ALERT

ACTIVE THREATS: Chrome zero-day CVE-2025-0971 under active exploitation — update immediately  •  CISA ED-25-02: Ivanti Connect Secure emergency directive issued  •  VoltZite ransomware targeting North American power grid operators        ACTIVE THREATS: Chrome zero-day CVE-2025-0971 under active exploitation — update immediately  •  CISA ED-25-02: Ivanti Connect Secure emergency directive issued  •  VoltZite ransomware targeting North American power grid operators

HACKWIRE
About
LIVE
🟣Malware6 stories

Malware

Latest cybersecurity malware news, analysis, and intelligence.

🟣MalwareMEDIUM

New 'Zombie ZIP' technique lets malware slip past security tools

A new technique dubbed "Zombie ZIP" helps conceal payloads in compressed files specially created to avoid detection from security solutions such as antivirus and endpoint detection and response (EDR) products. [...]

via BleepingComputer·
🟣MalwareMEDIUM

New BeatBanker Android malware poses as Starlink app to hijack devices

A new Android malware named BeatBanker can hijack devices and tricks users into installing it by posing as a Starlink app on websites masquerading as the official Google Play Store. [...]

via BleepingComputer·
🟣MalwareHIGH

AI-Generated Phishing Campaigns Achieve 60% Higher Click Rates Than Human-Written Lures

New research from Proofpoint and Hoxhunt reveals that AI-generated spear-phishing emails now outperform human-crafted attacks by 60% in click-through rates. The campaigns leverage real-time OSINT data to generate hyper-personalized lures at industrial scale.

via Proofpoint·
🟣MalwareHIGH

APT41 Resurfaces With Novel Malware Framework Targeting Defense Contractors in 12 Countries

Mandiant has published a detailed report on a new APT41 campaign deploying a previously undocumented modular malware framework called DUSTPAN across defense industrial base targets. The campaign focuses on intellectual property theft related to advanced propulsion and hypersonic technology.

via Mandiant·
🟣MalwareHIGH

Researchers Uncover 287 Malicious npm Packages Stealing Developer Credentials in Ongoing Supply Chain Attack

Socket Security has identified 287 malicious packages on the npm registry that impersonate popular libraries to steal developer credentials, environment variables, and AWS/cloud tokens. The packages have accumulated over 4 million combined downloads before detection.

via Socket Security·
🟣MalwareHIGH

Banshee 3.0 macOS Stealer Evades Gatekeeper Using Stolen Apple Developer Signatures

A new variant of the Banshee macOS information stealer is circulating in the wild, signed with legitimate (subsequently revoked) Apple developer certificates. The malware targets browser credentials, cryptocurrency wallets, and macOS Keychain contents, and was distributed via trojanized productivity apps on GitHub.

via Check Point Research·