VulnHub

The GlassWorm malware campaign is actively exploiting stolen GitHub tokens to inject malicious code into numerous Python repositories. Researchers at StepSecurity reported that this attack primarily targets various Python projects, including Django applications, machine learning research code, and Streamlit dashboards. The attackers are modifying critical files like setup.py, main.py, and app.py to include obfuscated malware, which could compromise any project that relies on these repositories. This situation poses a significant risk to developers and organizations using Python, as running compromised code could lead to serious security breaches. Developers need to be vigilant about the integrity of their repositories and monitor for unauthorized changes.

Recent ClickFix campaigns are targeting macOS users through malicious tools disguised as ChatGPT applications. Attackers are utilizing deceptive tactics, including fake software and Terminal commands, to install the MacSync infostealer on infected systems. This infostealer is designed to harvest sensitive information from users, which poses a significant risk to personal and organizational security. Users who inadvertently download these fake tools could find their data compromised, leading to potential identity theft or financial loss. It's crucial for macOS users to remain vigilant and avoid downloading software from untrusted sources.

A group known as Storm-2561 is targeting VPN users by distributing fake VPN clients through search engine optimization (SEO) poisoning. This tactic leads users to download malicious software that can steal their login credentials. The campaign employs trojans to compromise users' systems and gain access to sensitive information. This threat is particularly concerning as it exploits the growing reliance on VPN services for online security, making it crucial for users to verify the authenticity of software before installation. Researchers warn that users should be cautious and ensure they are downloading VPN clients from trusted sources to avoid falling victim to this scheme.

A new espionage campaign has been detected, targeting Ukrainian entities and believed to be linked to Russian threat actors. This operation utilizes a backdoor known as DRILLAPP and exploits Microsoft Edge's debugging feature to remain stealthy. The campaign was first observed in February 2026 and shows similarities to a previous attack by a group known as Laundry Bear, which also focused on Ukrainian defense forces. This ongoing threat raises concerns about the security of sensitive information within Ukraine, especially as tensions in the region continue to escalate. Cybersecurity experts urge vigilance and prompt action to mitigate the risks posed by such sophisticated attacks.

A recent report from HoxHunt reveals a significant rise in AI-generated phishing attacks, which jumped from 4% to 56% of all phishing attempts in December. This surge coincided with the holiday season, a time when many people are more susceptible to scams due to increased online shopping and communication. These AI-driven phishing emails often appear more legitimate, making it harder for users to distinguish between real and fraudulent messages. As a result, both individuals and businesses are at higher risk of falling victim to these scams. Organizations are encouraged to enhance their security training and email filtering systems to better protect against these evolving threats.

A new banking Trojan is targeting users of Brazil's Pix payment system. This malware operates with a unique twist: it employs a real-time human operator who monitors transactions and waits for the right moment to intervene. Once the operator identifies a vulnerable transaction, they can manipulate it to steal funds. The attack poses a significant risk to Pix users, as it combines traditional malware tactics with human oversight, making detection and prevention more challenging. As Brazil's Pix system continues to gain popularity, the potential for financial loss increases, highlighting the urgent need for users to be vigilant about their online banking security.

An international law enforcement operation has successfully dismantled SocksEscort, a criminal proxy service that had infected around 369,000 residential and small business routers across 163 countries. The U.S. Department of Justice revealed that this botnet was used for large-scale fraud, leveraging malware to control the infected routers. Users of these routers were largely unaware that their devices had been compromised. The operation underscores the ongoing threat posed by botnets and the importance of securing home and business networks. With thousands of routers involved, this incident serves as a reminder for individuals and businesses to regularly update their devices and apply security patches to protect against such malware infections.

A new strain of malware called Slopoly has been linked to an Interlock ransomware attack, allowing attackers to infiltrate a compromised server and remain undetected for over a week. This malware is believed to be generated using AI tools, showcasing the evolving capabilities of cybercriminals. During this time, sensitive data was stolen, raising concerns for organizations that may be targeted. The incident highlights the need for enhanced security measures to detect and respond to such sophisticated attacks. Companies must remain vigilant and update their defenses to protect against similar threats in the future.

An Iranian-linked group has claimed responsibility for a wiper attack that targeted the medical device manufacturer Stryker, marking a significant escalation in cyberattacks against U.S. companies since the onset of the Iran conflict on February 28. Wiper malware is designed to erase data and disrupt operations, posing serious risks to critical healthcare infrastructure. Stryker, known for its surgical and medical devices, may face operational challenges as a result of this incident. This attack underscores the increasing use of cyber warfare tactics in geopolitical conflicts, raising concerns about the security of other companies in the healthcare sector and beyond. Organizations are urged to bolster their cybersecurity measures to defend against similar threats.

A new banking malware known as VENON has been discovered, targeting 33 banks in Brazil. This malware is notable for being written in Rust, which differentiates it from other prevalent malware in the region that typically uses Delphi. It specifically aims to steal user credentials by infecting Windows systems. Researchers first identified VENON last month, raising concerns about its potential impact on Brazilian banking customers. This malware represents an evolving threat in the Latin American cybercrime landscape, and users should be vigilant about their online security.

U.S. and European law enforcement, in collaboration with private partners, have successfully disrupted the SocksEscort proxy network, which was powered by malware called AVRecon targeting Linux devices. This network primarily compromised edge devices, turning them into proxies for cybercriminal activities. The operation is significant as it demonstrates international cooperation in combating cybercrime and highlights the ongoing threat posed by malware that targets Linux systems. The disruption of SocksEscort is expected to hinder the operations of those using the network for illegal purposes, ultimately making it harder for them to execute attacks or conduct illicit activities online. This incident serves as a reminder for organizations to bolster their defenses against malware that can exploit even lesser-known platforms like Linux.

A supply chain attack has impacted around 100,000 websites, originally thought to be linked to China but now connected to North Korea. Researchers discovered that an infostealer malware infection was involved, which indicates that the attackers may have been targeting sensitive information from these sites. The incident raises concerns about the security of web applications and the potential for further exploitation as many organizations rely on third-party libraries. This attack serves as a reminder for website owners to regularly update their software and monitor for unusual activity to safeguard against similar threats in the future.

The pro-Iran hacking group Handala has claimed responsibility for a significant cyber-attack on the U.S. medical technology firm Stryker. They assert that they have deployed destructive wiper malware that has wiped out approximately 200,000 systems within the company. This attack raises concerns about the security of critical healthcare infrastructure, as Stryker is known for its medical devices and equipment. The incident highlights the ongoing risks faced by organizations in the healthcare sector from state-sponsored cyber threats. As healthcare systems increasingly rely on digital solutions, the potential for disruption and data loss becomes more pronounced, making it essential for companies to bolster their cybersecurity measures.