Search Results for "malware"

Passenger ferry owned by GNV December 17, 2025 • [ malware, foreign interference, sabotage ] French authorities reported that the passenger ferry 'Fantastic' (operated by Italian shipping company Grandi Navi Veloci, GNV) was infected with malware while docked in the port of Ste, France. Officials stated the malware could have enabled the ship to be remotely controlled, prompting an investigation into possible foreign interference. Prosecutors said a Latvian national was arrested and charged after the malware was discovered.

The Minersville School District December 15, 2025 • [ malware ] Minersville Area School District reported a cybersecurity incident after security tools detected attempts to install malware on certain district systems on Monday, December 15, 2025. As a precaution, the district took its computer network offline to contain any potential infection and engaged cybersecurity specialists to investigate the activity, validate system integrity, and plan a safe restoration. The network shutdown disrupted district operations and led to the closure of schools on Tuesday, December 16, 2025. Public reporting did not confirm whether data was accessed or exfiltrated, and the incident was described primarily as a malware-install attempt and precautionary outage.

Undetermined government and diplomatic entities (Oman, Morocco, Palestinian Authority) December 12, 2025 • [ malware, information theft, espionage ] The Record summarized threat-intelligence reporting alleging a Hamas-affiliated group (called Ashen Lepus) used malware-laden documents to compromise multiple government and diplomatic entities tied to Oman, Morocco, and the Palestinian Authority, including a malware strain referred to as AshTag used for information theft.

China Xinchuang Initiative (at least one affiliated organization) December 9, 2025 • [ phishing, malware, espionage ] Security researchers reported a spear-phishing and malware campaign attributed to APT32 that successfully compromised at least one organization within Chinas Xinchuang Initiative IT ecosystem, resulting in unauthorized access for espionage purposes.

Milano Ristorazione November 24, 2025 • [ ransomware, malware ] On November 24, 2025, Milano Ristorazione experienced operational malfunctions caused by a LockBit 5.0 malware infection impacting internal systems. The disruption affected catering and restaurant service operations and triggered an investigation by authorities. No data theft or encryption was reported.

At least one Andorid user in Latin America November 12, 2025 • [ malware, ransomware, phishing ] The Record described a newly identified Android malware/ransomware campaign (DroidLock) distributed through phishing websites that trick users into installing fake apps and then lock devices behind a ransom message. The reporting focuses on a broad campaign targeting Spanish-speaking users rather than a single named victim organization with a discrete primary effect suitable for this datasets event unit. Because there is no specific victim organization, confirmed disruption window, or bounded impact scope for one entity, it is not coded here as an individual cyber event record.

At least one individual dowloading One Battle After Another torrent November 12, 2025 • [ malware, trojan ] This article summarizes Bitdefenders reporting on a malware distribution campaign that uses fake torrents claiming to contain a Leonardo DiCaprio film (One Battle After Another). The torrent bundle reportedly contains shortcut and script components that trigger a multi-stage infection chain leveraging PowerShell and other built-in Windows utilities, culminating in memory-resident deployment of the Agent Tesla remote access trojan

Knownsec November 9, 2025 • [ data leak, cyber espionage, malware ] According to coverage in The Register of research by Chinese blog MXRN, attackers breached the systems of Beijing linked security company Knownsec and leaked more than twelve thousand classified documents describing Chinese state cyber weapons, internal tools and global targeting lists, along with code for remote access trojans that can compromise major desktop and mobile operating systems; the cache also reportedly includes a spreadsheet of 80 successfully attacked overseas targets and massive datasets such as Indian immigration records, South Korean telecom call logs and Taiwanese road planning information that Knownsec had previously obtained in offensive operations, some of which were briefly published to GitHub before being removed.

Abraham Andreu's computer (part of Andromeda botnet) November 6, 2025 • [ botnet, malware ] A ComputerHoy journalist describes deliberately infecting a Windows PC in 2025 with the Andrmeda malware, which enrolls machines into a botnet so attackers can download additional payloads and execute arbitrary files remotely. The piece walks through how the author obtained the malware sample, how the infection behaves on the system, the use of Spains INCIBE antibotnet service and security tools to detect and remove Andrmeda, and what readers should do if they discover their own devices are part of the botnet. This is a self-inflicted test infection rather than an unsolicited attack on an organization.

Nikkei November 4, 2025 • [ malware, data leak ] Japanese media conglomerate Nikkei disclosed on 4 November 2025 that attackers had compromised its Slack messaging environment after malware on an employee's computer stole authentication credentials, which were then used to access multiple Slack accounts. The breach, discovered in September, exposed data for 17,368 employees and business partners, including their names, email addresses and chat histories. Nikkei forced password resets, reported the incident to Japan's Personal Information Protection Commission despite believing the stolen data falls outside formal reporting rules, and said no information related to confidential journalistic sources or reporting activities has been confirmed leaked.

