Cybercrime
-
Evelyn Stealer targets VS Code extensions to harvest developer credentials
Trend Micro published a technical analysis describing Evelyn Stealer, an information stealer distributed via malicious VS Code extensions. The malware harvests developer credentials and crypto wallets and uploads data to an FTP server.
-
PDFSider backdoor deployed on Fortune 100 finance firm network
A Resecurity technical analysis found PDFSider, a Windows backdoor, was used to deliver ransomware on a Fortune 100 finance firm’s network. The malware uses DLL side-loading, memory-only execution, DNS exfiltration, and AES-256-GCM encryption.
-
Fake NexShield extension crashes Chrome and Edge to push ModeloRAT
A Huntress technical analysis found that a fake ad blocker called NexShield crashed Chrome and Edge to push malicious commands and install ModeloRAT in corporate environments. Full system cleanup is advised for affected machines.
-
Tennessee man pleads guilty after hacking Supreme Court e-filing system and leaking VA and AmeriCorps data
A Tennessee man pleaded guilty after using stolen credentials to access the Supreme Court e-filing system at least 25 times and to breach AmeriCorps and VA accounts between August and October 2023, prosecutors said.
-
XSS flaw in StealC control panel exposed sessions and millions of cookies
An XSS flaw in the StealC control panel let outsiders harvest system fingerprints, active sessions and cookies. Researchers recovered over 5,000 logs with about 390,000 passwords and more than 30 million cookies.
-
LOTUSLITE backdoor used in campaign targeting U.S. policy entities
Researchers disclosed a campaign on January 16, 2026 that used Venezuela-themed lures to deliver the LOTUSLITE backdoor to U.S. government and policy organizations via ZIP archive and DLL side-loading. Attribution is to Mustang Panda with moderate confidence.
-
Critical Modular DS WordPress plugin flaw exploited in the wild
A CVE-2026-23550 privilege escalation in the Modular DS WordPress plugin is being exploited in the wild. The flaw is patched in version 2.5.2. Update immediately and check for unexpected admin users or malicious changes.
-
Microsoft disrupts RedVDS cybercrime subscription service in U.S. and U.K. action
Microsoft executed coordinated legal action in the U.S. and U.K. to seize RedVDS infrastructure and take its sites offline. RedVDS activity has driven about US $40 million in reported U.S. fraud losses since March 2025.
-
France fines Free and Free Mobile €42 million after breach exposed 24.6 million records
CNIL imposed a collective €42 million fine on Free and Free Mobile after an October 2024 breach exposed 24,633,469 customer records including IBANs. The decision cited weak VPN authentication, ineffective detection and poor data retention controls.
-
Report finds DLL side-loading attack using GitKraken ahost.exe spreads trojans and stealers
A Trellix report says attackers exploit DLL side-loading in a utility tied to the c-ares library to deliver multiple trojans and stealers to employees in commercial and industrial sectors using invoice themed lures in several languages.
