Malware
Curated coverage and analysis in this editorial area.
TA4922 Targets Europe with New Atlas RAT and AI-Assisted Malware Development
Proofpoint tracks the European expansion of TA4922, a Chinese-speaking cybercrime group deploying the new Atlas RAT, RomulusLoader, an…
AI Zero-Days and OT Vulnerabilities: ESET’s May 2026 Security Briefing
Tony Anscombe’s latest roundup highlights critical failures in Polish water plants, Google’s discovery of the first AI-generated zero-…
Gamaredon APT Weaponizes WinRAR Path Traversal Bug for Ukrainian Espionage
The Gamaredon APT group is exploiting CVE-2025-8088, a path traversal vulnerability in WinRAR, to deploy a modular malware suite again…
Poisoned AI Chatbots: A New Vector for High-Performance GPU Cryptojacking
Microsoft has identified an active campaign that manipulates AI chatbot recommendations to distribute GPU-based cryptojacking malware…
Cyber May: AI Attacks Emerge, but Basic Vectors Remain the Primary Threat
In ESET’s May roundup, Tony Anscombe documents critical infrastructure breaches in Poland, Mexico’s first 'AI-directed' attack, and Go…
AI-Directed Attacks and ICS Vulnerabilities: ESET’s Tony Anscombe on DynoWiper and the First AI Zero-Day
In his May 2026 security review, ESET’s Tony Anscombe analyzes a landscape of extremes: from the first AI-generated zero-day and 'AI-d…
World Cup 2026: A Cyber-Physical Attack Surface Spanning Three Nations
Unit 42 maps the sprawling perimeter of the USA-Mexico-Canada World Cup, identifying critical OT/IT interdependencies across 16 host c…
Dutch Authorities Dismantle Massive 17-Million Device Botnet
Dutch police and the NCSC-NL have seized over 200 servers and neutralized a botnet comprising 17 million infected devices. While autho…
FortiClient EMS: EKZ Infostealer May Target VPN Management Channels
CVE-2026-35616 (CVSS 9.8): Compromised FortiClient EMS platforms could be transformed into malware delivery vehicles. Attacks in May 2…
Trojan Detection: 33 Behavioral Signals May Challenge Complex Machine Learning Models
A new framework utilizing 33 refined behavioral features aims to detect Windows Trojans with competitive performance on standard enter…
JINX-0164: Potential macOS Malware Campaigns Targeting Crypto Developers via LinkedIn
Threat actor JINX-0164 may be targeting cryptocurrency developers through LinkedIn social engineering, potentially utilizing the AUDIO…
BTMOB: The Malware-as-a-Service Erasing Technical Barriers to Android Takeover
ESET researchers have detailed BTMOB, an Android RAT sold as a service featuring a no-code builder. For a $5,000 lifetime fee, even lo…