Latest Cyber-Attack News
رفتن به کانال در Telegram
Latest cybersecurity incidents and malware threats.
نمایش بیشتر2 868
مشترکین
+324 ساعت
+117 روز
+5530 روز
در حال بارگیری داده...
کانالهای مشابه
ابر برچسبها
اشارات ورودی و خروجی
---
---
---
---
---
---
جذب مشترکین
ژوئیه '26
ژوئیه '26
+14
در 0 کانالها
ژوئن '26
+92
در 0 کانالها
Get PRO
مه '26
+36
در 0 کانالها
Get PRO
آوریل '26
+24
در 0 کانالها
Get PRO
مارس '26
+34
در 0 کانالها
Get PRO
فوریه '26
+35
در 0 کانالها
Get PRO
ژانویه '26
+42
در 0 کانالها
Get PRO
دسامبر '25
+91
در 0 کانالها
Get PRO
نوامبر '25
+90
در 0 کانالها
Get PRO
اکتبر '25
+131
در 0 کانالها
Get PRO
سپتامبر '25
+149
در 0 کانالها
Get PRO
اوت '25
+175
در 0 کانالها
Get PRO
ژوئیه '25
+154
در 0 کانالها
Get PRO
ژوئن '25
+126
در 0 کانالها
Get PRO
مه '25
+74
در 0 کانالها
Get PRO
آوریل '25
+162
در 0 کانالها
Get PRO
مارس '25
+103
در 0 کانالها
Get PRO
فوریه '25
+100
در 0 کانالها
Get PRO
ژانویه '25
+96
در 0 کانالها
Get PRO
دسامبر '24
+83
در 0 کانالها
Get PRO
نوامبر '24
+72
در 0 کانالها
Get PRO
اکتبر '24
+80
در 0 کانالها
Get PRO
سپتامبر '24
+73
در 0 کانالها
Get PRO
اوت '24
+90
در 0 کانالها
Get PRO
ژوئیه '24
+89
در 0 کانالها
Get PRO
ژوئن '24
+64
در 0 کانالها
Get PRO
مه '24
+71
در 0 کانالها
Get PRO
آوریل '24
+72
در 0 کانالها
Get PRO
مارس '24
+83
در 0 کانالها
Get PRO
فوریه '24
+73
در 0 کانالها
Get PRO
ژانویه '24
+70
در 0 کانالها
Get PRO
دسامبر '23
+1 478
در 0 کانالها
| تاریخ | رشد مشترکین | اشارات | کانالها | |
| 07 ژوئیه | 0 | |||
| 06 ژوئیه | 0 | |||
| 05 ژوئیه | +3 | |||
| 04 ژوئیه | +2 | |||
| 03 ژوئیه | +1 | |||
| 02 ژوئیه | +4 | |||
| 01 ژوئیه | +4 |
پستهای کانال
Avalon Malware Turns Legal Documents Into CrownX Ransomware
Blackpoint Cyber says it analyzed a new malware framework called Avalon that begins with a spoofed legal-document email and can end with CrownX ransomware. The chain matters because it does not start as an obvious executable attachment. The lure sends the recipient to a password-protected archive, hides the malicious content inside an ISO disk…
https://blog.gridinsoft.com/avalon-crownx-ransomware-legal-lure/
| 2 | FBI Seizes NetNut/Popa Botnet: Check Your TV Box
The FBI has seized domains tied to the NetNut residential proxy platform and the Popa botnet, turning a previously technical proxy-network story into a practical warning for people who own cheap Android TV boxes, unofficial streaming devices, or apps that promise payment for sharing unused bandwidth.
