Secure Bulletin Navigating the cyber sea with knowledge
Home > Categoria > Malware
Latest news

ZiChatBot: OceanLotus APT Uses Zulip Chat APIs as Covert Command and Control in PyPI Supply Chain Attack

9 May 2026  |  dark6  |  Malware

A newly discovered malware called ZiChatBot abuses Zulip REST APIs for command and control, hiding malicious traffic as legitimate chat communications. Linked to the OceanLotus (APT32) threat group,...

>> read more

UAT-8302: China-Nexus APT Uses Custom Malware and Open-Source Tools to Steal Data From Government Agencies

8 May 2026  |  dark6  |  Malware

Cisco Talos has detailed UAT-8302, a China-nexus APT group conducting long-term espionage campaigns against government agencies in southeastern Europe. The group blends custom backdoors like NetDraft and CloudSorcerer...

>> read more

Malicious DeepSeek-Claw AI Skill Delivers Remcos RAT and GhostLoader in Agentic AI Supply Chain Attack

7 May 2026  |  dark6  |  Malware

Zscaler ThreatLabZ has uncovered a campaign where attackers published a fake DeepSeek integration for the OpenClaw AI framework on GitHub, hiding malicious commands in a SKILL.md file. The...

>> read more

DEEP#DOOR: New Python Backdoor Silently Harvests Browser Passwords, Cloud Tokens, SSH Keys, and Wi-Fi Credentials

2 May 2026  |  dark6  |  Malware

Securonix researchers have documented DEEP#DOOR, a self-contained Python backdoor delivered via obfuscated batch files that systematically disables Windows defenses before establishing persistent remote access. Its credential-harvesting engine simultaneously...

>> read more

China-Aligned SHADOW-EARTH Deploys ShadowPad, IOX Proxy, and WMIC in Multi-Stage Espionage Campaign Across Asia

2 May 2026  |  dark6  |  Malware

A China-aligned threat group has conducted a prolonged espionage campaign against government agencies and critical infrastructure across eight Asian countries. The attackers used ShadowPad delivered via DLL sideloading,...

>> read more

Lazarus Group Targets macOS Users With Sophisticated “Mach-O Man” Four-Stage Malware Kit

30 April 2026  |  dark6  |  Malware

North Korea's Lazarus Group has deployed a new modular macOS malware kit called "Mach-O Man" targeting fintech executives and crypto developers. The attack uses ClickFix social engineering to...

>> read more

BlueNoroff Deploys AI Deepfake Zoom Lures and Fileless PowerShell to Drain Crypto Wallets Across 20+ Countries

29 April 2026  |  dark6  |  Malware

North Korea's BlueNoroff subgroup has launched a sophisticated global campaign targeting cryptocurrency and Web3 executives, using AI-generated deepfake Zoom meetings, ClickFix clipboard injection, and fileless PowerShell implants that...

>> read more

Hackers Weaponize Fake Claude Code Leak to Distribute Vidar Infostealer and GhostSocks Proxy Malware

28 April 2026  |  dark6  |  Malware

Threat actors are using fake GitHub repositories impersonating the leaked Anthropic Claude Code source to deliver a Rust dropper that installs both the Vidar infostealer (v18.7) and GhostSocks...

>> read more