The Hacker News

Fake Microsoft Alerts Used to Deploy North Korean NarwhalRAT Malware

North Korea-linked ScarCruft uses fake Microsoft Account alerts and ZIP files to deliver NarwhalRAT, a Python RAT built for ...
Microsoft

Crypto Clipper uses Tor and worm-like propagation for persistence and control

Microsoft Threat Intelligence analyzed a cryptocurrency clipper campaign that combines clipboard theft, wallet replacement, ...
The Hacker News

ClickFix Campaigns Expand Malware Delivery With New Loaders and Fake Update Lures

ClickFix attacks are delivering BabaDeda, Lorem Ipsum, and Potemkin loaders to deploy stealers, RATs, and ransomware-linked ...
Dark Reading

'Lorem Ipsum' Malware Pivots to ClickFix Delivery

New analysis shows the campaign, which uses compromised WordPress sites, may be linked to the ransomware and extortion group Vice Society.

Databricks acquires cyberattack detection startup Panther

Panther is the third cybersecurity startup that the company has acquired since the start of the year. Databricks previously ...
TechNewsWorldOpinion

AI Can Identify Threats. It Can’t Own Security Decisions

AI can identify threats and speed security analysis, but risk scoring alone cannot determine what software should be allowed ...
Dark Reading

SprySOCKS Windows Variant Abuses Kernel Drivers to Evade Detection

FishMonger, a China-nexus threat group, has deployed an undocumented version of the Linux backdoor against government targets in several countries.
CoinDesk

Microsoft found malware that hijacks crypto wallets and spreads through USB sticks

The software intercepts shortcut files and directs them to install a worm that harvests private keys from the Windows ...

Microsoft discovers new lightweight backdoor that steals cryptocurrency

Microsoft says it has detected new self-propagating malware that spreads through USB drives in search of cryptocurrency ...

124M Passwords Exposed as Infostealer Malware Hits Millions of Devices

Have I Been Pwned has added 124 million passwords and 56 million email addresses from infostealer logs tied to infected ...

Critical Copilot vulnerability allowed hackers to steal 2FA code from users

Last Tuesday, Microsoft patched a vulnerability it rated as max critical in its M365 Copilot AI platform. On Monday, the ...
CSO Online

Attackers abuse Google Ads, GitLab, and Claude to deliver malware

Researchers tracked a seven-week campaign that leveraged trusted platforms and AI-generated trust to trick users into ...