GlassWorm Malware Takedown Disrupts Developer Supply Chain Attack Infrastructure

CrowdStrike, in partnership with Google and the Shadowserver Foundation, has announced the simultaneous disruption of all command-and-control C2 channels associated with GlassWorm, a persistent software chain campaign targeting software developers through malicious packages and extensions. "Since...

Malicious trading website drops malware that hands your browser to attackers

During our threat hunting, we found a campaign using the same malware loader from our previous research to deliver a different threat: Needle Stealer , data-stealing malware designed to quietly harvest sensitive information from infected devices, including browser data, login sessions, and...

Fake TikTok Downloaders on Chrome and Edge Spying on 130,000 Users

Over 130,000 users are at risk from fake TikTok downloader extensions on Chrome and Microsoft Edge. Researchers discovered these malicious tools use device fingerprinting to spy on users and steal sensitive browser data...

UAC-0247 Targets Ukrainian Clinics and Government in Data-Theft Malware Campaign

The Computer Emergencies Response Team of Ukraine CERT-UA has disclosed details of a new campaign that has targeted governments and municipal healthcare institutions, mainly clinics and emergency hospitals, to deliver malware capable of stealing sensitive data from Chromium-based web browsers and...

CVE-2026-20170

A vulnerability in the Desktop Agent functionality of Cisco Webex Contact Center could have allowed an unauthenticated, remote attacker to conduct cross-site scripting attacks. Cisco has addressed this vulnerability in the Cisco Webex Contact Center service, and no customer action is needed. This...

GlassWorm Malware Uses Solana Dead Drops to Deliver RAT and Steal Browser, Crypto Data

Cybersecurity researchers have flagged a new evolution of the GlassWorm campaign that delivers a multi-stage framework capable of comprehensive data theft and installing a remote access trojan RAT, which deploys an information-stealing Google Chrome extension masquerading as an offline version of...

FBI Investigates Steam Games Linked to Malware and Crypto Wallet Theft

FBI warns gamers after malware hidden in several Steam games stole browser data and drained cryptocurrency wallets between May 2024 and January 2026...

Malicious npm Package Posing as OpenClaw Installer Deploys RAT, Steals macOS Credentials

Cybersecurity researchers have discovered a malicious npm package that masquerades as an OpenClaw installer to deploy a remote access trojan RAT and steal sensitive data from compromised hosts. The package, named "@openclaw-ai/openclawai," was uploaded to the registry by a user named "openclaw-ai...

Malicious Package

Overview typescriptjs is a malicious package. This is a "typosquatting" package, which means the package name is based on existing repositories, namespaces, or components, it aims to trick users to download the package which contains a malicious code. Payload behavior The malicious payload runs...

New .NET CAPI Backdoor Targets Russian Auto and E-Commerce Firms via Phishing ZIPs

Cybersecurity researchers have shed light on a new campaign that has likely targeted the Russian automobile and e-commerce sectors with a previously undocumented .NET malware dubbed CAPI Backdoor. According to Seqrite Labs, the attack chain involves distributing phishing emails containing a ZIP...

New Raven Stealer Malware Hits Browsers for Passwords and Payment Data

New research reveals Raven Stealer malware that targets browsers like Chrome and Edge to steal personal data. Learn how this threat uses simple tricks like process hollowing to evade antiviruses and why it's a growing risk for everyday users...

Malicious Package

Overview secmeasure is a malicious package. This package contains malicious code, and its content was removed from the official package manager. The sisaws package leverages "typosquatting" for the legitimate sisa package, targeting Sistema Integrado de Información Sanitaria Argentino SISA API...

Malicious Package

Overview sisaws is a malicious package. This package contains malicious code, and its content was removed from the official package manager. The sisaws package leverages "typosquatting" for the legitimate sisa package, targeting Sistema Integrado de Información Sanitaria Argentino SISA API...

New EDDIESTEALER Malware Bypasses Chrome's App-Bound Encryption to Steal Browser Data

A new malware campaign is distributing a novel Rust-based information stealer dubbed EDDIESTEALER using the popular ClickFix social engineering tactic initiated via fake CAPTCHA verification pages. "This campaign leverages deceptive CAPTCHA verification pages that trick users into executing a...

Malvertising Campaign Hijacks Facebook Accounts to Spread SYS01stealer Malware

Cybersecurity researchers have uncovered an ongoing malvertising campaign that abuses Meta's advertising platform and hijacked Facebook accounts to distribute an information stealer known as SYS01stealer. "The hackers behind the campaign use trusted brands to expand their reach," Bitdefender Labs...

Stealers, stealers and more stealers

Introduction Stealers are a prominent threat in the malware landscape. Over the past year we published our research into several stealers see here, here and here, and for now, the trend seems to persist. In the past months, we wrote several private reports on stealers as we discovered Acrid a new...

Malicious PyPI Packages Slip WhiteSnake InfoStealer Malware onto Windows Machines

Cybersecurity researchers have identified malicious packages on the open-source Python Package Index PyPI repository that deliver an information stealing malware called WhiteSnake Stealer on Windows systems. The malware-laced packages are named nigpal, figflix, telerer, seGMM, fbdebug, sGMM,...

New All-in-One "EvilExtractor" Stealer for Windows Systems Surfaces on the Dark Web

A new "all-in-one" stealer malware named EvilExtractor also spelled Evil Extractor is being marketed for sale for other threat actors to steal data and files from Windows systems. "It includes several modules that all work via an FTP service," Fortinet FortiGuard Labs researcher Cara Lin said. "I...

New All-in-One "EvilExtractor" Stealer for Windows Systems Surfaces on the Dark Web

A new "all-in-one" stealer malware named EvilExtractor also spelled Evil Extractor is being marketed for sale for other threat actors to steal data and files from Windows systems. "It includes several modules that all work via an FTP service," Fortinet FortiGuard Labs researcher Cara Lin said. "I...

Researchers Discover Numerous Samples of Information Stealer 'Stealc' in the Wild

A new information stealer called Stealc that's being advertised on the dark web could emerge as a worthy competitor to other malware of its ilk. "The threat actor presents Stealc as a fully featured and ready-to-use stealer, whose development relied on Vidar, Raccoon, Mars, and RedLine stealers,"...