, after botnet operators accidentally overwhelmed the system while attempting to use it for command-and-control evasion. The Attack According to Krebs on Security, I2P users began reporting severe network disruptions on February 3, 2026, when tens of…
Google Threat Intelligence Group (GTIG) has uncovered a new threat actor possibly affiliated with Russian intelligence services that has been systematically targeting Ukrainian organizations with a sophisticated malware strain known as CANFAIL. Target Profile The threat group has focused its operations on high-value targets within Ukraine, including: Defense and military organizations Government entities (regional and…
A massive supply chain attack dubbed ClawHavoc has compromised ClawHub, the official skill marketplace for OpenClaw, an open-source AI agent platform formerly known as ClawdBot and Moltbot. Researchers have uncovered at least 1,184 malicious “Skills”—plugin-style packages that extend the agent’s capabilities—turning a rapidly growing AI ecosystem into an active malware distribution hub. The Attack at…
Security researchers at Huntress have uncovered a sophisticated new malware campaign that weaponizes browser stability against users. The attack, dubbed CrashFix, represents an evolution of the notorious ClickFix social engineering technique—but with a dangerous twist: instead of faking system problems, it creates real ones. How NexShield Works The malicious Chrome and Edge extension, called NexShield,…
A highly sophisticated malware loader known as OysterLoader has emerged as a significant cybersecurity threat, employing advanced multi-layer obfuscation techniques to evade detection while delivering dangerous payloads including Rhysida ransomware and the widespread Vidar infostealer. Sophisticated Distribution Through Fake Software First identified by Rapid7 in June 2024, this C++ malware has evolved into a formidable…
Researchers at browser security platform LayerX have uncovered a coordinated malware campaign dubbed “AiFrame” involving 30 malicious Chrome extensions installed by more than 300,000 users. The extensions masquerade as AI assistants while secretly stealing credentials, email content, and browsing information. Campaign Overview All analyzed extensions share the same internal structure, JavaScript logic, permissions, and communicate…
A new phishing campaign leveraging the infamous Phorpiex botnet has been observed distributing Global Group ransomware through weaponized Windows shortcut (.LNK) files, according to a new advisory from Forcepoint X-Labs. The Attack Chain The campaign uses phishing emails with the subject line “Your Document” — a lure that has remained effective throughout 2024 and 2025….
A sophisticated attack campaign is exploiting user trust in artificial intelligence platforms to distribute the Atomic macOS Stealer (AMOS), representing a dangerous evolution in social engineering tactics that combines legitimate AI chatbot services with paid Google advertising. According to research from Flare, threat actors are creating shareable AI chat links on ChatGPT and Grok containing…
