Google exposes BadAudio malware used in APT24 espionage campaigns

China-linked APT24 hackers have been using a previously undocumented malware called BadAudio in a three-year espionage campaign that recently switched to more sophisticated attack methods.

Shai-Hulud malware infects 500 npm packages, leaks secrets on GitHub

Hundreds of trojanized versions of well-known packages such as Zapier, ENS Domains, PostHog, and Postman have been planted in ...
The Hacker News

TamperedChef Malware Spreads via Fake Software Installers in Ongoing Global Campaign

TamperedChef spreads through fake installers and SEO abuse, delivering a persistent JavaScript backdoor across multiple ...
CSO Online

Sneaky2FA phishing tool adds ability to insert legit-looking URLs

With its new browser-in-the-browser capability, the tool helps threat actors fool employees into giving up credentials.

Sneaky2FA Phishing Kit Evolves With New Fake Browser Pop-Up Trick

Security researchers at Push Security are warning that Sneaky2FA, an advanced phishing-as-a-service (PhaaS) kit, has released ...
The Hacker News

APT24 Deploys BADAUDIO in Years-Long Espionage Hitting Taiwan and 1,000+ Domains

APT24 and Autumn Dragon launch multi-year espionage campaigns using BADAUDIO, supply chain attacks, and new CVE-2025-8088 ...
Hackaday

This Week In Security: Cloudflare Wasn’t DNS, BADAUDIO, And Not A Vuln

You may have noticed that large pieces of the Internet were down on Tuesday. It was a problem at Cloudflare, and for once, it ...
BankInfoSecurity

TamperedChef Exploits Signed Apps for Stealth

Threat actors are weaponizing trusted software certificates to deliver stealthy malware and compromise enterprise networks through fraudulent, signed applications, ...