Malware

The attack impacted 10 of the country's 11 regional water basin administrations, including Oradea, Cluj, Iași, Siret, and Buzău.

The "lotusbail" package, downloaded over 56,000 times since May 2025, operates by wrapping the WebSocket client used for WhatsApp API interactions.

Attacks started in a malicious npm package hosted on GitHub or GitLab, according to Darktrace.

Amadey used a modified base64 algorithm to obfuscate strings to target browser credentials and cryptocurrency transactions.

The Wonderland malware, formerly known as WretchedCat, facilitates real-time command execution and SMS theft, masquerading as Google Play or common file types.

This campaign utilizes a commodity loader that shares common features with other attack campaigns, suggesting a unified malware delivery framework used by multiple high-capability threat actors.

Fake software distribution sites and hacked YouTube accounts have been leveraged to spread the upgraded CountLoader and novel GachiLoader malware loaders, respectively, The Hacker News reports.

New malware attack campaign involves widely used sophisticated loader Manufacturing and government organizations in Europe and the Middle East have been targeted by a novel malware attack campaign that harnessed obfuscation and User Account Control bypass to facilitate the deployment of a sophisticated commodity loader leveraged by other threat operations to deliver information-stealing payloads and remote access trojans, according to The Cyber Express.