Malware
Attackers hijack Linux Snap Store apps to steal crypto phrases
Von KI berichtet Bild generiert von KI
Cybercriminals have compromised trusted Linux applications on the Snap Store by seizing expired domains, allowing them to push malware that steals cryptocurrency recovery phrases. Security experts from SlowMist and Ubuntu contributor Alan Pope highlighted the attack, which targets established publisher accounts to distribute malicious updates impersonating popular wallets. Canonical has removed the affected snaps, but calls for stronger safeguards persist.
Cyble Research and Intelligence Labs has revealed ShadowHS, a sophisticated fileless framework for post-exploitation on Linux systems. The tool enables stealthy, in-memory operations and long-term access for attackers. It features a weaponized version of hackshell and advanced evasion techniques.
Von KI berichtet
Researchers have attributed a failed cyberattack on Poland's electric grid to Russian state hackers, coinciding with the 10th anniversary of a similar assault on Ukraine. The wiper malware aimed to disrupt power distribution but did not succeed in knocking out electricity. Security firm ESET linked the incident to the notorious Sandworm group.
The pro-Russia hacktivist group CyberVolk has reemerged with a new ransomware-as-a-service platform called VolkLocker, supporting both Linux and Windows systems. First documented in 2024 by SentinelOne, the group returned after a period of inactivity caused by Telegram bans. Despite advanced automation via Telegram bots, the malware features significant encryption flaws that could allow victims to recover files without payment.
Von KI berichtet
A critical vulnerability in React Server Components, known as React2Shell and tracked as CVE-2025-55182, is being actively exploited to deploy a new Linux backdoor called PeerBlight. This malware turns compromised servers into covert proxy and command-and-control nodes. Attackers use a single crafted HTTP request to execute arbitrary code on vulnerable Next.js and React applications.
Cybercriminals are disguising powerful malware within fake Windows updates that appear authentic enough to deceive even careful users. These malicious updates employ dynamic evasion techniques, complicating detection and analysis as the malware runs undetected.
Von KI berichtet
Kaspersky Lab has released its antivirus software for home users on Linux, targeting growing malware threats to the platform. The move expands the Russian firm's consumer security offerings amid U.S. bans and rising attacks on distributions like Ubuntu and Fedora. Subscriptions start at around $30 annually, with a 30-day free trial available.
Malicious PyPI package impersonates SymPy to deploy XMRig miner
Mittwoch, 21. Januar 2026, 05:18 UhrAI-assisted VoidLink malware framework targets Linux cloud servers
Mittwoch, 14. Januar 2026, 21:57 UhrCheck Point discovers advanced VoidLink Linux malware for clouds
Donnerstag, 08. Januar 2026, 07:18 UhrChina-linked UAT-7290 targets telecoms with Linux malware
Dienstag, 16. Dezember 2025, 23:12 UhrReact2Shell exploits continue with large-scale Linux backdoor deployments and cloud credential theft
Mittwoch, 10. Dezember 2025, 07:11 UhrNorth Korean hackers exploit maximum severity React2Shell flaw
Dienstag, 09. Dezember 2025, 22:07 UhrResearchers uncover stealthy GhostPenguin backdoor targeting Linux
Freitag, 05. Dezember 2025, 14:39 UhrChinese hackers breach US infrastructure using Brickworm malware
Donnerstag, 04. Dezember 2025, 00:05 UhrBPFDoor and Symbiote rootkits exploit eBPF on Linux systems
Donnerstag, 27. November 2025, 12:03 UhrMalicious Blender model files deliver StealC infostealing malware