March 12, 2026

Zombie ZIP: The Malware Trick Antivirus Tools Can’t See

A newly documented technique called Zombie ZIP allows malware to hide inside a deliberately malformed archive file, bypassing nearly every major antivirus and endpoint detection tool on the market. Security researcher Chris Aziz of Bombadil Systems discovered the technique and tested it against 51 antivirus engines on VirusTotal. It bypassed 50 of them. The CERT Coordination Center has since issued

Zombie ZIP
February 25, 2026

PromptSpy Android Malware Uses Generative AI at Runtime

PromptSpy Android malware has introduced a new chapter in mobile cyber threats by integrating generative AI directly into its runtime operations. Security researchers recently identified it as the first known Android malware to actively communicate with a large language model while executing on an infected device. This shift moves AI from being a supporting tool for attackers into the core

PromptSpy Android malware
February 24, 2026

Massiv Android Malware Spreads via Fake IPTV Apps

Massiv Android malware has emerged as a new banking threat targeting mobile users through fake IPTV applications. Attackers disguise the malware as a streaming app to trick users into installing it outside official app stores. Once active, it gives criminals deep access to infected devices and allows them to steal sensitive financial data. Security researchers observed the campaign primarily targeting

Massiv Android malware
February 19, 2026

Malware in Coding Challenges Targets Developers Seeking Jobs

Cybercriminals are embedding malware in coding challenges and sending them to developers through fake recruitment campaigns. What looks like a standard technical interview task is, in reality, a carefully constructed infection chain designed to compromise machines and steal sensitive data. Security researchers say this campaign has operated for months and continues to evolve. Instead of relying on obvious phishing emails

Malware in Coding Challenges
February 17, 2026

Malicious 7-Zip Installer Turns PCs Into Proxy Nodes

Cybercriminals are abusing trust in popular software to spread malware at scale. The malicious 7-Zip installer campaign shows how a simple download mistake can quietly turn a personal computer into part of a criminal proxy network. Instead of delivering only the legitimate compression tool, attackers bundled hidden components that operate in the background and grant remote operators control over internet

malicious 7-Zip installer
January 14, 2026

VoidLink Malware Targets Linux Cloud Servers

Security researchers have identified VoidLink malware as a new and highly sophisticated framework built specifically for Linux cloud environments. Rather than acting as a single-purpose backdoor, VoidLink functions as a full post-exploitation platform. It focuses on persistence, stealth, and long-term operational control inside virtual machines, containers, and cloud workloads. VoidLink malware reflects a shift in attacker priorities. Cloud servers now

VoidLink malware
January 6, 2026

ClickFix BSOD Attack Pushes Malware via Fake Crashes

Fake system crashes have become a powerful tool for modern malware campaigns. Instead of exploiting software flaws, attackers increasingly rely on fear and urgency to push users into dangerous actions. One of the clearest examples of this shift is the ClickFix BSOD attack, which uses convincing Windows Blue Screen of Death visuals to manipulate victims into executing malicious commands themselves.

ClickFix BSOD attack
January 3, 2026

Glassworm Malware Spreads via Fake Crypto Wallets on macOS

Glassworm malware has emerged as a new threat targeting macOS users who rely on cryptocurrency wallets. The campaign spreads through trojanized wallet applications that appear legitimate but secretly deliver a data-stealing payload. This activity highlights how attackers continue to abuse user trust and familiar software to bypass security controls on macOS systems. Unlike loud ransomware attacks, Glassworm focuses on stealth

Glassworm malware
December 29, 2025

WebRat Malware Spreads Through Fake GitHub Exploits

Security researchers have uncovered a deceptive malware campaign that relies on fake vulnerability exploits hosted on GitHub. The operation spreads WebRat malware by targeting developers and security professionals searching for proof-of-concept code tied to newly disclosed flaws. Instead of exploiting software weaknesses, attackers exploit trust, curiosity, and urgency. The campaign highlights a growing problem in security research ecosystems. Threat actors

WebRat Malware
December 28, 2025

MacSync Malware Exposes macOS Gatekeeper Weaknesses

MacOS users often trust Apple’s built-in protections to block malicious software. That confidence is now under pressure after researchers uncovered MacSync malware, a stealthy dropper that bypasses Gatekeeper checks and installs follow-up payloads without obvious warnings. The campaign highlights how attackers increasingly rely on abuse of trusted mechanisms instead of exploiting technical vulnerabilities. MacSync does not break macOS security directly.

MacSync Malware