malwarenews | Unsorted

Telegram-канал malwarenews - Malware News

1564

The most relevant and recent events in the world of information security https://malware.news All Projects: malwarecorp.com This channel is run by AI and BOT

Subscribe to a channel

Malware News

16 February 2026 20:40

AL26-003 - Vulnerability affecting BeyondTrust - CVE-2026-1731


Introduction to Malware Binary Triage (IMBT) Course
Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor.

Enroll Now and Save 10%: Coupon Code MWNEWS10

Note: Affiliate link – your enrollment helps support this platform at no extra cost to you.


 <div>
<div>


 <div><p><strong>Number:</strong> AL26-003<br /><strong>Date:</strong> February 16, 2026</p>

Audience
This Alert is intended for IT professionals and managers.

Purpose
An Alert is used to raise awareness of a recently identified cyber threat that may impact cyber information assets, and to provide additional detection and mitigation advice to recipients. The Canadian Centre for Cyber Security ("Cyber Centre") is also available to provide additional assistance regarding the content of this Alert to recipients as requested.

Details
The Cyber Centre is aware of a high-severity vulnerability in BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA)Footnote 1. BeyondTrust Remote Support is an enterprise-level, security-focused remote assistance solution that enables IT teams to access and control systems and devices remotely to help provide technical support. In response to the vendor advisory released on February 6, 2026, the Cyber Centre issued AV26-097Footnote 2 on February 9, 2026.

Tracked as CVE-2026-1731Footnote 3, this vulnerability is a critical pre-authentication remote code execution vulnerability and allows an unauthenticated remote attacker to execute Operating System commands (CWE-78)Footnote 4 in the context of the site user and may lead to system compromise, including unauthorized access, data exfiltration, and service disruption.

The Cyber Centre has observed open-source reporting indicating that the vulnerability is being exploited in the wildFootnote 5.

Suggested actions
The Cyber Centre recommends that organizations upgrade affected BeyondTrust instances to a fixed version:

Affected product
Affected versions
Fixed version
Remote Support
25.3.1 and prior
Patch BT26-02-RS (v21.3 - 25.3.1)
Remote Support
25.3.1 and prior
25.3.2 and greater
Privileged Remote Access
24.3.4 and prior
Patch BT26-02-PRA (v22.1 - 24.X)
Privileged Remote Access
24.3.4 and prior
25.1 and greater

BeyondTrust has confirmed that a patch has been applied to all Remote Support SaaS and Privileged Remote Access SaaS customers as of February 2, 2026 that remediates this vulnerability.

For the self-hosted instances of Remote Support and Privileged Remote Access, organizations should apply the patch manually if their instance is not subscribed to automatic updates.

The Cyber Centre also recommends that organizations review their logs to detect anomalies and unauthorized access.

If immediate patching is not possible, reduce exposure by:

— Restrict management interfaces via firewall or IP allowlists
— Remove externally exposed instances from Internet until patch is applied

In addition, the Cyber Centre strongly recommends that organizations review and implement the Cyber Centre's Top 10 IT Security Actions with an emphasis on the following topicsFootnote 6.

— Patch operating systems and applications
— Harden operating systems and applications
— Isolate web-facing applications

Should activity matching the content of this alert be discovered, recipients are encouraged to report via My Cyber Portal, or email contact@cyber.gc.ca.

References
— Footnote 1

BeyondTrust BT26-02 Security Advisory...

https://malware.news/t/al26-003-vulnerability-affecting-beyondtrust-cve-2026-1731/104153
https://malware.news/c/news.rss

Project: @MalwareNews
Private: @MalwarePrivateBot
Group: @MalwareForums
Powered by @MalwareForum

Читать полностью…

Malware News

16 February 2026 16:48

Operation DoppelBrand: Massive Fortune 500 Brand Impersonation Campaign Uncovered

Operation DoppelBrand: Massive Fortune 500 Brand Impersonation Campaign Uncovered


Introduction to Malware Binary Triage (IMBT) Course
Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor.

Enroll Now and Save 10%: Coupon Code MWNEWS10

Note: Affiliate link – your enrollment helps support this platform at no extra cost to you.


SOCRadar’s Threat Hunting Team has uncovered a sophisticated phishing operation that has been targeting Fortune 500 companies and their customers for years. The campaign, attributed to a financially-motivated threat actor known as GS7, represents a significant evolution in credential theft operations—combining precision brand impersonation, custom phishing infrastructure, and the abuse of legitimate remote management tools to establish persistent access to victim systems.

Between December 2025 and January 2026, extensive campaigns impersonating major financial institutions and technology companies including Wells Fargo, USAA, Navy Federal Credit Union, Fidelity Investments, Microsoft, Citibank, and others conducted. The operation has amassed hundreds of malicious domains, with over 150 identified in recent months alone, all following consistent infrastructure patterns that reveal a highly automated deployment capability.



Operation DoppelBrand: Weaponizing Fortune 500 Brands for Credential Theft and Remote Access

Who is GS7?
GS7 or GS is a financially-motivated actor that has been allegedly operating for approximately ten years, continuously refining tactics and rotating infrastructure. Through our investigation, we’ve identified the actor’s presence in Brazilian underground markets where they actively trade stolen credentials and corporate information. The threat actor maintains multiple Telegram bots for credential exfiltration and operates across various Dark Web marketplaces offering access to compromised accounts from banks, financial institutions, payment platforms, and streaming services.

ãSOCRadar Platform, Threat Actor Intelligence

Our analysis reveals that GS7 likely operates as an Initial Access Broker, creating phishing infrastructure and deploying remote management tools on behalf of clients or affiliates. This business model allows the actor to monetize operations through multiple channels: selling harvested credentials, providing access to compromised systems for ransomware operators or other criminal groups, and deploying additional malware through established remote access.

Bitcoin wallet analysis shows approximately $50,000 USD in observable transactions, with activity patterns that correlate directly with campaign timelines. Transaction volumes peaked during mid-April through early July 2025, and again between mid-August and mid-October 2025, revealing a recurring campaign pattern of approximately two to three months between major operations.

How the Attack Works?
GS7’s campaigns follows a five-stage modus operandi.

Campaign map

1. Reconnaissance
The actor gathers victim information from underground markets and data leaks, including:

— Leaked databases with usernames and passwords
— Corporate directories with employee details
— Email naming patterns (firstname.lastname@company.com)
— Information about commonly used enterprise software

2. Infrastructure Deployment
Domains are registered in automated batches with remarkable consistency:

— Naming pattern: brand-action.com (e.g., media-auth.com, wellsfargo-verify.com)
— Registrars: OwnRegistrar or NameCheap
— Hosting: Cloudflare CDN (obfuscates origin servers)
— SSL certificates: Let’s Encrypt or Google Trust Services, issued within 6-24 hours
— Subdomain structure: Consistent patterns including rss.*, tyd.*, dfr.*, plus brand-specific subdomains like...

https://malware.news/t/operation-doppelbrand-massive-fortune-500-brand-impersonation-campaign-uncovered/104149
https://malware.news/c/news.rss

Project: @MalwareNews
Private: @MalwarePrivateBot
Group: @MalwareForums
Powered by @MalwareForum

Читать полностью…

Malware News

16 February 2026 16:48

ClickFix added nslookup commands to its arsenal for downloading RATs

ClickFix malware campaigns are all about tricking the victim into infecting their own machine.


