Malware

April 21, 2026

In light of geopolitical tensions that occurred in the Caribbean region in late 2025 and early 2026, artifacts associated with the attack chain of a destructive wiping campaign targeting the energy and utilities sector in Venezuela were identified on a publicly available resource. They were uploaded in mid-December. Two batch scripts are responsible for initiating the ...

April 20, 2026

Scammers have found a way to abuse Apple’s email notification system to deliver phishing messages and trick people into giving away sensitive data and system access. Recently, people started receiving emails from the email.apple.com domain, notifying them of a $899 iPhone purchase via PayPal. The email also shared a phone number for the victims to call, ...

April 17, 2026

IoT devices are increasingly prime targets for large-scale attacks due to their widespread use, lack of patching, and often weak security settings. Threat actors continue exploiting known vulnerabilities to gain initial access and deploy malware that can persist, spread, and cause distributed denial-of-service (DDoS) attacks. FortiGuard Labs has analyzed a recent campaign exploiting CVE-2024-3721 in TBK ...

April 15, 2026

Malwarebytes Labs researchers uncovered multiple campaigns distributing an infostealer we track as NWHStealer, using everything from fake VPN downloads to hardware utilities and gaming mods. What makes this campaign stand out isn’t just the malware, but how widely and convincingly it’s being spread. Once installed, it can collect browser data, saved passwords, and cryptocurrency wallet information, ...

April 14, 2026

A new infostealer dubbed Omnistealer is turning the blockchain into a permanent malware hosting platform, which is bad news for both companies and everyday users. It’s pretty common for malware to store its payload on a public platform, ideally one that adds some trustworthiness to the download location, like Google docs, OneDrive, GitHub, npm, PyPI, and ...

April 13, 2026

JanelaRAT is a malware family that takes its name from the Portuguese word “janela” which means “window”. JanelaRAT looks for financial and cryptocurrency data from specific banks and financial institutions in the Latin America region. JanelaRAT is a modified variant of BX RAT that has targeted users since June 2023. One of the key differences between ...

April 6, 2026

SparkCat, a mobile-first infostealer that targets people’s cryptocurrencies, is back with new upgrades that make it more difficult to spot. Cybersecurity researchers Kaspersky claim to have found multiple apps both in the Apple App Store and the Google Play Store delivering the malware. Apple and Google app repositories are generally safe, and knowing the size and ...

April 3, 2026

In late March 2026open on a new tab, Anthropic inadvertently released the internal Claude Code source material as part of an npm package that included a large internal source map file. Although the incident stemmed from a simple packaging mistake, threat actors were quick to capitalize on the resulting attention. Only 24 hours after the ...

April 2, 2026

Building on recent BRICKSTORM research from Google Threat Intelligence Group (GTIG), this post explores the evolving threats facing virtualized environments. These operations directly target the VMware vSphere ecosystem, specifically the vCenter Server Appliance (VCSA) and ESXi hypervisors. To help organizations stay ahead of these risks, we will focus on the essential hardening strategies and mitigating controls ...

April 1, 2026

GIGABYTE Control Center, a Windows utility which comes preloaded with certain computers, carried a critical-severity vulnerability that allowed malicious actors to access files, run code, and trigger denial-of-service conditions on affected devices. The bug has now been addressed and users are advised to patch up without delay. GIGABYTE is a major hardware manufacturer known for, among ...