July 26, 2025

Malware

⚡ Weekly Recap: Scattered Spider Arrests, Car Exploits, macOS Malware, Fortinet RCE and More

⚡ Weekly Recap: Scattered Spider Arrests, Car Exploits, macOS Malware, Fortinet RCE and More

ellonjohns053 mins

In cybersecurity, precision matters—and there’s little room for error. A small mistake, missed setting, or quiet misconfiguration can quickly lead to much bigger problems. The signs we’re seeing this week highlight deeper issues behind what might look like routine incidents: outdated tools, slow response to risks, and the ongoing gap between compliance and real security….

Read More
North Korean Hackers Spread Malware via Fake Crypto Firms and Job Interview Lures

North Korean Hackers Spread Malware via Fake Crypto Firms and Job Interview Lures

ellonjohns010 mins

North Korea-linked threat actors behind the Contagious Interview have set up front companies as a way to distribute malware during the fake hiring process. “In this new campaign, the threat actor group is using three front companies in the cryptocurrency consulting industry—BlockNovas LLC (blocknovas[.] com), Angeloper Agency (angeloper[.]com), and SoftGlide LLC (softglide[.]co)—to spread malware via…

Read More
Sophos Annual Threat Report appendix: Most frequently encountered malware and abused software

Sophos Annual Threat Report appendix: Most frequently encountered malware and abused software

ellonjohns017 mins

This appendix to our Annual Threat Report provides additional statistics on incident data and telemetry detailing the tools used by cybercriminals targeting small and midsized businesses (SMBs). For a broader look at the threat landscape facing SMBs, see our main report. Appendix Contents: Most frequently-encountered malware types Small and midsized businesses face a vast set…

Read More
State-Sponsored Hackers Weaponize ClickFix Tactic in Targeted Malware Campaigns

State-Sponsored Hackers Weaponize ClickFix Tactic in Targeted Malware Campaigns

ellonjohns09 mins

Multiple state-sponsored hacking groups from Iran, North Korea, and Russia have been found leveraging the increasingly popular ClickFix social engineering tactic to deploy malware over a three-month period from late 2024 through the beginning of 2025. The phishing campaigns adopting the strategy have been attributed to clusters tracked as TA427 (aka Kimsuky), TA450 (aka MuddyWater),…

Read More
⚡ THN Weekly Recap: GitHub Supply Chain Attack, AI Malware, BYOVD Tactics, and More

⚡ THN Weekly Recap: GitHub Supply Chain Attack, AI Malware, BYOVD Tactics, and More

ellonjohns038 mins

Mar 24, 2025Ravie LakshmananWeekly Recap / Hacking A quiet tweak in a popular open-source tool opened the door to a supply chain breach—what started as a targeted attack quickly spiraled, exposing secrets across countless projects. That wasn’t the only stealth move. A new all-in-one malware is silently stealing passwords, crypto, and control—while hiding in plain…

Read More
Notorious Malware, Spam Host “Prospero” Moves to Kaspersky Lab – Krebs on Security

Notorious Malware, Spam Host “Prospero” Moves to Kaspersky Lab – Krebs on Security

ellonjohns010 mins

One of the most notorious providers of abuse-friendly “bulletproof” web hosting for cybercriminals has started routing its operations through networks run by the Russian antivirus and security firm Kaspersky Lab, KrebsOnSecurity has learned. Security experts say the Russia-based service provider Prospero OOO (the triple O is the Russian version of “LLC”) has long been a…

Read More
The Worst Hacks of 2024

The Worst Hacks of 2024

ellonjohns012 mins

Every year has its own mix of digital security debacles, from the absurd to the sinister, but 2024 was particularly marked by hacking sprees in which cybercriminals and state-backed espionage groups repeatedly exploited the same weakness or type of target to fuel their frenzy. For attackers, the approach is ruthlessly efficient, but for compromised institutions—and…

Read More