SantaStealer Malware Targets Browsers and Crypto Wallets
SantaStealer malware has emerged as a new information-stealing threat that focuses on browser data and cryptocurrency wallets, using fake software installers to trick users into executing a malicious Windows payload. Once launched, the malware operates quietly in the background, harvesting sensitive information that attackers can quickly convert into financial gain. Rather than relying on persistence or advanced evasion, SantaStealer reflects

Albiriox Malware Targets 400+ Android Financial Apps
Security researchers warn about the rapid spread of Albiriox malware, a new Android threat built as a malware-as-a-service platform. The campaign focuses on large-scale financial fraud, with operators using the malware to target more than 400 banking, fintech, trading and crypto apps. This model gives even low-skill cybercriminals powerful tools for remote theft and real-time device manipulation. How Albiriox Malware

Chrome Malicious Extension Exposed as Part of ClearFake Attack
A new investigation reveals how a Chrome malicious extension disguised as a translation tool infected browsers with injected scripts and aggressive redirects. Researchers identified the extension as CryptoCopilot, which operated as part of the long-running ClearFake malvertising campaign. The incident highlights the growing risk of malicious code entering trusted platforms like the Chrome Web Store. How the Campaign Operated Guardio

Malicious Blender Models Deliver Stealc Malware to 3D Artists
Malicious Blender models now threaten 3D artists and developers through weaponized project files that deliver the Stealc infostealer. Attackers use these infected assets to compromise creative pipelines and steal valuable credentials. The campaign shows how threat actors shift toward tools used in digital content creation to reach high-value targets. How the Attack Works Security researchers uncovered infected .blend files that

BadAudio malware Exposed in APT24 Espionage Campaigns
Google’s latest threat intelligence report reveals how BadAudio malware powered long-running espionage campaigns linked to APT24. Google researchers analysed activity that began in late 2022 and continued through 2025. Their findings show a coordinated effort built on stealth, layered infection chains, and persistent access methods. The investigation highlights how advanced groups improve their tools while avoiding detection for years. APT24’s

ClickFix Phishing Campaign Hits Global Hotels with Malware
A new ClickFix phishing campaign is sweeping across the hospitality sector, infecting hotel networks with PureRAT malware. Security researchers have uncovered a large-scale campaign impersonating booking platforms like Booking.com and Expedia to compromise hotel administrators and guests alike. The operation leverages social engineering and malware-as-a-service tools, aiming to seize access to hotel extranets, harvest credentials, and conduct fraudulent financial activities.

GlassWorm Malware Returns on OpenVSX with New Extensions
The GlassWorm malware has resurfaced on the OpenVSX registry, signaling a new wave of supply-chain attacks against developers. Only weeks after its first takedown, researchers from Koi Security have discovered three fresh extensions distributing updated variants of the threat. The new malicious uploads: ai-driven-dev.ai-driven-dev, adhamu.history-in-sublime-merge, and yasuyuky.transient-emacs, collectively gathered over 9,000 downloads before their removal. These packages reuse the same

Gootloader Malware Returns Stronger with New Evasion Tricks
After a seven-month silence, Gootloader malware has made a striking return with an upgraded campaign that blends deception and technical precision. Security researchers report that the attackers now rely on fake legal template sites, advanced evasion tricks, and fresh persistence methods to slip past modern defenses. What once began as a simple loader has evolved into a refined infection chain

SesameOp Exploits OpenAI Assistants API for Covert Control
Microsoft’s latest threat report has revealed a worrying trend: attackers are now using artificial-intelligence platforms as part of their command-and-control systems. The newly discovered SesameOp backdoor abuses the OpenAI Assistants API to hide its activity inside normal network traffic. Instead of relying on custom servers or shady hosting, the operators turned OpenAI’s trusted cloud service into their covert communications channel.

NFC Relay Malware Surge Hits Europe: Android Apps Steal Data
A major NFC relay malware surge is hitting Europe, exposing Android users to large-scale payment card theft. Researchers uncovered over 760 malicious apps that exploit the phone’s NFC capabilities to steal credit and debit card data. The attacks are spreading fast, and criminals are now turning the convenience of contactless payments into a gateway for financial fraud. How NFC Relay
