Malicious code in helu (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 15a97c1f0e23d838c86d69a3ceae306071a9b4b8c17162a1f563aefe489ffbe4 During import, the hidden code downloads and executes the second-stage code. After performing anti-analysis checks, it downloads a malicious executable and...

MAL-2026-4661 Malicious code in react-tracked-tony (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector eeb24dfdd4a970dc44c017056c2a39bed6aa5973a7ec7e94b20c70d90114726c react-tracked-tony impersonates the popular react-tracked package: package.json sets name: react-tracked-tony, author: Daishi Kato, and homepage:...

TL-RL-FusionNet: An Adaptive and Efficient Reinforcement Learning-Driven Transfer Learning Framework for Detecting Evolving Ransomware Threats

Modern ransomware exhibits polymorphic and evasive behaviors by frequently modifying execution patterns to evade detection. This dynamic nature disrupts feature spaces and limits the effectiveness of static or predefined models. To address this challenge, we propose TL-RL-FusionNet, a reinforceme...

Casbaneiro Phishing Targets Latin America and Europe Using Dynamic PDF Lures

A multi-pronged phishing campaign is targeting Spanish-speaking users in organizations across Latin America and Europe to deliver Windows banking trojans like Casbaneiro aka Metamorfo via another malware called Horabot. The activity has been attributed to a Brazilian cybercrime threat actor track...

Operation SkyCloak Deploys Tor-Enabled OpenSSH Backdoor Targeting Defense Sectors

Threat actors are leveraging weaponized attachments distributed via phishing emails to deliver malware likely targeting the defense sector in Russia and Belarus. According to multiple reports from Cyble and Seqrite Labs, the campaign is designed to deploy a persistent backdoor on compromised host...

EUVD-2025-33278

CCleaner v5.33.6162 and CCleaner Cloud v1.07.3191 32-bit builds contained a malicious pre-entry-point loader that diverts execution from scrtcommonmainseh into a custom loader. That loader decodes an embedded blob into shellcode, allocates executable heap memory, resolves Windows API functions at...

CVE-2017-20201

CVE-2017-20201 affects CCleaner v5.33.6162 and CCleaner Cloud v1.07.3191 (32-bit). A malicious pre-entry-point loader diverts from __scrt_common_main_seh to a custom loader that decodes an embedded blob into shellcode, allocates executable memory, resolves Windows API calls at runtime, and transf...

Hackers Use Fake GlobalProtect VPN Software in New WikiLoader Malware Attack

A new malware campaign is spoofing Palo Alto Networks' GlobalProtect VPN software to deliver a variant of the WikiLoader aka WailingCrab loader by means of a search engine optimization SEO campaign. The malvertising activity, observed in June 2024, is a departure from previously observed tactics...

Latrodectus Malware Loader Emerges as IcedID's Successor in Phishing Campaigns

Cybersecurity researchers have observed a spike in email phishing campaigns starting early March 2024 that delivers Latrodectus, a nascent malware loader believed to be the successor to the IcedID malware. "These campaigns typically involve a recognizable infection chain involving oversized...

Researchers Shed Light on CatB Ransomware's Evasion Techniques

The threat actors behind the CatB ransomware operation have been observed using a technique called DLL search order hijacking to evade detection and launch the payload. CatB, also referred to as CatB99 and Baxtoy, emerged late last year and is said to be an "evolution or direct rebrand" of anothe...

Experts Detail Saintstealer and Prynt Stealer Info-Stealing Malware Families

Cybersecurity researchers have dissected the inner workings of an information-stealing malware called Saintstealer that's designed to siphon credentials and system information. "After execution, the stealer extracts username, passwords, credit card details, etc.," Cyble researchers said in an...

Experts Shed Light On New Russian Malware-as-a-Service Written in Rust

A nascent information-stealing malware sold and distributed on underground Russian underground forums has been written in Rust, signalling a new trend where threat actors are increasingly adopting exotic programming languages to bypass security protections, evade analysis, and hamper reverse...

In-the-Wild Series: Android Post-Exploitation

This is part 5 of a 6-part series detailing a set of vulnerabilities found by Project Zero being exploited in the wild. To read the other parts of the series, see the introduction post. Posted by Maddie Stone, Project Zero A deep-dive into the implant used by a high-tier attacker against Android...

Sofacy APT Targeting OS X Machines with Komplex Trojan

The prolific APT gang allegedly behind the DNC hack and other targeted attacks against Western military and political targets is using a new Trojan called Komplex to infect OS X machines used in the aerospace industry. The gang, known as Sofacy, APT28, Fancy Bear, Sednit and Pawn Storm, is...