Malware
Operation Zero Disco exploits Cisco SNMP flaw for rootkits
Lisa Kern AI에 의해 생성된 이미지
Cyber threat actors in Operation Zero Disco have exploited a vulnerability in Cisco's SNMP service to install persistent Linux rootkits on network devices. The campaign targets older Cisco switches and uses crafted packets to achieve remote code execution. Trend Micro researchers disclosed the attacks on October 16, 2025, highlighting risks to unpatched systems.
LinkPro rootkit exploits Linux eBPF for stealthy attacks
A new rootkit called LinkPro has been targeting GNU/Linux systems, using eBPF technology to hide malicious activities and evade detection. Discovered in a compromised AWS infrastructure, it spreads via vulnerable Jenkins servers and malicious Docker images. The malware provides attackers with remote access while masquerading as legitimate system components.
Qilin ransomware uses WSL to run Linux encryptors on Windows
2025년 10월 24일 05시 39분TransparentTribe deploys DeskRAT against Indian military Linux systems
2025년 10월 04일 00시 44분Android spyware disguises itself as signal or totok updates
Malicious npm packages steal developer credentials on multiple platforms
Lisa Kern AI에 의해 생성된 이미지
Ten typosquatted npm packages, uploaded on July 4, 2025, have been found downloading an infostealer that targets sensitive data across Windows, Linux, and macOS systems. These packages, mimicking popular libraries, evaded detection through multiple obfuscation layers and amassed nearly 10,000 downloads. Cybersecurity firm Socket reported the threat, noting the packages remain available in the registry.
TransparentTribe targets Indian military Linux systems with DeskRAT
Pakistan-linked threat group TransparentTribe has launched a phishing campaign since June 2025 to deploy the Golang-based DeskRAT malware on Linux systems in Indian defense networks. The attacks exploit BOSS Linux through malicious ZIP files disguised as official documents. Cybersecurity firms CYFIRMA and Sekoia.io have analyzed the operation, highlighting its ties to regional unrest.
Qilin ransomware deploys Linux binaries against Windows systems
Lisa Kern AI에 의해 생성된 이미지
The Qilin ransomware group, also known as Agenda, has developed a hybrid attack using Linux payloads on Windows hosts to evade detection. By abusing legitimate remote management tools and exploiting vulnerable drivers, attackers disable defenses and target backups. This cross-platform tactic highlights evolving ransomware sophistication.
Malicious packages overwhelm NPM with over 86,000 downloads
Security firm Koi has uncovered a campaign called PhantomRaven that flooded the NPM registry with 126 malicious packages since August. These packages, downloaded more than 86,000 times, exploit a feature allowing unvetted dependencies from untrusted sites. As of late October 2025, about 80 of the packages remained available.
Thousands of YouTube videos disguised as cheat codes removed for spreading malware
YouTube has removed thousands of videos that were disguised as cheat codes but actually spread malware. These videos were part of a network known as the YouTube Ghost Network. The videos had garnered hundreds of thousands of views.
Xubuntu website hacked to serve Windows malware
The official Xubuntu website has been compromised, redirecting torrent downloads to a malicious zip file containing Windows malware. The attack was discovered through user reports on Reddit, prompting the team to take down the affected page. Xubuntu contributors are collaborating with Canonical to resolve the issue.
Malicious npm packages deliver infostealer malware to developers
Security firm Socket has uncovered ten malicious packages in the npm repository that target developers on Windows, macOS, and Linux systems. These packages, available since July, use typosquatting and sophisticated obfuscation to install infostealer malware. The malware steals credentials from browsers, SSH keys, and configuration files before exfiltrating data to attackers.