VulnHub

Real-time Cybersecurity News

New PXA Stealer Malware Targets Banks, Uses Telegram to Exfiltrate Data

Hackread – Cybersecurity News, Data Breaches, AI and More
Actively Exploited
Malware

Overview

Researchers at CyberProof have identified a significant rise in PXA Stealer malware attacks, with a 10% increase targeting financial institutions in the first quarter of 2026. This malware is particularly concerning because it is designed to steal sensitive information from banking customers. Attackers use Telegram as a channel to exfiltrate the stolen data, which raises red flags about the security measures in place for protecting financial transactions. This surge in attacks could have serious implications for both banks and their clients, potentially leading to financial losses and privacy breaches. As the threat evolves, financial institutions must strengthen their defenses and educate users on recognizing potential scams and threats.

Key Takeaways

  • Active Exploitation: This vulnerability is being actively exploited by attackers. Immediate action is recommended.
  • Affected Systems: PXA Stealer malware, financial institutions, banking systems
  • Action Required: Financial institutions should enhance security protocols, monitor for unusual activity, and educate users on phishing and social engineering tactics.
  • Timeline: Newly disclosed

Original Article Summary

CyberProof researchers have detected a 10% surge in PXA Stealer attacks targeting financial institutions in Q1 2026. Learn…

Impact

PXA Stealer malware, financial institutions, banking systems

Exploitation Status

This vulnerability is confirmed to be actively exploited by attackers in real-world attacks. Organizations should prioritize patching or implementing workarounds immediately.

Timeline

Newly disclosed

Remediation

Financial institutions should enhance security protocols, monitor for unusual activity, and educate users on phishing and social engineering tactics.

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Related Topics: This incident relates to Malware.

Read Original Article

Related Coverage

CISA: New Langflow flaw actively exploited to hijack AI workflows

BleepingComputer

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning regarding a serious vulnerability in the Langflow framework, designated as CVE-2026-33017. This flaw allows attackers to hijack AI workflows, potentially leading to unauthorized access and manipulation of AI systems. Organizations using Langflow should be particularly vigilant as the vulnerability is currently being exploited in the wild. This situation poses significant risks not only to the integrity of AI applications but also to the security of the data they handle. Immediate action is recommended to mitigate risks associated with this vulnerability.

Mar 26, 2026

FCC pushes new rules to crack down on robocallers, foreign call centers

CyberScoop

The Federal Communications Commission (FCC) is taking steps to combat the growing problem of robocalls and the involvement of foreign call centers in these scams. Two new measures aim to make it more difficult for robocallers to acquire valid U.S. phone numbers and to encourage companies to relocate their call center operations back to the United States. This move is aimed at protecting consumers from incessant spam calls that often originate from overseas. By tightening regulations, the FCC hopes to reduce the number of fraudulent calls that can lead to financial scams and identity theft. The implications of these rules could significantly impact how call centers operate and how consumers receive calls, potentially leading to a decrease in unwanted robocalls.

Mar 26, 2026

BPFdoor hides deep inside the OS kernel to target telecoms worldwide

SCM feed for Latest

A backdoor known as BPFdoor, linked to Chinese cyber actors, has been discovered operating within the Linux kernel of key telecom servers and Kubernetes pods. First identified in 2021, this backdoor is now posing a significant risk to global telecommunications infrastructure. Researchers found that BPFdoor's stealthy design allows it to evade detection while compromising critical systems. This situation is concerning as it impacts the reliability and security of telecom services worldwide, potentially allowing attackers to intercept communications or disrupt services. Companies in the telecom sector need to be vigilant and take immediate action to secure their systems against this threat.

Mar 26, 2026

China-Linked Red Menshen Uses Stealthy BPFDoor Implants to Spy via Telecom Networks

The Hacker News

Red Menshen, a threat group linked to China, has been discovered infiltrating telecom networks to conduct espionage against government entities. This ongoing campaign involves stealthily implanting access mechanisms that allow attackers to maintain a foothold within critical infrastructure. Researchers have identified these implants, referred to as BPFDoor, which facilitate covert data collection and surveillance. The implications of this activity are significant, as it jeopardizes sensitive government communications and could lead to broader security risks. The sustained nature of this campaign suggests that the threat is not only immediate but also part of a larger strategy targeting national security interests.

Mar 26, 2026

Former NSA chiefs worry American offensive edge in cybersecurity is slipping

CyberScoop

Retired officials from the NSA are raising alarms about the declining offensive capabilities of the U.S. in the cybersecurity arena. They express concern that a growing desensitization to cyberattacks is leaving both the economy and various institutions vulnerable to increasing threats. These former military leaders believe that the worst cyber incident could still be ahead of us, suggesting that without a shift in focus and strategy, the U.S. may fall further behind in defending against and responding to cyber threats. This situation underscores the urgency for government and private sectors to reevaluate their cybersecurity measures and preparedness. The implications could be severe, affecting everything from critical infrastructure to national security.

Mar 26, 2026

Security Researchers Sound the Alarm on Vulnerabilities in AI-Generated Code

Infosecurity Magazine

Researchers at Georgia Tech have reported a notable increase in vulnerabilities linked to AI-generated code, specifically through newly documented Common Vulnerabilities and Exposures (CVEs). The study indicates that flaws introduced by AI tools are becoming more common, raising concerns about the safety and reliability of software created with these technologies. This trend suggests that as companies increasingly rely on AI for coding, they may inadvertently be introducing security risks. The findings highlight the need for developers and organizations to be cautious when using AI-generated code and to implement thorough testing and validation processes to mitigate potential vulnerabilities. As this issue evolves, it could have significant implications for software security across various sectors.

Mar 26, 2026