Tisza Party App November 4, 2025 • [ data leak, malware ] Ahead of Hungarys 2026 parliamentary elections, opposition leader Pter Magyar said a malware-based cyberattack against his TISZA partys mobile application led to the illegal leak of his supporters personal data. Pro-government media reported that a database of roughly 200,000 names from the app, containing users names, email and postal addresses and phone numbers, was briefly published online before being taken down. Magyar alleges that international cyber pirates backed by Russian services have been attacking his systems for months to intimidate supporters and hinder planned primary elections on the app, prompting the party to move the vote to a different website.

Gen Digital November 3, 2025 • [ spear-phishing, malware, backdoor ] Gen Digital reported that the North Korea-linked Kimsuky group used spear-phishing emails carrying a fake VPN invoice ZIP archive to compromise at least one South Korean victim and deploy a new HttpTroy backdoor. Execution of the malicious SCR file launches a three-stage chain (dropper, MemLoad loader and HttpTroy DLL) that displays a decoy PDF while silently establishing persistence via a scheduled task masquerading as an AhnLab update. HttpTroy then connects to a remote command-and-control server and gives the attackers full remote-access capabilities, including file transfer, command execution, reverse shell, process control and screenshot capture.

At least one Belgian diplomat October 31, 2025 • [ cyber-espionage, spear-phishing, vulnerability ] Arctic Wolf Labs and other researchers detailed a Chinese state-aligned cyber-espionage campaign in which UNC6384 targeted European diplomatic entities, notably in Hungary and Belgium, between September and October 2025. The group sent spear-phishing emails referencing real EU and NATO events that carried malicious Windows shortcut (.LNK) files exploiting the ZDI-CAN-25373 (CVE-2025-9491) vulnerability to execute obfuscated PowerShell, unpack a signed Canon utility and side-load a PlugX remote access trojan. The resulting implants, communicating over HTTPS to attacker-controlled domains, provide long-term access for reconnaissance, keylogging, command execution and collection of sensitive diplomatic documents and credentials aligned with PRC strategic intelligence priorities.

At least one undisclosed Ukraine war-relief organization October 22, 2025 • [ phishing, credential theft, malware ] Targeted credential-theft/implant delivery against humanitarian and logistics organizations aiding Ukraine using well-crafted lures, HTML smuggling, and compartmentalized infrastructure. Intent is intelligence collection; campaign report covers multiple organizations without a single verified primary effect to code as an event.

Xubuntu October 18, 2025 • [ malware, data theft, supply chain attack ] Pplware reports the official Xubuntu site was briefly compromised; the torrent download link served a ZIP with a Windows EXE that stole sensitive data (e.g., crypto addresses). Xubuntu removed the page and accelerated infra migration; ISO mirrors were unaffected. Financially motivated malware delivery via a trusted brand.

Serbian Civil Aviation Directorate October 17, 2025 • [ cyber-espionage, phishing, malware ] A cyber-espionage campaign linked to suspected Chinese threat actors compromised application servers at Serbias Civil Aviation Directorate. Attackers used phishing emails to deploy Sogu, PlugX, and Korplug malware, gaining persistent access for intelligence collection. No operational disruption was reported.

PTOE Corporation October 7, 2025 • [ website defacement, malware, phishing ] Company confirmed official website was replaced and redirected to a fraudulent Chinese shopping site serving malware.

WhatsApp users in Bijnor, Uttar Pradesh October 1, 2025 • [ malware, phishing, data leak ] Several WhatsApp users in Bijnor, Uttar Pradesh had their Android phones compromised after downloading a fake wedding invitation via WhatsApp. The malware granted remote access, exposing personal messages, photos, and financial app data. Victims filed complaints with the Bijnor Cyber Crime Police Station; authorities believe multiple individuals across the district were affected.

Undisclosed Uzbekistan organization October 1, 2025 • [ nation-state, phishing, malware ] A nation-state actor known as Bloody Wolf expanded operations to Uzbekistan using geofenced spearphishing delivering malicious JAR loaders that installed NetSupport RAT for persistent access; no data theft was reported.

Comcast Corporation September 29, 2025 • [ ransomware, malware, technology ] Medusa ransomware group claimed theft of 834.4 GB (167,121 files) from Comcast, including internal actuarial, claims, and modeling information. Attackers demanded USD 1.2 million to delete or release data; no encryption or operational disruption reported.

Search Results (malware)