Pirated software remains a goldmine for cybercriminals, and LummaC2 is cashing in. The malware has adopted a new distribution method, disguised as a cracked version of Total Commander. A fake Chrome update is making the rounds, but instead of improving security, it’s ripping credentials straight from victims’ devices. Masquerading as a browser update, the malicious app DriverEasy quietly steals passwords and sends them to a Dropbox API-controlled exfiltration server. An individual named ExploitWhispers has leaked internal Matrix chat logs from the Black Basta ransomware gang, revealing sensitive information. Read on for more.
01
ASEC has discovered a new distribution method for the LummaC2 malware, which is disguised as a cracked version of the Total Commander file management tool for Windows.
02
A malicious application, DriverEasy, disguises itself as a genuine Google Chrome update to steal user credentials, utilizing Dropbox's API to exfiltrate sensitive data, including passwords.
03
The Shadowpad malware family has targeted at least 21 companies across 15 countries in Europe, the Middle East, Asia, and South America, with more than half of the targets being in the manufacturing industry.
04
The China-linked cyber espionage group, Salt Typhoon, has been using a custom-built utility called JumbledPath to spy on U.S. telecommunication providers, according to a report by Cisco Talos researchers.
05
A new, highly sophisticated payment card skimming campaign has been discovered, which exploits Stripe's deprecated API to verify card details before stealing them, ensuring only valid information is taken.
06
An unknown individual, ExploitWhispers, has leaked an archive of internal Matrix chat logs belonging to the Black Basta ransomware operation, containing phishing templates, cryptocurrency addresses, and victims' credentials.
07
North Korean-linked cybercriminal group DeceptiveDevelopment has been targeting freelance software developers, particularly those involved in cryptocurrency and decentralized finance projects.
08
Security researchers found two critical vulnerabilities—CVE-2024-53900 and CVE-2025-23061—in Mongoose, an Object Data Modeling library for MongoDB.
09
The Darcula PhaaS platform is set to release its third major version, Darcula Suite, which will allow users to create their own phishing kits to target any brand.
10
Unit 42 found connections between the infrastructure used by Stately Taurus and the Bookworm malware, indicating continuity in tactics since its initial discovery in 2015.
