Cybercrime/malcode – Lifeboat News: The Blog

Nov 14
2025

CISA warns of Akira ransomware Linux encryptor targeting Nutanix VMs

US government agencies are warning that the Akira ransomware operation has been spotted encrypting Nutanix AHV virtual machines in attacks.

An updated joint advisory from CISA, the FBI, the Department of Defense Cyber Crime Center (DC3), the Department of Health and Human Services (HHS), and several international partners alerts that Akira ransomware has expanded its encryption capabilities Nutanix AHV VM disk files.

The advisory includes new indicators of compromise and tactics observed through FBI investigations and third-party reporting as recent as November 2025.

Nov 14
2025

New ‘IndonesianFoods’ worm floods npm with 100,000 packages

A self-spreading package published on npm spams the registry by spawning new packages every every seven seconds, creating large volumes of junk.

The worm, dubbed ‘IndonesianFoods,’ due to its distinctive package naming scheme that picks random Indonesian names and food terms, has published over 100,000 packages according to Sonatype, and the number is growing exponentially.

Although the packages do not have a malicious component for developers (e.g., stealing data, backdooring hosts), this could change with an update that introduces a dangerous payload.

Nov 14
2025

Operation Endgame targets malware networks in global crackdown

Rhadamanthys, VenomRAT, and the Elysium botnet were targeted in the takedowns.

Nov 13
2025

Over 67,000 Fake npm Packages Flood Registry in Worm-Like Spam Attack

A mysterious npm worm published 46K fake packages in a two-year spam campaign, exposing major security gaps.

Nov 13
2025

Google Sues China-Based Hackers Behind $1 Billion Lighthouse Phishing Platform

Google sues China-based hackers behind the $1B Lighthouse PhaaS scam hitting 1M users globally

Nov 12
2025

WhatsApp Malware ‘Maverick’ Hijacks Browser Sessions to Target Brazil’s Biggest Banks

Maverick malware spreads via WhatsApp Web, targeting Brazilian banks through PowerShell and browser hijacking.

Nov 12
2025

GootLoader Is Back, Using a New Font Trick to Hide Malware on WordPress Sites

Huntress finds three GootLoader infections since Oct 27, 2025; two led to domain controller compromise within 17 hours.

Nov 12
2025

Android Trojan ‘Fantasy Hub’ Malware Service Turns Telegram Into a Hub for Hackers

Fantasy Hub RAT sold via Telegram exploits Android SMS and banking systems amid rising MaaS threats.

Nov 12
2025

GlobalLogic warns 10,000 employees of data theft after Oracle breach

GlobalLogic, a provider of digital engineering services part of the Hitachi group, is notifying over 10,000 current and former employees that their data was stolen in an Oracle E-Business Suite (EBS) data breach.

Based in Santa Clara, California, this software and product development services company was founded in 2000. Since then, it has expanded to 59 product engineering centers and several offices worldwide.

In a breach notification letter filed with the office of Maine’s Attorney General, the company states that the attackers exploited an Oracle EBS zero-day vulnerability to steal personal information belonging to 10,471 employees.

Nov 12
2025

Rhadamanthys infostealer disrupted as cybercriminals lose server access

The Rhadamanthys infostealer operation has been disrupted, with numerous “customers” of the malware-as-a-service reporting that they no longer have access to their servers.

Rhadamanthys is an infostealer malware that steals credentials and authentication cookies from browsers, email clients, and other applications. It is commonly distributed through campaigns promoted as software cracks, YouTube videos, or malicious search advertisements.

The malware is offered on a subscription model, where cybercriminals pay the developer a monthly fee for access to the malware, support, and a web panel used to collect stolen data.