AI malware
-
WeedHack malware campaign infects more than 116,000 Minecraft systems
A malware campaign called WeedHack has infected more than 116,000 Minecraft systems since January, using fake mods and clients promoted through YouTube and search poisoning to steal credentials and other data.
-
GREYVIBE campaign targets Ukraine with phishing, fake sites and AI tools
GREYVIBE has targeted Ukraine-linked entities since at least August 2025 using phishing, fake CAPTCHA pages and fraudulent websites, while a WithSecure analysis says the group appears to have used AI tools to speed malware development.
-
Malicious npm package used GitHub uploads to steal files from AI workspace
A malicious npm package was found stealing files from Claude’s workspace directory by using GitHub uploads during installation. Researchers said the package hid the theft behind fake sync and network logs.
-
Lazarus Group Uses Memory-Only RemotePE Malware Against Crypto Firms
Researchers say Lazarus Group has used the RemotePE malware family against financial and cryptocurrency targets. The in-memory trojan leaves little forensic evidence and was linked to a multi-stage attack chain with several loaders.
-
Ghost CMS flaw exploited in large-scale ClickFix campaign
A campaign is using a critical Ghost CMS SQL injection flaw to inject malicious JavaScript and drive ClickFix attacks, with researchers saying more than 700 domains were affected.
-
INTERPOL says MENA cybercrime operation leads to 201 arrests
INTERPOL said a five-month crackdown across the Middle East and North Africa led to 201 arrests, 382 additional suspects and 53 server seizures in an operation targeting phishing, malware and online scams.
-
Malicious node-ipc versions found stealing cloud and developer secrets
Three malicious node-ipc npm versions were found stealing developer and cloud secrets, according to a technical analysis by Socket. The code targets dozens of credential types and uses a direct exfiltration path to a fake Azure domain.
-
DAEMON Tools installers trojanized in supply chain attack, Kaspersky says
DAEMON Tools installers were trojanized in a supply chain attack that affected versions released since April 8, 2026, Kaspersky said. The compromise reached users in more than 100 countries and delivered targeted malware to a small set of hosts.
-
North Korean hackers use AI to hide npm malware in Web3 supply chain
North Korean-linked hackers are using AI-generated code and layered npm packages to spread malware that steals cryptocurrency wallets and developer data, according to a technical analysis from ReversingLabs. The campaign has also expanded beyond npm to other platforms.
