Malware

The attackers create convincing fake Zoom video call websites using AI-generated headshots and semi-animated videos.

More refined obfuscation tactics have been leveraged in a new multi-stage malware campaign targeted at the employees of Pakistan's Punjab Safe Cities Authority and Punjab Police Integrated Command, Control & Communication Centre, GBHackers News reports.

The latest Vidar campaign leverages social engineering, exploiting a recent Claude Code leak by setting up fake GitHub repositories.

A new cluster of 73 extensions impersonating legitimate projects has been tied to the GlassWorm campaign.

The campaign, attributed with high confidence to the persistent threat group Tropic Trooper, utilizes a custom AdaptixC2 Beacon listener with GitHub as its command-and-control platform, according to Zscaler ThreatLabz.

Fast16, referenced in a 2005 ShadowBrokers leak of NSA tools, utilized a Lua 5.0 virtual machine embedded within a service binary, "svcmgmt.exe," which controlled a kernel driver named "fast16.sys."

Dragos technical lead malware analyst Jimmy Wylie said threat groups that had launched intrusions targeting critical infrastructure, such as water treatment facilities, are more concerning compared with the recently reported ZionSiphon malware targeting Israeli water facilities, reports CyberScoop.