Search Results for "malware"

Operation Endgame 4.0 June 18, 2026 • [ malware, hack, technology ] On 18 June 2026, the latest phase of Operation Endgame targeted the SocGholish malware operation, a prolific malware distribution network used to compromise systems and facilitate further cybercrime. Coordinated by international law enforcement agencies with support from Europol and Eurojust, the operation remediated almost 15,000 compromised websites and disrupted more than 100 servers and domains used to distribute malware. Authorities also provided HIBP with 154k impacted email addresses and more than half a million previously unseen passwords.

June 2026 Stealer Logs June 15, 2026 • [ malware, hack ] In June 2026, a collection of accumulated stealer logs from various sources was added to HIBP. The corpus comprised 56M unique email addresses across hundreds of millions of stealer log records. The data also contained 124M unique passwords, which have been added to Pwned Passwords and are now searchable. Individuals can view any records captured against their email address in the stealer logs section of their dashboard. Organisations can see logs affecting their domain via the stealer logs API.

Afghanistan Ministry of Finance May 29, 2026 • [ spear-phishing, malware, XenoRAT ] SideCopy, a suspected Pakistan-linked threat group, targeted Afghanistan's Ministry of Finance and provincial revenue and finance directorates with spear-phishing emails containing a malicious ZIP/LNK file in Pashto. When executed, the malware chain installed XenoRAT, enabling long-term remote access, spying on infected computers, and additional malicious activity.

Chelan County Government May 24, 2026 • [ malware, cyberattack, network shutdown ] Chelan County, Washington reported that malware was detected on county government systems around 10 a.m. on May 24, 2026, affecting all county departments. As a precaution, the county voluntarily shut down network access, computers, and telephone systems across departments while IT staff worked with security partners to restore systems; 911 and emergency services remained available. Public reporting did not identify the threat actor, confirm ransomware, report data theft, or confirm whether any personal data was compromised.

Based Apparel May 21, 2026 • [ malware, infostealer, social engineering ] Based Apparel's merchandise website was compromised and used to present visitors with a fake Cloudflare-style verification prompt that attempted to trick macOS users into running commands that installed infostealer malware. Reporting described the malware as commodity infostealer/Trojan activity intended to steal credentials and passwords. The website was taken offline after the compromise was reported; no confirmed theft of Based Apparel data or visitor data was publicly reported.

Undisclosed Thai government entity April 30, 2026 • [ espionage, vulnerability exploitation, web shells ] Shadow-Earth-053, a China-aligned espionage cluster, was reported to have compromised an undisclosed Thai government environment by exploiting unpatched Microsoft Exchange and IIS servers, deploying web shells and ShadowPad, collecting credentials, and exporting mailbox contents.

At least one Claude Code user April 30, 2026 • [ malware, fake installer, credential harvesting ] A fake Claude Code installer campaign likely affected many users searching for Anthropic's Claude Code tool, though public reporting did not identify specific victims or quantify the total number infected. The campaign delivered a PowerShell payload that extracted decrypted cookies, saved passwords, and payment data from Chromium-based browsers on infected machines. Public reporting did not identify the specific actor, country, volume of stolen data, or any operational disruption.

Kentwood Public Schools April 30, 2026 • [ malware, insider threat, network disruption ] A student deployed malicious software that interfered with Kentwood Public Schools network, causing districtwide WiFi connectivity loss, which was later isolated and restored with help from external experts.

Developers using compromised Lightning and Intercom packages April 29, 2026 • [ software supply-chain attack, malware, credential harvesting ] TeamPCP conducted a Mini Shai-Hulud software supply-chain attack by injecting credential-stealing malware into Lightning Python versions 2.6.2 and 2.6.3, intercom-client npm versions 7.0.4 and 7.0.5, and intercom-php 5.0.2. The malware harvested secrets from developer and CI/CD environments and created more than 1,800 GitHub repositories containing stolen credentials.

Individual Filipino pensioner April 28, 2026 • [ vishing, phishing, malware ] A 68-year-old Filipino pensioner received a fraudulent call claiming to be from the Social Security System and was sent a Viber link to a fake app. After installation, malware hijacked his Android phone, froze the screen and power button, and allowed thieves to drain three bank accounts and two e-wallets, stealing more than 1 million.

