Latest news

GoFlateLoader: New Go-Based Malware Loader Infects 33,000+ Users by Outsizing Security Scanners
Malware

GoFlateLoader: New Go-Based Malware Loader Infects 33,000+ Users by Outsizing Security Scanners

12 June 2026 dark6

GoFlateLoader, a new Go-based malware loader active since April 2026, has infected over 33,000 users globally by exploiting a simple...
Critical npm Supply Chain Attack: Malicious ‘dbmux’ Package Gives Hackers Full System Control
Malware

Critical npm Supply Chain Attack: Malicious ‘dbmux’ Package Gives Hackers Full System Control

11 June 2026 dark6

A malicious npm package named dbmux was discovered containing malware that gives attackers complete control over any developer system that...
EDRChoker: New Red Team Tool Silences Cloud-Connected EDR Agents by Choking Network With Windows QoS
Malware

EDRChoker: New Red Team Tool Silences Cloud-Connected EDR Agents by Choking Network With Windows QoS

8 June 2026 dark6

A new open-source tool called EDRChoker throttles EDR agent network connections to 8 bps using Windows native Policy-Based QoS, effectively...
JS.MonoGlyphRAT: Stealthy New Malware Hidden in Fake Purchase Orders Targets US Enterprises
Malware

JS.MonoGlyphRAT: Stealthy New Malware Hidden in Fake Purchase Orders Targets US Enterprises

8 June 2026 dark6

A previously unknown remote access trojan called JS.MonoGlyphRAT is spreading through US businesses disguised as routine purchase orders and business...
TA4922: Chinese Cybercrime Group Deploys Atlas RAT, ValleyRAT and AI-Assisted Malware in Global Phishing Blitz
Malware

TA4922: Chinese Cybercrime Group Deploys Atlas RAT, ValleyRAT and AI-Assisted Malware in Global Phishing Blitz

5 June 2026 dark6

Proofpoint exposes TA4922, a Chinese-speaking cybercrime group conducting more unique campaigns than any other tracked actor in 2026, deploying Atlas...
WordPress Sites Turned Into Spy Networks: Malware Hides C2 Commands in Steam Profile Comments Using Unicode Steganography
Malware

WordPress Sites Turned Into Spy Networks: Malware Hides C2 Commands in Steam Profile Comments Using Unicode Steganography

3 June 2026 dark6

A sophisticated malware campaign has compromised approximately 1,900 WordPress sites using Steam Community profile pages as a covert C2 channel....
SmartApeSG Campaign Exploits ClickFix Fake Verification Pages to Deliver NetSupport RAT
Malware

SmartApeSG Campaign Exploits ClickFix Fake Verification Pages to Deliver NetSupport RAT

2 June 2026 dark6

The SmartApeSG campaign is using ClickFix scripts disguised as fake browser verification pages to deploy a two-stage infection chain, culminating...
OverlayPhantom Android Banking Trojan Targets 180+ Apps Across 10 Countries
Malware

OverlayPhantom Android Banking Trojan Targets 180+ Apps Across 10 Countries

2 June 2026 dark6

A dangerous new Android banking trojan called OverlayPhantom has been targeting users in ten countries, abusing Android's Accessibility Service to...
Malicious NuGet Package Impersonates Sicoob Banking SDK to Steal mTLS Certificates and Financial Credentials
Malware

Malicious NuGet Package Impersonates Sicoob Banking SDK to Steal mTLS Certificates and Financial Credentials

31 May 2026 dark6

A malicious NuGet package named "Sicoob.Sdk" impersonated the official Sicoob banking SDK and silently exfiltrated PFX certificates, private keys, and...
JINX-0164: Crypto-Targeting APT Uses LinkedIn Job Lures and Fake Meeting Apps to Deploy macOS Malware and Poison npm Supply Chain
Malware

JINX-0164: Crypto-Targeting APT Uses LinkedIn Job Lures and Fake Meeting Apps to Deploy macOS Malware and Poison npm Supply Chain

30 May 2026 dark6

Threat actor JINX-0164 is targeting cryptocurrency developers via fake LinkedIn profiles, luring them into downloading custom macOS malware (AUDIOFIX and...
Malicious npm Package forge-jsxy Pushes 22 Versions in 22 Days to Steal Crypto Wallets and Deploy Persistent Backdoor
Malware

Malicious npm Package forge-jsxy Pushes 22 Versions in 22 Days to Steal Crypto Wallets and Deploy Persistent Backdoor

29 May 2026 dark6

The npm package forge-jsxy quietly stole cryptocurrency wallet keys, browser credentials, and developer data across Windows, macOS, and Linux —...
Grandoreiro Banking Trojan Returns: Targeting Portuguese Banks and Latin American Companies With Dual Campaigns
Malware

Grandoreiro Banking Trojan Returns: Targeting Portuguese Banks and Latin American Companies With Dual Campaigns

29 May 2026 dark6

The long-running Grandoreiro banking trojan has resurfaced with two active campaigns — one using DLL Side-Loading via cloud infrastructure and...