Malware

Novel ShadowHS malware targets Linux environments Linux systems are being threatened by the newly discovered ShadowHS fileless malware framework, which leverages a multi-stage encrypted loader that decrypts and executes its payload into memory for clandestine targeted compromise, Cyber Security News reports.

Attackers gained control of the hosting environment for notepad-plus-plus.org, manipulating update traffic to serve malware.

The discovered threat, identified by Point Wild's Lat61 Threat Intelligence Team, operates by hiding within a computer's memory, making it difficult for traditional antivirus software to detect.

The campaign, discovered on January 26, 2026, involved sponsored Google search results for "mac cleaner" utilities.

The campaign begins with users being tricked into installing a dropper app named TrustBastion, which masquerades as a security tool.

Over 454,600 new harmful software packages, which were cumulatively downloaded 9.8 trillion times, have been discovered across major repositories like PyPI, Hugging Face, NuGet, Maven Central, and npm, last year, according to The Cyber Express.

AI-powered code has been leveraged by a Vietnamese threat actor to deliver PureRAT malware and other illicit payloads as part of a fake job phishing campaign initially discovered by Trend Micro in December, reports GBHackers News.

The malicious code was concealed within a Basque language dictionary file, disguised as a compressed archive.