Malware

AI-generated vibeware spread in new APT36 campaign Intrusions with vibeware, or sloppy AI-generated code, have been launched by Pakistan-linked threat group APT36, also known as Transparent Tribe, in a bid to compromise Indian government networks without raising security system alarms, HackRead reports.

BleepingComputer reports that telecommunications providers across South America have been targeted by China-linked advanced persistent threat operation UAT-9244 with the newly discovered TernDoor and PeerTime backdoors for Windows and Linux, respectively, as well as the BruteEntry brute-force scanner, since 2024.

The incident began when a malicious script, hosted on Russian Wikipedia and allegedly linked to previous attacks, was executed.

Multiple information-stealing payloads and the GhostSocks proxy malware have been distributed by bogus GitHub-hosted installers for the popular open-source AI assistant OpenClaw promoted by Bing's AI search results, reports The Register.

Russian phishing campaign hits Ukraine with novel malware Attacks delivering novel malicious payloads have been deployed by a Russian state-sponsored threat operation against Ukrainian entities as part of a new phishing campaign, reports The Record, a news site by cybersecurity firm Recorded Future.

The attackers are using compromised Extended Validation (EV) certificates, specifically one issued to TrustConnect Software PTY LTD, to sign malicious executables.

The malicious packages, including "nhattuanbl/lara-helper" and "nhattuanbl/simple-queue," contain obfuscated PHP code that connects to a command and control (C2) server at helper.leuleu[.]net:2096.