Dark Reading

AsyncRAT Malware Infests Orgs via Python & Cloudflare

The phishing campaign shows how attackers continue to weaponize legitimate cloud services and open source tools to evade ...

WhatsApp Web malware spreads banking trojan automatically

New WhatsApp Web attack spreads self-propagating ZIP files containing Astaroth banking malware through trusted conversations.
The Hacker News

Evelyn Stealer Malware Abuses VS Code Extensions to Steal Developer Credentials and Crypto

Experts reveal Evelyn Stealer malware abusing VS Code extensions to steal developer credentials, browser data, and ...
The Hacker News

Hackers Use LinkedIn Messages to Spread RAT Malware Through DLL Sideloading

Researchers found a LinkedIn phishing campaign delivering a remote access trojan via DLL sideloading, WinRAR SFX files, and ...

Anthropic Backs Python Security With $1.5 Million PSF Partnership

Anthropic committed $1.5 million to the Python Software Foundation to strengthen PyPI and CPython security, targeting ...
SecurityWeek

‘SolyxImmortal’ Information Stealer Emerges

The Python-based information stealer SolyxImmortal uses legitimate APIs and libraries for stealthy data gathering and ...
Dark Reading

'CrashFix' Scam Crashes Browsers, Delivers Malware

The attack consists of a NexShield malicious browser extension, a social engineering technique to crash the browser, and a ...

Learn ethical hacking online with this $36 lifetime bundle! Seats still available

A deeply practical ethical hacking bundle teaches real cybersecurity, pentesting, and bug-bounty skills for just $35.99, ...
CSO Online

CrashFix attack hijacks browser failures to deliver ModelRAT malware via fake Chrome extension

A malicious extension impersonating an ad blocker forces repeated browser crashes before pushing victims to run ...

Astaroth banking malware returns with WhatsApp-based worm targeting Brazil

Dubbed “Boto-Cor-de-Rosa,” the new campaign includes the addition of a WhatsApp web-based worm that allows the malware to spread itself by using a victim’s WhatsApp contacts versus previous Astaroth ...

Hackers are now exploiting the safety of open-source apps to sideload malware, and on LinkedIn of all places

The good news is that not clicking on unknown links avoids it entirely.