VulnHub

Real-time Cybersecurity News

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 79

Security Affairs
Actively Exploited
Malware

Overview

The latest Security Affairs Malware newsletter covers a range of malware-related issues affecting users and organizations globally. One notable threat is the VVS Discord Stealer, which employs Pyarmor to obfuscate its code and evade detection. Additionally, researchers are raising alarms about malicious NPM packages that deliver the NodeCordRAT, a remote access tool that can compromise systems. The newsletter also discusses a new campaign linked to the Astaroth worm, which is being spread through WhatsApp in Brazil. These findings highlight the ongoing challenges in malware detection and the evolving tactics used by cybercriminals, putting many users at risk.

Key Takeaways

  • Active Exploitation: This vulnerability is being actively exploited by attackers. Immediate action is recommended.
  • Affected Systems: VVS Discord, NodeCordRAT, Astaroth worm, NPM packages, WhatsApp
  • Action Required: Users should be cautious of suspicious downloads and update their security software to the latest versions.
  • Timeline: Newly disclosed

Original Article Summary

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter VVS Discord Stealer Using Pyarmor for Obfuscation and Detection Evasion A Broken System Fueling Botnets Malicious NPM Packages Deliver NodeCordRAT Boto-Cor-de-Rosa campaign reveals Astaroth WhatsApp-based worm activity in Brazil CNCERT: Risk Warning Regarding […]

Impact

VVS Discord, NodeCordRAT, Astaroth worm, NPM packages, WhatsApp

Exploitation Status

This vulnerability is confirmed to be actively exploited by attackers in real-world attacks. Organizations should prioritize patching or implementing workarounds immediately.

Timeline

Newly disclosed

Remediation

Users should be cautious of suspicious downloads and update their security software to the latest versions. It's also advised to monitor NPM packages for any known vulnerabilities and to avoid clicking on unverified links in messaging apps.

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Related Topics: This incident relates to Malware.

Read Original Article

Related Coverage

Another PoC exploit released by 'BlueHammer' leaker after Microsoft dispute

SCM feed for Latest

A security researcher known as Chaotic Eclipse has released a proof-of-concept (PoC) exploit for a zero-day vulnerability in Microsoft Defender, identified as 'RedSun'. This follows the earlier disclosure of an exploit for another flaw in Defender, tracked as CVE-2026-33825, known as the BlueHammer flaw. The implications of these exploits are significant, as they expose users of Microsoft Defender to potential attacks that could compromise system security. Organizations using this antivirus solution should be particularly vigilant, as the release of these exploits could lead to increased attempts at exploitation by malicious actors. It's crucial for users to stay informed about updates from Microsoft regarding these vulnerabilities.

Apr 17, 2026

Nascent PowMix botnet covertly compromises Czech workforce

SCM feed for Latest

The PowMix botnet has been quietly targeting the workforce in the Czech Republic since December, using randomized communication techniques to evade detection. This stealthy operation involves the botnet compromising systems to potentially gain unauthorized access to sensitive information or resources. Researchers at The Hacker News have reported on the campaign, emphasizing the risk it poses to businesses and organizations in the region. As the botnet continues its activities, it raises concerns about the security of the Czech workforce and the need for enhanced protective measures against such covert attacks. Organizations are urged to remain vigilant and adopt robust security practices to defend against this emerging threat.

Apr 17, 2026

Underground guide reveals how threat actors vet stolen credit card markets

SCM feed for Latest

A newly released underground guide reveals insights into how cybercriminals assess and engage in the stolen credit card market. Rather than simply using stolen credit cards, the guide emphasizes a systematic approach where fraudsters carefully vet their suppliers. This shift indicates a more organized and methodical operation within the realm of credit card fraud. The implications are significant, as it suggests that attackers are becoming more sophisticated, which could lead to an increase in successful fraud attempts. As a result, consumers and financial institutions may face heightened risks as these organized networks operate more effectively.

Apr 17, 2026

DraftKings hacker sentenced to 30 months for credential stuffing scheme

SCM feed for Latest

In November 2022, a group of hackers executed a credential stuffing attack against DraftKings, using stolen usernames and passwords sourced from the dark web. This method allowed them to gain unauthorized access to numerous user accounts, compromising sensitive information for many customers. The incident culminated in a legal case where one of the attackers was sentenced to 30 months in prison. This case serves as a reminder of the dangers of reusing passwords across different platforms, as it can make users vulnerable to such attacks. Companies like DraftKings must ensure robust security measures are in place to protect user data from similar threats in the future.

Apr 17, 2026

New ZionSiphon malware targets Israeli water systems

SCM feed for Latest

A new malware strain called ZionSiphon has been identified targeting water systems in Israel. According to a report by Darktrace, ZionSiphon uses several common cyberattack techniques, including privilege escalation and persistence mechanisms, allowing it to remain on infected systems. It can also propagate through removable media, which raises concerns about its ability to spread across different devices. This development is particularly alarming given the critical nature of water systems and the potential for significant disruption. Security experts are urging organizations, especially those in critical infrastructure, to remain vigilant and enhance their cybersecurity measures to defend against this type of threat.

Apr 17, 2026

Operation PowerOFF dismantles DDoS-for-hire services, nabs suspects

SCM feed for Latest

Operation PowerOFF has successfully disrupted several 'booter' services that allow users to pay for launching distributed denial-of-service (DDoS) attacks. These services have been a growing concern as they enable individuals to easily target websites and online services, causing disruptions and potential financial losses. Law enforcement agencies coordinated efforts to take down these operations, leading to multiple arrests. This crackdown is significant as it aims to reduce the accessibility of DDoS attack tools, which can affect various online services and users. The operation highlights the ongoing battle against cybercrime and the need for continued vigilance in cybersecurity.

Apr 17, 2026