Cybersecurity researchers have uncovered a new malware loader called SharkLoader that is quietly slipping into networks by hiding inside fake software installers. The tool has been spotted delivering Cobalt Strike Beacon, a well known post exploitation framework, onto compromised machines.…
Category: EN
Hackers Abuse Blogspot and PowerShell Download Cradles to Deploy PureLog Steale
Hackers have found a clever way to sneak data-stealing malware onto victims’ computers by hiding their tracks inside a trusted platform, Google Blogspot. Researchers recently uncovered a campaign abusing this blogging service alongside native Windows tools to quietly install an…
FBI Warns TeamPCP Hackers Compromise Developer Tools in Large-Scale Supply Chain Attacks
A new wave of software supply chain attacks has put developers and security teams on high alert. The threat group behind it, known as TeamPCP, has been quietly slipping malicious code into trusted development and security tools used by companies…
Qilin Dominates Ransomware Market Amid Growing Cybercrime Consolidation
The ransomware landscape is reconsolidating around major players, with Qilin emerging as the leading RaaS operation, researchers say This article has been indexed from www.infosecurity-magazine.com Read the original article: Qilin Dominates Ransomware Market Amid Growing Cybercrime Consolidation
Pegasus Spyware Hacked European Parliament Member Investigating Spyware Abuse
A newly disclosed forensic investigation has revealed that Pegasus spyware was used to hack a sitting Member of the European Parliament (MEP) who was actively investigating spyware abuses across the European Union. This raises serious concerns about surveillance targeting democratic…
JADEPUFFER: First End-to-End AI-Driven Ransomware Operation
Sysdig reports an AI agent ran a full ransomware attack end-to-end, exploiting flaws, stealing creds, moving laterally, and encrypting data without humans. Sysdig’s Threat Research Team has documented what it assesses to be the first ransomware operation driven end-to-end by…
NetNut cracked as Google and FBI target 2 million-device botnet
Other residential proxy brands may rely on the same network This article has been indexed from www.theregister.com – Articles Read the original article: NetNut cracked as Google and FBI target 2 million-device botnet
NCSC Shares Pen Testing Defense Tips
The UK’s National Cyber Security Centre (NCSC) published guidance on July 1 based on insights from penetration testers who work with the agency. This article has been indexed from CyberMaterial Read the original article: NCSC Shares Pen Testing Defense Tips
Organizations struggle to prioritize cyber risks
Security teams at the vast majority of organizations cannot effectively consolidate their cyber risk data, according to Filigran’s latest State of Threat Management report. This article has been indexed from CyberMaterial Read the original article: Organizations struggle to prioritize cyber…
Warning Over “Industrialized” Cyber-Attacks After Ransomware Gang Partners With TeamPCP
Researchers warn that collaboration could lead to “unprecedented” ransomware attacks, as FBI also issues warning This article has been indexed from www.infosecurity-magazine.com Read the original article: Warning Over “Industrialized” Cyber-Attacks After Ransomware Gang Partners With TeamPCP
Google and FBI Dismantle NetNut Residential Proxy Botnet
Google, the FBI and the IRS Criminal Investigation division disrupted NetNut, a residential proxy network built on two million hijacked devices and used by 316 threat clusters in a single week. Google and FBI Dismantle NetNut Residential Proxy Botnet on…
Fake Google Play Store Pages Use Trusted Brand Names to Push Gambling PWAs
Scammers are exploiting consumers’ trust in household and financial brands by deploying polished fake Google Play Store pages and social media ads that push Progressive Web Apps (PWAs) linked to online casinos. The fraud begins with paid social creative on…
The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident
Vercel breach happened after an employee used an unvetted AI tool. Attackers exploited it as a trusted link to access systems, steal data, and extort $2M. The Vercel breach of April 2026 did not begin with a classic zero-day exploit,…
Flock Cameras Can Surveil Cars Without License Plates
This is from a 2024 company presentation: Officers can also tap into data showing a car’s decals, bumper stickers, back and top racks—along with temporary and unique state tags. Flock calls it a “Vehicle Fingerprint” and it’s touted as a…
Former MEP Investigating Spyware Abuses Has Phone Hacked With Pegasus
Stelios Kouloglou, a former Member of the European Parliament (MEP) who served on the committee investigating Pegasus spyware abuses, was himself repeatedly infected with NSO Group’s Pegasus spyware during his tenure, according to new forensic findings from the Citizen Lab.…
Your iphone Will Alert You in Real Time if You Are Falling Victim to a Scam
Apple is taking a major step toward combating social engineering attacks with a new feature in iOS 27 that can warn users in real time if they are likely being targeted by a scam. The new framework, called Trust Insights,…
European Parliament Member Investigating Spyware Was Hacked With Pegasus
A new report from the Citizen Lab has revealed that former Member of the European Parliament Stelios Kouloglou had his mobile device repeatedly hacked with the notorious Pegasus spyware while serving on a committee that was tasked with investigating the…
Agentic AI Used to Conduct Ransomware Attack via Langflow
Attack demonstrates how LLM agents can combine known exploitation techniques with real-time reasoning to automate complex, multi-stage intrusions. The post Agentic AI Used to Conduct Ransomware Attack via Langflow appeared first on SecurityWeek. This article has been indexed from SecurityWeek…
Fake Google and Cloudflare Verification Pages Spread StealC, HijackLoader, and NetSupport Malware
Threat actors are currently exploiting sophisticated ClickFix social engineering campaigns that mimic Google and Cloudflare verification systems to distribute several high-impact malware families, including StealC, HijackLoader, NetSupport RAT, and newly identified loaders. Recent threat intelligence research indicates that these campaigns…
Alibaba Reportedly Bans Claude Code Over Alleged Backdoor Risk in AI Coding Tool
Alibaba is reportedly preparing to ban the use of Anthropic’s Claude Code across its internal environments starting July 10. This decision comes in light of allegations that the AI-powered coding assistant has a covert detection mechanism resembling a backdoor. The…