A threat actor named ‘RedCurl,’ known for stealthy corporate espionage operations since 2018, is now using a ransomware encryptor designed to target Hyper-V virtual machines. […]
EncryptHub Exploits Windows Zero-Day to Deploy Rhadamanthys and StealC Malware
The threat actor known as EncryptHub exploited a recently-patched security vulnerability in Microsoft Windows as a zero-day to deliver a wide range of malware families, including backdoors and information stealers such as Rhadamanthys and StealC.
“In this attack, the threat actor manipulates .msc files and the Multilingual User Interface Path (MUIPath) to download and execute malicious payload,
“In this attack, the threat actor manipulates .msc files and the Multilingual User Interface Path (MUIPath) to download and execute malicious payload,
RedCurl Shifts from Espionage to Ransomware with First-Ever QWCrypt Deployment
The Russian-speaking hacking group called RedCurl has been linked to a ransomware campaign for the first time, marking a departure in the threat actor’s tradecraft.
The activity, observed by Romanian cybersecurity company Bitdefender, involves the deployment of a never-before-seen ransomware strain dubbed QWCrypt.
RedCurl, also called Earth Kapre and Red Wolf, has a history of orchestrating
The activity, observed by Romanian cybersecurity company Bitdefender, involves the deployment of a never-before-seen ransomware strain dubbed QWCrypt.
RedCurl, also called Earth Kapre and Red Wolf, has a history of orchestrating
New Ransomware Group Claims Attack on US Telecom Firm WideOpenWest
A new ransomware group called Arkana claims to have compromised the US telecommunications provider WideOpenWest.
The post New Ransomware Group Claims Attack on US Telecom Firm WideOpenWest appeared first on SecurityWeek.
SplxAI Raises $7 Million for AI Security Platform
SplxAI has raised $7 million in a seed funding round led by LAUNCHub Ventures to secure agentic AI systems.
The post SplxAI Raises $7 Million for AI Security Platform appeared first on SecurityWeek.
Vulnerabilities Allow Remote Hacking of Inaba Plant Monitoring Cameras
Production line monitoring cameras made by Inaba can be hacked for surveillance and sabotage, but they remain unpatched.
The post Vulnerabilities Allow Remote Hacking of Inaba Plant Monitoring Cameras appeared first on SecurityWeek.
Microsoft: Recent Windows updates cause Remote Desktop issues
Microsoft says that some customers might experience Remote Desktop and RDS connection issues after installing recent Windows updates released since January 2025. […]
New npm attack poisons local packages with backdoors
Two malicious packages were discovered on npm (Node package manager) that covertly patch legitimate, locally installed packages to inject a persistent reverse shell backdoor. […]
Malicious npm Package Modifies Local ‘ethers’ Library to Launch Reverse Shell Attacks
Cybersecurity researchers have discovered two malicious packages on the npm registry that are designed to infect another locally installed package, underscoring the continued evolution of software supply chain attacks targeting the open-source ecosystem.
The packages in question are ethers-provider2 and ethers-providerz, with the former downloaded 73 times to date since it was published on
The packages in question are ethers-provider2 and ethers-providerz, with the former downloaded 73 times to date since it was published on
macOS Users Warned of New Versions of ReaderUpdate Malware
macOS users are targeted with multiple versions of the ReaderUpdate malware written in Crystal, Nim, Rust, and Go programming languages.
The post macOS Users Warned of New Versions of ReaderUpdate Malware appeared first on SecurityWeek.