VulnHub

A new security report reveals that GitHub is being exploited by cybercriminals as a covert channel for a multi-stage malware campaign. The attackers are using LNK files to communicate with command and control (C2) servers hosted on GitHub, which allows them to embed decoders and utilize PowerShell for maintaining persistence on infected systems. This approach enables the malware to exfiltrate sensitive data effectively. Organizations and users who may be affected include those who frequently download files from GitHub or run scripts without proper security measures in place. The use of a legitimate platform like GitHub complicates detection and highlights the need for enhanced vigilance in cybersecurity practices.

Researchers have identified a new type of malware called CrystalX RAT, which poses serious risks to users by spying on them and stealing sensitive information. This remote access Trojan (RAT) can also alter device configurations, making it a potent tool for cybercriminals. The malware's sophisticated capabilities suggest that it could be used in targeted attacks against individuals or organizations. Users need to be vigilant and ensure their security measures are up to date to protect against this emerging threat. The discovery of CrystalX RAT emphasizes the ongoing challenges in cybersecurity and the need for continuous awareness and protection against evolving malware.

Hackers have exploited a zero-day vulnerability in TrueConf conference servers, which enables them to execute arbitrary files on all connected endpoints. This means that attackers can potentially install malicious software on users' devices without their knowledge. The vulnerability poses a significant risk to organizations using TrueConf for video conferencing, especially as it allows for remote execution of harmful code. Users of TrueConf should be particularly vigilant and consider updating their systems to protect against these types of attacks. Security researchers are urging companies to monitor their networks for any suspicious activity related to this vulnerability.

Cybercriminals are sending out fake LinkedIn alert messages that claim to offer job opportunities, but their real goal is to steal user credentials. This phishing campaign tricks recipients into providing sensitive information, putting their accounts at risk. The fraudulent messages imitate legitimate notifications from LinkedIn, making them difficult to detect. Users who fall for this scam could find their personal data compromised, leading to potential identity theft or unauthorized access to their accounts. It's essential for LinkedIn users to be cautious and verify messages before clicking on any links or providing information.

A recent report from Infosecurity Magazine reveals that the Phantom Stealer, a .NET-based malware, has been targeting manufacturing, technology, and logistics sectors across Europe. This malware is part of the Phantom Project cybercrime kit, which also includes a crypter and a remote access tool. The attacks occurred in a series of phishing campaigns from November 2025 to January 2026. Organizations in these industries should be aware of the potential for data breaches and operational disruptions due to these ongoing attacks. The targeted sectors are crucial for the economy, making the successful exploitation of these vulnerabilities particularly concerning.

A new malware-as-a-service platform called Venom Stealer has emerged, designed to automate the theft of sensitive data such as login credentials and cryptocurrency information. This platform utilizes a method known as ClickFix social engineering to lure victims and extract their data. Venom Stealer represents a growing trend in cybercrime where attackers can easily access sophisticated tools to conduct continuous data theft without needing extensive technical skills. This poses a significant risk to individuals and organizations alike, as it can lead to financial losses and breaches of personal information. Users are urged to remain vigilant and implement strong security measures to protect themselves from potential attacks.

Venom Stealer is a type of malware-as-a-service (MaaS) that has been linked to various cyberattacks, including those targeting ClickFix and cryptocurrency theft. Once it infiltrates a victim's device, the malware remains persistent, immediately stealing sensitive data without storing it locally. This rapid exfiltration process makes it particularly dangerous, as victims may not even realize their information has been compromised until it’s too late. The versatility of Venom Stealer in targeting both general data and specific financial information poses a significant risk to individuals and organizations alike. As cybercriminals increasingly adopt such services, users need to be vigilant about their cybersecurity practices.

