Latest news

GhostLock: New Attack Technique Locks Enterprise Files Like Ransomware — Without Any Encryption
Malware

GhostLock: New Attack Technique Locks Enterprise Files Like Ransomware — Without Any Encryption

12 May 2026 dark6

GhostLock is a newly disclosed attack technique that uses standard Windows file-locking behavior to paralyze enterprise SMB file shares without...
Operation SilentCanvas: Hackers Hide PowerShell Malware in Fake JPEG to Deploy Trojanized ScreenConnect Backdoor
Malware

Operation SilentCanvas: Hackers Hide PowerShell Malware in Fake JPEG to Deploy Trojanized ScreenConnect Backdoor

12 May 2026 dark6

Operation SilentCanvas is a new Windows attack campaign that hides a PowerShell script inside a fake JPEG file to deploy...
TCLBANKER Banking Trojan Spreads Through Self-Replicating WhatsApp and Outlook Worm Modules
Malware

TCLBANKER Banking Trojan Spreads Through Self-Replicating WhatsApp and Outlook Worm Modules

11 May 2026 dark6

A highly sophisticated Brazilian banking trojan called TCLBANKER (campaign REF3076) has been uncovered by Elastic Security Labs. The malware uses...
InstallFix: Hackers Use Fake Claude AI Installer Pages and Google Ads to Deploy RedLine Stealer Malware
Malware

InstallFix: Hackers Use Fake Claude AI Installer Pages and Google Ads to Deploy RedLine Stealer Malware

10 May 2026 dark6

A malware campaign called InstallFix is using paid Google Ads to push fake Claude AI installation pages to the top...
ZiChatBot: OceanLotus APT Uses Zulip Chat APIs as Covert Command and Control in PyPI Supply Chain Attack
Malware

ZiChatBot: OceanLotus APT Uses Zulip Chat APIs as Covert Command and Control in PyPI Supply Chain Attack

9 May 2026 dark6

A newly discovered malware called ZiChatBot abuses Zulip REST APIs for command and control, hiding malicious traffic as legitimate chat...
UAT-8302: China-Nexus APT Uses Custom Malware and Open-Source Tools to Steal Data From Government Agencies
Malware

UAT-8302: China-Nexus APT Uses Custom Malware and Open-Source Tools to Steal Data From Government Agencies

8 May 2026 dark6

Cisco Talos has detailed UAT-8302, a China-nexus APT group conducting long-term espionage campaigns against government agencies in southeastern Europe. The...
Malicious DeepSeek-Claw AI Skill Delivers Remcos RAT and GhostLoader in Agentic AI Supply Chain Attack
Malware

Malicious DeepSeek-Claw AI Skill Delivers Remcos RAT and GhostLoader in Agentic AI Supply Chain Attack

7 May 2026 dark6

Zscaler ThreatLabZ has uncovered a campaign where attackers published a fake DeepSeek integration for the OpenClaw AI framework on GitHub,...
DEEP#DOOR: New Python Backdoor Silently Harvests Browser Passwords, Cloud Tokens, SSH Keys, and Wi-Fi Credentials
Malware

DEEP#DOOR: New Python Backdoor Silently Harvests Browser Passwords, Cloud Tokens, SSH Keys, and Wi-Fi Credentials

2 May 2026 dark6

Securonix researchers have documented DEEP#DOOR, a self-contained Python backdoor delivered via obfuscated batch files that systematically disables Windows defenses before...
China-Aligned SHADOW-EARTH Deploys ShadowPad, IOX Proxy, and WMIC in Multi-Stage Espionage Campaign Across Asia
Malware

China-Aligned SHADOW-EARTH Deploys ShadowPad, IOX Proxy, and WMIC in Multi-Stage Espionage Campaign Across Asia

2 May 2026 dark6

A China-aligned threat group has conducted a prolonged espionage campaign against government agencies and critical infrastructure across eight Asian countries....
Lazarus Group Targets macOS Users With Sophisticated “Mach-O Man” Four-Stage Malware Kit
Malware

Lazarus Group Targets macOS Users With Sophisticated “Mach-O Man” Four-Stage Malware Kit

30 April 2026 dark6

North Korea's Lazarus Group has deployed a new modular macOS malware kit called "Mach-O Man" targeting fintech executives and crypto...
BlueNoroff Deploys AI Deepfake Zoom Lures and Fileless PowerShell to Drain Crypto Wallets Across 20+ Countries
Malware

BlueNoroff Deploys AI Deepfake Zoom Lures and Fileless PowerShell to Drain Crypto Wallets Across 20+ Countries

29 April 2026 dark6

North Korea's BlueNoroff subgroup has launched a sophisticated global campaign targeting cryptocurrency and Web3 executives, using AI-generated deepfake Zoom meetings,...
Hackers Weaponize Fake Claude Code Leak to Distribute Vidar Infostealer and GhostSocks Proxy Malware
Malware

Hackers Weaponize Fake Claude Code Leak to Distribute Vidar Infostealer and GhostSocks Proxy Malware

28 April 2026 dark6

Threat actors are using fake GitHub repositories impersonating the leaked Anthropic Claude Code source to deliver a Rust dropper that...