Published on: 2025-06-06 13:46:02
An international law enforcement operation has taken down AVCheck, a service used by cybercriminals to test whether their malware is detected by commercial antivirus software before deploying it in the wild. The service's official domain at avcheck.net now displays a seizure banner with the crests of the U.S. Department of Justice, the FBI, the U.S. Secret Service, and the Dutch police (Politie). According to an announcement on the Politie website, AVCheck was one of the largest counter antivi
Keywords: avcheck cybercriminals malware service services
Find related items on AmazonPublished on: 2025-06-09 05:25:52
Threat actors linked to lesser-known ransomware and malware projects now use AI tools as lures to infect unsuspecting victims with malicious payloads. This development follows a trend that has been growing since last year, starting with advanced threat actors using deepfake content generators to infect victims with malware. These lures have become widely adopted by info-stealer malware operators and ransomware operations attempting to breach corporate networks. Cisco Talos researchers have di
Keywords: ai cisco cyberlock malware ransomware
Find related items on AmazonPublished on: 2025-06-10 07:59:38
A newly discovered Go-based Linux botnet malware named PumaBot is brute-forcing SSH credentials on embedded IoT devices to deploy malicious payloads. The targeted nature of PumaBot is also evident by the fact it targets specific IPs based on lists pulled from a command-and-control (C2) server instead of broader scanning of the internet. Targeting surveillance cams Darktrace documented PumaBot in a report providing an overview of the botnet's attack flow, indicators of compromise (IoCs), and d
Keywords: darktrace file malware pumabot ssh
Find related items on AmazonPublished on: 2025-06-10 21:14:01
The Interlock ransomware gang is deploying a previously undocumented remote access trojan (RAT) named NodeSnake against educational institutes for persistent access to corporate networks. QuorumCyber researchers report seeing NodeSnake's deployment in at least two cases targeting universities in the UK in January and March 2025. The two malware samples significantly differ, indicating active development to add new features and capabilities on NodeSnake. As first reported by BleepingComputer,
Keywords: c2 interlock malware nodesnake quorumcyber
Find related items on AmazonPublished on: 2025-06-11 05:39:13
A sprawling network of fake AI, VPN, and crypto software download sites is being used by the "Dark Partner" threat actors to conduct a crypto theft attacks worldwide. Masquerading as popular apps, these cloned sites deliver the Poseiden (macOS) and Lumma (Windows) infostealers and malware loaders like Payday. This malware is used to steal cryptocurrency and sensitive data such as host information, credentials, private keys, or cookies, which are likely sold on the cybercriminal market. On Wind
Keywords: g0njxa loader malware payday stealer
Find related items on AmazonPublished on: 2025-06-17 09:56:45
The hacker ecosystem in Russia, more than perhaps anywhere else in the world, has long blurred the lines between cybercrime, state-sponsored cyberwarfare, and espionage. Now an indictment of a group of Russian nationals and the takedown of their sprawling botnet offers the clearest example in years of how a single malware operation allegedly enabled hacking operations as varied as ransomware, wartime cyberattacks in Ukraine, and spying against foreign governments. The US Department of Justice t
Keywords: criminal danabot department malware world
Find related items on AmazonPublished on: 2025-06-18 10:50:34
Cybercriminals are using TikTok videos to trick users into infecting themselves with Vidar and StealC information-stealing malware in ClickFix attacks. As Trend Micro recently discovered, the threat actors behind this TikTok social engineering campaign are using videos likely generated using AI that ask viewers to run commands claiming to activate Windows and Microsoft Office, as well as premium features in various legitimate software like CapCut and Spotify. "This attack uses videos (possibly
Keywords: clickfix malware powershell tiktok videos
Find related items on AmazonPublished on: 2025-06-18 22:58:13
In the latest phase of Operation Endgame, an international law enforcement operation, national authorities from seven countries seized 300 servers and 650 domains used to launch ransomware attacks. "From 19 to 22 May, authorities took down some 300 servers worldwide, neutralised 650 domains, and issued international arrest warrants against 20 targets, dealing a direct blow to the ransomware kill chain," according to the joint action's official website. "In addition, EUR 3.5 million in cryptocu
