JDownloader Malware Attack Replaced Official Installers
A serious JDownloader malware attack exposed users to malicious installers distributed through the software’s official website. Attackers reportedly compromised download links connected to the popular download manager and replaced legitimate files with malware-laced payloads designed to infect Windows and Linux systems. Security researchers warned that the incident highlights the growing danger of software supply chain attacks. Instead of targeting victims
New Beagle Malware Hides Inside Fake Claude AI Installer
A convincing fake website impersonating Anthropic's Claude AI has been caught distributing a previously unknown Windows backdoor. Cybersecurity researchers have named the threat Beagle malware, and it arrives disguised as a legitimate tool aimed squarely at developers. A Fake Site Built to Fool Developers The site in question sits at the domain claude-pro[.]com. It mimics the look of Anthropic's real
North Korea’s BirdCall Android Malware Targets Defectors Focus
A North Korean hacking group has hidden spyware inside the apps of a small regional gaming platform — and the targets are people who fled the regime. Researchers have linked the campaign to ScarCruft, a state-backed group with a long history of surveilling defectors. The discovery of BirdCall Android malware embedded in legitimate game downloads marks a troubling evolution in
GlassWorm Malware Returns With 73 Sleeper Extensions
Developers who use VS Code-compatible editors have a new threat to watch out for. GlassWorm malware has resurfaced in a fresh wave of attacks, this time through 73 fake extensions planted inside the OpenVSX marketplace. The extensions looked completely clean at upload. Then, after collecting installs, they received silent updates that activated hidden malware. It is a calculated tactic —
Firestarter Malware Hides on Cisco Firewalls After Patching
A dangerous backdoor called Firestarter malware is persisting on Cisco network security devices even after administrators apply security patches and reboot their systems. U.S. and British cybersecurity agencies issued a joint warning this week, revealing that the implant has been found on a federal government network and can outlast standard remediation efforts. For organizations that rely on Cisco firewalls to
Lotus Wiper Malware Targets Venezuela’s Energy Sector
A newly discovered cyberweapon is raising serious concerns about the security of critical infrastructure. Lotus Wiper malware was deployed against energy and utility organizations in Venezuela in late 2025, and unlike most malicious software, it was built for one purpose: permanent destruction. There was no ransom demand, no data theft, and no path to recovery. Once Lotus Wiper malware executes,
NGate Android Malware Steals Card Data via HandyPay
A dangerous piece of Android malware is back with a new disguise. NGate, which security researchers first identified in 2024, now poses as a legitimate NFC payment app called HandyPay. Once installed, it silently captures data from the victim's physical bank card and sends it straight to an attacker waiting at an ATM. No card theft required. The NGate Android
AgingFly Malware Hits Ukrainian Hospitals and Government
A newly discovered threat called AgingFly malware has been striking Ukrainian hospitals, emergency services, and local government bodies in a campaign that ran from March through April 2026. The attacks, identified by Ukraine's Computer Emergency Response Team (CERT-UA), are designed to steal login credentials, extract sensitive data from messaging apps, and hand attackers full remote control over infected systems. The
LucidRook Malware Targets NGOs and Universities in Taiwan
A sophisticated new threat has emerged from the cybersecurity research community's radar. LucidRook malware is the name researchers have given to a newly identified tool used in highly targeted spear-phishing attacks against non-governmental organizations and universities in Taiwan. The attacks, first observed in October 2025, were not the work of opportunistic criminals. They bear the hallmarks of a disciplined, well-resourced
Fake Claude Code Repos on GitHub Are Spreading Malware
Anthropic's accidental leak of the Claude Code source code on March 31 set off a frenzy of downloads across GitHub. Developers, researchers, and the simply curious all rushed to grab the exposed files. Criminals saw that rush and moved fast. Within 24 hours, fake GitHub repositories carrying Claude Code malware were live — and actively appearing in Google search results
