Malware
Researchers discover SSHStalker botnet infecting Linux servers
Von KI berichtet Bild generiert von KI
Flare researchers have identified a new Linux botnet called SSHStalker that has compromised around 7,000 systems using outdated exploits and SSH scanning. The botnet employs IRC for command-and-control while maintaining dormant persistence without immediate malicious activities like DDoS or cryptomining. It targets legacy Linux kernels, highlighting risks in neglected infrastructure.
Das FBI hat eine Untersuchung zu Malware eingeleitet, die in mehrere Indie-Spiele auf Steam eingebettet war und Nutzer zwischen Mai 2024 und Januar 2026 betraf. Die Behörde bittet potenzielle Opfer, sich zu melden, um eine mögliche Wiedergutmachung zu erhalten. Sieben spezifische Titel stehen im Fokus.
Von KI berichtet
Law enforcement agencies from the United States and Europe, supported by private partners, have taken down the SocksEscort cybercrime proxy network. This service, powered by the AVRecon malware infecting Linux-based devices, provided cybercriminals with access to compromised IP addresses. The operation resulted in the seizure of domains, servers, and cryptocurrency assets.
Researchers have attributed a failed cyberattack on Poland's electric grid to Russian state hackers, coinciding with the 10th anniversary of a similar assault on Ukraine. The wiper malware aimed to disrupt power distribution but did not succeed in knocking out electricity. Security firm ESET linked the incident to the notorious Sandworm group.
Von KI berichtet
A deceptive package on the PyPI repository has been found impersonating the popular SymPy library. This malicious software targets Linux systems, downloading and executing the XMRig cryptocurrency miner through in-memory techniques. Security researchers have highlighted the risks posed by such supply chain attacks in open-source ecosystems.
Thousands of Leonardo DiCaprio fans have downloaded a fake torrent file titled 'One Battle After Another,' unwittingly installing AgentTesla malware on their Windows devices. The scam has spread rapidly through seeders and leechers worldwide. Cybersecurity experts warn of the dangers posed by such deceptive downloads.
Von KI berichtet
Building on earlier PeerBlight attacks, Google Threat Intelligence reports exploitation of the React2Shell vulnerability (CVE-2025-55182) by China-nexus clusters and financially motivated actors deploying backdoors and cryptocurrency miners on vulnerable React and Next.js systems.
14,000 Asus routers infected by takedown-resistant KadNap malware
Montag, 23. Februar 2026, 08:01 UhrMalicious npm packages harvest crypto keys and secrets
Freitag, 20. Februar 2026, 10:04 UhrMassiv android malware targets portuguese users with fake iptv app
Donnerstag, 19. Februar 2026, 13:36 UhrResearchers uncover new SysUpdate malware variant targeting Linux
Mittwoch, 18. Februar 2026, 23:37 UhrNew SysUpdate malware variant targets Linux systems
Mittwoch, 21. Januar 2026, 17:17 UhrAttackers hijack Linux Snap Store apps to steal crypto phrases
Mittwoch, 21. Januar 2026, 05:18 UhrAI-assisted VoidLink malware framework targets Linux cloud servers
Mittwoch, 14. Januar 2026, 21:57 UhrCheck Point discovers advanced VoidLink Linux malware for clouds
Donnerstag, 08. Januar 2026, 07:18 UhrChina-linked UAT-7290 targets telecoms with Linux malware
Dienstag, 16. Dezember 2025, 23:12 UhrReact2Shell exploits continue with large-scale Linux backdoor deployments and cloud credential theft