Malware

UNC1549 Hacks 34 Devices in 11 Telecom Firms via LinkedIn Job Lures and MINIBIKE Malware

An Iran-nexus cyber espionage group known as UNC1549 has been attributed to a new campaign targeting European telecommunications companies, successfully infiltrating 34 devices across 11 organizations as part of a recruitment-themed activity on LinkedIn. Swiss cybersecurity company PRODAFT is tracking the cluster under the name Subtle Snail. It’s assessed to be affiliated with Iran’s Islamic…

In Other News: 0k for XSS Bugs, HybridPetya Malware, Burger King Censors Research

In Other News: $900k for XSS Bugs, HybridPetya Malware, Burger King Censors Research

ellonjohns2 weeks ago09 mins

SecurityWeek’s cybersecurity news roundup provides a concise compilation of noteworthy stories that might have slipped under the radar. We provide a valuable summary of stories that may not warrant an entire article, but are nonetheless important for a comprehensive understanding of the cybersecurity landscape. Each week, we curate and present a collection of noteworthy developments,…

Silver Fox Exploits Microsoft-Signed WatchDog Driver to Deploy ValleyRAT Malware

ellonjohns3 weeks ago09 mins

The threat actor known as Silver Fox has been attributed to abuse of a previously unknown vulnerable driver associated with WatchDog Anti-malware as part of a Bring Your Own Vulnerable Driver (BYOVD) attack aimed at disarming security solutions installed on compromised hosts. The vulnerable driver in question is “amsdk.sys” (version 1.0.600), a 64-bit, validly signed…

CL-STA-0969 Installs Covert Malware in Telecom Networks During 10-Month Espionage Campaign

ellonjohns2 months ago09 mins

Telecommunications organizations in Southeast Asia have been targeted by a state-sponsored threat actor known as CL-STA-0969 to facilitate remote control over compromised networks. Palo Alto Networks Unit 42 said it observed multiple incidents in the region, including one aimed at critical telecommunications infrastructure between February and November 2024. The attacks are characterized by the use…

⚡ Weekly Recap: Scattered Spider Arrests, Car Exploits, macOS Malware, Fortinet RCE and More

ellonjohns2 months ago053 mins

In cybersecurity, precision matters—and there’s little room for error. A small mistake, missed setting, or quiet misconfiguration can quickly lead to much bigger problems. The signs we’re seeing this week highlight deeper issues behind what might look like routine incidents: outdated tools, slow response to risks, and the ongoing gap between compliance and real security….

North Korean Hackers Spread Malware via Fake Crypto Firms and Job Interview Lures

ellonjohns5 months ago010 mins

North Korea-linked threat actors behind the Contagious Interview have set up front companies as a way to distribute malware during the fake hiring process. “In this new campaign, the threat actor group is using three front companies in the cryptocurrency consulting industry—BlockNovas LLC (blocknovas[.] com), Angeloper Agency (angeloper[.]com), and SoftGlide LLC (softglide[.]co)—to spread malware via…

Sophos Annual Threat Report appendix: Most frequently encountered malware and abused software

ellonjohns5 months ago017 mins

This appendix to our Annual Threat Report provides additional statistics on incident data and telemetry detailing the tools used by cybercriminals targeting small and midsized businesses (SMBs). For a broader look at the threat landscape facing SMBs, see our main report. Appendix Contents: Most frequently-encountered malware types Small and midsized businesses face a vast set…

State-Sponsored Hackers Weaponize ClickFix Tactic in Targeted Malware Campaigns

ellonjohns5 months ago09 mins

Multiple state-sponsored hacking groups from Iran, North Korea, and Russia have been found leveraging the increasingly popular ClickFix social engineering tactic to deploy malware over a three-month period from late 2024 through the beginning of 2025. The phishing campaigns adopting the strategy have been attributed to clusters tracked as TA427 (aka Kimsuky), TA450 (aka MuddyWater),…

⚡ THN Weekly Recap: GitHub Supply Chain Attack, AI Malware, BYOVD Tactics, and More

ellonjohns6 months ago038 mins

Mar 24, 2025Ravie LakshmananWeekly Recap / Hacking A quiet tweak in a popular open-source tool opened the door to a supply chain breach—what started as a targeted attack quickly spiraled, exposing secrets across countless projects. That wasn’t the only stealth move. A new all-in-one malware is silently stealing passwords, crypto, and control—while hiding in plain…

Notorious Malware, Spam Host “Prospero” Moves to Kaspersky Lab – Krebs on Security

ellonjohns7 months ago010 mins

One of the most notorious providers of abuse-friendly “bulletproof” web hosting for cybercriminals has started routing its operations through networks run by the Russian antivirus and security firm Kaspersky Lab, KrebsOnSecurity has learned. Security experts say the Russia-based service provider Prospero OOO (the triple O is the Russian version of “LLC”) has long been a…

Highlights

7 easy ways I fixed iOS 26’s bad battery life on my iPhone

The Rise of Micro-Influencers: Small Audiences, Big Impact – Tecuy Media

SpyCloud Report: 2/3 Orgs Extremely Concerned About Identity Attacks Yet Major Blind Spots Persist

Sandisk WD Blue SN5100 2TB SSD Review: A Rhapsody in Blue

Category Collection