Malware

Operation Olalampo, observed starting January 26, 2026, utilizes phishing emails containing malicious Microsoft Office documents that execute macro code to deploy payloads.

A new npm supply chain attack injects a malicious MCP server and targets LLM API keys.

Crypto wallet-, browser-targeting infostealer spread via bogus CAPTCHAs Fake CAPTCHAs have been leveraged to facilitate the deployment of information-stealing malware targeting multiple cryptocurrency wallets and credentials stored across over two dozen web browsers as part of a new ClickFix attack campaign, according to HackRead.

Cybernews reports that threat actors have launched the information-stealing MacSync malware in a new malvertising campaign that weaponized at least 35 breached Google Ads accounts promoting law firms, hotels, and other legitimate businesses around the world to push over 200 illicit ads spoofing widely used macOS software, including 7-Zip, LibreOffice, Notepad++, and Final Cut Pro.

Security researchers at Veracode Threat Research discovered a malicious package named "buildrunner-dev" on npm.

Widely exploited Remcos RAT malware has gained a new variant integrating real-time surveillance and keystroke transmission capabilities, as well as increased stealth, via modular DLL plugins and encrypted command-and-control channels, Infosecurity Magazine reports.

Google Gemini has been weaponized by the novel PromptSpy malware to ensure persistence in targeted devices, marking the first known use of generative AI in an Android malware, reports The Cyber Express.