Spyware is one of the top threats to your mobile security and can severely impact your handset's performance if you are unlucky enough to become infected. It is a type of malware that typically lands on your iPhone or Android phone through malicious mobile apps or through phishing links, emails, and messages. While appearing to be a legitimate software package or useful utility, spyware will operate quietly in the background to monitor your movements,
The North Korea-linked threat actor known as UNC1069 has been observed targeting the cryptocurrency sector to steal sensitive data from Windows and macOS systems with the ultimate goal of facilitating financial theft. "The intrusion relied on a social engineering scheme involving a compromised Telegram account, a fake Zoom meeting, a ClickFix infection vector, and reported usage of AI-generated video to deceive the victim," Google Mandiant researchers Ross Inman and Adrian Hernandez said.
Moltbot has taken off in a big way, crossing more than 85,000 stars on GitHub as of writing. The open-source project, created by Austrian developer Peter Steinberger, allows users to run a personal AI assistant powered by a large language model (LLM) locally on their own devices and interact with it over already established communication platforms like WhatsApp, Telegram, Slack, Discord, Google Chat, Signal, iMessage, Microsoft Teams, and WebChat.
"A floor manager responsible for production asked me to fix his PC, which was so slow he could literally make a coffee in the time between double-clicking an icon and having the program open," Parker told On Call. The manager's PC was only a year old and ran Windows XP, a combo that at the time of this tale should have made for decent performance.
The executable, for its part, decrypts and injects the main stealer payload into a legitimate Windows process ("grpconv.exe") directly in memory, allowing it to harvest sensitive data and exfiltrate it to a remote server ("server09.mentality[.]cloud") over FTP in the form of a ZIP file. Some of the information collected by the malware includes - Clipboard content Installed apps Cryptocurrency wallets Running processes Desktop screenshots
Starting today, Microsoft is making it more difficult for cyber attackers to infiltrate organizations via Teams. A new update now blocks dangerous file types and malicious URLs, unless companies explicitly change the default settings. The new features were already known, but will activate automatically today for organizations that have not tampered with the default settings. Companies with customized configurations will not notice the change; their settings will remain intact.
The VS Code extensions masquerade as a premium dark theme and an artificial intelligence (AI)-powered coding assistant, but, in actuality, harbor covert functionality to download additional payloads, take screenshots, and siphon data. The captured information is then sent to an attacker-controlled server. "Your code. Your emails. Your Slack DMs. Whatever's on your screen, they're seeing it too," Koi Security's Idan Dardikman said. "And that's just the start. It also steals your WiFi passwords, reads your clipboard, and hijacks your browser sessions."
As Google begins early access testing, it has conceded that "experienced users" should have an escape hatch. According to Google, online scam and malware campaigns are getting more aggressive, and there's real harm being done in spite of the platform's sideloading scare screens. Google says it's common for scammers to use social engineering to create a false sense of urgency, prompting users to bypass Android's built-in protections to install malicious apps.
In the latest instance detected by the enterprise extension security firm, the malware is triggered when a new code editor window is opened or a .sol file is selected. Specifically, it's configured to find the fastest Ethereum Remote Procedure Call (RPC) provider to connect to in order to obtain access to the blockchain, initialize contact with a remote server at "sleepyduck[.]xyz" (hence the name) via the contract address " 0xDAfb81732db454DA238e9cFC9A9Fe5fb8e34c465," and kicks off a polling loop that checks for new commands to be executed on the host every 30 seconds.
According to a security report from Infoblox, in cooperation with the United Nations Office on Drugs and Crime, the China-focused Universe Browser is advertised as a safe and private way to bypass censorship and web blocks. It has a specific use case for would-be online gamblers. But just underneath its surface, the browser is recording the user's location, routing all traffic data through servers in China, installing keyloggers, and changing network settings.
Some of these [companies' are heavily involved in the unmanned aerial vehicle (UAV) sector, suggesting that the operation may be linked to North Korea's current efforts to scale up its drone program," ESET security researchers Peter Kálnai and Alexis Rapin said in a report shared with The Hacker News. It's assessed that the end goal of the campaign is to plunder proprietary information and manufacturing know-how using malware families such as ScoringMathTea and MISTPEN.
Webhooks on Discord are a way to post messages to channels in the platform without requiring a bot user or authentication, making them an attractive mechanism for attackers to exfiltrate data to a channel under their control. "Importantly, webhook URLs are effectively write-only," Socket researcher Olivia Brown said in an analysis. "They do not expose channel history, and defenders cannot read back prior posts just by knowing the URL."
OpenAI has published research revealing how state-sponsored and cybercriminal groups are abusing artificial intelligence (AI) to spread malware and perform widespread surveillance. (Disclosure: Ziff Davis, ZDNET's parent company, filed an April 2025 lawsuit against OpenAI, alleging it infringed Ziff Davis copyrights in training and operating its AI systems.) AI has benefits in the cybersecurity space; it can automate tedious and time-consuming tasks, freeing up human specialists to focus on complex projects and research, for example.
OpenAI has intensified its efforts to combat the misuse of artificial intelligence. In a new report, the company reveals that it has dismantled several international networks in recent months that were using its models for cyberattacks, scams, and political influence. The analysis shows how malicious actors are becoming increasingly sophisticated in their use of AI, while OpenAI is simultaneously expanding its defense mechanisms.
Cybersecurity researchers have discovered a malicious Go module that presents itself as a brute-force tool for SSH but actually contains functionality to discreetly exfiltrate credentials to its creator. "On the first successful login, the package sends the target IP address, username, and password to a hard-coded Telegram bot controlled by the threat actor," Socket researcher Kirill Boychenko said. The deceptive package, named "golang-random-ip-ssh-bruteforce," has been linked to a GitHub account called IllDieAnyway (G3TT), which is currently no longer accessible.
The Noodlophile campaign, active for over a year, now leverages advanced spear-phishing emails posing as copyright infringement notices, tailored with reconnaissance-derived details like specific Facebook Page IDs and company ownership information.
