Chrome Malicious Extension Exposed as Part of ClearFake Attack
A new investigation reveals how a Chrome malicious extension disguised as a translation tool infected browsers with injected scripts and aggressive redirects. Researchers identified the extension as CryptoCopilot, which operated as part of the long-running ClearFake malvertising campaign. The incident highlights the growing risk of malicious code entering trusted platforms like the Chrome Web Store. How the Campaign Operated Guardio
Malicious Blender Models Deliver Stealc Malware to 3D Artists
Malicious Blender models now threaten 3D artists and developers through weaponized project files that deliver the Stealc infostealer. Attackers use these infected assets to compromise creative pipelines and steal valuable credentials. The campaign shows how threat actors shift toward tools used in digital content creation to reach high-value targets. How the Attack Works Security researchers uncovered infected .blend files that
BadAudio malware Exposed in APT24 Espionage Campaigns
Google’s latest threat intelligence report reveals how BadAudio malware powered long-running espionage campaigns linked to APT24. Google researchers analysed activity that began in late 2022 and continued through 2025. Their findings show a coordinated effort built on stealth, layered infection chains, and persistent access methods. The investigation highlights how advanced groups improve their tools while avoiding detection for years. APT24’s
ClickFix Phishing Campaign Hits Global Hotels with Malware
A new ClickFix phishing campaign is sweeping across the hospitality sector, infecting hotel networks with PureRAT malware. Security researchers have uncovered a large-scale campaign impersonating booking platforms like Booking.com and Expedia to compromise hotel administrators and guests alike. The operation leverages social engineering and malware-as-a-service tools, aiming to seize access to hotel extranets, harvest credentials, and conduct fraudulent financial activities.
GlassWorm Malware Returns on OpenVSX with New Extensions
The GlassWorm malware has resurfaced on the OpenVSX registry, signaling a new wave of supply-chain attacks against developers. Only weeks after its first takedown, researchers from Koi Security have discovered three fresh extensions distributing updated variants of the threat. The new malicious uploads: ai-driven-dev.ai-driven-dev, adhamu.history-in-sublime-merge, and yasuyuky.transient-emacs, collectively gathered over 9,000 downloads before their removal. These packages reuse the same
Gootloader Malware Returns Stronger with New Evasion Tricks
After a seven-month silence, Gootloader malware has made a striking return with an upgraded campaign that blends deception and technical precision. Security researchers report that the attackers now rely on fake legal template sites, advanced evasion tricks, and fresh persistence methods to slip past modern defenses. What once began as a simple loader has evolved into a refined infection chain
SesameOp Exploits OpenAI Assistants API for Covert Control
Microsoft’s latest threat report has revealed a worrying trend: attackers are now using artificial-intelligence platforms as part of their command-and-control systems. The newly discovered SesameOp backdoor abuses the OpenAI Assistants API to hide its activity inside normal network traffic. Instead of relying on custom servers or shady hosting, the operators turned OpenAI’s trusted cloud service into their covert communications channel.
NFC Relay Malware Surge Hits Europe: Android Apps Steal Data
A major NFC relay malware surge is hitting Europe, exposing Android users to large-scale payment card theft. Researchers uncovered over 760 malicious apps that exploit the phone’s NFC capabilities to steal credit and debit card data. The attacks are spreading fast, and criminals are now turning the convenience of contactless payments into a gateway for financial fraud. How NFC Relay
PhantomRaven Malware Targets npm Supply Chain
The PhantomRaven malware campaign has struck the npm ecosystem, compromising 126 open-source packages and putting thousands of developers at risk. Security researchers uncovered that these malicious packages were designed to exfiltrate credentials, tokens, and sensitive data directly from developer environments. This large-scale attack underscores the growing threat of supply-chain compromise in open-source software. How PhantomRaven Malware Works PhantomRaven malware infiltrates
Atroposia Malware: Hackers Exploit Systems with Local Scanner
A new threat known as Atroposia malware is making waves in the cybersecurity world. Researchers have identified it as a highly advanced Remote Access Trojan (RAT) that not only grants attackers full control over compromised systems but also scans them for weaknesses. By embedding a local vulnerability scanner, Atroposia changes how cybercriminals approach exploitation, blending data theft with automated reconnaissance.