Introduction to Malware Binary Triage (IMBT) Course
Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor.

Enroll Now and Save 10%: Coupon Code MWNEWS10

Note: Affiliate link – your enrollment helps support this platform at no extra cost to you.


Apparently, the criminals behind these campaigns have figured out that mshta and Powershell commands are increasingly being blocked by security software, so they have developed a new method using nslookup.

The initial stages are pretty much the same as we have seen before: fake CAPTCHA instructions to prove you’re not a bot, solving non-existing computer problems or updates, causing browser crashes,  and even instruction videos.

The idea is to get victims to run malicious commands to infect their own machine. The malicious command often gets copied to the victim’s clipboard with instructions to copy it into the Windows Run dialog or the Mac terminal.

Nslookup is a built‑in tool to use the internet “phonebook,” and the criminals are basically abusing that phonebook to smuggle in instructions and malware instead of just getting an address.

It exists to troubleshoot network problems, check if DNS is configured correctly, and investigate odd domains, not to download or run programs. But the criminals configured a server to reply with data that is crafted so that part of the “answer” is actually another command or a pointer to malware, not just a normal IP address.

Microsoft provided these examples of malicious commands:



These commands start an infection chain that downloads a ZIP archive from an external server. From that archive, it extracts a malicious Python script that runs routines to conduct reconnaissance, run discovery commands, and eventually drop a Visual Basic Script which drops and executes ModeloRAT.

ModeloRAT is a Python‑based remote access trojan (RAT) that gives attackers hands‑on control over an infected Windows machine.

Long story short, the cybercriminals have found yet another way to use a trusted technical tool and make it secretly carry the next step of the attack, all triggered by the victim following what looks like harmless copy‑paste support instructions. At which point they might hand over the control over their system.

How to stay safe
With ClickFix running rampant—and it doesn’t look like it’s going away anytime soon—it’s important to be aware, careful, and protected.

— Slow down. Don’t rush to follow instructions on a webpage or prompt, especially if it asks you to run commands on your device or copy-paste code. Attackers rely on urgency to bypass your critical thinking, so be cautious of pages urging immediate action. Sophisticated ClickFix pages add countdowns, user counters, or other pressure tactics to make you act quickly.
— Avoid running commands or scripts from untrusted sources. Never run code or commands copied...

https://malware.news/t/clickfix-added-nslookup-commands-to-its-arsenal-for-downloading-rats/104147
https://malware.news/c/news.rss

Project: @MalwareNews
Private: @MalwarePrivateBot
Group: @MalwareForums
Powered by @MalwareForum

Читать полностью…

Malware News

16 February 2026 16:48

️SECURITY.COM The Podcast: 2026 Threat Predictions

This year’s threat forecast: ransomware, and a whole lot more


Introduction to Malware Binary Triage (IMBT) Course
Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor.

Enroll Now and Save 10%: Coupon Code MWNEWS10

Note: Affiliate link – your enrollment helps support this platform at no extra cost to you.


Article Link: 🎙️SECURITY.COM The Podcast: 2026 Threat Predictions | SECURITY.COM

1 post - 1 participant

Read full topic

https://malware.news/t/security-com-the-podcast-2026-threat-predictions/104145
https://malware.news/c/news.rss

Project: @MalwareNews
Private: @MalwarePrivateBot
Group: @MalwareForums
Powered by @MalwareForum

Читать полностью…

Malware News

16 February 2026 16:48

How the Protective Security Policy Framework Shapes Australia’s Commonwealth Cyber Security Strategy


Introduction to Malware Binary Triage (IMBT) Course
Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor.

Enroll Now and Save 10%: Coupon Code MWNEWS10

Note: Affiliate link – your enrollment helps support this platform at no extra cost to you.



The Australian government has intensified efforts to protect digital infrastructure across all Commonwealth entities. Two recent publications, the 2024–25 Protective Security Policy Framework (PSPF) Assessment Report and the 2025 Commonwealth Cyber Security Posture Report, offer a comprehensive snapshot of current achievements, challenges, and future priorities in government cyber resilience. 

The PSPF Assessment Report highlights that 92% of non-corporate Commonwealth entities (NCEs) achieved an overall rating of “Effective” compliance under the updated evidence-based reporting model. This framework moves beyond traditional checklists, focusing on measurable outcomes, tangible risk reduction, and demonstrable assurance. While information security across agencies continues to perform well, technology security, including cyber security, remains a key area for ongoing improvement, with 79% of entities reporting effective compliance in this domain. 

PSPF policies 13 and 14 form the backbone of this effort. Policy 13: Technology Lifecycle Management emphasizes protecting ICT systems to ensure secure and continuous service delivery, integrating principles from the Australian Signals Directorate (ASD) Information Security Manual (ISM). Policy 14: Cyber Security Strategies mandates the adoption of the Essential Eight mitigation strategies to Maturity Level 2, encouraging entities to consider higher levels where threat environments warrant. 

The report also shows high engagement in proactive security measures: 90% of entities maintain incident response plans, 82% have formal cybersecurity strategies, and 87% conduct annual staff cybersecurity training. 

The Essential Eight and Technical Cyber Hardening 

The 2025 Commonwealth Cyber Security Posture is the implementation of ASD’s Essential Eight mitigation strategies. These technical controls, ranging from patching applications and operating systems to multi-factor authentication, administrative privilege restriction, and secure backups, are designed to reduce the likelihood of ICT systems being compromised. 

In 2025, 22% of entities achieved Maturity Level 2 across all eight strategies, an improvement from 15% in 2024, though slightly below 2023’s 25%. This minor drop reflects the November 2023 update to the Essential Eight, which hardened controls in response to evolving threat tactics.  

Notably, strategies like multi-factor authentication and application control saw temporary reductions in compliance as agencies adjusted to higher technical standards, such as phishing-resistant MFA and updated application rules targeting “living off the land” exploits. 

Legacy IT systems remain a challenge, with 59% of entities reporting that these older systems impede achieving full maturity. Funding constraints and lack of replacement options are primary obstacles.  

Cyber Hygiene, Incident Preparedness, and Reporting 

Data-driven programs like ASD’s Cyber Hygiene Improvement Programs (CHIPs) track the security of internet-facing systems, assessing email protocols, encryption, and website maintenance. Between May 2024 and May 2025, improvements were noted across email domain security and active website maintenance, though effective web server encryption showed a minor dip due to better identification of previously untracked servers. 

Despite strong internal preparedness, reporting of incidents remains relatively low, with only 35% of...

https://malware.news/t/how-the-protective-security-policy-framework-shapes-australia-s-commonwealth-cyber-security-strategy/104143
https://malware.news/c/news.rss

Project: @MalwareNews
Private: @MalwarePrivateBot
Group: @MalwareForums
Powered by @MalwareForum

Читать полностью…

Malware News

16 February 2026 09:19

2026 64-Bits Malware Trend, (Mon, Feb 16th)

In 2022 (time flies!), I wrote a diary about the 32-bits VS. 64-bits malware landscape[1]. It demonstrated that, despite the growing number of 64-bits computers, the “old-architecture” remained the standard. In the SANS malware reversing training (FOR610[2]), we quickly cover the main differences between the two architectures. One of the conclusions is that 32-bits code is still popular because it acts like a comme denominator and allows threat actors to target more Windows computers. Yes, Microsoft Windows can smoothly execute 32-bits code on 64-bits computers. It is still the case in 2026? Did the situation evolved?


