Malware
Attackers hijack Linux Snap Store apps to steal crypto phrases
Raportoinut AI AI:n luoma kuva
Cybercriminals have compromised trusted Linux applications on the Snap Store by seizing expired domains, allowing them to push malware that steals cryptocurrency recovery phrases. Security experts from SlowMist and Ubuntu contributor Alan Pope highlighted the attack, which targets established publisher accounts to distribute malicious updates impersonating popular wallets. Canonical has removed the affected snaps, but calls for stronger safeguards persist.
Cyble Research and Intelligence Labs has revealed ShadowHS, a sophisticated fileless framework for post-exploitation on Linux systems. The tool enables stealthy, in-memory operations and long-term access for attackers. It features a weaponized version of hackshell and advanced evasion techniques.
Raportoinut AI
Researchers have attributed a failed cyberattack on Poland's electric grid to Russian state hackers, coinciding with the 10th anniversary of a similar assault on Ukraine. The wiper malware aimed to disrupt power distribution but did not succeed in knocking out electricity. Security firm ESET linked the incident to the notorious Sandworm group.
The pro-Russia hacktivist group CyberVolk has reemerged with a new ransomware-as-a-service platform called VolkLocker, supporting both Linux and Windows systems. First documented in 2024 by SentinelOne, the group returned after a period of inactivity caused by Telegram bans. Despite advanced automation via Telegram bots, the malware features significant encryption flaws that could allow victims to recover files without payment.
Raportoinut AI
A critical vulnerability in React Server Components, known as React2Shell and tracked as CVE-2025-55182, is being actively exploited to deploy a new Linux backdoor called PeerBlight. This malware turns compromised servers into covert proxy and command-and-control nodes. Attackers use a single crafted HTTP request to execute arbitrary code on vulnerable Next.js and React applications.
Cybercriminals are disguising powerful malware within fake Windows updates that appear authentic enough to deceive even careful users. These malicious updates employ dynamic evasion techniques, complicating detection and analysis as the malware runs undetected.
Raportoinut AI
Kaspersky Lab has released its antivirus software for home users on Linux, targeting growing malware threats to the platform. The move expands the Russian firm's consumer security offerings amid U.S. bans and rising attacks on distributions like Ubuntu and Fedora. Subscriptions start at around $30 annually, with a 30-day free trial available.
Malicious PyPI package impersonates SymPy to deploy XMRig miner
21. tammikuuta 2026 05.18AI-assisted VoidLink malware framework targets Linux cloud servers
14. tammikuuta 2026 21.57Check Point discovers advanced VoidLink Linux malware for clouds
8. tammikuuta 2026 07.18China-linked UAT-7290 targets telecoms with Linux malware
16. joulukuuta 2025 23.12React2Shell exploits continue with large-scale Linux backdoor deployments and cloud credential theft
10. joulukuuta 2025 07.11North Korean hackers exploit maximum severity React2Shell flaw
9. joulukuuta 2025 22.07Researchers uncover stealthy GhostPenguin backdoor targeting Linux
5. joulukuuta 2025 14.39Chinese hackers breach US infrastructure using Brickworm malware
4. joulukuuta 2025 00.05BPFDoor and Symbiote rootkits exploit eBPF on Linux systems
27. marraskuuta 2025 12.03Malicious Blender model files deliver StealC infostealing malware