Rival Hackers Dox Alleged Operators of Lumma Stealer
Rival hackers expose the alleged operators behind Lumma Stealer, a major data-theft malware, causing leaks and internal chaos that have slowed its growth.
SocGholish Malware Using Compromised Sites to Deliver Ransomware
New research on SocGholish (FakeUpdates) reveals how this MaaS platform is used by threat actors like Evil Corp and RansomHub to compromise websites, steal data, and launch high-impact attacks on healthcare and businesses worldwide.
Russian APT Switches to New Backdoor After Malware Exposed by Researchers
Star Blizzard started using the NoRobot (BaitSwitch) and MaybeRobot (SimpleFix) malware after public reporting on the LostKeys malware.
The post Russian APT Switches to New Backdoor After Malware Exposed by Researchers appeared first on SecurityWeek.
SnakeStealer: How it preys on personal data – and how you can protect yourself
Here’s what to know about the malware with an insatiable appetite for valuable data, so much so that it tops this year’s infostealer detection charts
Russia-linked COLDRIVER speeds up malware evolution after LOSTKEYS exposure
Russia-linked COLDRIVER rapidly evolved its malware since May 2025, refining tools just days after releasing its LOSTKEYS variant, says Google. The Russia-linked hacking group COLDRIVER has been quickly upgrading its malware since May 2025, when its LOSTKEYS malware was exposed. According to Google’s Threat Intelligence Group, the hackers have been rolling out frequent updates and […]
Salt Typhoon APT Targets Global Telecom and Energy Sectors, Says Darktrace
The China-linked Salt Typhoon APT group attacked a European telecom via a Citrix NetScaler vulnerability in July 2025, Darktrace reports. This follows past US Army and telecom breaches.
Official Xubuntu website compromised to serve malware
The official website for Xubuntu, a community-maintained “flavour” of Ubuntu that ships with the Xfce desktop environment, has been compromised to serve Windows malware instead of the Linux distro. The malicious download Reports about a pot…
China-Linked Salt Typhoon breaches European Telecom via Citrix exploit
China-linked Salt Typhoon hacked a European telecom in July 2025 via a Citrix NetScaler Gateway exploit for initial access. A European telecom firm was targeted in July 2025 by China-linked APT group Salt Typhoon (also known as Earth Estries, FamousSparrow, GhostEmperor, UNC5807, RedMike)), which exploited a Citrix NetScaler Gateway to gain initial access. In late […]
Supply Chain Attack Targets VS Code Extensions With ‘GlassWorm’ Malware
The malware uses invisible Unicode characters to hide its code and blockchain-based infrastructure to prevent takedowns.
The post Supply Chain Attack Targets VS Code Extensions With ‘GlassWorm’ Malware appeared first on SecurityWeek.
CAPI Backdoor targets Russia’s auto and e-commerce sectors
A new campaign targets Russia’s auto and e-commerce sectors using a previously unknown .NET malware called CAPI Backdoor. Cybersecurity researchers at Seqrite Labs uncovered a new campaign, tracked as Operation MotorBeacon, that targeted the Russian automobile and e-commerce sectors with a previously unknown .NET malware dubbed CAPI Backdoor. “SEQRITE Labs Research Team has recently uncovered a […]