Introduction to Malware Binary Triage (IMBT) Course
Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor.

Enroll Now and Save 10%: Coupon Code MWNEWS10

Note: Affiliate link – your enrollment helps support this platform at no extra cost to you.


Article Link: 2026 64-Bits Malware Trend - SANS Internet Storm Center

1 post - 1 participant

Read full topic

https://malware.news/t/2026-64-bits-malware-trend-mon-feb-16th/104139
https://malware.news/c/news.rss

Project: @MalwareNews
Private: @MalwarePrivateBot
Group: @MalwareForums
Powered by @MalwareForum

Читать полностью…

Malware News

16 February 2026 04:30

ISC Stormcast For Monday, February 16th, 2026 https://isc.sans.edu/podcastdetail/9810, (Mon, Feb 16th)


Introduction to Malware Binary Triage (IMBT) Course
Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor.

Enroll Now and Save 10%: Coupon Code MWNEWS10

Note: Affiliate link – your enrollment helps support this platform at no extra cost to you.


Article Link: ISC Stormcast For Monday, February 16th, 2026 https://isc.sans.edu/podcastdetail/9810

1 post - 1 participant

Read full topic

https://malware.news/t/isc-stormcast-for-monday-february-16th-2026-https-isc-sans-edu-podcastdetail-9810-mon-feb-16th/104135
https://malware.news/c/news.rss

Project: @MalwareNews
Private: @MalwarePrivateBot
Group: @MalwareForums
Powered by @MalwareForum

Читать полностью…

Malware News

16 February 2026 00:28

Advantages of Agentless EDR for Linux

Introduction


Introduction to Malware Binary Triage (IMBT) Course
Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor.

Enroll Now and Save 10%: Coupon Code MWNEWS10

Note: Affiliate link – your enrollment helps support this platform at no extra cost to you.


Linux Endpoint Detection and Response (EDR) is dominated by a kernel-level agent-based security model inherited from the Windows world. While agent-based security has certain advantage...

Article Link: Advantages of Agentless EDR for Linux | Sandfly Security

1 post - 1 participant

Read full topic

https://malware.news/t/advantages-of-agentless-edr-for-linux/104133
https://malware.news/c/news.rss

Project: @MalwareNews
Private: @MalwarePrivateBot
Group: @MalwareForums
Powered by @MalwareForum

Читать полностью…

Malware News

15 February 2026 04:16

TheGentlemen Ransomware Group Strikes UniFil in Brazil

Summary


Introduction to Malware Binary Triage (IMBT) Course
Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor.

Enroll Now and Save 10%: Coupon Code MWNEWS10

Note: Affiliate link – your enrollment helps support this platform at no extra cost to you.



On February 10, 2026, the notorious ransomware group TheGentlemen claimed responsibility for a cyberattack against UniFil (unifil.br), a premier educational institution in Brazil. The group issued a statement indicating that sensitive data would be released unless the institution engages in negotiations.

Incident Report

Field
Details

Target
UniFil

Domain
unifil.br

Country
Brazil

Attacking Group
TheGentlemen

Date Reported
February 10, 2026

Threat Actor Statement
“The full leak will be published soon, unless a representative from UniFil contacts us via the provided channels.”

Recommended Security Actions

Ransomware attacks are increasingly targeting both enterprise and mid-sized organizations across all sectors. The following steps are critical to reduce impact and prevent future incidents:

— Monitor continuously: Use DeXpose’s dark web and infostealer monitoring platform to detect breached credentials, leaked databases, and threat actor chatter in near real-time—before damage spreads internally.
— Conduct a compromise assessment: Immediately initiate a full incident review to determine how attackers infiltrated your network, what data may have been exfiltrated, and whether any persistence mechanisms remain active.
— Validate your backups: Ensure that your backups are current, encrypted, and stored offline. Utilize immutable backup solutions to defend against ransomware encryption and deletion attempts.
— Apply threat intelligence: Integrate external threat feeds, including DeXpose-provided indicators of compromise (IOCs), into your SIEM or XDR platforms for real-time alerting and correlation.
— Harden employee defenses: Run phishing simulations and enforce multi-factor authentication (MFA) across all access points. Attackers often exploit weak or reused credentials sourced from the dark web.
— Engage professional response teams: Involve cybersecurity incident response experts, threat analysts, and legal counsel before initiating any dialogue with ransomware groups or ransom brokers.

How DeXpose Helps You Stay Ahead

At DeXpose, we specialize in early detection and proactive defense. Our hybrid threat intelligence solution combines automated deep/dark web crawling, Telegram and forum monitoring, and real analyst verification to deliver:

— Continuous scanning of ransomware group leak sites, stolen credential markets, and malware log dumps
— Timely alerts for breaches linked to your domains, email addresses, and key personnel
— Intelligence correlation that connects leaked credentials to infostealer malware infections, often weeks before a public ransom demand
— Real-time visibility into supply chain and third-party exposures through passive surveillance of dark web channels

Don’t wait for public disclosure or ransom notices—gain visibility into your cyber exposure now.


Scan your domain for data breaches:

Free Dark Web Report


Check employee or partner email exposure:

Email Data Breach Scan

Disclaimer

DeXpose does not engage in the exfiltration, hosting, redistribution, or purchase of stolen data. All breach information reported here is collected from publicly accessible dark web sources and threat intelligence platforms.

Our mission is to equip organizations with early-warning indicators, contextual threat insights, and actionable intelligence that help them secure their digital assets against evolving cyber threats.

Article Link: TheGentlemen Ransomware Group Strikes UniFil in Brazil - DeXpose

1 post - 1 participant...

https://malware.news/t/thegentlemen-ransomware-group-strikes-unifil-in-brazil/104131
https://malware.news/c/news.rss

Project: @MalwareNews
Private: @MalwarePrivateBot
Group: @MalwareForums
Powered by @MalwareForum

Читать полностью…

Malware News

14 February 2026 16:13

Guernsey medical practice sanctioned after cyber criminals access patient data through email account

itv reports: Guernsey’s Data Protection Authority (ODPA) has sanctioned First Contact Health after it failed to implement sufficient security measures to prevent a phishing attack. The cybersecurity breach saw fraudsters successfully target an employee’s email account, gaining access to confidential health data at the medical practice. First Contact Health became aware and reported the data breach...


Introduction to Malware Binary Triage (IMBT) Course
Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor.

Enroll Now and Save 10%: Coupon Code MWNEWS10

Note: Affiliate link – your enrollment helps support this platform at no extra cost to you.


