Topic: infostealer malware
-
Skuld Infostealer Exploits WSUS Flaw (CVE-2025-59287)
A critical remote code execution vulnerability (CVE-2025-59287) in Windows Server Update Services (WSUS) is being actively exploited, allowing attackers to install information-stealing malware on unpatched systems. The flaw stems from unsafe deserialization of untrusted data, enabling unauthentic...
Read More » -
Webinar: How Stolen Credentials Threaten Your Network Security
Cybercriminals increasingly use stolen credentials to bypass complex hacking methods, making identity security a top priority, as highlighted in an upcoming July 9th webinar by cybersecurity experts. The webinar will explore credential-based attacks, including infostealer malware and tactics like...
Read More » -
Malicious 'TradingView Premium' Ads Spread from Meta to Google
A malvertising campaign has expanded from Facebook to Google Ads, using fake offers of free TradingView Premium to distribute advanced information-stealing malware. The scam involves hijacking legitimate Google Ads accounts and verified YouTube channels, which are rebranded to impersonate Trading...
Read More » -
Cybercriminals Lose Control: Rhadamanthys Infostealer Shut Down
The Rhadamanthys infostealer malware service has been disrupted, with criminal subscribers losing access to their data-collection servers, possibly due to law enforcement actions by German authorities. Subscribers reported that their administrative panels now require certificate-based authenticat...
Read More » -
Sextortion Spyware: Webcam Pics Snapped During Porn Viewing
A new spyware called Stealerium automates the capture of compromising images by monitoring online activity for adult content keywords and activating the webcam for blackmail. Unlike typical infostealers, Stealerium specifically targets intimate moments to gather deeply personal material, increasi...
Read More » -
How to Fix Broken Threat Intelligence Programs
Organizations are overwhelmed by threat data but lack focused programs to ask critical questions and act decisively, highlighting a gap between data collection and effective security outcomes. The threat landscape features specialized criminal ecosystems, with significant risk from infostealer ma...
Read More » -
Beware: Fake Windows Update Screens Spread ClickFix Malware
A deceptive malware campaign uses a fake Windows Update screen to trick users into manually executing malicious commands, leading to the installation of information-stealing software. The attack employs advanced techniques like steganography to hide malicious code in PNG images and operates in me...
Read More » -
6 Browser Threats Your Security Team Must Prepare for in 2025
The browser is now a primary attack surface for cyber threats, targeting cloud applications and corporate data through sophisticated campaigns. Key browser-based threats include phishing for credentials and sessions, malicious code delivery, and malicious OAuth integrations, which bypass traditio...
Read More » -
Warning: This Porn Site Installs Malware On Your Device
A deceptive cyberattack called "JackFix" tricks users by mimicking adult websites like xHamster and PornHub, hijacking screens with fake Windows update prompts to install malware. The attack exploits users' psychological states by creating urgency or embarrassment, making them more likely to foll...
Read More » -
Massive YouTube Malware Ring Uncovered by Researchers
Security researchers uncovered the "YouTube Ghost Network," a deceptive malware operation using fake or hijacked channels to distribute harmful software and phishing links through enticing offers like free game cheats or cracked applications. The network employed a sophisticated structure with di...
Read More » -
Microsoft Fights 100 Trillion AI Attacks Daily
Microsoft processes over 100 trillion security signals daily, indicating a massive surge in AI-powered cyberattacks that threaten economic stability and personal safety. AI is dual-use, enabling both advanced cyberattacks like autonomous malware and faster defenses, with identity-based attacks an...
Read More » -
FileFix Attack Evades Security with Cache Smuggling
A new FileFix social engineering attack uses cache smuggling to deliver malware undetected by disguising itself as a Fortinet VPN Compliance Checker and tricking users into executing hidden PowerShell commands. The attack involves copying a text string that secretly contains a script to search br...
Read More » -
iiNet Data Breach Exposes Over 280,000 Australian Customers
A data breach at iiNet, an Australian ISP, exposed the personal information of over 280,000 customers after an unauthorized third party used stolen employee credentials to access its order management system. The compromised data included email addresses, phone numbers, usernames, and some passwor...
Read More » -
Cybercriminals Hijack RMM Tools to Steal Physical Cargo
Cybercriminals are using remote monitoring and management (RMM) tools to hijack freight shipments and steal cargo by posing as legitimate brokers and tricking companies into installing malicious software. Attackers gain extensive remote access to identify high-value shipments, compromise accounts...
Read More »