Cybercriminals behind a campaign dubbed DEAD#VAX are taking phishing one step further by delivering malware inside virtual hard disks that pretend to be ordinary PDF documents.
Open the wrong “invoice” or “purchase order” and you won’t see a document at all. Instead, Windows mounts a virtual drive that quietly installs AsyncRAT, a backdoor Trojan that allows attackers to remotely monitor and control your computer. It’s a remote access tool, which means attackers gain remote hands‑on‑keyboard control, while traditional file‑based defenses see almost nothing suspicious on disk.
Read more…
Source: Malwarebytes Labs
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Scammers are targeting World Cup fans
May 16, 2026
We’re less than a month away from the biggest sporting event of the year, the FIFA World Cup, and scammers are already busy stealing money, passwords, and other sensitive data from fans and visitors, experts have warned. Kaspersky has published a breakdown of the different scam techniques cybercriminals are using to target football fans as they ...
- Patch time for Cisco SD-WAN admins as vendor drops yet another make-me-admin zero-day
May 15, 2026
Cisco admins face emergency patch duty after Switchzilla disclosed a max-severity make-me-admin bug affecting Catalyst SD-WAN Controller and Manager. Switchzilla dropped an advisory for CVE-2026-20182 (10.0) on Thursday, saying that both components, formerly known as vSmart and vManage, were vulnerable in all deployment types, and that fixes were available. The bug allows unauthenticated remote attackers to bypass authentication and ...
- Hackers have breached tank readers at US gas stations
May 15, 2026
US officials suspect Iranian hackers are behind a series of breaches of systems that monitor the amount of fuel in storage tanks serving gas stations in multiple states, according to multiple sources briefed on the activity. The hackers responsible have exploited automatic tank gauge (ATG) systems that were sitting online and unprotected by passwords, allowing them in some cases ...
- ShinyHunters: Cyber Criminal Group Attacks Learning Management System
May 15, 2026
The Federal Bureau of Investigation (FBI) is providing this Public Service Announcement (PSA) to warn of potential future impacts related to a cyber-attack that affected an online Learning Management System (LMS), resulting in an interruption of service to educational institutions and students across the country. The LMS platform is now fully operational. ShinyHunters (SH) — which ...
- OpenAI caught in TanStack npm supply chain chaos after employee devices compromised
May 15, 2026
OpenAI says attackers behind the TanStack npm supply chain compromise stole internal credentials after reaching two employee devices, forcing the company to rotate signing certificates for several desktop products. The company disclosed this week that it had been caught up in the wider “Mini Shai-Hulud” campaign targeting npm ecosystems and developer infrastructure, though it said there was no ...
- Another major Linux security issue uncovered – new Fragnesia flaw allows attackers to run malicious code as root
May 14, 2026
Security researchers have discovered a new vulnerability in the Linux kernel which could allow malicious actors to run code with elevated privileges, exposing systems to risk of data theft, malware deployment, and even full device takeover. The vulnerability is tracked as CVE-2026-46300, and was given a severity score of 7.8/10 (high). It’s nicknamed Fragnesia and is ...