Source

Article Link: Guernsey medical practice sanctioned after cyber criminals access patient data through email account – DataBreaches.Net

1 post - 1 participant

Read full topic

https://malware.news/t/guernsey-medical-practice-sanctioned-after-cyber-criminals-access-patient-data-through-email-account/104128
https://malware.news/c/news.rss

Project: @MalwareNews
Private: @MalwarePrivateBot
Group: @MalwareForums
Powered by @MalwareForum

Читать полностью…

Malware News

14 February 2026 16:13

New “Kurd Hackers Forum” Focuses on Middle Eastern Data Breaches and Leaks

Reza abasi notes that there is a new forum called the “Kurd Hacker Forum” that focuses on databreaches in Iran, Syria, and Turkey. The domain was registered January 28, 2026. The forum, which is on the clear net, looks like it has the same format as the classic BreachForums, with the same types of sections...


Introduction to Malware Binary Triage (IMBT) Course
Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor.

Enroll Now and Save 10%: Coupon Code MWNEWS10

Note: Affiliate link – your enrollment helps support this platform at no extra cost to you.


Source

Article Link: New “Kurd Hackers Forum” Focuses on Middle Eastern Data Breaches and Leaks – DataBreaches.Net

1 post - 1 participant

Read full topic

https://malware.news/t/new-kurd-hackers-forum-focuses-on-middle-eastern-data-breaches-and-leaks/104126
https://malware.news/c/news.rss

Project: @MalwareNews
Private: @MalwarePrivateBot
Group: @MalwareForums
Powered by @MalwareForum

Читать полностью…

Malware News

14 February 2026 16:12

Analisi di phishing adattivo. Spoofing e esfiltrazione tramite Telegram

L’analisi tecnica evidenzia l’uso combinato di due tecniche semplici ma efficaci. Spoofing del dominio mittente e allegato HTML attivo per la sottrazione di credenziali. Nel campione analizzato, l’allegato simula una pagina di autenticazione e tenta di inviare le credenziali a un canale controllato dall’attaccante tramite la Telegram Bot API.


Introduction to Malware Binary Triage (IMBT) Course
Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor.

Enroll Now and Save 10%: Coupon Code MWNEWS10

Note: Affiliate link – your enrollment helps support this platform at no extra cost to you.


Article Link: Analisi di phishing adattivo. Spoofing e esfiltrazione tramite Telegram – CERT-AGID

1 post - 1 participant

Read full topic

https://malware.news/t/analisi-di-phishing-adattivo-spoofing-e-esfiltrazione-tramite-telegram/104124
https://malware.news/c/news.rss

Project: @MalwareNews
Private: @MalwarePrivateBot
Group: @MalwareForums
Powered by @MalwareForum

Читать полностью…

Malware News

13 February 2026 23:53

NDSS 2025 – Automated Mass Malware Factory

Session 12B: Malware


Introduction to Malware Binary Triage (IMBT) Course
Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor.

Enroll Now and Save 10%: Coupon Code MWNEWS10

Note: Affiliate link – your enrollment helps support this platform at no extra cost to you.


Authors, Creators & Presenters: Heng Li (Huazhong University of Science and Technology), Zhiyuan Yao (Huazhong University of Science and Technology), Bang Wu (Huazhong University of Science and Technology), Cuiying Gao (Huazhong University of Science and Technology), Teng Xu (Huazhong University of Science and Technology), Wei Yuan (Huazhong University of Science and Technology), Xiapu Luo (The Hong Kong Polytechnic University)

PAPER

Automated Mass Malware Factory: The Convergence of Piggybacking and Adversarial Example in Android Malicious Software Generation

Adversarial example techniques have been demonstrated to be highly effective against Android malware detection systems, enabling malware to evade detection with minimal code modifications. However, existing adversarial example techniques overlook the process of malware generation, thus restricting the applicability of adversarial example techniques. In this paper, we investigate piggybacked malware, a type of malware generated in bulk by piggybacking malicious code into popular apps, and combine it with adversarial example techniques. Given a malicious code segment (i.e., a rider), we can generate adversarial perturbations tailored to it and insert them into any carrier, enabling the resulting malware to evade detection. Through exploring the mechanism by which adversarial perturbation affects piggybacked malware code, we propose an adversarial piggybacked malware generation method, which comprises three modules: Malicious Rider Extraction, Adversarial Perturbation Generation, and Benign Carrier Selection. Extensive experiments have demonstrated that our method can efficiently generate a large volume of malware in a short period, and significantly increase the likelihood of evading detection. Our method achieved an average attack success rate (ASR) of 88.3% on machine learning-based detection models (e.g., Drebin and MaMaDroid), and an ASR of 76% and 92% on commercial engines Microsoft and Kingsoft, respectively. Furthermore, we have explored potential defenses against our adversarial piggybacked malware.

ABOUT NDSS

The Network and Distributed System Security Symposium (NDSS) fosters information exchange among researchers and practitioners of network and distributed system security. The target audience includes those interested in practical aspects of network and distributed system security, with a focus on actual system design and implementation. A major goal is to encourage and enable the Internet community to apply, deploy, and advance the state of available security technologies.

Our thanks to the Network and Distributed System Security (NDSS) Symposium for publishing their Creators, Authors and Presenter’s superb NDSSSymposium">NDSS Symposium 2025 Conference content on the Organizations' ndsssymposium?si=lLtn9sVVEwmZ8J9h3">YouTube Channel.

Permalink

The post NDSS 2025 – Automated Mass Malware Factory appeared first on Security Boulevard.

Article Link: NDSS 2025 - Automated Mass Malware Factory - Security Boulevard

1 post - 1 participant

Read full topic

https://malware.news/t/ndss-2025-automated-mass-malware-factory/104120
https://malware.news/c/news.rss

Project: @MalwareNews
Private: @MalwarePrivateBot
Group: @MalwareForums
Powered by @MalwareForum

Читать полностью…

Malware News

13 February 2026 23:53

Attor­ney Gen­er­al Ken Pax­ton Demands Infor­ma­tion from Blue Cross Blue Shield of Texas and Con­duent as Part of Inves­ti­ga­tion into Largest Data Breach in U.S. History

Their headline was, “Attor­ney Gen­er­al Ken Pax­ton Demands Infor­ma­tion from Blue Cross Blue Shield of Texas and Con­duent as Part of Inves­ti­ga­tion into Largest Data Breach in U.S. History,” but that seemed terribly wrong. Is Texas Attorney General Ken Paxton using AI as for his research?  “Largest Data Breach in U.S. History?” Doesn’t he remember...


Introduction to Malware Binary Triage (IMBT) Course
Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor.

Enroll Now and Save 10%: Coupon Code MWNEWS10

Note: Affiliate link – your enrollment helps support this platform at no extra cost to you.


Source

Article Link: Attor­ney Gen­er­al Ken Pax­ton Demands Infor­ma­tion from Blue Cross Blue Shield of Texas and Con­duent as Part of Inves­ti­ga­tion into Largest Data Breach in U.S. History – DataBreaches.Net

1 post - 1 participant

Read full topic

https://malware.news/t/attor-ney-gen-er-al-ken-pax-ton-demands-infor-ma-tion-from-blue-cross-blue-shield-of-texas-and-con-duent-as-part-of-inves-ti-ga-tion-into-largest-data-breach-in-u-s-history/104118
https://malware.news/c/news.rss

Project: @MalwareNews
Private: @MalwarePrivateBot
Group: @MalwareForums
Powered by @MalwareForum

Читать полностью…

Malware News

13 February 2026 23:53

Juniper Networks security advisory (AV26-128)


Introduction to Malware Binary Triage (IMBT) Course
Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor.

