CSO Supply chain blast: Top npm package backdoored to drop dirty RAT on dev machines Hijacked maintainer account let attackers slip cross-platform trojan into 100M-downloads-a-week Axios
Security Study finds humans not completely useless at malware detection Some pinpointed software nasties but were suspicious of printer drivers too
Research China caught – again – with its malware in another nation's power grid 'Obtaining a disruptive capability could be one possible motivation behind this surge in attacks'
Research Qbot malware adapts to live another day … and another … Operators stay ahead of defenders with new access methods and C2 infrastructure
CSO That 3CX supply chain attack keeps getting worse: Other vendors hit Also, Finland sentences CEO of breach company to prison (kind of), and this week's laundry list of critical vulns
Cyber-crime Russian charged with smuggling US counterintel tech to Motherland Also, don't download that 'ChatGPT Windows client,' and this week's critical vulnerabilities to keep an eye on
Cyber-crime Gootloader malware updated with PowerShell, sneaky JavaScript Perhaps a good time to check for unwelcome visitors
Research Dridex malware pops back up and turns its attention to macOS Malware testers spot attempt to attack Macs. But (try not to weep for the bad guys) there are still compatibility issues with MS exe files
Security Godfather malware makes banking apps an offer they can’t refuse No horse heads in beds...that we know of
Research Legit Android apps poisoned by sticky 'Zombinder' malware Sure, go ahead and load APKs instead of using an app store. You won't enjoy the results
Research Good news, URSNIF no longer a banking trojan. Bad news, it's now a backdoor And one designed to slip ransomware and data-stealing code onto infected machines
Patches WordPress-powered sites backdoored after FishPig suffers supply chain attack And two other security snafus in this web publishing world
Security Cybercriminals target games popular with kids to distribute malware Kaspersky research finds Minecraft and Roblox have the most malicious files associated with them
Security ‘Precursor malware’ infection may be sign you're about to get ransomware, says startup As more and more biz pays up to restore data, we're told
Security China thrilled it captured already-leaked NSA cyber-weapon Not now with your mischief, Beijing
AI + ML Techniques to fool AI with hidden triggers are outpacing defenses – study Here's how to catch up with those poisoning machine-learning systems
Legal Software engineer jailed for 2 years after using RATs and crypters to steal underage victims' intimate pics Another one who pleaded autism in mitigation
Security It's the flu season – FluBot, that is: Surge of info-stealing Android malware detected And a bunch of bank-account-raiding trojans also identified
Security Trojan Source attack: Code that says one thing to humans tells your compiler something very different, warn academics Bidirectional character attack – simple and nightmarish
Security Cred-stealing trojan harvests logins from Chromium browsers, Outlook and more, warns Cisco Talos Masslogger evolution rears its ugly head, $30 gets you three month license to cause carnage
Security Weeks before US oil contract prices went negative, a spear-phishing crew went after oil firms. What did they get? Who wants to know about their biz plans? Someone determined
Security Please, just stop downloading apps from unofficial stores: Android users hit with 'unkillable malware' Picked up xHelper 'matryoshka' trojan? Best to just nuke the site from orbit
Science There's a cling-on off the starboard bow... Small moon spotted orbiting asteroid NASA's Lucy will visit in 2027 Tch-oh, you wait for one cosmic rock and then two show up
Security Feds slap $5m bounty on 'Evil Corp' Russian duo accused of running ZeuS, Dridex banking trojans Account-draining malware masterminds charged but remain in motherland
Security Who needs malware? IBM says most hackers just PowerShell through boxes now, leaving little in the way of footprints Direct-to-memory attacks now account for 57 per cent of hacks, apparently
Security Fancy Bear hacker crew Putin dirty RATs in Word documents emailed to govt orgs – report Disguised as files about recent Lion Air crash, no less
Security US-CERT warns of more North Korean malware 'Typeframe' springs from the same den as 'Hidden Cobra'
Security Hackers tiptoe out, launch Silence trojan, quietly raid banks of meeelllions They're exploiting already infected bodies, say researchers
Security Another banking trojan is trying to loot your cryptocurrency wallets Trickbot variant adds Coinbase exchange to monitored sites
Security For all the chaos it sows, fewer than 1% of threats are actually ransomware It does a pretty good job of ruining everything
Security Say hello to Dvmap: The first Android malware with code injection Trojan deletes root access to dodge detection
Security 64-bit malware threat may be itty-bitty now, but it's only set to grow Upgrade and they will come
Security Media players wide open to malware fired from booby-trapped subtitles VLC, Kodi, Popcorn Time and Stremio were all vulnerable
Security FireEye calls Shim-anigans: Bank-raiding hackers switch tactics Game's the same, just got more fierce, apparently
Security Recruiters considered really harmful: Devs on GitHub hit with booby-trapped fake job emails All the more reason to reject new_position_offer.docx
Legal FBI secures guilty plea from Russian bot-herder Ebury infections for fun and profit, sentencing in August
Security TeamSpy hackers get the crew back together after four-year hiatus Remote-control app hijacked for use as snooping tool – again
Security Mega UK hospitals trust Barts says IT borkage was due to trojan – not ransomware Oh, well, that's all right then
