Malware
Researchers discover SSHStalker botnet infecting Linux servers
Ti AI ṣe iroyin Àwòrán tí AI ṣe
Flare researchers have identified a new Linux botnet called SSHStalker that has compromised around 7,000 systems using outdated exploits and SSH scanning. The botnet employs IRC for command-and-control while maintaining dormant persistence without immediate malicious activities like DDoS or cryptomining. It targets legacy Linux kernels, highlighting risks in neglected infrastructure.
The FBI has launched an investigation into malware embedded in several indie games on Steam, targeting users affected between May 2024 and January 2026. The agency is asking potential victims to come forward for possible restitution. Seven specific titles are under scrutiny.
Ti AI ṣe iroyin
Law enforcement agencies from the United States and Europe, supported by private partners, have taken down the SocksEscort cybercrime proxy network. This service, powered by the AVRecon malware infecting Linux-based devices, provided cybercriminals with access to compromised IP addresses. The operation resulted in the seizure of domains, servers, and cryptocurrency assets.
Researchers have attributed a failed cyberattack on Poland's electric grid to Russian state hackers, coinciding with the 10th anniversary of a similar assault on Ukraine. The wiper malware aimed to disrupt power distribution but did not succeed in knocking out electricity. Security firm ESET linked the incident to the notorious Sandworm group.
Ti AI ṣe iroyin
A deceptive package on the PyPI repository has been found impersonating the popular SymPy library. This malicious software targets Linux systems, downloading and executing the XMRig cryptocurrency miner through in-memory techniques. Security researchers have highlighted the risks posed by such supply chain attacks in open-source ecosystems.
Thousands of Leonardo DiCaprio fans have downloaded a fake torrent file titled 'One Battle After Another,' unwittingly installing AgentTesla malware on their Windows devices. The scam has spread rapidly through seeders and leechers worldwide. Cybersecurity experts warn of the dangers posed by such deceptive downloads.
Ti AI ṣe iroyin
Building on earlier PeerBlight attacks, Google Threat Intelligence reports exploitation of the React2Shell vulnerability (CVE-2025-55182) by China-nexus clusters and financially motivated actors deploying backdoors and cryptocurrency miners on vulnerable React and Next.js systems.
14,000 Asus routers infected by takedown-resistant KadNap malware
February 23, 2026 08:01Malicious npm packages harvest crypto keys and secrets
February 20, 2026 10:04Massiv android malware targets portuguese users with fake iptv app
February 19, 2026 13:36Researchers uncover new SysUpdate malware variant targeting Linux
February 18, 2026 23:37New SysUpdate malware variant targets Linux systems
January 21, 2026 17:17Attackers hijack Linux Snap Store apps to steal crypto phrases
January 21, 2026 05:18AI-assisted VoidLink malware framework targets Linux cloud servers
January 14, 2026 21:57Check Point discovers advanced VoidLink Linux malware for clouds
January 08, 2026 07:18China-linked UAT-7290 targets telecoms with Linux malware
December 16, 2025 23:12React2Shell exploits continue with large-scale Linux backdoor deployments and cloud credential theft