James Rivera

A new ransomware group has compromised at least six healthcare organizations in Taiwan using BYOVD attacks to disable security software before encryption.

A ransomware operation has compromised multiple US educational institutions using stolen VPN credentials. The education sector represents 80% of known victims.

Two rogue browser extensions masquerading as AI tools exfiltrated complete conversation histories from ChatGPT and DeepSeek to attacker-controlled servers every 30 minutes.

A threat actor called RedTeam is selling a $1,500 credential-stuffing tool with built-in scanning, proxy rotation, and multi-protocol support aimed at enterprise VPN infrastructure.

The Russian-linked gang led all ransomware groups on January 6 with attacks spanning wine distributors, art logistics, and medical practices across three countries.

First macOS-focused wave of GlassWorm malware discovered on Open VSX marketplace, stealing cryptocurrency wallets, Keychain passwords, and developer credentials through trojanized extensions.

Hudson Rock research reveals 220 legitimate business websites hijacked for ClickFix malware attacks after admin credentials were stolen by infostealers.

Popular text editor's download page was hijacked for four days in December, serving trojanized installers that steal browser credentials and crypto wallets.

Nine-month-old botnet campaign pivots to exploit CVE-2025-55182 in Next.js, deploying cryptominers and Mirai variants across exposed instances.

The self-propagating VS Code extension worm now replaces Ledger Live and Trezor Suite with trojanized versions. Russian-speaking operators behind campaign.

A five-year investigation ends with extradition to South Korea. The 29-year-old allegedly infected 2.8 million Windows systems through trojanized software activation tools.

Chinese threat actor behind coordinated extension campaigns spanning seven years. Zoom Stealer component harvested corporate meeting credentials from 28 platforms.

New variant distributed as signed and notarized Swift app evades built-in security. Jamf Threat Labs traces evolution from ClickFix techniques to silent installer approach.

Supply chain attack disguised as working WhatsApp API library stole credentials, messages, and linked attacker devices to victim accounts. 56,000+ downloads since May.

Ransomware tracking data shows 63 total claims from 6 groups on December 26. LockBit's revival dominates holiday attack wave targeting reduced security staff.

Federal indictments target Tren de Aragua members who used Ploutus malware to steal over $40 million from U.S. ATMs since 2021.

Massive Android botnet targets set-top boxes and tablets, issued 1.7 billion attack commands in 3 days, briefly surpassing Google in DNS rankings.

Russian-developed infostealer now production-ready after December 16 release, targets browser credentials, crypto wallets, and messaging apps for $175/month.

New $150/month malware platform allows attackers to create weaponized versions of legitimate Android apps while maintaining full functionality.

Security researchers uncover sophisticated steganography attack concealing malicious JavaScript within PNG logo files of 17 Firefox browser extensions.