VulnHub

A new form of malware, known as Pulsar RAT, is being used by hackers to conduct live chat sessions with victims while simultaneously stealing sensitive data. This malware operates on Windows systems, allowing attackers to engage with users in real-time, making it more personal and deceptive. The presence of live chat functionality means that victims may not realize they are being compromised until it's too late. Researchers are warning that this method poses a significant risk to both individuals and organizations, as it can lead to the unauthorized access of personal and financial information. Users are urged to remain vigilant and ensure their systems are secure against such threats.

Hackers have successfully compromised an update server belonging to MicroWorld Technologies, the company behind eScan Antivirus. This breach allowed attackers to inject malicious files into updates that were sent to eScan customers, effectively turning the antivirus software into a delivery mechanism for malware. Users who updated their eScan software during this incident may have inadvertently installed harmful files on their systems. This incident raises significant concerns about the security of software supply chains, highlighting how even trusted software can be weaponized. Users are advised to remain vigilant and consider checking their systems for any signs of compromise.

A new malware campaign known as RedKitten is targeting individuals in Iran who are seeking information about missing persons or political dissidents. The campaign uses deceptive tactics to lure users into clicking on malicious links, taking advantage of the heightened concern surrounding the ongoing protests in the country. This malware not only compromises personal security but also poses a significant risk to those involved in activism or seeking justice for their loved ones. As tensions continue in Iran, the campaign's focus on vulnerable populations underscores the need for heightened cybersecurity awareness among those seeking information online. Users are urged to be cautious about the sources they trust and to verify the links they click on.

Researchers have discovered that malicious Python packages were uploaded to the Python Package Index (PyPI), posing a significant risk to developers. The harmful code was hidden within a file that appeared to be a Basque language dictionary but was actually a compressed archive containing a Remote Access Trojan (RAT). This incident could affect any developers who inadvertently install these malicious packages, potentially allowing attackers to gain unauthorized access to their systems. It serves as a reminder for users to be cautious when downloading packages from open-source repositories, as they can be exploited to distribute malware. Vigilance and thorough vetting of software dependencies are crucial for maintaining security.

TA584, a known threat actor, is currently using compromised email accounts to distribute malicious content through services like SendGrid and Amazon SES. Their attack method incorporates tools such as Tsundere Bot and XWorm, which are designed to gain unauthorized access to networks. This tactic raises concerns for organizations that rely on these email services, as attackers can exploit trusted channels to deliver malware. The use of legitimate platforms for malicious purposes complicates detection and prevention efforts. Companies need to be vigilant and enhance their security measures to protect against such sophisticated email-based attacks.

Pillar Security Research has identified a significant cyberattack campaign called Operation Bizarre Bazaar, orchestrated by a hacker going by the name Hecker. This operation took place between December 2025 and January 2026, with over 35,000 sessions aimed at infiltrating AI systems. The attackers sought to hijack computing power and monetize their access through a platform called silver.inc. This incident raises serious concerns for organizations that rely on AI technologies, as it highlights vulnerabilities in unprotected models that can be exploited for malicious purposes. Companies using AI systems need to be vigilant about security measures to prevent unauthorized access and potential misuse of their resources.

On January 20, Kaspersky detected malware associated with a supply chain attack targeting eScan antivirus software. This incident suggests that attackers compromised the update mechanism of eScan, potentially allowing them to distribute malicious updates to users. Companies using eScan antivirus are at risk, as the malware could lead to unauthorized access or data breaches. Users of the software should be vigilant and consider immediate actions to protect their systems. Kaspersky has provided indicators of compromise and mitigation strategies for affected users to follow in order to secure their environments.

Recent research from Flare reveals that seemingly innocent modifications for the popular game Roblox can be hiding dangerous infostealer malware. This malware can infiltrate home computers, and once inside, it poses a risk of spreading to corporate networks, potentially compromising sensitive company data. The issue is particularly concerning for organizations whose employees might download these mods without realizing the threat they pose. As remote work continues to be common, companies need to be vigilant about the software their employees are using. This incident serves as a reminder that even casual gaming can have serious security implications.

ESET researchers have uncovered a spyware campaign targeting individuals in Pakistan that employs romance scam tactics. This operation uses a malicious app masquerading as a chat service, which facilitates conversations through WhatsApp but primarily serves to steal data from infected devices. The malware is identified as GhostChat, and it appears to be part of a larger surveillance effort by the same threat actor. This incident is particularly concerning as it exploits personal relationships and trust, potentially affecting many unsuspecting users who are seeking companionship online. The implications of such spyware are significant, as it not only compromises personal data but also raises issues of privacy and security in digital communications.

The U.S. Justice Department has charged 31 individuals connected to a widespread ATM jackpotting scheme that exploited Ploutus malware to steal cash from ATMs nationwide. This malware allows attackers to manipulate ATM systems, enabling them to dispense large amounts of cash illegally. The recent indictments are part of ongoing efforts to combat this type of cybercrime, which poses significant risks to financial institutions and the security of ATM networks. With these arrests, authorities aim to disrupt the operations of organized criminal groups involved in such schemes. This incident serves as a reminder for banks and ATM operators to enhance their security measures against sophisticated cyber threats.

The CoolClient backdoor malware has received an upgrade from the threat actor group Mustang Panda, enhancing its data theft capabilities. This malware is being delivered through legitimate software from the Chinese company Sangfor, which raises concerns about the potential for widespread infection among users of that software. The updated CoolClient now includes improved features such as system profiling, keylogging, and tunneling, allowing attackers to gather sensitive information more effectively. This development poses a significant risk to organizations and individuals who may unknowingly use the compromised software, emphasizing the need for heightened security measures and vigilance against such threats.

In a concerning development, researchers at Sonatype have discovered over 454,000 malicious open source packages that have infiltrated the software development ecosystem. This surge in harmful packages marks a troubling trend in which attackers are increasingly targeting open source repositories to distribute malware and other malicious code. Developers and organizations that rely on open source software are at heightened risk, as they may inadvertently incorporate these dangerous packages into their projects. The implications are significant, as this can lead to compromised applications and data breaches. Companies need to implement stricter security measures and regularly audit their dependencies to safeguard against these threats.

A new ransomware strain known as 'Sicarii' has emerged, marked by its poorly designed code and a peculiar identity that suggests a connection to Hebrew culture, which may be misleading. This ransomware is particularly concerning because it cannot be decrypted, leaving victims unable to recover their files without paying the ransom. The strain first appeared last year, and while it may not be as sophisticated as other ransomware variants, its continued presence poses a risk to various organizations. Users and companies need to remain vigilant and consider implementing robust backup solutions to mitigate the impact of such attacks. The odd branding could lead to confusion about the true origins of this malware, making it a unique case in the evolving landscape of ransomware.