Malware

New Cosmali Loader deployed via bogus MAS Windows activation domain Windows systems have been infected with the new Cosmali Loader through illicit PowerShell scripts deployed through a typosquatted Microsoft Activation Scripts tool domain, BleepingComputer reports.

Tools such as Nezha evade signature detection, blend with normal activity, and reduce development effort.

Over 25,000 repositories and hundreds of npm packages have already been impacted by the new Shai Hulud malware campaign that automates developer environment compromise, SiliconANGLE reports.

More advanced malware tapped by Arcane Werewolf in Russia-targeted attacks Multiple manufacturing organizations across Russia have been targeted by cyberespionage operation Arcane Werewolf, also known as Mythic Likho, with the more sophisticated Loki 2.1 malware toolkit, according to GBHackers News.

BleepingComputer reports that over a dozen GitHub repositories purporting to have proof-of-concept exploits for several newly disclosed flaws including the Windows Remote Access Connection Manager privilege escalation bug, tracked as CVE-2025-59230 have been leveraged to distribute the WebRAT malware since September.

BleepingComputer reports that the MacSync information-stealing malware has been distributed through a code-signed and notarized Swift application, removing the necessity for direct terminal interaction and representing a departure from ClicFix or drag-to-terminal tactics previously used to spread the macOS infostealer.

Attacks involving the Brickstorm malware were noted by the Cybersecurity and Infrastructure Security Agency to continue threatening U.S. infrastructure, Cybersecurity Dive reports.