Security Brother-and-sister duo arrested over hacking campaign targeting Italy's bigwigs EyePyramid operation targeted politicians and business leaders
Science NASA plans seven-year trip to Jupiter – can we come with you, please? Mighty Trojan probe will eye up biggest metal ball in Solar System
Security New Android-infecting malware brew hijacks devices. Why, you ask? Your router 1,280 Wi-Fi networks have fallen victim to the Switcher
Security Bad news, fandroids: Mobile banking malware now encrypts files First Faketoken stole credentials, now it holds data to ransom
Security Hospital info thief malware puts itself into a coma to avoid IT bods Software nasty also uses steganography to inject poison payload
Security Google to patch Chrome mobile hole after bank trojan hits 318k users Flaw allowing ads to offer dodgy apps won't be fixed for about three weeks
Security Hax0rs sow Discord by using VoIP service to sling malware at gamers Not even playtime's safe these days
Security Double-dipping malware steals iOS creds and roots Android Old Apples, modded Androids, most at risk from Chinese DualToy trojan
Security Sneaky Gugi banking trojan sidesteps Android OS security barricades Overlay malware gets angry if you try and say no
Security Boffins design security chip to spot hidden hardware trojans in processors When fabs go rogue
Security Eye of Sauron-themed trojan targets Russia, Sweden Necromancer-loving author wrote 'tricky' malware at its core
Security Sofacy NotSoGood: Time to switch up our Trojan-slinging tactics US gov employee sent dodgy attachment by 'foreign ministry'
Security Flash. Bang. Wallet: Marcher crooks target UK Android users Mobile banking trojan matches banks' look and feel
Legal Russia launches raids over Sberbank heist Lurk trojan attack lands 18 behind bars in FSB dragnet
Security Gozi trojan mastermind sentenced by US court to time served Miscreant turned FBI informant gets out after 37 months
Legal SpyEye duo behind bank-account-emptying malware banged up Billion-dollar Russian Trojan team in the tank for quarter of a century in the US
Security Brazilian and Russian cybercrooks collaborating to create more potent threats Borrowed technologies, code obfuscation, and a lot more in their bag of tricks
Security US bank fended off 513 trojans last year alone Even after all these years, it pays to beware of geeks bearing code
Security Wait! Where did you get that USB? Super-stealthy trojan only drives stick Snoop-proofed trickster targets air-gapped systems
Channel Millions menaced as ransomware-smuggling ads pollute top websites msn.com, nytimes.com, aol.com et al hit by malware-injecting banners
Security Android trojan Triada implants itself into older mobes' 'brains' First time this one's been seen in the wild, says Kaspersky
Security Android Xbot trojan poses as banking app, nicks your login creds A Swiss Army knife for mobile ne'er do wells
Security BlackEnergy trojan also hit Ukrainian mining firm and railway operator There be nasties out east, y'know
Security Inside Adwind: A DIY malware toolkit used by 1,800 crooks to spy on 443k victims RAT entrails dissected
Security SlemBunk slamdunk: Mobile banking Trojans found worldwide Malware masquerading as 33 real bank apps
Security German surfers blitzed by widespread malvertising campaign Ads attack users through Angler, Neutrino Exploit Kits
Security 20-yr-old Brazilian births 100 banking trojans Who cares about OPSEC with slack laws and busy cops?
Security High-level, state-sponsored Naikon hackers exposed No naming names as to who sent them, but they speak Chinese
Networks Fraudsters target Nazi Android malware at Russian bank customers Accomplices cuffed in fascist mobile zombie menace swoop
Security Fareit trojan pwns punters with devious DNS devilry These are NOT the Flash updates you are looking for
Security Rap for fap stack in hack trap flap: This XXX site caught an STI (Script Transmitted Infection) If you surfed to this grumble-flick palace, check yourself
Security Does your mate send smut vids on Facebook? 1. That's a bit weird. 2. It may be malware PwC bod warns of fake Flash upgrades doing the rounds
Legal Beware Brit cops bearing battering rams. Four nabbed over Trojan claims Rozzers join international Europol operation
Security The ULTIMATE CRUELTY: Sandworm uses PowerPoint against Swiss bank customers From espionage to cybercrime
Security Show Mother Russia you love her: Click HERE and AHHH NYET! That Kelhios badness is infecting you - securobods
Security SynoLocker Trojan crime gang: We QUIT this gig Hold 'closing down sale' as they hotfoot it to ... island?
Security Why no one smells a RAT: Trojan uses YAHOO WEBMAIL to pick up instructions Badness uses innocent-looking mailer for c&c ops
Security FBI and pals grab banking Trojan zombielord's joystick 'Shylock' mostly spread through LEGIT websites
Security So which miscreants wrote the CosmicDuke info-slurping nasty? Finnish researchers spot link to long-ago anti-NATO attacks
Security Secluded HijackRAT: Monster mobile malware multitool from HELL Probably has feature for getting banking details out of horses' hooves
Security Attackers fling Stuxnet-style RATs at critical control software in EUROPE SCADA/ICS systems under attack, warns F-Secure
Security Student promises Java key to unlock Simplocker ransomware Scary malware so ... er ... simple even an undergrad can crack it
Security Entirely new trojan quietly wheeled into black hat forums Pandemiya is 25,000 lines of original password-pinching botnet badassery
Security Dodgy installer drops Trojan in Japanese Buffalo update Caught before it spread too far, thankfully
Security Cops crimp global perve-cam attacks BlackShades-wielding script kids cuffed on three continents
Channel Not your father's spam: Trojan slingers attach badness to attachment WITHIN attachment Banking baddies in recursive ruse
