VulnHub

Real-time Cybersecurity News

New ‘LucidRook’ malware used in targeted attacks on NGOs, universities

BleepingComputer
Actively Exploited
PhishingMalware

Overview

Researchers have discovered a new malware known as LucidRook, which is written in Lua and is being deployed in targeted spear-phishing campaigns aimed at non-governmental organizations (NGOs) and universities in Taiwan. This malware is particularly concerning because it represents a shift in tactics, focusing on sectors often involved in sensitive and impactful work. Attackers are leveraging deceptive emails to compromise their targets, potentially leading to data breaches or other security incidents. The targeting of educational and humanitarian organizations indicates that attackers are seeking valuable information that could be exploited for various malicious purposes. Organizations in these sectors need to be vigilant and enhance their security measures to defend against such threats.

Key Takeaways

  • Active Exploitation: This vulnerability is being actively exploited by attackers. Immediate action is recommended.
  • Affected Systems: Non-governmental organizations, universities
  • Action Required: Organizations should enhance email filtering and employee training on recognizing phishing attempts.
  • Timeline: Newly disclosed

Original Article Summary

A new Lua-based malware, called LucidRook, is being used in spear-phishing campaigns targeting non-governmental organizations and universities in Taiwan. [...]

Impact

Non-governmental organizations, universities

Exploitation Status

This vulnerability is confirmed to be actively exploited by attackers in real-world attacks. Organizations should prioritize patching or implementing workarounds immediately.

Timeline

Newly disclosed

Remediation

Organizations should enhance email filtering and employee training on recognizing phishing attempts. Regular software updates and security audits are also recommended.

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Related Topics: This incident relates to Phishing, Malware.

Read Original Article

Related Coverage

Iranian attacks on US critical infrastructure puts 3,900 devices in crosshairs

CyberScoop

Researchers from Censys have identified a significant cybersecurity threat posed by Iranian government-backed actors targeting critical infrastructure in the United States. This campaign is specifically aimed at energy, water, and government services, putting approximately 3,900 exposed devices at risk. The focus on these vital sectors raises alarms about potential disruptions to essential services. The implications of such attacks could be severe, affecting both public safety and national security. As the situation develops, organizations operating in these sectors need to enhance their cybersecurity measures to protect against potential intrusions.

Apr 9, 2026

Internet-exposed Modbus ICS devices threaten critical infrastructure

SCM feed for Latest

Researchers have identified 179 industrial control devices connected to the internet that are using the Modbus protocol, which lacks basic security features like encryption and authentication. These devices, spread across 20 countries, are often part of critical infrastructure systems such as power grids. The presence of these exposed devices poses a significant risk, as they can be targeted by attackers looking to disrupt essential services. This situation raises alarms about the security practices in place for industrial systems, especially considering the potential consequences of a successful attack. Companies operating such systems need to reassess their security measures to protect against unauthorized access.

Apr 9, 2026

Contagious Interview campaign expands further

SCM feed for Latest

The North Korean hacking group behind the Contagious Interview campaign has expanded its operations, releasing over a dozen new malicious packages across various programming ecosystems, including npm, PyPI, Go Modules, crates.io, and Packagist. Since the campaign began in January 2025, more than 1,700 harmful packages have been identified. These malicious packages are designed to compromise systems and facilitate malware installation, posing a significant risk to developers and organizations that rely on these ecosystems for software development. Users need to be cautious about the packages they download and verify their sources to avoid falling victim to these attacks.

Apr 9, 2026

Iranian cyberattacks to continue amid ceasefire

SCM feed for Latest

The Iranian hacking group Handala has announced that it will continue its cyberattacks against Israel and plans to resume operations against the United States. This declaration comes during a fragile two-week ceasefire between Iran and both the U.S. and Israel. The group’s ongoing cyber threats pose significant risks to critical infrastructure and data security in these regions. Continuous cyber operations could disrupt services and heighten tensions in an already volatile geopolitical landscape, making it crucial for organizations in these countries to bolster their cybersecurity measures. The situation is particularly concerning given the potential for escalation in both cyber and traditional military engagements.

Apr 9, 2026

Russia's 'Fancy Bear' APT Continues Its Global Onslaught

darkreading

The Russian cyber espionage group known as Fancy Bear is reportedly continuing its global attacks, targeting various organizations around the world. Experts warn that while victims may not possess the same level of technical sophistication as the attackers, they must take proactive steps to protect themselves. Essential measures include regularly patching software vulnerabilities and implementing zero trust security models to enhance defenses. The ongoing activity of Fancy Bear underscores the need for organizations, regardless of size or technical expertise, to prioritize cybersecurity practices to mitigate risks. As these attacks evolve, awareness and preparedness are crucial for safeguarding sensitive data and systems.

Apr 9, 2026

Eurail data breach impacted 308,777 people

Security Affairs

In December 2025, hackers successfully breached Eurail's systems, resulting in the theft of personal information belonging to 308,777 travelers. The compromised data includes names and passport numbers, raising significant concerns about potential identity theft and the misuse of sensitive information. Eurail is now in the process of notifying those affected by the breach, emphasizing the urgent need for vigilance among individuals whose data may be at risk. This incident underscores the ongoing vulnerability of companies to cyberattacks and the importance of implementing stronger security measures to protect customer information.

Apr 9, 2026