North Korean hackers are deploying newly uncovered tools to move data between internet-connected and air-gapped systems, spread via removable drives, and conduct covert surveillance.

IntroductionIn December 2025, Zscaler ThreatLabz discovered a campaign linked to APT37 (also known as ScarCruft, Ruby Sleet, and Velvet Chollima), which is a DPRK-backed threat group. In this campaign ...

Four rogue NuGet packages and one npm package stole ASP.NET Identity data, deployed C2 backdoors, and reached over 50,000 ...

A convincing lookalike of the popular Huorong Security antivirus has been used to deliver ValleyRAT, a sophisticated Remote Access Trojan (RAT) built on the Winos4.0 framework, to users who believed ...

A fake CAPTCHA scam is tricking Windows users into running PowerShell commands that install StealC malware and steal passwords, crypto wallets, and more.

ClickFix Campaign Abuses Compromised Sites to Deploy MIMICRAT Malware | Read more hacking news on The Hacker News cybersecurity news website and learn how to protect against cyberattacks and software ...

A multi-stage malware loader known as OysterLoader has continued to evolve into early 2026, refining its command-and-control (C2) infrastructure and obfuscation methods.

Cybersecurity investigators have identified a new cyberattack campaign connected to the Russia-linked hacking group APT28, ...

Chinese hackers compromised Notepad++ updates for six months, deploying a backdoor to selectively target users in government and critical infrastructure sectors..