VoidLink Malware Targets Linux Cloud Servers
Security researchers have identified VoidLink malware as a new and highly sophisticated framework built specifically for Linux cloud environments. Rather than acting as a single-purpose backdoor, VoidLink functions as a full post-exploitation platform. It focuses on persistence, stealth, and long-term operational control inside virtual machines, containers, and cloud workloads. VoidLink malware reflects a shift in attacker priorities. Cloud servers now
ClickFix BSOD Attack Pushes Malware via Fake Crashes
Fake system crashes have become a powerful tool for modern malware campaigns. Instead of exploiting software flaws, attackers increasingly rely on fear and urgency to push users into dangerous actions. One of the clearest examples of this shift is the ClickFix BSOD attack, which uses convincing Windows Blue Screen of Death visuals to manipulate victims into executing malicious commands themselves.
Glassworm Malware Spreads via Fake Crypto Wallets on macOS
Glassworm malware has emerged as a new threat targeting macOS users who rely on cryptocurrency wallets. The campaign spreads through trojanized wallet applications that appear legitimate but secretly deliver a data-stealing payload. This activity highlights how attackers continue to abuse user trust and familiar software to bypass security controls on macOS systems. Unlike loud ransomware attacks, Glassworm focuses on stealth
WebRat Malware Spreads Through Fake GitHub Exploits
Security researchers have uncovered a deceptive malware campaign that relies on fake vulnerability exploits hosted on GitHub. The operation spreads WebRat malware by targeting developers and security professionals searching for proof-of-concept code tied to newly disclosed flaws. Instead of exploiting software weaknesses, attackers exploit trust, curiosity, and urgency. The campaign highlights a growing problem in security research ecosystems. Threat actors
MacSync Malware Exposes macOS Gatekeeper Weaknesses
MacOS users often trust Apple’s built-in protections to block malicious software. That confidence is now under pressure after researchers uncovered MacSync malware, a stealthy dropper that bypasses Gatekeeper checks and installs follow-up payloads without obvious warnings. The campaign highlights how attackers increasingly rely on abuse of trusted mechanisms instead of exploiting technical vulnerabilities. MacSync does not break macOS security directly.
SantaStealer Malware Targets Browsers and Crypto Wallets
SantaStealer malware has emerged as a new information-stealing threat that focuses on browser data and cryptocurrency wallets, using fake software installers to trick users into executing a malicious Windows payload. Once launched, the malware operates quietly in the background, harvesting sensitive information that attackers can quickly convert into financial gain. Rather than relying on persistence or advanced evasion, SantaStealer reflects
Albiriox Malware Targets 400+ Android Financial Apps
Security researchers warn about the rapid spread of Albiriox malware, a new Android threat built as a malware-as-a-service platform. The campaign focuses on large-scale financial fraud, with operators using the malware to target more than 400 banking, fintech, trading and crypto apps. This model gives even low-skill cybercriminals powerful tools for remote theft and real-time device manipulation. How Albiriox Malware
Chrome Malicious Extension Exposed as Part of ClearFake Attack
A new investigation reveals how a Chrome malicious extension disguised as a translation tool infected browsers with injected scripts and aggressive redirects. Researchers identified the extension as CryptoCopilot, which operated as part of the long-running ClearFake malvertising campaign. The incident highlights the growing risk of malicious code entering trusted platforms like the Chrome Web Store. How the Campaign Operated Guardio
Malicious Blender Models Deliver Stealc Malware to 3D Artists
Malicious Blender models now threaten 3D artists and developers through weaponized project files that deliver the Stealc infostealer. Attackers use these infected assets to compromise creative pipelines and steal valuable credentials. The campaign shows how threat actors shift toward tools used in digital content creation to reach high-value targets. How the Attack Works Security researchers uncovered infected .blend files that
BadAudio malware Exposed in APT24 Espionage Campaigns
Google’s latest threat intelligence report reveals how BadAudio malware powered long-running espionage campaigns linked to APT24. Google researchers analysed activity that began in late 2022 and continued through 2025. Their findings show a coordinated effort built on stealth, layered infection chains, and persistent access methods. The investigation highlights how advanced groups improve their tools while avoiding detection for years. APT24’s
