ClawHub Security Signals: When VirusTotal, Static Analysis, and SkillSpector Disagree

Agent skills extend AI agents with reusable instructions, tools, scripts, references, and workflows, establishing a security boundary distinct from both model safety and traditional package-malware detection. ClawHub Security Signals is a sanitized dataset of 67,453 latest public OpenClaw skill...

Learning to Look Benign: Targeted Evasion of Malware Detectors Via API Import Injection

Machine learning-based malware detectors are widely deployed in antivirus and endpoint detection systems, yet their reliance on static features makes them vulnerable to adversarial manipulation. This paper investigates whether a malware sample can be intentionally misclassified as a specific beni...

Evaluating Retrieval-Augmented Generation for Explainable Malware Analysis

Large Language Models LLMs are increasingly being used as security engineering tools to summarize and explain malware behavior to analysts. A common assumption is that Retrieval-Augmented Generation RAG improves explanation quality by injecting external security knowledge. In this work, we...

Vulnerability fixed in Adobe Acrobat

Adobe has fixed a vulnerability in Adobe Acrobat DC, Actobat Reader DC and Acrobat 2024. A malicious party can exploit the vulnerability to execute arbitrary code on the victim's system. To do this, the malicious party needs to get the victim to open a rogue PDF file. A rogue PDF file uploaded on...

OpenClaw Integrates VirusTotal Scanning to Detect Malicious ClawHub Skills

OpenClaw formerly Moltbot and Clawdbot has announced that it's partnering with Google-owned VirusTotal to scan skills that are being uploaded to ClawHub, its skill marketplace, as part of broader efforts to bolster the security of the agentic ecosystem. "All skills published to ClawHub are now...

Dark Web Roast - October 2025 Edition

Dark Web Roast - October 2025 Edition By Trellix Advanced Research Center · November 13, 2025 Executive Summary Welcome to October 2025, where the cybercrime underground has officially become more absurd than a fever dream. This month’s headline was xltshirt being royally fleeced out of $3,000 fo...

EUVD-2018-2480

Malware in sbrugna...

EUVD-2023-45397

Malicious code in bioql PyPI...

Amcache Evilhunter Tool

AmCache-EvilHunter is a command-line tool to parse and analyze Windows Amcache.hve registry hives, identify evidence of execution, suspicious executables, and integrate VirusTotal/OpenTIP lookups for enhanced threat intelligence...

Someone Created the First AI-Powered Ransomware Using OpenAI's gpt-oss:20b Model

Cybersecurity company ESET has disclosed that it discovered an artificial intelligence AI-powered ransomware variant codenamed PromptLock. Written in Golang, the newly identified strain uses the gpt-oss:20b model from OpenAI locally via the Ollama API to generate malicious Lua scripts in real-tim...

Linux Distros Unpatched Vulnerability : CVE-2021-45429

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A Buffer Overflow vulnerablity exists in VirusTotal YARA git commit: 605b2edf07ed8eb9a2c61ba22eb2e7c362f47ba7 via yrsetconfiguration in yara/libyara/libyara.c,...

This Windows PowerShell Phish Has Scary Potential

ManyGitHub users this week received a novel phishing email warning of critical security holes in their code. Those who clicked the link for details were asked to distinguish themselves from bots by pressing a combination of keyboard keys that causes Microsoft Windows to download password-stealing...

New Attack Technique Exploits Microsoft Management Console Files

Threat actors are exploiting a novel attack technique in the wild that leverages specially crafted management saved console MSC files to gain full code execution using Microsoft Management Console MMC and evade security defenses. Elastic Security Labs has codenamed the approach GrimResource after...

Hackers Exploit Legitimate Packer Software to Spread Malware Undetected

Threat actors are increasingly abusing legitimate and commercially available packer software such as BoxedApp to evade detection and distribute malware such as remote access trojans and information stealers. "The majority of the attributed malicious samples targeted financial institutions and...

Malicious Python Package Hides Sliver C2 Framework in Fake Requests Library Logo

Cybersecurity researchers have identified a malicious Python package that purports to be an offshoot of the popular requests library and has been found concealing a Golang-version of the Sliver command-and-control C2 framework within a PNG image of the project's logo. The package employing this...

When is One Vulnerability Scanner Not Enough?

Like antivirus software, vulnerability scans rely on a database of known weaknesses. That's why websites like VirusTotal exist, to give cyber practitioners a chance to see whether a malware sample is detected by multiple virus scanning engines, but this concept hasn't existed in the vulnerability...

OfflRouter Malware Evades Detection in Ukraine for Almost a Decade

Select Ukrainian government networks have remained infected with a malware called OfflRouter since 2015. Cisco Talos said its findings are based on an analysis of over 100 confidential documents that were infected with the VBA macro virus and uploaded to the VirusTotal malware scanning platform...

China-Linked Hackers Target Myanmar's Top Ministries with Backdoor Blitz

The China-based threat actor known as Mustang Panda is suspected to have targeted Myanmar's Ministry of Defence and Foreign Affairs as part of twin campaigns designed to deploy backdoors and remote access trojans. The findings come from CSIRT-CTI, which said the activities took place in November...

Mac Users Beware: New Trojan-Proxy Malware Spreading via Pirated Software

Unauthorized websites distributing trojanized versions of cracked software have been found to infect Apple macOS users with a new Trojan-Proxy malware. "Attackers can use this type of malware to gain money by building a proxy server network or to perform criminal acts on behalf of the victim: to...

IT threat evolution Q3 2023

IT threat evolution in Q3 2023 IT threat evolution in Q3 2023. Non-mobile statistics IT threat evolution in Q3 2023. Mobile statistics Targeted attacks Unknown threat actor targets power generator with DroxiDat and Cobalt Strike Earlier this year, we reported on a new variant of SystemBC called...