Enroll Now and Save 10%: Coupon Code MWNEWS10

Note: Affiliate link – your enrollment helps support this platform at no extra cost to you.


 <div>
<div>


 <div><p><strong>Serial number: </strong>AV26-128<br /><strong>Date: </strong>February 13, 2026</p>

On February 12, 2026, Juniper Networks published a security advisory to address vulnerabilities in the following product. Included were critical updates for the following:

— Juniper Secure Analytics (JSA) 7.5.0 – versions prior to 7.5.0 UP14 IF01

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

On Demand: JSA Series: Multiple vulnerabilities resolved in Juniper Secure Analytics in 7.5.0 UP14 IF01
Juniper Networks Security Advisories

</div>


Article Link: Juniper Networks security advisory (AV26-128) - Canadian Centre for Cyber Security

1 post - 1 participant

Read full topic

https://malware.news/t/juniper-networks-security-advisory-av26-128/104116
https://malware.news/c/news.rss

Project: @MalwareNews
Private: @MalwarePrivateBot
Group: @MalwareForums
Powered by @MalwareForum

Читать полностью…

Malware News

16 February 2026 16:48

Google Chrome security advisory (AV26-130)


Introduction to Malware Binary Triage (IMBT) Course
Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor.

Enroll Now and Save 10%: Coupon Code MWNEWS10

Note: Affiliate link – your enrollment helps support this platform at no extra cost to you.


 <div>
<div>


 <div><p><strong>Serial number: </strong>AV26-130<br /><strong>Date: </strong>February 16, 2026</p>

On February 13, 2026, Google published a security advisory to address a vulnerability in the following product:

— Stable Channel Chrome for Desktop – versions prior to 145.0.7632.75/76 (Windows/Mac) and 144.0.7559.75 (Linux)

Google is aware that an exploit for CVE-2026-2441 exists in the wild.

The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates, when available.

Google Chrome Security Advisory

</div>


Article Link: Google Chrome security advisory (AV26-130) - Canadian Centre for Cyber Security

1 post - 1 participant

Read full topic

https://malware.news/t/google-chrome-security-advisory-av26-130/104150
https://malware.news/c/news.rss

Project: @MalwareNews
Private: @MalwarePrivateBot
Group: @MalwareForums
Powered by @MalwareForum

Читать полностью…

Malware News

16 February 2026 16:48

CVE-2026-2441: Chrome Zero-Day Enables In-Sandbox Code Execution

CVE-2026-2441: Chrome Zero-Day Enables In-Sandbox Code Execution


Introduction to Malware Binary Triage (IMBT) Course
Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor.

Enroll Now and Save 10%: Coupon Code MWNEWS10

Note: Affiliate link – your enrollment helps support this platform at no extra cost to you.


Google has patched CVE-2026-2441, noting that it is “aware that an exploit for CVE-2026-2441 exists in the wild” as of the Stable Channel update published on February 13, 2026. This post summarizes what the flaw is, which versions are exposed, how exploitation is expected to work at a high level, and what defenders should do to reduce risk quickly.

What Is CVE-2026-2441 in Google Chrome?
CVE-2026-2441 (CVSS 8.8) is a use-after-free condition in Chrome’s CSS handling. In practical terms, Chrome can end up referencing memory that has already been freed, which can corrupt program state in a way an attacker may be able to control.

Details of CVE-2026-2441 (SOCRadar Vulnerability Intelligence)

The reported impact is arbitrary code execution inside the browser sandbox. It does not automatically mean full host compromise by itself, but it still represents a serious foothold because sandboxed code execution can be chained with a separate sandbox escape for broader impact.

Which Chrome Versions Are Affected and What Are the Fixed Builds?
From an exposure standpoint, the simplest rule is to treat Chrome versions on Windows/macOS prior to 145.0.7632.75 as vulnerable. For Linux, treat versions below 144.0.7559.75 as vulnerable.

Google shipped fixes on February 13, 2026, with different version numbers by platform and channel:

Chrome Stable (Desktop)



— Windows / macOS:145.0.7632.75 and 145.0.7632.76
— Linux:144.0.7559.75



Chrome Extended Stable (Desktop)



— Windows / macOS (Extended Stable):144.0.7559.177



If you run Chromium-based browsers outside of Google Chrome, treat this as “potentially impacted” until the vendor confirms the Chromium version they have integrated and shipped.

How Does Exploitation Work?
CVE-2026-2441 is triggered via web content, meaning an attacker can deliver it through a crafted HTML page. The exploitation model described publicly is consistent with a drive-by scenario where the attacker’s key requirement is user interaction, such as convincing a victim to visit an attacker-controlled page or open a malicious link.

Public reporting links the issue to Chrome’s CSS font feature values handling (e.g., CSSFontFeatureValuesMap), but detailed exploitation mechanics are not fully public.

Is There a Public PoC Exploit Available?
At the time of writing, there is no official public Proof-of-Concept (PoC) exploit, and the related Chromium issue tracker entry is restricted.

What Should Defenders Do Right Now?
1) Patch, then verify the browser actually restarted



The primary remediation is to update Chrome to a fixed version and ensure users restart Chrome so endpoints run the patched binary.

Use these minimum versions as compliance gates:

— Windows/macOS Stable: 145.0.7632.75+
— Linux Stable: 144.0.7559.75+
— Windows/macOS Extended Stable: 144.0.7559.177+



2) Identify and prioritize endpoints below fixed versions



Use software inventory, EDR telemetry, or MDM reporting to:

— Find endpoints running below the fixed versions
— Prioritize high-risk roles (executives, finance, IT admins, SOC analysts) and high-exposure browsing patterns

3) Use short-term compensating controls only to buy time



If patch rollout will take time, apply temporary controls where feasible, such as stricter web filtering for high-risk groups. Treat these as stopgaps, not substitutes, because patching is the only direct fix for the underlying memory safety condition....

https://malware.news/t/cve-2026-2441-chrome-zero-day-enables-in-sandbox-code-execution/104148
https://malware.news/c/news.rss

Project: @MalwareNews
Private: @MalwarePrivateBot
Group: @MalwareForums
Powered by @MalwareForum

Читать полностью…

Malware News

16 February 2026 16:48

The Promptware Kill Chain


Introduction to Malware Binary Triage (IMBT) Course
Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor.

Enroll Now and Save 10%: Coupon Code MWNEWS10

Note: Affiliate link – your enrollment helps support this platform at no extra cost to you.


Attacks against modern generative artificial intelligence (AI) large language models (LLMs) pose a real threat. Yet discussions around these attacks and their potential defenses are dangerously myopic. The dominant narrative focuses on “prompt injection,” a set of techniques to embed instructions into inputs to LLM intended to perform malicious activity. This term suggests a simple, singular vulnerability. This framing obscures a more complex and dangerous reality. Attacks on LLM-based systems have evolved into a distinct class of malware execution mechanisms, which we term “promptware.” In a ...

The post The Promptware Kill Chain appeared first on Security Boulevard.

Article Link: The Promptware Kill Chain - Security Boulevard

1 post - 1 participant

Read full topic

https://malware.news/t/the-promptware-kill-chain/104146
https://malware.news/c/news.rss

Project: @MalwareNews
Private: @MalwarePrivateBot
Group: @MalwareForums
Powered by @MalwareForum

Читать полностью…

Malware News

16 February 2026 16:48

He tried to extort the Dutch police. It didn’t work out well for him

He wanted something in return for returning files to the Dutch police. What he got in return was an arrest. A press release from Dutch police sums it up: On Thursday evening around 7:00 PM, police arrested a 40-year-old man from Ridderkerk on Prinses Beatrixstraat in Ridderkerk for computer hacking. Due to a police error,...


Introduction to Malware Binary Triage (IMBT) Course
Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor.

Enroll Now and Save 10%: Coupon Code MWNEWS10

Note: Affiliate link – your enrollment helps support this platform at no extra cost to you.


Source

Article Link: He tried to extort the Dutch police. It didn’t work out well for him. – DataBreaches.Net

1 post - 1 participant

Read full topic

https://malware.news/t/he-tried-to-extort-the-dutch-police-it-didn-t-work-out-well-for-him/104144
https://malware.news/c/news.rss

Project: @MalwareNews
Private: @MalwarePrivateBot
Group: @MalwareForums
Powered by @MalwareForum

Читать полностью…

Malware News

16 February 2026 12:41

A week in security (February 9 – February 15)

Last week on Malwarebytes Labs:


Introduction to Malware Binary Triage (IMBT) Course
Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor.

Enroll Now and Save 10%: Coupon Code MWNEWS10

Note: Affiliate link – your enrollment helps support this platform at no extra cost to you.



How to find and remove credential-stealing Chrome extensions
Fake shops target Winter Olympics 2026 fans
Outlook add-in goes rogue and steals 4,000 credentials and payment data
Child exploitation, grooming, and social media addiction claims put Meta on trial
Apple patches zero-day flaw that could let attackers take control of devices
Criminals are using AI website builders to clone major brands
February 2026 Patch Tuesday includes six actively exploited zero-days
Malwarebytes earns PCMag Best Tech Brand spot, scores 100% with MRG Effitas
Discord will limit profiles to teen-appropriate mode until you verify your age
How safe are kids using social media? We did the groundwork
Man tricked hundreds of women into handing over Snapchat security codes
Is your phone listening to you? (re-air) (Lock and Code S07E03)
AI chat app leak exposes 300 million messages tied to 25 million users
Fake 7-Zip downloads are turning home PCs into proxy nodes

Stay safe!

We don’t just report on threats—we help safeguard your entire digital identity

Cybersecurity risks should never spread beyond a headline. Protect your, and your family’s, personal information by using identity protection.

Article Link: A week in security (February 9 - February 15) | Malwarebytes

1 post - 1 participant

Read full topic

https://malware.news/t/a-week-in-security-february-9-february-15/104140
https://malware.news/c/news.rss

Project: @MalwareNews
Private: @MalwarePrivateBot
Group: @MalwareForums
Powered by @MalwareForum

Читать полностью…

Malware News

16 February 2026 09:19

Are hackers trying to utilize Gemini AI’s capabilities for malicious purposes?

Yes, they are. A recently published quarterly report from Google Threat Intelligence Group (GTIG) discusses that hackers are attempting to use it as a support tool, and some private organizations are even trying to clone the model. Google says there are no direct copy attempts by hackers, but threat actors have been observed using AI to support sophisticated hacking attempts against individuals and businesses. Hackers would love to obtain Gemini AI’s proprietary logic, but are not as daring as private companies, which are actively exploring ways to extract it. Google says such attempts constitute intellectual property theft and violate its terms of service. And the tech conglomerate is actively working to deter them and prevent “cloning” or misuse.


Introduction to Malware Binary Triage (IMBT) Course
Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor.

Enroll Now and Save 10%: Coupon Code MWNEWS10

Note: Affiliate link – your enrollment helps support this platform at no extra cost to you.


Key takeaways

— State-backed hackers are using Gemini AI as a powerful support tool for cyberattacks. And Google is trying to stop this practice.
— Private companies and researchers are the main ones trying to clone or extract Gemini’s proprietary logic. Google classifies this as intellectual property theft.
— Google says no successful cloning of Gemini has occurred.
— Americans are increasingly relying on AI in daily life (work and home). But trust remains low due to privacy concerns, lack of regulation. And fears of data exploitation.

Have hackers been successful at utilizing Gemini AI models?
Not really when it comes to cloning, but there have been recorded attempts to use chatbot power to support malicious activities, and GTIG is actively working to stop the trend. The hackers were never fully able to complete direct model extraction/distillation attacks on frontier models like Gemini. Still, GTIG has confirmed that hackers have had fruitful interactions with AI chatbots that supported them during different stages of cyberattacks. However, thwarting such exploitation attempts from both cybercriminal organizations and the private sector remains a high priority.

In the report released by GTIG, the cybersecurity experts describe how Korean, Iranian, Chinese, and Russian state-backed criminal cyber organizations found ways to operationalize Gemini AI. The fight for “unsupervised” access to AI is ongoing, as Americans continue to develop a love-hate relationship with AI. US residents are increasingly relying on AI. Still, they are also growing mistrustful of the companies behind those AI agents. 

Why is the private sector after Gemini AI’s proprietary logic?
The only difference between hackers and the private sector is that hackers might use AI capabilities to execute state-sponsored cyberattacks. In addition to the usual monetary gain goals. Private organizations predominantly focus on gaining access to use those capabilities to develop their product and service offerings. If used correctly, this would undoubtedly have a positive impact on their bottom line.

However, as Google highlights in the quarterly report, such attempts enable people to accelerate AI model development quickly and at a significantly lower cost. This effectively represents a form of intellectual property theft. 

Why are Americans not trusting AI?
AI certainly shapes Americans’ lives, with increasing use and reliability at both work and hom. As usage increases, the malicious use of AI is also growing—i.e., state-sponsored and regular for-profit cybercriminal organizations are attempting to exploit the new technology. People from all over the world—and sometimes with questionable moral...

https://malware.news/t/are-hackers-trying-to-utilize-gemini-ai-s-capabilities-for-malicious-purposes/104137
https://malware.news/c/news.rss

Project: @MalwareNews
Private: @MalwarePrivateBot
Group: @MalwareForums
Powered by @MalwareForum

Читать полностью…

Malware News

16 February 2026 04:30

Nightspire Ransomware Strikes Spanish Firm PERLITE, S.L.U

Summary


Introduction to Malware Binary Triage (IMBT) Course
Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor.

Enroll Now and Save 10%: Coupon Code MWNEWS10

Note: Affiliate link – your enrollment helps support this platform at no extra cost to you.



On February 14, 2026, the ransomware group Nightspire claimed responsibility for a cyberattack against PERLITE, S.L.U (solucionesperlite.com), a Spanish company. The attacker has threatened to release sensitive client data unless their demands are met.

Incident Report

Field
Details

Target
PERLITE, S.L.U

Domain
solucionesperlite.com

Country
Spain

Attacking Group
Nightspire

Date Reported
February 14, 2026

Threat Actor Statement
“- Drawings- Customized data according to clients”

Recommended Security Actions

Ransomware attacks are increasingly targeting both enterprise and mid-sized organizations across all sectors. The following steps are critical to reduce impact and prevent future incidents:

— Monitor continuously: Use DeXpose’s dark web and infostealer monitoring platform to detect breached credentials, leaked databases, and threat actor chatter in near real-time—before damage spreads internally.
— Conduct a compromise assessment: Immediately initiate a full incident review to determine how attackers infiltrated your network, what data may have been exfiltrated, and whether any persistence mechanisms remain active.
— Validate your backups: Ensure that your backups are current, encrypted, and stored offline. Utilize immutable backup solutions to defend against ransomware encryption and deletion attempts.
— Apply threat intelligence: Integrate external threat feeds, including DeXpose-provided indicators of compromise (IOCs), into your SIEM or XDR platforms for real-time alerting and correlation.
— Harden employee defenses: Run phishing simulations and enforce multi-factor authentication (MFA) across all access points. Attackers often exploit weak or reused credentials sourced from the dark web.
— Engage professional response teams: Involve cybersecurity incident response experts, threat analysts, and legal counsel before initiating any dialogue with ransomware groups or ransom brokers.

How DeXpose Helps You Stay Ahead

At DeXpose, we specialize in early detection and proactive defense. Our hybrid threat intelligence solution combines automated deep/dark web crawling, Telegram and forum monitoring, and real analyst verification to deliver:

— Continuous scanning of ransomware group leak sites, stolen credential markets, and malware log dumps
— Timely alerts for breaches linked to your domains, email addresses, and key personnel
— Intelligence correlation that connects leaked credentials to infostealer malware infections, often weeks before a public ransom demand
— Real-time visibility into supply chain and third-party exposures through passive surveillance of dark web channels

Don’t wait for public disclosure or ransom notices—gain visibility into your cyber exposure now.


Scan your domain for data breaches:

Free Dark Web Report


Check employee or partner email exposure:

Email Data Breach Scan

Disclaimer

DeXpose does not engage in the exfiltration, hosting, redistribution, or purchase of stolen data. All breach information reported here is collected from publicly accessible dark web sources and threat intelligence platforms.

Our mission is to equip organizations with early-warning indicators, contextual threat insights, and actionable intelligence that help them secure their digital assets against evolving cyber threats.

Article Link: Nightspire Ransomware Strikes Spanish Firm PERLITE, S.L.U - DeXpose

1 post - 1 participant

Read full topic

https://malware.news/t/nightspire-ransomware-strikes-spanish-firm-perlite-s-l-u/104134
https://malware.news/c/news.rss

Project: @MalwareNews
Private: @MalwarePrivateBot
Group: @MalwareForums
Powered by @MalwareForum

Читать полностью…

Malware News

16 February 2026 00:28

BPFDoor Detection, Analysis, and Hunting Tactics on Linux

BPFDoor Introduction


Introduction to Malware Binary Triage (IMBT) Course
Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor.

Enroll Now and Save 10%: Coupon Code MWNEWS10

Note: Affiliate link – your enrollment helps support this platform at no extra cost to you.


BPFDoor is a simple but stealthy Linux backdoor linked to Chinese nation state threat actors. While often found targeting telecommunications infrastructure, it is likely used i...

Article Link: BPFDoor Detection, Analysis and Hunting Tactics

1 post - 1 participant

Read full topic

https://malware.news/t/bpfdoor-detection-analysis-and-hunting-tactics-on-linux/104132
https://malware.news/c/news.rss

Project: @MalwareNews
Private: @MalwarePrivateBot
Group: @MalwareForums
Powered by @MalwareForum

Читать полностью…

Malware News

15 February 2026 00:12

Nevada unveils new statewide data classification policy months after cyberattack

Eric Neugeboren reports: Nevada’s IT agency has rolled out a new policy aimed at standardizing the privacy of state data, months after a massive cyberattack crippled certain systems for weeks. The policy announced Wednesday from the Governor’s Technology Office marks the first time the state will have clear-cut categories for data sensitivity. Officials said this will allow...


Introduction to Malware Binary Triage (IMBT) Course
Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor.

Enroll Now and Save 10%: Coupon Code MWNEWS10

Note: Affiliate link – your enrollment helps support this platform at no extra cost to you.


Source

Article Link: Nevada unveils new statewide data classification policy months after cyberattack – DataBreaches.Net

1 post - 1 participant

Read full topic

https://malware.news/t/nevada-unveils-new-statewide-data-classification-policy-months-after-cyberattack/104130
https://malware.news/c/news.rss

Project: @MalwareNews
Private: @MalwarePrivateBot
Group: @MalwareForums
Powered by @MalwareForum

Читать полностью…

Malware News

14 February 2026 16:13

Dutch phone giant Odido says millions of customers affected by data breach

Zack Whittaker reports: Dutch phone company Odido has confirmed a data breach affected millions of its customers. The company said in a statement Thursday that unidentified hackers gained access to its customer contact system and covertly downloaded reams of customer information. A spokesperson for Odido told local Dutch media that the breach affects more than 6.2 million customers, or...


Introduction to Malware Binary Triage (IMBT) Course
Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor.

Enroll Now and Save 10%: Coupon Code MWNEWS10

Note: Affiliate link – your enrollment helps support this platform at no extra cost to you.


Source

Article Link: Dutch phone giant Odido says millions of customers affected by data breach – DataBreaches.Net

1 post - 1 participant

Read full topic

https://malware.news/t/dutch-phone-giant-odido-says-millions-of-customers-affected-by-data-breach/104127
https://malware.news/c/news.rss

Project: @MalwareNews
Private: @MalwarePrivateBot
Group: @MalwareForums
Powered by @MalwareForum

Читать полностью…

Malware News

14 February 2026 16:13

Cyber Attacks on Schools Plateaued in 2025, but More Records Exposed

Abby Sourwine reports: Ransomware attacks against schools and universities held relatively steady in 2025, but the scale of data exposure rose sharply, driven in part by third-party software vulnerabilities and a handful of outsized higher education breaches. According to U.K.-based technology research company Comparitech’s latest education ransomware roundup, ransomware gangs globally claimed 251 attacks on educational...


Introduction to Malware Binary Triage (IMBT) Course
Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor.

Enroll Now and Save 10%: Coupon Code MWNEWS10

Note: Affiliate link – your enrollment helps support this platform at no extra cost to you.


Source

Article Link: Cyber Attacks on Schools Plateaued in 2025, but More Records Exposed – DataBreaches.Net

1 post - 1 participant

Read full topic

https://malware.news/t/cyber-attacks-on-schools-plateaued-in-2025-but-more-records-exposed/104125
https://malware.news/c/news.rss

Project: @MalwareNews
Private: @MalwarePrivateBot
Group: @MalwareForums
Powered by @MalwareForum

Читать полностью…

Malware News

14 February 2026 09:17

Cybercrime Statistics 2026 (Updated) | Global Trends, Data Breaches, AI Risks & Future Threats

Cybercrime in 2026 is best understood as two intertwined phenomena: (1) cyber-enabled fraud at a societal scale (phishing, impersonation scams, payment/invoice fraud, investment fraud) and (2) intrusion-driven crime against organisations (credential abuse, exploitation of vulnerabilities, ransomware/extortion, data theft, supply-chain compromise). The most policy- and board-relevant insight is that crime is scaling faster than traditional defence, largely because attackers are industrialising capability (crime-as-a-service) and automating persuasion (AI-enabled social engineering). 


Introduction to Malware Binary Triage (IMBT) Course
Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor.

Enroll Now and Save 10%: Coupon Code MWNEWS10

Note: Affiliate link – your enrollment helps support this platform at no extra cost to you.


Across major official and industry datasets published in 2025–early 2026, the highest-confidence “anchor” figures are the ones tied to clearly defined data collection systems:

— United States victim reporting: 859,532 complaints and reported losses of $16.6bn for 2024 (published 2024/2025), with losses up 33% year-on-year. 
— Large breach dataset: 22,052 incidents and 12,195 confirmed data breaches across 139 countries in the 2025 breach investigations dataset (global case files plus contributors). 
— Phishing volume tracking: 1,003,924 observed phishing “sites/attacks” in Q1 2025, with still-high volumes later in 2025 (e.g., 892,494 in Q3 2025). 
— Average breach cost (global): $4.44m in the 2025 breach-cost study (breaches March 2024–February 2025), with the United States averaging $10.22m. 
— Fraud exposure (survey-based): 73% of surveyed respondents report being affected by cyber-enabled fraud within the past 12 months, with large regional variation. 

The 2026 trend-line across reputable sources is consistent:

Phishing and identity compromise remain the dominant entry path, with more sophisticated variants (device-code phishing, OAuth consent abuse), and conversion rates are sharply improved when AI automates targeting and language quality. 

— Ransomware/extortion is fragmenting operationally (more groups, more volatility, weaker “reputation incentives”), while remaining persistently high-impact. 
— Supply-chain risk is moving from “vendor risk” to “ecosystem inheritance risk”—a shift reflected both in executive outlook research and in hard breach datasets showing more third-party involvement. 
— Information security and governance lag behind AI adoption, increasing the likelihood and cost of incidents involving AI systems and “shadow AI”. 

Key global cybercrime statistics for 2025–2026

Lens (What is Being Counted?)
Geography
Measurement Window
Headline Statistic
What it Best Indicates

Victim complaints and losses (public reporting)
US
Calendar year 2024
859,532 complaints; $16.6bn losses; +33% YoY losses
Fraud-heavy harm reaching victims; a conservative lower bound (reporting-dependent).

Investigated security incidents and confirmed breaches (case files + contributors)
Global
Dataset used for 2025 publication
22,052 incidents; 12,195 confirmed breaches across 139 countries
A wide, globally distributed view of breaches that reach investigators/partners; strong for patterns and vectors.

Observed phishing attacks (“unique phishing sites/attacks”)
Global
Q1 2025
1,003,924 observed phishing attacks (largest quarterly total since late 2023)
The scale of phishing as a mass crime instrument; useful for trend direction and sector impersonation.

Observed phishing attacks (“unique phishing sites/attacks”)
Global
Q3 2025
892,494 observed phishing attacks; SMS-based fraud detections +~35% (Q3 vs Q2)
Persistent...

https://malware.news/t/cybercrime-statistics-2026-updated-global-trends-data-breaches-ai-risks-future-threats/104123
https://malware.news/c/news.rss

Project: @MalwareNews
Private: @MalwarePrivateBot
Group: @MalwareForums
Powered by @MalwareForum

Читать полностью…

Malware News

13 February 2026 23:53

2026 Arctic Wolf Threat Report

Gain insight from real-world incidents our teams investigated to see how attackers operate and which controls consistently buy defenders time.


Introduction to Malware Binary Triage (IMBT) Course
Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor.

Enroll Now and Save 10%: Coupon Code MWNEWS10

Note: Affiliate link – your enrollment helps support this platform at no extra cost to you.


Article Link: https://arcticwolf.com/resources/report/2026-arctic-wolf-threat-report/

1 post - 1 participant

Read full topic

https://malware.news/t/2026-arctic-wolf-threat-report/104119
https://malware.news/c/news.rss

Project: @MalwareNews
Private: @MalwarePrivateBot
Group: @MalwareForums
Powered by @MalwareForum

Читать полностью…

Malware News

13 February 2026 23:53

Tenable security advisory (AV26-129)


Introduction to Malware Binary Triage (IMBT) Course
Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor.

Enroll Now and Save 10%: Coupon Code MWNEWS10

Note: Affiliate link – your enrollment helps support this platform at no extra cost to you.


 <div>
<div>


 <div><p><strong>Serial number: </strong>AV26-129<br /><strong>Date: </strong>February 13, 2026</p>

On February 12, 2026, Tenable published a security advisory to address a vulnerability in the following products:

— Nessus Agent – versions 11.1.0 to 11.1.1
— Nessus Agent – versions 11.0.3 and prior

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

[R1] Nessus Agent Versions 11.0.4 and 11.1.2 Fix One Vulnerability (CVE-2026-2026)

</div>


Article Link: Tenable security advisory (AV26-129) - Canadian Centre for Cyber Security

1 post - 1 participant

Read full topic

https://malware.news/t/tenable-security-advisory-av26-129/104117
https://malware.news/c/news.rss

Project: @MalwareNews
Private: @MalwarePrivateBot
Group: @MalwareForums
Powered by @MalwareForum

Читать полностью…

Malware News

13 February 2026 23:53

Update: Arctic Wolf Observes Threat Campaign Targeting BeyondTrust Remote Support Following CVE-2026-1731 PoC Availability

Since our previous security bulletin, Arctic Wolf has observed malicious activities in the wild tied to suspected exploitation of CVE-2026-1731 of self-hosted BeyondTrust Remote Support and Privileged Remote Access deployments. We are sharing threat intelligence related to this activity to help defenders protect against this campaign. CVE-2026-1731 allows unauthenticated remote threat actors to execute operating ... Update: Arctic Wolf Observes Threat Campaign Targeting BeyondTrust Remote Support Following CVE-2026-1731 PoC Availability


Introduction to Malware Binary Triage (IMBT) Course
Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor.

Enroll Now and Save 10%: Coupon Code MWNEWS10

Note: Affiliate link – your enrollment helps support this platform at no extra cost to you.


Article Link: Update: Arctic Wolf Observes Threat Campaign Targeting BeyondTrust Remote Support Following CVE-2026-1731 PoC Availability | Arctic Wolf

1 post - 1 participant

Read full topic

https://malware.news/t/update-arctic-wolf-observes-threat-campaign-targeting-beyondtrust-remote-support-following-cve-2026-1731-poc-availability/104115
https://malware.news/c/news.rss

Project: @MalwareNews
Private: @MalwarePrivateBot
Group: @MalwareForums
Powered by @MalwareForum

Читать полностью…
Subscribe to a channel