SentinelOne's AI technology successfully thwarted a supply chain attack involving a compromised LiteLLM package, stopping the malicious code within seconds. The incident occurred when a user unknowingly installed the tainted package, which was triggered by the Claude Code tool. SentinelOne's macOS agent detected the malicious process chain and intervened automatically, preventing any further damage. This event illustrates the ongoing risks associated with supply chain vulnerabilities, as attackers often exploit trusted software components to infiltrate systems. Companies using LiteLLM or similar packages should review their security measures to guard against such threats.

Kaspersky researchers have identified a new Remote Access Trojan (RAT) called CrystalX, which is being distributed as Malware-as-a-Service (MaaS). This malware combines features of spyware, information stealers, and prankware, making it particularly versatile and dangerous. Users can unknowingly download CrystalX, leading to their personal information being stolen or their devices being used for malicious purposes. The presence of prankware adds a unique twist, as it can also be used to annoy or embarrass victims. This incident underscores the evolving nature of cyber threats and the need for users to be vigilant about the software they install and the links they click on.

A group known as STARDUST CHOLLIMA has reportedly compromised the Axios npm package, which is widely used in JavaScript applications. This incident could affect numerous developers and companies that rely on this package for building web applications. The attackers inserted malicious code, which could lead to data breaches or unauthorized access to systems using the compromised package. Developers are advised to check their dependencies and ensure they are using the latest, secure versions of Axios. This situation raises concerns about the security of open-source packages and the potential risks they pose in software development.

A recent phishing campaign has targeted various sectors in Ukraine, including government entities, healthcare providers, financial institutions, educational organizations, and software development firms. Attackers impersonated the country's Computer Emergency Response Team (CERT) to deliver the AGEWHEEZE Remote Access Trojan (RAT) between March 26 and 27. This type of malware allows unauthorized access to infected systems, posing significant risks to sensitive data and operational security. The incidents emphasize the ongoing cyber threats faced by Ukrainian organizations, particularly amid heightened geopolitical tensions. Entities in the affected sectors need to remain vigilant and enhance their cybersecurity measures to mitigate such risks.

A cybercrime campaign attributed to the Silver Fox group is targeting Chinese users using typosquatted domains. This campaign involves malicious versions of various applications, such as VPN clients, encrypted messaging services, video conferencing tools, and e-commerce platforms. By creating fake websites that closely resemble legitimate ones, attackers aim to trick users into downloading these harmful applications. This poses a significant risk not only to individual users but also to businesses that rely on these tools for communication and transactions. As cyber threats continue to evolve, users must be vigilant about the sources from which they download software to avoid falling victim to such scams.

Venom Stealer is a new type of malware that allows cybercriminals to continuously collect sensitive information from infected devices. This software has features that enable it to maintain persistence, which means it can stay on a system even after a reboot or other attempts to remove it. The malware targets login credentials, session data, and cryptocurrency assets, putting users' financial security at risk. As it automates the data harvesting process, attackers can siphon off valuable information without needing to be present. This poses a significant threat to individuals and organizations that rely on digital platforms for transactions and communications.

A new cyber campaign is targeting Chinese-speaking users by using fake domains that mimic trusted software brands. This operation delivers a remote access trojan (RAT) named AtlasCross, which has not been documented before. The attackers are focusing on applications used for VPN services, encrypted messaging, video conferencing, cryptocurrency tracking, and e-commerce. Eleven domains have been confirmed to deliver this malware, raising concerns about the security of users who may unknowingly download compromised software. This incident highlights the ongoing risk of typosquatting attacks, where malicious actors create look-alike domains to trick users into installing harmful software.

As tax season approaches, cybercriminals are ramping up their phishing attacks, targeting individuals and businesses with a variety of scams. These attacks are designed to deliver remote monitoring and management (RMM) malware, steal credentials, and perpetrate business email compromise (BEC) schemes. Additionally, hackers are using tax-form scams to trick users into providing sensitive information. This surge in phishing attempts poses significant risks, especially for those who may be more vulnerable during the busy tax season. Users and organizations need to be vigilant and implement security measures to protect against these evolving tactics, which can lead to financial loss and identity theft.