Malware Campaign Abuses Booking.com Against Hospitality Sector
https://securityboulevard.com/2026/01/malware-campaign-abuses-booking-com-against-hospitality-sector/

#Infosec #Security #Cybersecurity #CeptBiro #MalwareCampaign #Booking.com #HospitalitySector

WebRat malware spreads via fake GitHub exploit repos — attackers are poisoning trust in open source to deliver payloads. Verify before you clone. 🧩⚠️ #OpenSourceSecurity #MalwareCampaign

https://www.bleepingcomputer.com/news/security/webrat-malware-spread-via-fake-vulnerability-exploits-on-github/

ShadyPanda is hijacking popular browser extensions to spy on users — turning everyday tools into covert surveillance channels. Trust no add-on without validation. 🧩🕵️‍♂️ #ExtensionSecurity #MalwareCampaign

https://thehackernews.com/2025/12/shadypanda-turns-popular-browser.html

ShadyPanda extensions racked up 43M installs — turning convenience into mass surveillance. Even “helpful” add-ons can hide hostile code. 🧩⚠️ #ExtensionSecurity #MalwareCampaign

https://www.bleepingcomputer.com/news/security/shadypanda-browser-extensions-amass-43m-installs-in-malicious-campaign/

GlassWorm malware is evolving—using invisible code tricks to sneak into GitHub, NPM, and beyond. Could your favorite dev tools be next in its global pursuit? Read more to find out.

https://thedefendopsdiaries.com/glassworm-malware-campaign-expands-new-platforms-sophisticated-obfuscation-and-global-impact/

#glassworm
#malwarecampaign
#cybersecurity
#obfuscation
#vscodeextensions

Noodlophile Malware Campaign Expands Global Reach with Copyright Phishing Lures
https://thehackernews.com/2025/08/noodlophile-malware-campaign-expands.html

#Infosec #Security #Cybersecurity #CeptBiro #Noodlophile #MalwareCampaign #GlobalReach #CopyrightPhishingLures

Scammers are twisting SourceForge's trusted face—disguising malware as Microsoft Office add-ins. Ever wondered how they pull off this digital con? Read on to uncover the deception.

https://thedefendopsdiaries.com/unmasking-the-sourceforge-malware-campaign-a-deceptive-attack-on-users/

#sourceforge
#malwarecampaign
#cybersecurity
#microsoftoffice
#cybercrime

Understanding the 'DollyWay' Malware Campaign: A Persistent Cyber Threat

https://thedefendopsdiaries.com/understanding-the-dollyway-malware-campaign-a-persistent-cyber-threat/

#dollyway
#malwarecampaign
#cybersecurity
#wordpresssecurity
#infosectrends

A recent cybersecurity study revealed a sophisticated malware campaign targeting NuGet, a package manager for .NET applications. Attackers used homoglyphs, characters that look similar but have different codes (for example, the number '0' and the letter 'O', or the lowercase 'l' and the uppercase 'I'), to create fake packages that seemed legitimate but contained malicious code. They also employed IL weaving, a method that alters .NET binaries to insert harmful modules disguised as legitimate ones. This campaign involved around 60 packages and 290 versions, highlighting the need for increased vigilance in software supply chains.

https://thecyberexpress.com/homoglyphs-il-weaving-malicious-nuget-campaign/

#cybersecurity #NuGet #malware #homoglyphs #ILWeawing #malwarecampaign #DotNet #CodeInjection #SecurityResearch

TA547 Shifts Tactics: Leveraging Rhadamanthys Stealer in German-Specific Campaigns

Date: April 10, 2024

CVE: Not applicable

Vulnerability Type: Information Stealer

CWE: N/A

Sources: Proofpoint

Issue Summary

TA547, a financially motivated cybercriminal group, recently initiated an email campaign targeting German organizations, deploying the Rhadamanthys malware. This marks TA547's first recorded use of [[Rhadamanthys stealer]], an advanced information stealer previously utilized by multiple threat actors. The campaign featured emails impersonating the German retail giant Metro, with malicious attachments designed to execute Rhadamanthys without writing to disk, thereby evading typical file-based detection methods.

Technical Key Findings

The attack chain involves emails with a password-protected ZIP file attachment containing an LNK file. Execution of the LNK file triggers a PowerShell script that decodes and runs the [[Rhadamanthys stealer]] directly in memory. Notably, the PowerShell script exhibited signs of being generated by a Large Language Model (LLM), indicative of TA547's potential use of advanced AI tools for crafting malware delivery mechanisms.

Vulnerable products

• Windows platforms targeted via malicious email attachments

Impact assessment

[[Rhadamanthys stealer]] is designed to steal sensitive information, including credentials and financial data. Successful deployment within organizations can lead to significant data breaches, financial loss, and reputational damage.

Patches or workaround

While the report does not specify patches, organizations are advised to enhance email filtering, educate employees on phishing, and deploy behavior-based detection mechanisms to mitigate threats posed by memory-resident malware and sophisticated delivery scripts.

Tags

#TA547 #Rhadamanthys #InformationStealer #Germany #Cybercrime #MalwareCampaign #PowerShell #AI_Malware