The seizure page cited the NetNut/Popa infrastructure, while…
https://blog.gridinsoft.com/netnut-popa-botnet-fbi-seizure/ | 256 |
| 3 | Fake Software Downloads Push ScreenConnect and AsyncRAT
A recent malware-analysis report ties a fake software download campaign to more than 90 spoofed domains that imitate popular utilities such as OBS Studio, DNS Jumper, DS4Windows, Bandicam and other freeware. The sites deliver archives that appear to contain normal installers, but the chain can install ScreenConnect and then deploy AsyncRAT on the Windows…
https://blog.gridinsoft.com/screenconnect-asyncrat-fake-downloads/ | 234 |
| 4 | Silent Swap Crypto Clipper
McAfee Labs has reported a cryptocurrency-stealing campaign called Silent Swap that installs a fake “Google Notes” extension into Chromium-based browsers and changes wallet addresses copied to the clipboard. The practical risk is simple: a crypto transfer can look normal on screen while the pasted recipient address has already been replaced.
The campaign is not…
https://blog.gridinsoft.com/silent-swap-crypto-clipper-google-notes-extension/ | 259 |
| 5 | StegoAd Edge Extensions Malware: 119 Add-ons Removed
Microsoft says it removed 119 malicious extensions from the Microsoft Edge Add-ons store after uncovering a campaign it calls StegoAd. The extensions looked like normal ad blockers, VPN helpers, translators, and video tools, but Microsoft says they could hide payloads inside image and font files, steal credentials and session cookies, and deliver additional browser…
https://blog.gridinsoft.com/stegoad-edge-extensions-malware/ | 291 |
| 6 | Chrome Native Messaging Backdoor Steals Session Cookies
D3Lab researchers documented a June 2026 malware campaign in Italy that used a fake invoice email to install a malicious Google Chrome extension and a Native Messaging Host on Windows. The important risk is not only browser spying: the extension, named Cloud vn105rkj64 in the analysis, could pass commands through Native Messaging and…
https://blog.gridinsoft.com/chrome-native-messaging-cookie-backdoor/ | 396 |
| 7 | Onelogon Netlogon Attack: Check AD Allow-Lists Now
Security researchers from Ruhr University Bochum and CASA have published Onelogon, a Netlogon authentication-bypass technique that matters most to Active Directory environments with old vulnerable-channel exceptions still enabled. The practical question is not whether every Windows user is exposed. It is whether a domain still allows legacy Netlogon secure-channel behavior through an…
https://blog.gridinsoft.com/onelogon-netlogon-attack-ad-allow-list/ | 404 |
| 8 | GTA 6 Early Access Scam
Fake GTA 6 early-access pages are trying to turn the game’s long wait into a crypto-payment trap. The offer usually promises a VIP preview, an exclusive download, or a way to play Grand Theft Auto VI before everyone else. The practical answer is simple: there is no legitimate public early access for GTA…
https://blog.gridinsoft.com/gta-6-early-access-scam/ | 342 |
| 9 | WhatsApp VBS Trap Installs Remote Access Tool
Kaspersky researchers say an active WhatsApp campaign is sending malicious Visual Basic Script files that look like invoices, account statements, debt notices, or other business documents. The practical risk is not the chat message itself; it is opening the downloaded .vbs attachment on a Windows PC, where the script can start a multi-stage…
https://blog.gridinsoft.com/whatsapp-vbscript-rmm-malware/ | 311 |
| 10 | OXLOADER Malware: Fake Node.js Ads Drop CastleStealer
A fake Node.js sponsored search result has been tied to a Windows malware chain that starts with OXLOADER and ends with the CastleStealer infostealer. Elastic Security Labs documented the campaign, and the useful lesson is not only the new family name: a normal-looking software ad can start a batch script, PowerShell…
https://blog.gridinsoft.com/oxloader-castlestealer-fake-nodejs-ads/ | 298 |
| 11 | Aviator Predictor Malware
Aviator Predictor apps and similar “crypto sniper” tools are risky because the promise is built around trust you cannot verify: guaranteed wins, easy wallet profit, fake stars, copied download counts, and videos that look more convincing than the software itself. In a recent campaign analyzed by Check Point Research, that fake reputation led users…
https://blog.gridinsoft.com/aviator-predictor-malware/ | 375 |
| 12 | Phantom Stealer RFQ Phishing
Phantom Stealer is being pushed through fake request-for-quote emails that hide Windows script execution behind a normal business attachment. Fortra’s June 16 report says the observed sample arrived as a RAR archive, unpacked a batch file named 2026REQUEST_FOR_QUOTE.bat, launched obfuscated PowerShell, and then moved into in-memory credential theft.