At least one DAEMON Tools user in government, scientific, manufacturing, retail, or education sectors April 8, 2026 • [ supply chain attack, malware, trojanized installers ] Threat actors compromised official DAEMON Tools installers distributed from the vendor website beginning April 8, 2026. The trojanized installers executed malware on infected Windows hosts, collected system information, and in selected cases deployed additional backdoor payloads. Reporting identified second-stage payloads on roughly a dozen machines in government, scientific, manufacturing, and retail organizations in Russia, Belarus, and Thailand, and QUIC RAT on one Russian educational institution. The specific perpetrator was not publicly identified.

DigiCert, Inc. April 2, 2026 • [ social engineering, malicious ZIP file, EV code-signing certificates ] A threat actor used DigiCert's customer support channel on April 2, 2026 to deliver a malicious ZIP file disguised as a customer screenshot, compromising two DigiCert support analyst systems. The attacker used analyst-level access to pivot into DigiCert's internal support portal and obtain initialization codes for approved EV code-signing certificate orders across specific customer accounts. DigiCert revoked 60 associated certificates by April 17, including 27 explicitly linked to the threat actor and 11 reported as used to sign Zhong Stealer malware; the specific perpetrator was not publicly identified.

Belgrade School District April 1, 2026 • [ malware, system restoration, data breach investigation ] Belgrade School District confirmed that malware infected certain network systems, causing technology problems and requiring isolation, removal, security work, and restoration of affected systems. The district said known malware had been removed, but crews were still working to bring affected systems back online and restoration was expected to continue into June. The incident appears distinct from the separate Canvas/Instructure breach because public reporting describes malware in Belgrade School District's own network systems, not unauthorized access to Instructure's Canvas LMS. The district was investigating whether personal information belonging to students or staff was affected, but no confirmed data exposure, encryption, ransomware group, or named perpetrator was reported.

At least one spyware-targeted WhatsApp user April 1, 2026 • [ spyware, malware, social engineering ] WhatsApp said about 200 users were tricked into installing a fake WhatsApp app containing spyware.

Axios Javascript Client Library March 31, 2026 • [ supply chain attack, account takeover, malware ] A threat actor hijacked the npm account of Axios's lead maintainer and published malicious versions 1.14.1 and 0.30.4 with a hidden dependency that deployed a RAT on systems that installed the packages; the poisoned versions were later removed.

LiteLLM March 24, 2026 • [ supply chain attack, malware, credential theft ] TeamPCP used compromised release access to publish malicious LiteLLM versions to PyPI, embedding code that exfiltrated secrets and established persistence on systems that installed the poisoned packages.

At least one Ukrainian official March 23, 2026 • [ phishing, remote administration tool, malware ] A pro-Russian group tracked as UAC-0255 and linked to CyberSerp sent phishing emails impersonating CERT-UA and successfully infected a small number of devices in Ukraine with the AgeWheeze remote administration tool, enabling remote control of compromised systems.

Duet Night Abyss March 18, 2026 • [ malware, infostealer, supply chain attack ] Kotaku reported that on March 18, 2026 Duet Night Abyss players PCs were infected after a malicious update was pushed through the games launcher. The malware was identified by users antivirus products as 'Trojan:MSIL/UmbralStealer.DG!MTB' (Umbral Stealer), an infostealer capable of logging keystrokes, taking screenshots, and attempting to harvest sensitive information such as passwords and cryptocurrency-related data. The developers said they addressed the issue and apologized, describing it as an external malicious attack spread via the launcher update.

At least one individual March 18, 2026 • [ phishing, malware, social engineering ] Cyber fraudsters in Navi Mumbai impersonated Mahanagar Gas Limited officials and sent malicious WhatsApp files or links that compromised victims' phones and enabled unauthorized access to their bank accounts.

At least one KakaoTalk user March 16, 2026 • [ malware, account takeover, cyberattack ] Yonhap/The Korea Times reported a North Korea-linked group used stolen KakaoTalk accounts to distribute malware in recent cyberattacks, highlighting a new propagation tactic. Reporting said the threat actors compromise victims, gain access to KakaoTalk desktop accounts, and then use that trusted messaging channel to push malicious payloads to selected contacts.

Search Results (malware)