Be careful what you click! Fake PDF converter sites mimicking #PDFCandy, a legit website, is spreading malware via Google Ads. It tricks users with a realistic interface and installs info-stealing malware.

https://hackread.com/fake-pdfcandy-websites-spread-malware/

New #ResolverRAT #malware targets #pharma and #healthcare orgs worldwide

https://www.bleepingcomputer.com/news/security/new-resolverrat-malware-targets-pharma-and-healthcare-orgs-worldwide/

Slopsquatting

As AI coding assistants invent nonexistent software libraries to download and use, enterprising attackers create and upload libraries with those names&... https://www.schneier.com/blog/archives/2025/04/slopsquatting.html

We’re seeing an increasing volume of blocked queries to the SocGholish-related domain - blackshelter[.]org in the last several days.

The Pall Mall Pact and why it matters | Malwarebytes | …I don’t entirely agree that this is a good thing
https://alecmuffett.com/article/113190
#HackingTools #PallMallPact #PallMallProcess #malware

Es gibt nichts zu sehen, bitte gehen Sie weiter. #microsoft #keylogger #malware

https://www.europesays.com/1997221/ NATO allies boost cyber defense coordination, focus on improving critical infrastructure resilience #CriticalInfrastructure #CriticalInfrastructureResilience #CyberDefense #CyberThreat #Cybersecurity #Europa #europe #InfrastructureResilience #MaliciousCyber #malware #nato #OTAN #ThreatIntelligence

Last week I posted a thread about a #spam campaign delivering a #ConnectWise client as its payload. As of this morning, the threat actors have changed the payload (https://www.virustotal.com/gui/file/30e1d059262b851a2b432ec856aeba5bb639ba764aa85643703163d62000a2f4) and it appears to try to connect to the address "relay.noscreener[.]info" which resolves to 104.194.145.66.

Embedded in the installer .msi file is a file called system.config, which contains this domain name and a base64-encoded string.

The fake Social Security website is still being hosted on a compromised site that belongs to a temp agency based on the east coast of the US.

Previous thread:

https://infosec.exchange/@threatresearch/114315246724920453

#VXUnderground has posted a "best of" page with their favorite papers. I think some of these should be required reading for red teamers, malware researchers, or vulnerability researchers. Thoughts?
https://vx-underground.org/Best%20Of
#redteam #malware #malware_research #vulnerability

Would anyone be willing to give me some Wordpress advice? A guy *claiming* to be from Bluehost just called and said my hosted site has malware, then offered me $360/yr protection plan. Refused to say anything about where malware was located or how to fix. Jerk. Bluehost is too expensive already and I'm toying with just pulling the plug on my site altogether (it's not very popular), or maybe porting it over to the $4/month (?) version at wordpress.com. I'd be grateful for any tips on removing malware, finding cheaper host, and whether terminating a blog makes sense. #wordpress #malware #hosting #blog

Spyware added during manufacturing: Cheap Android phones come preloaded with malware stealing crypto via fake #WhatsApp and other apps.

Read: https://hackread.com/pre-installed-malware-cheap-android-phones-crypto-fake-whatsapp/

New #malware ‘#ResolverRAT’ targets #healthcare, pharmaceutical firms
https://securityaffairs.com/176537/malware/new-malware-resolverrat-targets-healthcare-pharmaceutical-firms.html
#securityaffairs #hacking

Microsoft's 0x80070643 Error: A Deep Dive into Windows Recovery Environment Challenges

Microsoft has confirmed that the 0x80070643 error encountered by Windows users during the April 2025 WinRE update is misleading and does not affect system functionality. This article explores the impl...

https://news.lavx.hu/article/microsoft-s-0x80070643-error-a-deep-dive-into-windows-recovery-environment-challenges

https://www.theregister.com/AMP/2025/04/12/ai_code_suggestions_sabotage_supply_chain/

create a malicious software package under a hallucinated package name and then upload the bad package…when an #AIcodeassistant re-hallucinates the co-opted name, the process of installing dependencies and executing the code will run the #malware…

…a form of typosquatting, where variations or misspellings of common terms are used to dupe people. Seth Michael Larson, #Python Software Foundation, has dubbed it #slopsquatting – "slop" being a common pejorative for AI output

SECURITY AFFAIRS #MALWARE #NEWSLETTER ROUND 41
https://securityaffairs.com/176503/malware/security-affairs-malware-newsletter-round-41.html
#securityaffairs #hacking

Haha nice

#LLM #CyberPunk #Malware

https://bsky.app/profile/thomasfuchs.at/post/3lmnqvt35bk2z

Update: source → https://wandering.shop/@janellecshane/114327654973832756

Funcionalidade Recall da Microsoft chega aos Windows Insiders com polémica
 https://tugatech.com.pt/t65587-funcionalidade-recall-da-microsoft-chega-aos-windows-insiders-com-polemica

Did you know hackers can bypass LLM safety filters 73.2% of the time?

Researchers found that by slicing a malicious prompt into harmless segments and distributing them across different AI models, they could trick the system into writing full-blown malware.

Should we trust AI to judge itself? Or is a “jury” system the future of model evaluation?

Read the full article here:
https://blueheadline.com/tech-news/hackers-outsmart-ai-prompt-trick/

Court names details of 1223 attacks on WhatsApp users with Pegasus spyware

A document reveals the locations of the victims, the servers used for the attacks and the origin of the attacks using Pegasus spyware.

https://www.heise.de/en/news/Court-names-details-of-1223-attacks-on-WhatsApp-users-with-Pegasus-spyware-10348275.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon