Malware

24 posts

/jadepuffer-ai-ransomware/jadepuffer-ai-ransomware.png
JADEPUFFER Is the First Ransomware Attack Run Entirely by an AI Agent

July 5, 2026

JADEPUFFER is the first documented ransomware operation run by an AI agent. The agent broke in, stole credentials, jumped to a second target, encrypted a …

/winrar-rar-startup-folder-attack/winrar-rar-startup-folder-malware.png
WinRAR Can Still Drop Malware Into Your Startup Folder a Year After the Patch

June 30, 2026

You unzipped a file with WinRAR, the way you always do. Nothing on screen looked wrong. The next morning you logged in and malware was already running, and the …

/optinmonster-supply-chain-backdoor/optinmonster-supply-chain-backdoor.png
OptinMonster Supply Chain Attack Hits 1.2 Million WordPress Sites

June 16, 2026

1.2 million WordPress sites were caught in a supply chain attack last week, where the admin’s own login quietly created a secret account and planted a …

/atomic-arch-aur-malware/atomic-arch-aur-malware.png
Hackers Hijacked 400 Arch Linux AUR Packages to Install Malware

June 13, 2026

More than 400 packages in the Arch User Repository (AUR) were hijacked this week, and the attacker never broke into a single system to do it. They took over …

/miasma-worm-ai-coding-agents/miasma-worm-ai-coding-agents.png
The Miasma Worm Hid in Microsoft's Code and Ran the Moment You Opened It

June 11, 2026

GitHub disabled 73 of Microsoft’s own repositories in 105 seconds, after a worm called Miasma planted a credential stealer inside Microsoft’s Azure …

/ghost-cms-cve-2026-26980/featured-image.png
Ghost CMS SQL Injection Stole Admin Keys From 700 Websites With One Request

May 26, 2026

A SQL injection vulnerability in Ghost CMS has turned Harvard University, Oxford University, and DuckDuckGo into malware distribution platforms. Visitors arrive …

/pypi-supply-chain-attack-xinference-teampcp/featured-image.png
How TeamPCP Poisoned Six Python Packages and Breached Over 1000 Organizations in Five Weeks

April 23, 2026

A group of attackers has been quietly poisoning Python packages for five weeks straight. They have exfiltrated data from over 500,000 infected machines, hit …

/desckvb-rat-fileless-malware-2026/featured-image.png
DesckVB RAT Uses Windows' Own Tools to Stay Hidden and Leaves Almost Nothing Behind

April 11, 2026

A Remote Access Trojan called DesckVB has been actively hitting systems throughout 2026, running almost entirely inside memory with barely anything written to …

/qr-codes-what-you-need-to-know/featured-image.png
QR Codes: What You Need to Know

April 6, 2026

Yesterday, I posted a QR code challenge on this Ethical Hacking page, and it has since been removed. A cipher, hidden inside a QR code, with three security …

/axios-npm-supply-chain-attack/featured-image.png
Axios npm Supply Chain Attack: How a Fake Meeting Compromised 100 Million Downloads

April 4, 2026

Axios, the JavaScript library with over 100 million weekly downloads, was compromised on March 31st. For roughly three hours, every fresh install of those two …

/escan-antivirus-breach-2026-technical-analysis/featured-image.png
How eScan Antivirus Delivered Malware Instead of Protection

February 3, 2026

eScan antivirus got hacked. Again. Same company, same update infrastructure exploited, two years apart. This time: hundreds of machines infected in a 2-hour …

/notepad-plus-plus-supply-chain-attack/featured-image.png
Notepad++ Supply Chain Attack Full Story

February 2, 2026

Notepad++ delivered malware for six months. From June to December 2025, the update system was compromised. Millions of people use this software. Some of them …

/office-zero-day-cve-2026-21509/featured-image.png
Office Zero-Day Actively Exploited - CVE-2026-21509

January 27, 2026

Microsoft Office zero-day actively exploited. Every version from 2016 to 365, including LTSC 2021 and 2024, over 400 million users. Attackers bypass all the …

/maliciouscorgi-vscode-extensions/featured-image.png
MaliciousCorgi: The VSCode Attack Hiding in Plain Sight - 1.5 Million Installs Affected

January 25, 2026

Two VSCode extensions with 1.5 million installs are stealing source code right now, not last month. Researchers published their findings on January 22. Three …

/voidlink-ai-malware/featured-image.png
VoidLink: 88,000 Lines of AI-Built Malware in 6 Days

January 21, 2026

One developer just built 88,000 lines of advanced malware in six days using AI. A single person with an AI coding assistant created a framework sophisticated …

/ghostposter-malware-browser-extension-png-steganography/featured-image.png
GhostPoster Malware: How Browser Extensions Hide JavaScript in PNG Icons

January 19, 2026

Your browser extension logo just became malware. Not the code. The actual image file. A PNG icon sitting in your toolbar, looking normal, hiding JavaScript that …

/gootloader-zip-evasion-2026/featured-image.png
GootLoader Tricks Security Tools Into Seeing a Safe File While Windows Runs Malware

January 18, 2026

GootLoader is back. This week, researchers discovered their newest trick: a way to make security tools completely blind. Your antivirus scans the ZIP file. …

/chrome-extensions-steal-chatgpt-conversations/featured-image.jpg
Malicious Chrome Extensions Steal ChatGPT Conversations from 900,000 Users

January 8, 2026

Two Chrome extensions. 900,000 users. Every ChatGPT and DeepSeek conversation stolen. Sent to attacker servers every 30 minutes. Google gave one of them a …

/fake-bsod-clickfix-dcrat-malware/featured-image.jpg
Fake Blue Screen of Death Installs $5 RAT Malware via ClickFix Attack

January 6, 2026

$5 buys two months of complete access to someone’s computer. Keylogging, webcam, passwords, files. The malware is called DCRat. The delivery method: a …

/rondodox-botnet-react2shell-exploit-shotgun/featured-image.jpg
RondoDox Botnet: 56 Exploits, Gaming Traffic Disguise, and Self-Defense Against Recovery

January 1, 2026

RondoDox added React2Shell to its arsenal. 90,000+ servers. 56 vulnerabilities. 30+ vendors. They call it the “exploit-shotgun” approach. Fire …

/fake-github-exploits-webrat-malware-security-researchers/featured-image.jpg
Fake GitHub Exploits Target Security Researchers: Download a PoC, Get Malware

December 26, 2025

Attackers are targeting security researchers through GitHub. You downloaded a proof-of-concept exploit from GitHub. Professional README. Detailed instructions. …

/macsync-stealer-apple-notarization-bypass/featured-image.jpg
Apple Approved It: MacSync Stealer Bypasses Notarization to Infect Hundreds of Macs

December 25, 2025

Apple’s security team reviewed this app. Approved it. But now it steals your passwords, crypto wallets, and Telegram account. 😳 Hundreds of Macs infected …

/lotusbail-npm-whatsapp-credential-theft/featured-image.jpg
Malicious npm Package Stole WhatsApp Messages for 6 Months: 56,000 Downloads

December 24, 2025

56,000 downloads. 6 months online. A WhatsApp library on npm was stealing credentials, messages, and contacts. Nobody noticed. 🤔 The package is called …

/inhale-malware-analysis-classification-tool/featured-image.png
Inhale Malware Analysis Classification Tool

April 15, 2020

Inhale is a malware analysis and classification tool that is capable of automating and scaling many static analysis operations. This is the beta release …