VulnHub

eScan antivirus has suffered a supply chain breach that allowed attackers to distribute multi-stage malware through legitimate software updates. This incident raises serious concerns as it involves signed malware, meaning it could evade detection by users and security systems alike. The breach potentially affects eScan users who rely on the antivirus software for protection against threats. As attackers exploit trusted software to deliver malicious payloads, the trust users place in security products is significantly undermined. Companies using eScan should take immediate action to verify their software's integrity and consider alternative security measures until a fix is provided.

Hackers are taking advantage of inactive applications on Snapcraft by seizing their expired domain names. This tactic allows them to hijack these applications and potentially use them to steal cryptocurrency. Users who have previously downloaded these apps may be at risk if they attempt to access them again, as they could unknowingly interact with malicious versions. This situation highlights the need for developers to monitor their domain statuses and for users to verify the authenticity of applications before re-engaging with them. The incident serves as a reminder of the ongoing risks associated with abandoned software and the importance of cybersecurity vigilance.

On December 29, 2025, the Sandworm hacking group attempted a cyberattack on Poland's power infrastructure, deploying a new wiper malware called DynoWiper. This malware is designed to erase data and disrupt operations, posing a significant threat to critical systems. ESET, the cybersecurity firm that reported the incident, noted that the attack could have serious implications for power stability and national security in Poland. As the incident unfolds, it raises concerns about the vulnerabilities in power grids and the potential for similar attacks on other nations. The situation underscores the ongoing risks posed by state-sponsored cyber activities.

Researchers have identified a new threat from North Korea's Konni group, which is targeting blockchain developers with a PowerShell backdoor. This malicious software aims to infiltrate development environments and steal cryptocurrency holdings. The attackers are using AI-generated techniques to enhance their capabilities, making it easier for them to compromise systems and access sensitive data. This development poses a significant risk to individuals and companies involved in cryptocurrency, highlighting the need for enhanced security measures in development practices. As the threat evolves, developers need to be particularly vigilant about the tools and scripts they use in their environments.

Researchers from Fortra have identified a new SEO poisoning scheme named 'HaxorSEO.' This operation aims to manipulate search engine results to direct unsuspecting users to malicious websites. The attackers exploit popular search terms to increase the visibility of their harmful content, which can lead to malware infections or phishing attempts. This discovery is significant because it highlights the ongoing tactics used by cybercriminals to deceive users and compromise their security. Companies and internet users need to be vigilant about the links they click on, especially those appearing in search results, to avoid falling victim to these kinds of attacks.

This week, cybersecurity experts noted a series of vulnerabilities and security incidents that demonstrate how attackers are exploiting both old and new methods to breach systems. Flaws in firewalls and browser-based traps are particularly concerning, as they reveal weaknesses in tools that users often trust. These security lapses suggest that just because a software issue has been patched doesn't mean it is safe. The ongoing evolution of malware, including AI-generated variants, presents a significant challenge for companies trying to defend against increasingly sophisticated threats. Organizations need to stay vigilant and update their defenses regularly to protect against these emerging risks.

A new malware toolkit called 'Stanley' is being sold on cybercrime forums for between $2,000 and $6,000. This toolkit enables attackers to create counterfeit websites that mimic legitimate ones, facilitating phishing attacks. The post claims that the toolkit can publish these fraudulent sites on the Chrome Web Store, increasing their visibility and potential for success. This poses a significant risk to users who may unknowingly provide sensitive information to these spoofed sites. The emergence of such tools highlights the ongoing challenges in combating online fraud and the need for users to be vigilant when navigating web applications.

Poland's energy sector recently faced a severe cyber attack attributed to the Russian hacking group Sandworm. This incident involved a wiper malware that aimed to disrupt the functioning of the power grid, posing significant risks to the country's energy stability. Authorities have raised alarms about the potential for further attacks, as Sandworm is known for its destructive tactics and has previously targeted critical infrastructure. The implications of this attack extend beyond Poland, reflecting ongoing geopolitical tensions and the vulnerability of national infrastructures to cyber warfare. As the situation develops, experts urge energy companies to enhance their cybersecurity measures to prevent similar incidents in the future.

Researchers at Check Point have linked an active phishing campaign to the North Korean hacking group KONNI, also known by several other names. This campaign specifically targets software developers and engineers, using deceptive emails that present fake documentation related to blockchain projects. The attackers are employing an AI-generated PowerShell backdoor to infiltrate systems. This tactic not only showcases the group's evolving methods but also raises concerns about the security of developers working in the rapidly growing blockchain sector. The implications are significant, as successful compromises could lead to data theft and further exploitation of vulnerabilities within the tech community.

Russian hackers known as Sandworm have been accused of launching a cyberattack on Poland's power grid using data-wiping malware. This incident comes a decade after they disrupted the Ukrainian power grid, indicating a pattern of targeting critical infrastructure in Eastern Europe. The attack poses significant risks, not only to Poland's energy supply but also raises concerns about regional security and the potential for similar incidents in other countries. As tensions between Russia and NATO continue, this incident could escalate fears about cyber warfare and its impact on national security. Authorities are investigating the attack and assessing the full extent of its impact on the power grid operations.

In December 2025, Poland experienced a significant cyber attack on its power grid, attributed to the Russia-linked hacking group Sandworm. Researchers from ESET analyzed the malware involved and determined that the attack was one of the largest targeting Poland's energy infrastructure. The involvement of Sandworm, known for its previous cyber operations, raises concerns about the security of critical national systems. This incident not only endangers the stability of Poland's energy supply but also highlights the ongoing risks posed by state-sponsored cyber threats in Europe. As nations increasingly rely on digital infrastructure, the implications for energy security and national defense become more pronounced.

The North Korean hacker group Konni is targeting blockchain developers and engineers with malware created using artificial intelligence. This new form of PowerShell malware is designed to infiltrate systems and steal sensitive information from individuals working in the blockchain sector. As the blockchain industry continues to grow, these attacks pose a significant risk to its security and the integrity of its projects. Developers in this field need to be particularly vigilant and ensure they have the latest security measures in place to protect against these sophisticated threats. The use of AI in malware creation represents a concerning evolution in cybercrime tactics, making it harder for security professionals to defend against such attacks.

Cybernews has reported that fake cryptocurrency wallet applications are targeting Linux users, specifically those pretending to be popular wallets like Exodus, Trust Wallet, and Ledger Live. These malicious apps are available in the Canonical Snap Store and have been designed to steal cryptocurrency from unsuspecting users. This situation poses a significant risk for Linux users who may believe they are downloading legitimate software when in fact they are exposing themselves to malware. Users are advised to be cautious when downloading apps and to verify the authenticity of the software they use for managing their cryptocurrency. The increase in such scams highlights the ongoing dangers in the crypto space, especially for those using less traditional operating systems like Linux.