Malware

Windows Defender purportedly circumvented by novel AI-boosted metamorphic crypter Newly emergent sophisticated AI-powered metamorphic crypter InternalWhisper x Impact Solutions has been claimed by threat actor ImpactSolutions to be fully undetectable by Windows Defender and other leading endpoint security tools, according to Cyber Security News.

Pakistan-linked threat group APT36, also known as Transparent Tribe, has used illicit Windows LNK files to compromise Indian government, strategic, and academic organizations as part of an advanced cyberespionage campaign, GBHackers News reports.

Trust Wallet, a multi-chain non-custodial cryptocurrency wallet, had almost $8.5 million worth of digital assets drained from 2,520 cryptocurrency wallets following an npm supply chain attack involving the self-replicating Shai Hulud 2.0 malware, according to SecurityWeek.

A surge in high-profile and financially devastating cyberattacks against major UK businesses throughout 2025 has crystallized the threat as a fundamental risk to national economic stability, according to The Independent.

Attacks leveraging a kernel-mode rootkit to spread a new variant of the ToneShell malware have been launched by Chinese advanced persistent threat group Mustang Panda, also known as Bronze President or HoneyMyte, against government entities across Southeast Asia and East Asia, particularly Thailand and Myanmar, since February, according to BleepingComputer.

Operators of the Shai Hulud malware that compromised thousands of developer environments have been testing yet another variant of the worm dubbed "The Golden Path," which has been integrated into the npm package "@vietmoney/react-big-calendar," reports The Cyber Express.

Cybernews reports that Massachusetts-based accounting firm CSA Tax & Advisory had corporate and client data allegedly compromised by the Lynx ransomware-as-a-service operation.

Romania's Complexul Energetic Oltenia, which is the country's largest coal-based energy producer, had its IT infrastructure disrupted in a Dec. 26 ransomware attack claimed by the Gentlemen ransomware operation, reports BleepingComputer.