Malware
Researchers discover SSHStalker botnet infecting Linux servers
Iniulat ng AI Larawang ginawa ng AI
Flare researchers have identified a new Linux botnet called SSHStalker that has compromised around 7,000 systems using outdated exploits and SSH scanning. The botnet employs IRC for command-and-control while maintaining dormant persistence without immediate malicious activities like DDoS or cryptomining. It targets legacy Linux kernels, highlighting risks in neglected infrastructure.
A banking trojan has resurfaced on Android devices, posing as popular apps including TikTok and various streaming services.
Iniulat ng AI
Building on earlier reports of fraudulent Claude sites, scammers have begun hijacking Claude AI chats and Google advertisements to distribute malware aimed at Mac users. Fake support pages for the Claude service are now circulating online as part of the scheme.
Researchers at LevelBlue have identified a new variant of the SysUpdate malware aimed at Linux systems during a digital forensics and incident response engagement. The malware disguises itself as a legitimate system service and employs advanced encryption for command-and-control communications. By reverse-engineering it, the team created tools to decrypt its traffic more quickly.
Iniulat ng AI
A new variant of the SysUpdate malware has been discovered targeting Linux systems, featuring advanced encryption for command-and-control communications. Security researchers at LevelBlue identified the threat during a digital forensics engagement and developed a tool to decrypt its traffic. The malware disguises itself as a legitimate system service to evade detection.
Cybercriminals have compromised trusted Linux applications on the Snap Store by seizing expired domains, allowing them to push malware that steals cryptocurrency recovery phrases. Security experts from SlowMist and Ubuntu contributor Alan Pope highlighted the attack, which targets established publisher accounts to distribute malicious updates impersonating popular wallets. Canonical has removed the affected snaps, but calls for stronger safeguards persist.
Iniulat ng AI
Researchers at Check Point have revealed that VoidLink, a sophisticated Linux malware targeting cloud servers, was largely built by a single developer using AI tools. The framework, which includes over 30 modular plugins for long-term system access, reached 88,000 lines of code in under a week despite plans suggesting a 20-30 week timeline. This development highlights AI's potential to accelerate advanced malware creation.
Fake OpenAI repository tops Hugging Face downloads
May 08, 2026 19:49Hackers create fake Claude site to spread malware
May 05, 2026 12:10Daemon Tools app hit by monthlong supply-chain attack
March 13, 2026 21:43FBI seeks victims of malware in Steam indie games
March 12, 2026 22:40US and Europe disrupt SocksEscort proxy network
February 17, 2026 10:18OpenClaw AI agents targeted by infostealer malware for first time
February 11, 2026 12:13North Korean hackers use AI video to spread malware
January 30, 2026 21:23Researchers uncover ShadowHS Linux exploitation framework
January 24, 2026 21:25Wiper malware targets Poland's energy grid but causes no blackout
January 22, 2026 03:56Malicious PyPI package impersonates SymPy to deploy XMRig miner