Malware
24 posts

JADEPUFFER is the first documented ransomware operation run by an AI agent. The agent broke in, stole credentials, jumped to a second target, encrypted a …

You unzipped a file with WinRAR, the way you always do. Nothing on screen looked wrong. The next morning you logged in and malware was already running, and the …

1.2 million WordPress sites were caught in a supply chain attack last week, where the admin’s own login quietly created a secret account and planted a …

More than 400 packages in the Arch User Repository (AUR) were hijacked this week, and the attacker never broke into a single system to do it. They took over …

GitHub disabled 73 of Microsoft’s own repositories in 105 seconds, after a worm called Miasma planted a credential stealer inside Microsoft’s Azure …

A SQL injection vulnerability in Ghost CMS has turned Harvard University, Oxford University, and DuckDuckGo into malware distribution platforms. Visitors arrive …

A group of attackers has been quietly poisoning Python packages for five weeks straight. They have exfiltrated data from over 500,000 infected machines, hit …

A Remote Access Trojan called DesckVB has been actively hitting systems throughout 2026, running almost entirely inside memory with barely anything written to …

Yesterday, I posted a QR code challenge on this Ethical Hacking page, and it has since been removed. A cipher, hidden inside a QR code, with three security …

Axios, the JavaScript library with over 100 million weekly downloads, was compromised on March 31st. For roughly three hours, every fresh install of those two …

eScan antivirus got hacked. Again. Same company, same update infrastructure exploited, two years apart. This time: hundreds of machines infected in a 2-hour …

Notepad++ delivered malware for six months. From June to December 2025, the update system was compromised. Millions of people use this software. Some of them …

Microsoft Office zero-day actively exploited. Every version from 2016 to 365, including LTSC 2021 and 2024, over 400 million users. Attackers bypass all the …

Two VSCode extensions with 1.5 million installs are stealing source code right now, not last month. Researchers published their findings on January 22. Three …

One developer just built 88,000 lines of advanced malware in six days using AI. A single person with an AI coding assistant created a framework sophisticated …

Your browser extension logo just became malware. Not the code. The actual image file. A PNG icon sitting in your toolbar, looking normal, hiding JavaScript that …

GootLoader is back. This week, researchers discovered their newest trick: a way to make security tools completely blind. Your antivirus scans the ZIP file. …

Two Chrome extensions. 900,000 users. Every ChatGPT and DeepSeek conversation stolen. Sent to attacker servers every 30 minutes. Google gave one of them a …

$5 buys two months of complete access to someone’s computer. Keylogging, webcam, passwords, files. The malware is called DCRat. The delivery method: a …

RondoDox added React2Shell to its arsenal. 90,000+ servers. 56 vulnerabilities. 30+ vendors. They call it the “exploit-shotgun” approach. Fire …

Attackers are targeting security researchers through GitHub. You downloaded a proof-of-concept exploit from GitHub. Professional README. Detailed instructions. …

Apple’s security team reviewed this app. Approved it. But now it steals your passwords, crypto wallets, and Telegram account. 😳 Hundreds of Macs infected …

56,000 downloads. 6 months online. A WhatsApp library on npm was stealing credentials, messages, and contacts. Nobody noticed. 🤔 The package is called …

Inhale is a malware analysis and classification tool that is capable of automating and scaling many static analysis operations. This is the beta release …