LONGLEASH Malware Expands Chinese Hacker Router Network
A Chinese state-linked hacking group has developed a new piece of malware that turns ordinary routers into hidden relay points for cyberattacks. Researchers at Cisco Talos have traced this activity to a group tracked as UAT-7810, and the tool at the center of it is called LONGLEASH. The LONGLEASH malware is not just another backdoor. It's built to expand what

ChocoPoC Malware Hides in Fake GitHub Security Exploits
Security researchers have uncovered a malware campaign that turns the tools of the trade against the people who use them. A newly identified threat called ChocoPoC malware is spreading through fake proof-of-concept exploits on GitHub, targeting the very researchers and penetration testers who download these files to study vulnerabilities. The campaign flips a familiar trust relationship on its head, using

Chinese Hackers Deploy Atlas RAT Malware in Europe
A Chinese-speaking cybercrime group has shifted its sights to Europe, deploying a newly discovered remote access trojan called Atlas RAT malware alongside several custom-built tools. The campaign is targeting organizations in Germany, Italy, the United Kingdom, and South Africa. This is a sharp departure from the group's previous focus on East Asia. Researchers tracking the activity have labeled the group

WeedHack Minecraft Malware Has Infected Over 116,000 Systems
Gamers downloading Minecraft mods or cheat tools face a serious threat. A malware campaign called WeedHack Minecraft malware has infected more than 116,000 systems since January 2026, and it is still spreading at a rate of 2,000 to 3,000 new infections every day. The campaign was uncovered by researchers at McAfee Labs and represents one of the more sophisticated attacks

Fake ChatGPT Download Used to Spread Infostealer Malware
Hackers have found a way to turn one of ChatGPT's own features against its users. A newly identified campaign is using ChatGPT's content-sharing tool to display convincing fake outage pages, pushing visitors toward a fake ChatGPT download that installs infostealer malware on their devices. The attack is especially dangerous because it never leaves a legitimate OpenAI domain. How the LLMShare

Microsoft Shuts Down Fox Tempest Malware Operation
A cybercrime group called Fox Tempest turned Microsoft's own software infrastructure into a weapon. The group ran a malware-signing service that let ransomware gangs and other criminals make dangerous software look completely legitimate — and it worked for nearly a year before Microsoft shut it down. Microsoft's Digital Crimes Unit dismantled the operation in May 2026, seizing infrastructure, revoking over

Russia’s Kazuar Malware Has Evolved Into a Modular P2P Botnet
A sophisticated Russian cyber espionage tool has undergone a significant transformation. Kazuar malware, long associated with a Kremlin-linked hacking group, has evolved from a standard backdoor into a fully modular, peer-to-peer botnet engineered for long-term stealth and intelligence collection. New analysis from Microsoft details exactly how far this tool has come — and why it now ranks among the most

JDownloader Malware Attack Replaced Official Installers
A serious JDownloader malware attack exposed users to malicious installers distributed through the software’s official website. Attackers reportedly compromised download links connected to the popular download manager and replaced legitimate files with malware-laced payloads designed to infect Windows and Linux systems. Security researchers warned that the incident highlights the growing danger of software supply chain attacks. Instead of targeting victims

New Beagle Malware Hides Inside Fake Claude AI Installer
A convincing fake website impersonating Anthropic's Claude AI has been caught distributing a previously unknown Windows backdoor. Cybersecurity researchers have named the threat Beagle malware, and it arrives disguised as a legitimate tool aimed squarely at developers. A Fake Site Built to Fool Developers The site in question sits at the domain claude-pro[.]com. It mimics the look of Anthropic's real

North Korea’s BirdCall Android Malware Targets Defectors Focus
A North Korean hacking group has hidden spyware inside the apps of a small regional gaming platform — and the targets are people who fled the regime. Researchers have linked the campaign to ScarCruft, a state-backed group with a long history of surveilling defectors. The discovery of BirdCall Android malware embedded in legitimate game downloads marks a troubling evolution in
