GhostPoster Malware Found in 17 Firefox Add-ons with 50,000+ Downloads
Dec 17, 2025Ravie LakshmananAd Fraud / Browser Security A new campaign named GhostPoster has leveraged logo files associated with 17...
campaign
Compromised IAM Credentials Power a Large AWS Crypto Mining Campaign
Dec 16, 2025Ravie LakshmananMalware / Threat Detection An ongoing campaign has been observed targeting Amazon Web Services (AWS) customers using...
A Browser Extension Risk Guide After the ShadyPanda Campaign
In early December 2025, security researchers exposed a cybercrime campaign that had quietly hijacked popular Chrome and Edge browser extensions...
STAC6565 Targets Canada in 80% of Attacks as Gold Blade Deploys QWCrypt Ransomware
Canadian organizations have emerged as the focus of a targeted cyber campaign orchestrated by a threat activity cluster known as...
Experts Confirm JS#SMUGGLER Uses Compromised Sites to Deploy NetSupport RAT
Cybersecurity researchers are calling attention to a new campaign dubbed JS#SMUGGLER that has been observed leveraging compromised websites as a...
Attackers launch dual campaign on GlobalProtect portals and SonicWall APIs
Attackers launch dual campaign on GlobalProtect portals and SonicWall APIs Pierluigi Paganini December 06, 2025 A hacking campaign is targeting...
ValleyRAT Campaign Targets Job Seekers, Abuses Foxit PDF Reader for DLL Side-loading
Key takeaways ValleyRAT targets job seekers in a campaign spreading through email, disguising itself behind a weaponized Foxit PDF reader...
GlassWorm Returns with 24 Malicious Extensions Impersonating Popular Developer Tools
Dec 02, 2025Ravie LakshmananMalware / Blockchain The supply chain campaign known as GlassWorm has once again reared its head, infiltrating...
ShadyPanda Turns Popular Browser Extensions with 4.3 Million Installs Into Spyware
A threat actor known as ShadyPanda has been linked to a seven-year-long browser extension campaign that has amassed over 4.3...
Contagious Interview campaign expands with 197 npm Ppackages spreading new OtterCookie malware
Contagious Interview campaign expands with 197 npm Ppackages spreading new OtterCookie malware Pierluigi Paganini November 30, 2025 North Korea-linked actors...
JackFix Uses Fake Windows Update Pop-Ups on Adult Sites to Deliver Multiple Stealers
Cybersecurity researchers are calling attention to a new campaign that's leveraging a combination of ClickFix lures and fake adult websites...
Hackers Hijack Blender 3D Assets to Deploy StealC V2 Data-Stealing Malware
Nov 25, 2025Ravie LakshmananMalware / Browser Security Cybersecurity researchers have disclosed details of a new campaign that has leveraged Blender...
WhatsApp compromise leads to Astaroth deployment
Sophos analysts are investigating a persistent, multi-stage malware distribution campaign targeting WhatsApp users in Brazil. First observed on September 24,...
Python-Based WhatsApp Worm Spreads Eternidade Stealer Across Brazilian Devices
Cybersecurity researchers have disclosed details of a new campaign that leverages a combination of social engineering and WhatsApp hijacking to...
WrtHug Exploits Six ASUS WRT Flaws to Hijack Tens of Thousands of EoL Routers Worldwide
Nov 19, 2025Ravie LakshmananVulnerability / Threat Intelligence A newly discovered campaign has compromised tens of thousands of outdated or end-of-life...