The practical risk is…
https://blog.gridinsoft.com/phantom-stealer-rfq-phishing/ | 338 |
| 13 | Social Security Statement Email Scam Uses ScreenConnect
A fake Social Security Statement email we analyzed did not stop at credential phishing. The message pushed the reader through a fake document viewer and delivered ScreenConnect.ClientSetup.exe, a remote-access client that can give an outside operator control of the affected PC. In this June 2026 sample, the lure used the subject…
https://blog.gridinsoft.com/social-security-statement-screenconnect-scam/ | 381 |
| 14 | CryptoBandits.A USB Clipper
Microsoft says Trojan:Win32/CryptoBandits.A is part of a Windows crypto-clipper campaign that has been active since February 2026 and spreads through malicious USB shortcut files. The practical risk is direct: a user opens what looks like a normal document shortcut, the malware stages a worm and stealer, then monitors the clipboard for wallet addresses,…
https://blog.gridinsoft.com/trojan-win32-cryptobandits-usb-crypto-clipper/ | 327 |
| 15 | Tiflux RMM Malware: Unauthorized Remote Access Cleanup
Tiflux RMM is not malware by itself, but an unexpected Tiflux install after a service-agreement or secured-document email should be treated as unauthorized remote access. In the campaign Huntress documented, a signed MSI installer named Network Solutions Agreement.msi installed Tiflux components, then the activity expanded into remote-control tooling such as Splashtop, ScreenConnect, and…
https://blog.gridinsoft.com/tiflux-rmm-malware-removal/ | 352 |
| 16 | Potemkin Loader Turns ClickFix Into 11-Host Intrusion
Huntress says a recent ClickFix intrusion began with a fake verification prompt and ended with Potemkin Loader, RMMProject, and EtherRAT activity across more than 11 hosts. The important part is not the prompt itself; it is what happened after the user pasted a command into the Windows Run dialog. The first system became a…
https://blog.gridinsoft.com/potemkin-loader-clickfix-rmmproject/ | 348 |
| 17 | Fake Slack Download Malware: Hidden Desktop Cleanup
A fake Slack download is not a Slack problem; it is a source-verification problem. Slack is legitimate software, but a lookalike download from an unfamiliar domain can install the real app while a second loader works in the background. In the slacks[.]pro campaign reported in April 2026, the file name looked like a normal…
https://blog.gridinsoft.com/fake-slack-download-malware/ | 426 |
| 18 | Fake FACEIT Steam Login Scam
A convincing fake FACEIT verification page is using a copied Steam sign-in window to steal gamer accounts, Steam Guard codes, and valuable CS2 items. Malwarebytes reported the campaign on June 12, 2026, after finding lookalike verification domains that push players toward a fake “Sign in through Steam” flow instead of the real Steam login…
https://blog.gridinsoft.com/faceit-steam-login-scam/ | 435 |
| 19 | TikTok Tutorials Push Vidar Stealer Through PowerShell
Short-form tutorials on TikTok and Instagram Reels are being used as a malware delivery channel, with videos promising free Spotify Premium, Windows activation, Microsoft Office, or similar shortcuts. ReversingLabs reported two active social-video lure patterns on June 9, 2026: one pushes viewers toward suspicious download pages, while another walks them through copy-pasting PowerShell commands…
https://blog.gridinsoft.com/tiktok-vidar-powershell-videos/ | 416 |
| 20 | FlutterShell Backdoor on Mac: Operation FlutterBridge Cleanup Guide
FlutterShell is a macOS backdoor reported in the Operation FlutterBridge malvertising campaign. If you installed a Mac app such as a podcast player or PDF tool from a sponsored result, YouTube ad, or unfamiliar download page, treat the Mac as potentially exposed until you check the app, Chrome settings, Login Items, LaunchAgents,…
https://blog.gridinsoft.com/fluttershell-mac-backdoor/ | 379 |
اکنون در دسترس! پژوهش تلگرام ۲۰۲۵ — مهمترین بینشهای سال 
