Flux RSS

Halcyon and Beazley Security track the return of Iranian ransomware group Pay2Key

Python package LiteLLM compromised with credential-stealing malware linked to TeamPCP threat group

Silver Fox pivots from ValleyRAT tax lures to WhatsApp‑style stealers, blending espionage & phishing

Ghost npm campaign fakes install logs to steal sudo passwords and drop RATs that loot crypto and data

Russian cybercriminal Aleksei Volkov has received close to seven years behind bars for role in Yanluowang ransomware

New Trivy Docker images 0.69.5 and 0.69.6 compromised with TeamPCP infostealer, impacting CI/CD scans

A ransomware gang that claims to be a group of "investigative journalists"? Meet LeakNet - the group using fake CAPTCHA pages to trick employees into hacking themselves. Read more in my article on the Fortra blog.

Mobile banking malware targets over 1200 financial apps globally, shifting fraud to user devices

ShieldGuard Chrome extension posed as a crypto security tool but stole wallets and drained user data

The FBI wants to hear from gamers who have downloaded Steam titles containing malware

PixRevolution Android trojan hijacks Brazil’s PIX payments in real time using accessibility abuse

The pro-Iran Handala group claims to have wiped 200,000 systems in destructive wiper malware attack on US firm Stryker

A Wikipedia security engineer accidentally wakes a dormant JavaScript worm that hadn't stirred since 2024 - and within minutes, giant woodpecker images are plastered across the internet's favourite encyclopaedia. Meanwhile, a crypto contractor hired to help the US Marshals manage seized digital assets allegedly decides to help himself to $46 million of it - and then brags about it on a recorded Telegram call. Plus: Graham champions Asterix, Trisha discovers the fantasy novels of Robin Hobb, and someone called "Lick" ends up in the nick. All this, and much more, in episode 458 of the "Smashing Security" podcast with cybersecurity veteran Graham Cluley, and special guest Tricia Howard.

Over 250 legitimate websites, including news outlets and a US Senate candidate’s official webpage, been compromised to infect visitors with infostealers, warn Rapid7 researchers

BlackSanta malware targets HR staff with fake resumes, kills EDR and steals system data

A bank, an airport, a non-profit and the Israeli branch of a US software company were among the targets of this new MuddyWater campaign

Malware campaign uses Ukrainian email service for credibility, deploying "BadPaw" to execute attacks

Chainalysis reveals a big surge in median ransomware payment size in 2025 despite overall drop in criminal revenue

There is a certain poetic justice in a cybersecurity-related story that has emerged from Moscow this week: A man has been accused of trying to extort money... from a notorious Russian ransomware gang. Read more in my article on the Hot for Security blog.

UNC2814 hit 53 victims in 42 countries with novel backdoor in decade long cyber espionage operation