Chinese Hackers Deploy Atlas RAT Malware in Europe
A Chinese-speaking cybercrime group has shifted its sights to Europe, deploying a newly discovered remote access trojan called Atlas RAT malware alongside several custom-built tools. The campaign is targeting organizations in Germany, Italy, the United Kingdom, and South Africa. This is a sharp departure from the group's previous focus on East Asia. Researchers tracking the activity have labeled the group
WeedHack Minecraft Malware Has Infected Over 116,000 Systems
Gamers downloading Minecraft mods or cheat tools face a serious threat. A malware campaign called WeedHack Minecraft malware has infected more than 116,000 systems since January 2026, and it is still spreading at a rate of 2,000 to 3,000 new infections every day. The campaign was uncovered by researchers at McAfee Labs and represents one of the more sophisticated attacks
Fake ChatGPT Download Used to Spread Infostealer Malware
Hackers have found a way to turn one of ChatGPT's own features against its users. A newly identified campaign is using ChatGPT's content-sharing tool to display convincing fake outage pages, pushing visitors toward a fake ChatGPT download that installs infostealer malware on their devices. The attack is especially dangerous because it never leaves a legitimate OpenAI domain. How the LLMShare
Microsoft Shuts Down Fox Tempest Malware Operation
A cybercrime group called Fox Tempest turned Microsoft's own software infrastructure into a weapon. The group ran a malware-signing service that let ransomware gangs and other criminals make dangerous software look completely legitimate — and it worked for nearly a year before Microsoft shut it down. Microsoft's Digital Crimes Unit dismantled the operation in May 2026, seizing infrastructure, revoking over
Russia’s Kazuar Malware Has Evolved Into a Modular P2P Botnet
A sophisticated Russian cyber espionage tool has undergone a significant transformation. Kazuar malware, long associated with a Kremlin-linked hacking group, has evolved from a standard backdoor into a fully modular, peer-to-peer botnet engineered for long-term stealth and intelligence collection. New analysis from Microsoft details exactly how far this tool has come — and why it now ranks among the most
JDownloader Malware Attack Replaced Official Installers
A serious JDownloader malware attack exposed users to malicious installers distributed through the software’s official website. Attackers reportedly compromised download links connected to the popular download manager and replaced legitimate files with malware-laced payloads designed to infect Windows and Linux systems. Security researchers warned that the incident highlights the growing danger of software supply chain attacks. Instead of targeting victims
New Beagle Malware Hides Inside Fake Claude AI Installer
A convincing fake website impersonating Anthropic's Claude AI has been caught distributing a previously unknown Windows backdoor. Cybersecurity researchers have named the threat Beagle malware, and it arrives disguised as a legitimate tool aimed squarely at developers. A Fake Site Built to Fool Developers The site in question sits at the domain claude-pro[.]com. It mimics the look of Anthropic's real
North Korea’s BirdCall Android Malware Targets Defectors Focus
A North Korean hacking group has hidden spyware inside the apps of a small regional gaming platform — and the targets are people who fled the regime. Researchers have linked the campaign to ScarCruft, a state-backed group with a long history of surveilling defectors. The discovery of BirdCall Android malware embedded in legitimate game downloads marks a troubling evolution in
GlassWorm Malware Returns With 73 Sleeper Extensions
Developers who use VS Code-compatible editors have a new threat to watch out for. GlassWorm malware has resurfaced in a fresh wave of attacks, this time through 73 fake extensions planted inside the OpenVSX marketplace. The extensions looked completely clean at upload. Then, after collecting installs, they received silent updates that activated hidden malware. It is a calculated tactic —
Firestarter Malware Hides on Cisco Firewalls After Patching
A dangerous backdoor called Firestarter malware is persisting on Cisco network security devices even after administrators apply security patches and reboot their systems. U.S. and British cybersecurity agencies issued a joint warning this week, revealing that the implant has been found on a federal government network and can outlast standard remediation efforts. For organizations that rely on Cisco firewalls to
