The Hacker News

XWorm 6.0 Returns with 35+ Plugins and Enhanced Data Theft Capabilities

XWorm V6.0 is designed to connect to its C2 server at 94.159.113 [.]64 on port 4411 and supports a command called "plugin" to run more than 35 DLL payloads on the infected host's memory and carry out ...

XWorm malware resurfaces with ransomware module, over 35 plugins

New versions of the XWorm backdoor are being distributed in phishing campaigns after the original developer, XCoder, abandoned the project last year.
Krebs on Security

ShinyHunters Wage Broad Corporate Extortion Spree

A cybercriminal group that used voice phishing attacks to siphon more than a billion records from Salesforce customers earlier this year has launched a website that threatens to publish data stolen ...
WeLiveSecurity

New spyware campaigns target privacy-conscious Android users in the UAE

ESET researchers have discovered campaigns distributing spyware disguised as Android Signal and ToTok apps, targeting users in the United Arab Emirates.
Infosecurity Magazine

Chinese-Speaking Cybercrime Group Hijacks IIS Servers for SEO Fraud

Cisco Talos has identified a Chinese-speaking cybercrime group that targets high-value Internet Information Services (IIS) for SEO fraud ...

Android spyware campaigns impersonate Signal and ToTok messengers

Two new spyware campaigns that researchers call ProSpy and ToSpy lured Android users with fake upgrades or plugins for the Signal and ToTok messaging apps to steal sensitive data.