맬웨어
Attackers hijack Linux Snap Store apps to steal crypto phrases
AI에 의해 보고됨 AI에 의해 생성된 이미지
Cybercriminals have compromised trusted Linux applications on the Snap Store by seizing expired domains, allowing them to push malware that steals cryptocurrency recovery phrases. Security experts from SlowMist and Ubuntu contributor Alan Pope highlighted the attack, which targets established publisher accounts to distribute malicious updates impersonating popular wallets. Canonical has removed the affected snaps, but calls for stronger safeguards persist.
Cyble Research and Intelligence Labs has revealed ShadowHS, a sophisticated fileless framework for post-exploitation on Linux systems. The tool enables stealthy, in-memory operations and long-term access for attackers. It features a weaponized version of hackshell and advanced evasion techniques.
AI에 의해 보고됨
Researchers have attributed a failed cyberattack on Poland's electric grid to Russian state hackers, coinciding with the 10th anniversary of a similar assault on Ukraine. The wiper malware aimed to disrupt power distribution but did not succeed in knocking out electricity. Security firm ESET linked the incident to the notorious Sandworm group.
The pro-Russia hacktivist group CyberVolk has reemerged with a new ransomware-as-a-service platform called VolkLocker, supporting both Linux and Windows systems. First documented in 2024 by SentinelOne, the group returned after a period of inactivity caused by Telegram bans. Despite advanced automation via Telegram bots, the malware features significant encryption flaws that could allow victims to recover files without payment.
AI에 의해 보고됨
A critical vulnerability in React Server Components, known as React2Shell and tracked as CVE-2025-55182, is being actively exploited to deploy a new Linux backdoor called PeerBlight. This malware turns compromised servers into covert proxy and command-and-control nodes. Attackers use a single crafted HTTP request to execute arbitrary code on vulnerable Next.js and React applications.
Cybercriminals are disguising powerful malware within fake Windows updates that appear authentic enough to deceive even careful users. These malicious updates employ dynamic evasion techniques, complicating detection and analysis as the malware runs undetected.
AI에 의해 보고됨
Kaspersky Lab has released its antivirus software for home users on Linux, targeting growing malware threats to the platform. The move expands the Russian firm's consumer security offerings amid U.S. bans and rising attacks on distributions like Ubuntu and Fedora. Subscriptions start at around $30 annually, with a 30-day free trial available.
Malicious PyPI package impersonates SymPy to deploy XMRig miner
2026년 01월 21일 05시 18분AI-assisted VoidLink malware framework targets Linux cloud servers
2026년 01월 14일 21시 57분Check Point discovers advanced VoidLink Linux malware for clouds
2026년 01월 08일 07시 18분China-linked UAT-7290 targets telecoms with Linux malware
2025년 12월 16일 23시 12분React2Shell exploits continue with large-scale Linux backdoor deployments and cloud credential theft
2025년 12월 10일 07시 11분North Korean hackers exploit maximum severity React2Shell flaw
2025년 12월 09일 22시 07분Researchers uncover stealthy GhostPenguin backdoor targeting Linux
2025년 12월 05일 14시 39분Chinese hackers breach US infrastructure using Brickworm malware
2025년 12월 04일 00시 05분BPFDoor and Symbiote rootkits exploit eBPF on Linux systems
2025년 11월 27일 12시 03분Malicious Blender model files deliver StealC infostealing malware