Malware

Massiv has been observed in campaigns targeting a Portuguese government app linked to the Chave Móvel Digital, Portugal's digital authentication system.

Proofpoint worked with industry partners to take down the TrustConnect MaaS, but it quickly reemerged under a different brand.

OpenClaw, formerly known as Moltbot and ClawdBot, had its ClawHub marketplace compromised with 1,184 illicit skills as part of a sweeping supply chain poisoning intrusion campaign dubbed ClawHavoc, according to GBHackers News.

During a search of the suspect's residence, investigators discovered files containing credentials, passwords, credit card numbers, and server IP addresses, potentially enabling unauthorized access and ransomware attacks.

The campaign involved cloning the Oura MCP server, a tool connecting AI assistants to Oura Ring health data.

Malicious actors have leveraged the Matanbuchus 3.0 malware-as-a-service loader to deploy the novel AstarionRAT payload in an attack campaign that involved ClickFix techniques, according to GBHackers News.

Suspected Iran-linked threat actors have launched intrusions aimed at Iranians supportive of anti-government protests as part of a new cyberespionage campaign that commenced in early January, according to The Record, a news site by cybersecurity firm Recorded Future.