‘SolyxImmortal’ Information Stealer Emerges
The information stealer abuses legitimate APIs and libraries to exfiltrate data to Discord webhooks.
The post ‘SolyxImmortal’ Information Stealer Emerges appeared first on SecurityWeek.
Malware & Threats
Malicious Chrome Extension Crashes Browser in ClickFix Variant ‘CrashFix’
Posing as an ad blocker, the malicious extension crashes the browser to lure victims into installing malware.
The post Malicious Chrome Extension Crashes Browser in ClickFix Variant ‘CrashFix’ appeared first on SecurityWeek.
VoidLink Linux Malware Framework Targets Cloud Environments
Designed for long-term access, the framework targets cloud and container environments with loaders, implants, and rootkits.
The post VoidLink Linux Malware Framework Targets Cloud Environments appeared first on SecurityWeek.
Predator Spyware Turns Failed Attacks Into Intelligence for Future Exploits
The Predator spyware is more sophisticated and dangerous than previously realized.
The post Predator Spyware Turns Failed Attacks Into Intelligence for Future Exploits appeared first on SecurityWeek.
GoBruteforcer Botnet Targeting Crypto, Blockchain Projects
The botnet’s propagation is fueled by the AI-generated server deployments that use weak credentials, and legacy web stacks.
The post GoBruteforcer Botnet Targeting Crypto, Blockchain Projects appeared first on SecurityWeek.
Russia’s APT28 Targeting Energy Research, Defense Collaboration Entities
APT28 was seen impersonating popular webmail and VPN services, including Microsoft OWA, Google, and Sophos VPN portals.
The post Russia’s APT28 Targeting Energy Research, Defense Collaboration Entities appeared first on SecurityWeek.
FBI: North Korean Spear-Phishing Attacks Use Malicious QR Codes
The North Korean state-sponsored espionage group Kimsuky has targeted government organizations, think tanks, and academic institutions.
The post FBI: North Korean Spear-Phishing Attacks Use Malicious QR Codes appeared first on SecurityWeek.
Chrome Extensions With 900,000 Downloads Caught Stealing AI Chats
Impersonating a legitimate extension from AITOPIA, the two malicious extensions were also exfiltrating users’ browser activity.
The post Chrome Extensions With 900,000 Downloads Caught Stealing AI Chats appeared first on SecurityWeek.
Hackers Exploit Zero-Day in Discontinued D-Link Devices
The critical-severity vulnerability allows unauthenticated, remote attackers to execute arbitrary shell commands.
The post Hackers Exploit Zero-Day in Discontinued D-Link Devices appeared first on SecurityWeek.
Sophisticated ClickFix Campaign Targeting Hospitality Sector
Fake Booking reservation cancellations and fake BSODs trick victims into executing malicious code leading to RAT infections.
The post Sophisticated ClickFix Campaign Targeting Hospitality Sector appeared first on SecurityWeek.