Hackers stole hundreds of thousands of Roblox accounts: Here’s what to do

More than 610,000 Roblox accounts were reportedly stolen. Was yours or your child's among them? Ukrainian police arrested three individuals in Lviv who allegedly orchestrated one of the largest Roblox account theft operations to date. Between October 2025 and January 2026, the hacking group is sa...

Malicious code in xml2js-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c18f9df8257f4f610dbfd70460757eb36539314c7cce4d9eda82758da6984725 The package xml2js-js was found to contain malicious code. Source: ghsa-malware cf7cd10255ee6ff91469e7f180436d90c3eca29de3dc0b3f883c13403ca30132 Any...

MAL-2025-192515 Malicious code in elf-stats-merry-hammer-791 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e9024a10526d26173fff95d45767e8cf58b479418c69fa68a2264b87f8583daf The package elf-stats-merry-hammer-791 was found to contain malicious code...

Malicious code in eslint-config-teselagen (npm)

The package was compromised and malicious code added. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 89578bb497a4146350263dc8ff6e50c742f9272af2886bd5afc2e0b26160082f Any computer that has this package installed or running should be considered fully compromised. All...

Google Sues 25 Chinese Entities Over BADBOX 2.0 Botnet Affecting 10M Android Devices

Google on Thursday revealed it's pursuing legal action in New York federal court against 25 unnamed individuals or entities in China for allegedly operating BADBOX 2.0 botnet and residential proxy infrastructure. "The BADBOX 2.0 botnet compromised over 10 million uncertified devices running...

Threat Analysis: SquidLoader - Still Swimming Under the Radar

Threat Analysis: SquidLoader - Still Swimming Under the Radar By Charles Crofford · July 15, 2025 Executive summary A new wave of SquidLoader malware samples are actively targeting financial services institutions in Hong Kong. This sophisticated malware exhibits significant evasion capabilities,...

Malicious code in ac-mvc-cid (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 110e255563acbb72629ba03afd504713dfd8fbbdcd576258dde5d481975ac5ca Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Booking.com reservation abused as cybercriminals steal from travelers

Robert Woodford, a recruitment marketing specialist, recently shared on LinkedIn how he fell victim to a highly sophisticated scam while booking a hotel in Verona through Booking.com, providing a striking example of how attacks on the hospitality industry affect travelers. After completing a...

Fake DocuSign, Gitcode Sites Spread NetSupport RAT via Multi-Stage PowerShell Attack

Threat hunters are alerting to a new campaign that employs deceptive websites to trick unsuspecting users into executing malicious PowerShell scripts on their machines and infect them with the NetSupport RAT malware. The DomainTools Investigations DTI team said it identified "malicious multi-stag...

ICE’s Deportation Airline Hack Reveals Man ‘Disappeared’ to El Salvador

Plus: A DOGE operative’s laptop reportedly gets infected with malware, Grok AI is used to “undress” women on X, a school software company’s ransomware nightmare returns, and more...

Fake Snow White Movie Torrent Infects Devices with Malware

Disney’s latest Snow White movie, with a 1.6/10 IMDb rating, isn’t just the biggest flop the company has…...

When Getting Phished Puts You in Mortal Danger

Many successful phishing attacks result in a financial loss or malware infection. But falling for some phishing scams, like those currently targeting Russians searching online for organizations that are fighting the Kremlin war machine, can cost you your freedom or your life. The real website of...

APT36 Spoofs India Post Website to Infect Windows and Android Users with Malware

An advanced persistent threat APT group with ties to Pakistan has been attributed to the creation of a fake website masquerading as India's public sector postal system as part of a campaign designed to infect both Windows and Android users in the country. Cybersecurity company CYFIRMA has...

RedCurl Shifts from Espionage to Ransomware with First-Ever QWCrypt Deployment

The Russian-speaking hacking group called RedCurl has been linked to a ransomware campaign for the first time, marking a departure in the threat actor's tradecraft. The activity, observed by Romanian cybersecurity company Bitdefender, involves the deployment of a never-before-seen ransomware stra...

Thousands of WordPress Websites Infected with Malware

The malware includes four separate backdoors: Creating four backdoors facilitates the attackers having multiple points of re-entry should one be detected and removed. A unique case we haven't seen before. Which introduces another type of attack made possibly by abusing websites that don't monitor...

Vo1d Botnet's Peak Surpasses 1.59M Infected Android TVs, Spanning 226 Countries

Brazil, South Africa, Indonesia, Argentina, and Thailand have become the targets of a campaign that has infected Android TV devices with a botnet malware dubbed Vo1d. The improved variant of Vo1d has been found to encompass 800,000 daily active IP addresses, with the botnet scaling a peak of...

Malicious code in devopt (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware fcf54c2d158de12c3d2d76b80c6977405217265d6e7da714233324d8cf8447ef Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in discordjs-fetcher (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e59696ac0bad22dd9cbcfd3def050afd1566cc7ceb5cae53659eebeca0d368f2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Camaro Dragon Hackers Strike with USB-Driven Self-Propagating Malware

The Chinese cyber espionage actor known as Camaro Dragon has been observed leveraging a new strain of self-propagating malware that spreads through compromised USB drives. "While their primary focus has traditionally been Southeast Asian countries, this latest discovery reveals their global reach...

[Updated April 3] 3CX desktop app used in a supply chain attack

Researchers have found that the 3CX desktop app may be compromised and used in supply chain attacks. The 3CX Desktop App is a Voice over Internet Protocol VoIP type of application which is available for Windows, macOS, Linux and mobile. Many large corporations use it internally to make calls, vie...