What begins as a harmless Android app quickly turns hostile as the Arsink RAT quietly embeds itself into devices, siphoning off SMS messages, contacts, call logs, and media files while granting attackers full remote control. Shifting to Linux, the ShadowHS fileless malware operates entirely in memory, spreading via SSH brute-force attacks to provide stealthy interactive access and credential dumping with minimal forensic traces. Also, the Iran-linked RedKitten campaign leverages social-engineered Excel lures to spy on NGOs, activists, and human rights groups. Keep reading further.
01
The Arsink RAT Android malware campaign continues to proliferate, harvesting SMS, contacts, call logs, media, and enabling remote control of infected devices.
02
A new ShadowHS fileless malware threat has been observed targeting Linux systems via in-memory execution and SSH brute-force spread, offering stealthy interactive access and credential dumping while largely avoiding disk artifacts.
03
The GlassWorm malware/supply-chain compromise in the Open VSX developer ecosystem involved poisoned developer accounts to push malicious VSCode extensions with loaders designed to steal credentials, cryptocurrency wallet data, and developer secrets.
04
Despite being known for years, MongoDB-targeted ransom and extortion attacks against exposed or poorly configured database instances persist, with attackers accessing and encrypting or deleting databases while demanding Bitcoin payments.
05
Cybercriminals are using fake party invitation emails and a convincing landing page to lure victims into downloading an MSI file that installs the legitimate ScreenConnect remote access tool, which is then abused for malicious activity.
06
The RedKitten AI-developed malware campaign — suspected to align with Iranian-nexus threat actors — uses social-engineered Excel lures and a SloppyMIO implant to spy on NGOs, activists, and human rights researchers while relying on GitHub/Google Drive and Telegram for C2.
07
North Korea-affiliated Labyrinth Chollima threat group has reorganized into multiple specialized units to extend its espionage and crypto-theft operations, underscoring evolving state-sponsored malware and operations.
08
Researchers discovered a Windows malware campaign using Pulsar RAT and Stealerv37 that allows hackers to interact with victims through live chat while stealing data.
09
State-sponsored actors compromised the Notepad++ update infrastructure for months, poisoning legitimate update traffic to deliver malicious payloads selectively to high-value targets without exploiting a Notepad++ code flaw.
10
Globally distributed Log4j exploit attempts targeting the long-standing Apache Log4j vulnerabilities continue unabated, with malicious scanning and exploitation infrastructure largely originating from Russia and China.
