Cybercrime/malcode – Lifeboat News: The Blog

Dec 10
2025

North Korea-linked Actors Exploit React2Shell to Deploy New EtherRAT Malware

North Korea-linked attackers exploit CVE-2025–55182 to deploy EtherRAT, a smart-contract-based RAT with multi-stage persistence.

Dec 10
2025

Four Threat Clusters Using CastleLoader as GrayBravo Expands Its Malware Service Infrastructure

GrayBravo drives four CastleLoader threat clusters using phishing, malvertising, and Booking-themed lures across multiple sectors.

Dec 10
2025

Storm-0249 Escalates Ransomware Attacks with ClickFix, Fileless PowerShell, and DLL Sideloading

Storm-0249 now employs ClickFix, fileless PowerShell, and DLL sideloading to gain stealthy access that enables ransomware operations.

Dec 10
2025

STAC6565 Targets Canada in 80% of Attacks as Gold Blade Deploys QWCrypt Ransomware

Sophos reports STAC6565 targeting nearly 40 victims, with 80% of attacks hitting Canadian firms and involving QWCrypt ransomware.

Dec 10
2025

Google CEO Sundar Pichai hints at building data centres in space; Elon Musk replies

The TOI Tech Desk is a dedicated team of journalists committed to delivering the latest and most relevant news from the world of technology to readers of The Times of India. TOI Tech Desk’s news coverage spans a wide spectrum across gadget launches, gadget reviews, trends, in-depth analysis, exclusive reports and breaking stories that impact technology and the digital universe. Be it how-tos or the latest happenings in AI, cybersecurity, personal gadgets, platforms like WhatsApp, Instagram, Facebook and more; TOI Tech Desk brings the news with accuracy and authenticity.

Dec 9
2025

Android Malware FvncBot, SeedSnatcher, and ClayRat Gain Stronger Data Theft Features

Researchers detail FvncBot, SeedSnatcher, and a stronger ClayRat that widen Android data theft and device control tactics.

Dec 9
2025

Sneeit WordPress RCE Exploited in the Wild While ICTBroadcast Bug Fuels Frost Botnet Attacks

Active exploits target Sneeit plugin CVE-2025–6389 and ICTBroadcast CVE-2025–2611, enabling RCE, backdoors, and Frost DDoS botnet delivery.

Dec 9
2025

MuddyWater Deploys UDPGangster Backdoor in Targeted Turkey-Israel-Azerbaijan Campaign

MuddyWater’s UDPGangster malware uses macro phishing & UDP channels for remote control, data theft, payload delivery in Turkey, Israel & Azerbaijan.

Dec 9
2025

Ransomware gangs turn to Shanya EXE packer to hide EDR killers

Multiple ransomware gangs are using a packer-as-a-service platform named Shanya to help them deploy payloads that disable endpoint detection and response solutions on victim systems.

Packer services provide cybercriminals with specialized tools to package their payloads in a way that obfuscates malicious code to evade detection by most known security tools and antivirus engines.

The Shanya packer operation emerged in late 2024 and has grown in popularity significantly, with malware samples using it being spotted in Tunisia, the UAE, Costa Rica, Nigeria, and Pakistan, as per telemetry data from Sophos Security.

Dec 9
2025

Malicious VSCode extensions on Microsoft’s registry drop infostealers

Two malicious extensions on Microsoft’s Visual Studio Code Marketplace infect developers’ machines with information-stealing malware that can take screenshots, steal credentials, crypto wallets, and hijack browser sessions.

The marketplace hosts extensions for the popular VSCode integrated development environment (IDE) to extend functionality or add customization options.

The two malicious extensions, called Bitcoin Black and Codo AI, masquerade as a color theme and an AI assistant, respectively, and were published under the developer name ‘BigBlack.’