Keywords: danabot malware operation ransomware used
Find related items on AmazonPublished on: 2025-06-18 23:04:00
Serving tech enthusiasts for over 25 years.TechSpot means tech analysis and advice you can trust Dasvidania Tovarish: Infostealers are a dangerous class of malware built to infiltrate systems and extract sensitive personal or corporate data. Lumma Stealer ranks among the worst offenders, prompting Microsoft and global law enforcement to go after its alleged mastermind. Microsoft says its Digital Crimes Unit (DCU) successfully disrupted the server infrastructure behind Lumma Stealer, a malware-
Keywords: infrastructure lumma malware microsoft operation
Find related items on AmazonPublished on: 2025-06-19 09:04:00
Serving tech enthusiasts for over 25 years.TechSpot means tech analysis and advice you can trust Dasvidania Tovarish: Infostealers are a dangerous class of malware built to infiltrate systems and extract sensitive personal or corporate data. Lumma Stealer ranks among the worst offenders, prompting Microsoft and global law enforcement to go after its alleged mastermind. Microsoft says its Digital Crimes Unit (DCU) successfully disrupted the server infrastructure behind Lumma Stealer, a malware-
Keywords: infrastructure lumma malware microsoft operation
Find related items on AmazonPublished on: 2025-06-19 09:53:21
The U.S. government today unsealed criminal charges against 16 individuals accused of operating and selling DanaBot, a prolific strain of information-stealing malware that has been sold on Russian cybercrime forums since 2018. The FBI says a newer version of DanaBot was used for espionage, and that many of the defendants exposed their real-life identities after accidentally infecting their own systems with the malware. Initially spotted in May 2018 by researchers at the email security firm Proo
Keywords: criminal danabot data government malware
Find related items on AmazonPublished on: 2025-06-19 13:16:25
The U.S. government has indicted Russian national Rustam Rafailevich Gallyamov, the leader of the Qakbot botnet malware operation that compromised over 700,000 computers and enabled ransomware attacks. As per court documents, Gallyamov started to develop Qakbot (also known as Qbot and Pinkslipbot) in 2008 and deployed it to create a network of thousands of infected computers. Over time, a team of developers was formed around Qakbot but the indictment notes that other malware was also created u
Keywords: gallyamov malware million qakbot ransomware
Find related items on AmazonPublished on: 2025-06-19 12:56:44
The hacker ecosystem in Russia, more than perhaps anywhere else in the world, has long blurred the lines between cybercrime, state-sponsored cyberwarfare, and espionage. Now an indictment of a group of Russian nationals and the takedown of their sprawling botnet offers the clearest example in years of how a single malware operation allegedly enabled hacking operations as varied as ransomware, wartime cyberattacks in Ukraine, and spying against foreign governments. The US Department of Justice t
Keywords: according criminal danabot malware used
Find related items on AmazonPublished on: 2025-06-19 21:09:11
In Brief Microsoft and law enforcement have announced a court-authorized takedown of Lumma, a prolific info-stealer malware operation found on more than 394,000 Windows PCs globally, mostly in Brazil, Europe, and the United States. The tech giant took civil action to ask a federal court to seize 2,300 domains that served as the malware’s network of command and control servers. The Justice Department also seized five domains used to operate the Lumma infrastructure. The Lumma password stealer
Keywords: domains like lumma malware password
Find related items on AmazonPublished on: 2025-06-20 05:00:03
A consortium of global law enforcement agencies and tech companies announced on Wednesday that they have disrupted the infostealer malware known as Lumma. One of the most popular infostealers worldwide, Lumma has been used by hundreds of what Microsoft calls “cyber threat actors” to steal passwords, credit card and banking information, and cryptocurrency wallet details. The tool, which officials say is developed in Russia, has provided cybercriminals with the information and credentials they nee
Keywords: attacks infrastructure lumma malware microsoft
Find related items on AmazonPublished on: 2025-06-22 09:07:52
The U.S. Department of Justice then took control of Lumma's "central command structure" and squashed the online marketplaces where bad actors purchased the malware. Microsoft said its digital crimes unit was able to dismantle the web domains underpinning Lumma's infrastructure with the help of a court order from the U.S. District Court for the Northern District of Georgia. Microsoft said Wednesday that it broke down the Lumma Stealer malware project with the help of law enforcement officials a
