Internet threat news

Sancionated Crypto Mixer Tornado Cash Hijacked

Following a tweet by samczum and subsequent investigations by journalists at Bloomberg, the sanctioned crypto mixer has suffered the cryptocurrency version of a hostile takeover.

Threat Actors Actively Exploiting WordPress Plugin Flaw

According to a recent report by Akamai, threat actors are actively looking to exploit a critical vulnerability found in a WordPress plugin, some 24 hours after proof-of-concept code was released to the public at large.

State-Sponsored Threat Actors Exploiting PaperCut Vulnerabilities

Last week this publication covered how ransomware operations were exploiting recently disclosed and patched PaperCut server vulnerabilities. According to PaperCut, the vulnerabilities, if exploited, can allow for remote code execution.

New Malware Granting Threat Actors Hidden VNC Access

According to a new report published by Elastic Security Labs, their security researchers discovered a new malware strain dubbed LOBSHOT.

The discovery was made when researchers notices a spike a malvertising campaigns at the start of  2023, where threat actors distributed malware strains using an elaborate scheme of fake websites through Google Ads.

Ransomware Gangs Actively Exploiting PaperCut Server Vulnerabilities

In March 2023, two vulnerabilities were patched in the PaperCut Application Server, both of which would allow a threat actor, if exploited, to perform unauthenticated remote code execution and information disclosure.

Action1 RMM Seen Abused In Ransomware Attacks

Following several reports from security firms, it appears that ransomware operators are abusing the remote monitoring and management (RMM) product Action1 RMM which is used by Managed Service Providers (MSPs) to manage endpoints on customer networks remotely.

Security Researchers Discover The Fastest Known Ransomware Variant Rorschach

In a recently published report by security firm Check Point, a newly discovered ransomware is breaking new records for the fastest encryptor. That might be the headlining grabbing feature of Rorschach, but the malware’s developers have looked to use the best features from several other variants to create a frightening foe for those tasked to defend IT infrastructure.

New BlackGuard Variant Capable Of Targeting 57 Wallets And Extensions

Security researchers for the major telecommunications company AT&T have discovered a new variant of BlackGuard, a new info stealer that is gaining popularity with threat actors using underground hacking forums.

This new variant is actively being distributed in the wild and boosts several new features, including targeting crypto wallets and related cryptocurrency extensions.

Emotet Returns With A Sneaky Way To Avoid Detection

On March 7, 2022, Bleeping Computer broke the news that Emotet activity had surged back to life and the malware was once again facilitating the sending of malicious spam emails.

After a three-month break, the malware’s operators deemed it was time to ramp up operations once more from an all too brief hiatus. Emotet’s operators have been known to take extended periods away from time to time only to resurface a few months later.

LockBit’s Ever-Increasing Victim List

Recent news articles have shone a light on LockBit’s current operations which seem to be yielding results in encrypting data and putting a halt to several organizations' operations. The most recent of which is Essendant, a wholesale distributor of stationery and office supplies owned by Staples. The company generates over 5.4 billion USD in annual revenue and employs more than 6,400 people.

Phishing Campaign Targeting Eastern Europe Delivers Remcos RAT Malware

Security firm Sentinel One just published a report detailing how a phishing campaign used to target victims in Eastern Europe is being used to deliver the Remcos RAT and DBateLoader malware strains. As with so many malware distribution campaigns, things kick off with a phishing email campaign, in this instance a fake invoice sent from already compromised email accounts.

APT27 Develops Linux Version of their Malware

Chinese advanced persistent threat group, APT27, also known as Bronze Union, Emissary Panda, Iron Tiger, Lucky Mouse, or TG-3390, is now developing Linux version of their custom malware payloads. The group is best known for its cyber espionage abilities by leveraging custom malware packages. With the move to developing Linux versions, security researchers believe they will be able to better target enterprise network solutions built on the operating system.

New Post-Exploit Kit Linked to LockBit

For many of the readers of this publication they will be aware of the heyday of exploit kits, effective toolsets to take advantage of vulnerable software packages. When Adobe’s Flash and Microsoft’s Internet Explorer had significant market dominance these toolkits were far more common and used to gain access to victims’ machines.

Porsche South Africa Hit by Possible Ransomware Attack

On February 21, 2023, South African publication MyBroadband published an article noting that Porshe South Africa’s headquarters in Johannesburg had possibly suffered a ransomware attack.


Page 1 of 50

<< Start < Prev 1 2 3 4 5 6 7 8 9 10 Next > End >>
About PCrisk

PCrisk logo

PCrisk is a cyber security portal, informing Internet users about the latest digital threats. Our content is provided by security experts and professional malware researchers. Read more about us.

Malware activity

Global malware activity level today:

Medium threat activity

Increased attack rate of infections detected within the last 24 hours.

Virus and malware removal

This page provides information on how to avoid infections by malware or viruses and is useful if your system suffers from common spyware and malware attacks.

Learn about malware removal