Malware
Operation Zero Disco exploits Cisco SNMP flaw for rootkits
Lisa Kern AI द्वारा उत्पन्न छवि
Cyber threat actors in Operation Zero Disco have exploited a vulnerability in Cisco's SNMP service to install persistent Linux rootkits on network devices. The campaign targets older Cisco switches and uses crafted packets to achieve remote code execution. Trend Micro researchers disclosed the attacks on October 16, 2025, highlighting risks to unpatched systems.
TransparentTribe targets Indian military Linux systems with DeskRAT
Pakistan-linked threat group TransparentTribe has launched a phishing campaign since June 2025 to deploy the Golang-based DeskRAT malware on Linux systems in Indian defense networks. The attacks exploit BOSS Linux through malicious ZIP files disguised as official documents. Cybersecurity firms CYFIRMA and Sekoia.io have analyzed the operation, highlighting its ties to regional unrest.
Malicious packages overwhelm NPM with over 86,000 downloads
28 अक्टूबर 2025 00:38Qilin ransomware uses WSL to run Linux encryptors on Windows
24 अक्टूबर 2025 09:38Thousands of YouTube videos disguised as cheat codes removed for spreading malware
Qilin ransomware deploys Linux binaries against Windows systems
Lisa Kern AI द्वारा उत्पन्न छवि
The Qilin ransomware group, also known as Agenda, has developed a hybrid attack using Linux payloads on Windows hosts to evade detection. By abusing legitimate remote management tools and exploiting vulnerable drivers, attackers disable defenses and target backups. This cross-platform tactic highlights evolving ransomware sophistication.
Malicious npm packages deliver infostealer malware to developers
Security firm Socket has uncovered ten malicious packages in the npm repository that target developers on Windows, macOS, and Linux systems. These packages, available since July, use typosquatting and sophisticated obfuscation to install infostealer malware. The malware steals credentials from browsers, SSH keys, and configuration files before exfiltrating data to attackers.
Malicious npm packages steal developer credentials on multiple platforms
Lisa Kern AI द्वारा उत्पन्न छवि
Ten typosquatted npm packages, uploaded on July 4, 2025, have been found downloading an infostealer that targets sensitive data across Windows, Linux, and macOS systems. These packages, mimicking popular libraries, evaded detection through multiple obfuscation layers and amassed nearly 10,000 downloads. Cybersecurity firm Socket reported the threat, noting the packages remain available in the registry.
Xubuntu website hacked to serve Windows malware
The official Xubuntu website has been compromised, redirecting torrent downloads to a malicious zip file containing Windows malware. The attack was discovered through user reports on Reddit, prompting the team to take down the affected page. Xubuntu contributors are collaborating with Canonical to resolve the issue.
Android spyware disguises itself as signal or totok updates
Cybersecurity researchers have uncovered a new strain of Android spyware that masquerades as legitimate updates for popular messaging apps Signal and Totok. The malware aims to trick users into installing it, potentially compromising their devices and data. Experts urge Android users to verify app sources to avoid falling victim.
TransparentTribe deploys DeskRAT against Indian military Linux systems
The Pakistani-linked hacking group TransparentTribe has escalated its cyber espionage by targeting Linux-based systems in Indian military organizations with a new Golang-based remote access trojan called DeskRAT. The campaign, traced back to June 2025, uses sophisticated phishing tactics to deliver the malware. This development highlights the group's advancing technical capabilities amid regional tensions.
LinkPro rootkit exploits Linux eBPF for stealthy attacks
A new rootkit called LinkPro has been targeting GNU/Linux systems, using eBPF technology to hide malicious activities and evade detection. Discovered in a compromised AWS infrastructure, it spreads via vulnerable Jenkins servers and malicious Docker images. The malware provides attackers with remote access while masquerading as legitimate system components.