Malware
Attackers hijack Linux Snap Store apps to steal crypto phrases
Ti AI ṣe iroyin Àwòrán tí AI ṣe
Cybercriminals have compromised trusted Linux applications on the Snap Store by seizing expired domains, allowing them to push malware that steals cryptocurrency recovery phrases. Security experts from SlowMist and Ubuntu contributor Alan Pope highlighted the attack, which targets established publisher accounts to distribute malicious updates impersonating popular wallets. Canonical has removed the affected snaps, but calls for stronger safeguards persist.
Cyble Research and Intelligence Labs has revealed ShadowHS, a sophisticated fileless framework for post-exploitation on Linux systems. The tool enables stealthy, in-memory operations and long-term access for attackers. It features a weaponized version of hackshell and advanced evasion techniques.
Ti AI ṣe iroyin
Researchers have attributed a failed cyberattack on Poland's electric grid to Russian state hackers, coinciding with the 10th anniversary of a similar assault on Ukraine. The wiper malware aimed to disrupt power distribution but did not succeed in knocking out electricity. Security firm ESET linked the incident to the notorious Sandworm group.
The pro-Russia hacktivist group CyberVolk has reemerged with a new ransomware-as-a-service platform called VolkLocker, supporting both Linux and Windows systems. First documented in 2024 by SentinelOne, the group returned after a period of inactivity caused by Telegram bans. Despite advanced automation via Telegram bots, the malware features significant encryption flaws that could allow victims to recover files without payment.
Ti AI ṣe iroyin
A critical vulnerability in React Server Components, known as React2Shell and tracked as CVE-2025-55182, is being actively exploited to deploy a new Linux backdoor called PeerBlight. This malware turns compromised servers into covert proxy and command-and-control nodes. Attackers use a single crafted HTTP request to execute arbitrary code on vulnerable Next.js and React applications.
Cybercriminals are disguising powerful malware within fake Windows updates that appear authentic enough to deceive even careful users. These malicious updates employ dynamic evasion techniques, complicating detection and analysis as the malware runs undetected.
Ti AI ṣe iroyin
Kaspersky Lab has released its antivirus software for home users on Linux, targeting growing malware threats to the platform. The move expands the Russian firm's consumer security offerings amid U.S. bans and rising attacks on distributions like Ubuntu and Fedora. Subscriptions start at around $30 annually, with a 30-day free trial available.
Malicious PyPI package impersonates SymPy to deploy XMRig miner
January 21, 2026 05:18AI-assisted VoidLink malware framework targets Linux cloud servers
January 14, 2026 21:57Check Point discovers advanced VoidLink Linux malware for clouds
January 08, 2026 07:18China-linked UAT-7290 targets telecoms with Linux malware
December 16, 2025 23:12React2Shell exploits continue with large-scale Linux backdoor deployments and cloud credential theft
December 10, 2025 07:11North Korean hackers exploit maximum severity React2Shell flaw
December 09, 2025 22:07Researchers uncover stealthy GhostPenguin backdoor targeting Linux
December 05, 2025 14:39Chinese hackers breach US infrastructure using Brickworm malware
December 04, 2025 00:05BPFDoor and Symbiote rootkits exploit eBPF on Linux systems
November 27, 2025 12:03Malicious Blender model files deliver StealC infostealing malware