Hidden Backdoors in npm Packages Let Attackers Wipe Entire Systems
Malicious npm packages found with hidden endpoints that wipe systems on command. Devs warned to check dependencies for express-api-sync, system-health-sync-api.
Bitter Malware Employs Custom-Built Tools to Evade Detection in Advanced Attacks
In a recent research by Proofpoint and Threatray has unveiled the intricate and evolving malware arsenal of the Bitter group, also known as TA397, believed to be a state-backed actor aligned with the interests of the Indian government. Active since 201…
Skitnet Malware Actively Adopted by Ransomware Gangs to Enhance Operational Efficiency
Skitnet malware, also referred to as Bossnet, has emerged as a critical tool for ransomware gangs in 2025, showcasing a marked increase in operational efficiency for cybercriminals. First advertised on underground forums like RAMP on April 19, 2024, by…
APT41 Hackers Leverage Google Calendar for Malware C2 in Attacks on Government Entities
The Chinese state-sponsored threat actor APT41, also known as BARIUM, Wicked Panda, and Brass Typhoon, has been reported to exploit Google Calendar as a command-and-control (C2) mechanism in a recent campaign targeting a Taiwanese government website. T…
New Blitz Malware Targets Windows Servers to Deploy Monero Miner
A new Windows-based malware named Blitz has been identified in 2024, with an updated version detected in early 2025. This malware, actively developed and distributed through deceptive game cheats, poses a significant threat by deploying a Monero crypto…
Hackers Deploy FormBook Malware via Weaponized Excel Files to Target Windows Systems
A critical phishing campaign targeting Windows users has been uncovered by FortiGuard Labs, leveraging malicious Excel attachments to exploit a long-standing vulnerability in older versions of Microsoft Office. This sophisticated attack distributes For…
Malicious NPM Packages Disguised as Express Utilities Allow Attackers to Wipe Systems
Two malicious NPM packages contain code that would delete production systems when triggered with the right credentials.
The post Malicious NPM Packages Disguised as Express Utilities Allow Attackers to Wipe Systems appeared first on SecurityWeek.
OpenAI bans ChatGPT accounts linked to Russian, Chinese cyber ops
OpenAI banned ChatGPT accounts tied to Russian and Chinese hackers using the tool for malware, social media abuse, and U.S. satellite tech research. OpenAI banned ChatGPT accounts that were used by Russian-speaking threat actors and two Chinese nation-state actors. The blocked accounts were used to assist malware development, social media automation, and research about U.S. […]
New PathWiper Malware Strikes Ukraine’s Critical Infrastructure
Cisco Talos discovers PathWiper, a destructive new malware targeting critical infrastructure in Ukraine, highlighting ongoing cyber threats amidst the Russia-Ukraine conflict.
Sleep with one eye open: how Librarian Ghouls steal data by night
According to Kaspersky, Librarian Ghouls APT continues its series of attacks on Russian entities. A detailed analysis of a malicious campaign utilizing RAR archives and BAT scripts.