AI-generated malware
-
SentinelOne finds old malware that may have aimed to sabotage engineering software
SentinelOne says it found old malware that may have been built to sabotage engineering and physics simulation software. The sample appears to predate Stuxnet by years and may have targeted precision calculation tools used in several technical fields.
-
UNC6692 Uses Microsoft Teams Help Desk Impersonation to Push Custom Malware
UNC6692 used Microsoft Teams help desk impersonation, email bombing and a custom malware chain to target corporate users, according to Mandiant. The activity included credential harvesting, remote access, tunneling and later-stage network movement.
-
WordPress plugin suite hacked to push malware to thousands of sites
More than 30 WordPress plugins in the EssentialPlugin package were compromised with malicious code, affecting hundreds of thousands of installations. The malware could push spam pages and redirects, and WordPress.org issued a forced update.
-
Google links Axios npm compromise to suspected North Korean group
Google has linked the Axios npm supply chain compromise to a suspected North Korean group after attackers pushed trojanized package versions that could deliver malware to Windows, macOS and Linux systems.
-
Armenian Extradited to U.S. on Charges of Helping Run RedLine Infostealer
Hambardzum Minasyan, an Armenian national, was extradited to the U.S. and charged with helping manage the RedLine infostealer operation by registering servers, domains and a cryptocurrency account used for affiliate payments; he faces federal counts that carry up to 30 years in prison.
-
Researchers identify suspected AI-assisted Slopoly backdoor used by Hive0163
Researchers identified a suspected AI-generated PowerShell backdoor called Slopoly used by the cybercrime group Hive0163 in early 2026. The backdoor established persistence and beaconed to a command server while analysts examined code patterns.
-
GitLab analysis exposes North Korean fake IT worker tradecraft
A technical analysis by GitLab found North Korean operators used code repositories to deliver obfuscated malware loaders and that 131 accounts were removed last year. The report lists tradecraft and more than 600 indicators.
-
Microsoft warns OAuth redirect abuse used to deliver malware to government targets
Microsoft warned that phishing campaigns are abusing OAuth redirect features to deliver malware to government and public sector targets, using malicious OAuth apps, ZIP payloads, PowerShell and DLL sideloading. Organizations are advised to limit consent and review app permissions.
-
Microsoft warns of OAuth redirect abuse used to deliver malware to public sector
Microsoft warned that attackers are abusing OAuth redirect features to bypass phishing defenses and direct government and public sector users to attacker controlled domains that deliver malware or intercept credentials.
-
Iran-linked RedKitten campaign uses AI-generated macros to deploy SloppyMIO backdoor
A HarfangLab technical analysis links a January 2026 campaign to an Iran-aligned actor using macro-laced Excel files to deploy the SloppyMIO backdoor that retrieves configuration via GitHub and exfiltrates via Telegram.