Keywords: lumma malware microsoft said used
Find related items on AmazonPublished on: 2025-06-22 08:00:00
Earlier this month, a coordinated disruption action targeting the Lumma malware-as-a-service (MaaS) information stealer operation seized thousands of domains and part of its infrastructure backbone worldwide. This effort involved multiple tech companies and law enforcement authorities, resulting in Microsoft's seizure of approximately 2,300 domains after legal action against the malware on May 13, 2025. At the same time, the Department of Justice (DOJ) disrupted marketplaces where the malware
Keywords: cloudflare data lumma malware microsoft
Find related items on AmazonPublished on: 2025-06-22 08:00:00
A consortium of global law enforcement agencies and tech companies announced on Wednesday that they have disrupted the infostealer malware known as Lumma. One of the most popular infostealers worldwide, Lumma has been used by hundreds of what Microsoft calls “cyber threat actors” to steal passwords, credit card and banking information, and cryptocurrency wallet details. The tool, which officials say is developed in Russia, has provided cybercriminals with the information and credentials they nee
Keywords: domains infrastructure lumma malware microsoft
Find related items on AmazonPublished on: 2025-06-24 17:07:40
SK Telecom says that a recently disclosed cybersecurity incident in April, first occurred all the way back in 2022, ultimately exposing the USIM data of 27 million subscribers. SK Telecom is the largest mobile network operator in South Korea, holding roughly half of the national market. On April 19, 2025, the company detected malware on its networks and responded by isolating the equipment suspected of being hacked. This breach allowed attackers to steal data that included IMSI, USIM authenti
Keywords: data malware servers sk telecom
Find related items on AmazonPublished on: 2025-06-27 09:21:00
Facepalm: Procolored builds high-end direct-to-film printers used for customizing t-shirts and other products. Recently, its official software delivered dangerous malware to customers' systems, exposing serious security flaws in what should be trusted professional-level equipment. Purchasing computer peripherals like printers should be a relatively safe experience. However, tech hobbyist Cameron Coward recently found that some ultra-high-end printers costing thousands of dollars were infecting
Keywords: floxif hahn malware procolored software
Find related items on AmazonPublished on: 2025-06-25 14:44:50
When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works If you own a Procolored inkjet printer, particularly one of the UV models, you might want to check your system for malware, especially if you downloaded the companion software within the past six months, since Procolored was recently found to be distributing malicious software. The first alarm came from Cameron Coward, the creator behind the YouTube channel "Serial Hobbyism." Known for his DIY
Keywords: coward data malware procolored software
Find related items on AmazonPublished on: 2025-06-26 05:44:50
When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works If you own a Procolored inkjet printer, particularly one of the UV models, you might want to check your system for malware, especially if you downloaded the companion software within the past six months, since Procolored was recently found to be distributing malicious software. The first alarm came from Cameron Coward, the creator behind the YouTube channel "Serial Hobbyism." Known for his DIY
Keywords: coward data malware procolored software
Find related items on AmazonPublished on: 2025-06-29 08:56:51
For at least half a year, the official software supplied with Procolored printers included malware in the form of a remote access trojan and a cryptocurrency stealer. Procolored is a digital printing solutions provider making Direct-to-Film (DTF), UV DTF, UV, and Direct-to-Garment (DTG) printers. It is particularly known for affordable and efficient fabric printing solutions. The Shenzhen-based company has grown quickly since it started in 2018, and is now selling its products in over 31 count
Keywords: data files malware procolored software
Find related items on AmazonPublished on: 2025-07-08 01:07:58
NurPhoto/Getty Images Are you still using a router that's past its prime? If so, you could be opening yourself up to a malicious attack. The FBI is warning that cybercriminals are targeting routers that have reached their end of life and are no longer supported by the manufacturer. In an advisory and a PSA published last week, the agency said that attackers are deploying malware against many older routers. Typically dated from 2010 or earlier, these routers have already reached end-of-life, wh
Keywords: linksys malware router routers vulnerable
Find related items on AmazonPublished on: 2025-07-11 21:15:39
The FBI warns that threat actors are deploying malware on end-of-life (EoL) routers to convert them into proxies sold on the 5Socks and Anyproxy networks. These devices, which were released many years back and no longer receive security updates from their vendors, are vulnerable to external attacks leveraging publicly available exploits to inject persistent malware. Once compromised, they are added to residential proxy botnets that route malicious traffic. In many cases, these proxies are used
Keywords: actors fbi malware proxies routers
Find related items on AmazonPublished on: 2025-07-12 13:51:14
A malicious Python package targeting Discord developers with remote access trojan (RAT) malware was spotted on the Python Package Index (PyPI) after more than three years. Named "discordpydebug," the package was masquerading as an error logger utility for developers working on Discord bots and was downloaded over 11,000 times since it was uploaded on March 21, 2022, even though it has no description or documentation. Cybersecurity company Socket, which first spotted it, says the malware could
Keywords: code developers discord malware package
Find related items on AmazonPublished on: 2025-07-23 13:25:36
Feedback Assistant Boycott Mac app launches slowed by malware scan February 14 2024 I've always attributed slow Xcode launches to Xcode simply sucking, but I've noticed that the FileMerge app frequently launches slowly too. When this happens, the app can take a dozen bounces in the Dock before finally opening. FileMerge resides in the folder Xcode.app/Contents/Applications/ within the Xcode bundle and can be opened from the Xcode main menu under the Open Developer Tool submenu. I actually kee
Keywords: app compatibility malware version xcode
Find related items on AmazonPublished on: 2025-07-24 09:25:36
Why some Mac apps launch slowly: A follow-up May 1 2025 Last year I wrote a blog post Mac app launches slowed by malware scan: I discovered that the slow launches are caused by the syspolicyd process, specifically DispatchQueue "com.apple.security.syspolicy.yara" . The backtrace showed syspolicyd calling the yr_rules_scan_file function. Recently, however, voluminous blogger Howard Oakley has written a series of blog posts, starting with Why some apps launch very slowly and culminating with W
Keywords: app apps long malware oakley
Find related items on AmazonPublished on: 2025-07-25 17:05:46
A new malware campaign targeting WordPress sites employs a malicious plugin disguised as a security tool to trick users into installing and trusting it. According to Wordfence researchers, the malware provides attackers with persistent access, remote code execution, and JavaScript injection. At the same time, it remains hidden from the plugin dashboard to evade detection. Wordfence first discovered the malware during a site cleanup in late January 2025, where it found a modified 'wp-cron.php'
Keywords: access malware php plugin wp
Find related items on AmazonPublished on: 2025-07-31 02:19:00
Elyse Betters Picaro / ZDNET With viruses, ransomware, spyware, infostealers, and outright scams, online fraud has been a pervasive and growing problem. In the US, one in three people who reported fraud last year lost money, with the total collective amount reaching $12.5 billion. Now, security firm Malwarebytes is trying to combat these types of cybercrimes by providing security tools to a new host of partners. Also: 7 password rules security experts live by in 2025 - the last one might surpr
Keywords: customers malwarebytes protection security tools
Find related items on AmazonGo K’awiil is a project by nerdhub.co that curates technology news from a variety of trusted sources. We built this site because, although news aggregation is incredibly useful, many platforms are cluttered with intrusive ads and heavy JavaScript that can make mobile browsing a hassle. By hand-selecting our favorite tech news outlets, we’ve created a cleaner, more mobile-friendly experience.
Your privacy is important to us. Go K’awiil does not use analytics tools such as Facebook Pixel or Google Analytics. The only tracking occurs through affiliate links to amazon.com, which are tagged with our Amazon affiliate code, helping us earn a small commission.
We are not currently offering ad space. However, if you’re interested in advertising with us, please get in touch at [email protected] and we’ll be happy to review your submission.