#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News
Salesforce Security Handbook

Malware | Breaking Cybersecurity News | The Hacker News

Category — Malware
ShadowRay 2.0 Exploits Unpatched Ray Flaw to Build Self-Spreading GPU Cryptomining Botnet

ShadowRay 2.0 Exploits Unpatched Ray Flaw to Build Self-Spreading GPU Cryptomining Botnet

Nov 20, 2025 Vulnerability / Cloud Computing
Oligo Security has warned of ongoing attacks exploiting a two-year-old security flaw in the Ray open-source artificial intelligence (AI) framework to turn infected clusters with NVIDIA GPUs into a self-replicating cryptocurrency mining botnet. The activity, codenamed ShadowRay 2.0 , is an evolution of a prior wave that was observed between September 2023 and March 2024. The attack, at its core, exploits a critical missing authentication bug (CVE-2023-48022, CVSS score: 9.8) to take control of susceptible instances and hijack their computing power for illicit cryptocurrency mining using XMRig. The vulnerability has remained unpatched due to a " long-standing design decision " that's consistent with Ray's development best practices, which requires it to be run in an isolated network and act upon trusted code. The campaign involves submitting malicious jobs, with commands ranging from simple reconnaissance to complex multi-stage Bash and Python payloads, to an una...
Tsundere Botnet Expands Using Game Lures and Ethereum-Based C2 on Windows

Tsundere Botnet Expands Using Game Lures and Ethereum-Based C2 on Windows

Nov 20, 2025 Botnet / Malware
Cybersecurity researchers have warned of an actively expanding botnet dubbed Tsundere that's targeting Windows users. Active since mid-2025, the threat is designed to execute arbitrary JavaScript code retrieved from a command-and-control (C2) server, Kaspersky researcher Lisandro Ubiedo said in an analysis published today. There are currently no details on how the botnet malware is propagated; however, in at least one case, the threat actors behind the operation are said to have leveraged a legitimate Remote Monitoring and Management (RMM) tool as a conduit to download an MSI installer file from a compromised site. The names given to the malware artifacts – Valorant, r6x (Rainbow Six Siege X), and cs2 (Counter-Strike 2) – also suggest that the implant is likely being disseminated using lures for games. It's possible that users searching for pirated versions of these games are the target. Regardless of the method used, the fake MSI installer is designed to install Node.js...
ThreatsDay Bulletin: 0-Days, LinkedIn Spies, Crypto Crimes, IoT Flaws and New Malware Waves

ThreatsDay Bulletin: 0-Days, LinkedIn Spies, Crypto Crimes, IoT Flaws and New Malware Waves

Nov 20, 2025 Cybersecurity / Hacking News
This week has been crazy in the world of hacking and online security. From Thailand to London to the US, we've seen arrests, spies at work, and big power moves online. Hackers are getting caught. Spies are getting better at their jobs. Even simple things like browser add-ons and smart home gadgets are being used to attack people. Every day, there's a new story that shows how quickly things are changing in the fight over the internet. Governments are cracking down harder on cybercriminals. Big tech companies are rushing to fix their security. Researchers keep finding weak spots in apps and devices we use every day. We saw fake job recruiters on LinkedIn spying on people, huge crypto money-laundering cases, and brand-new malware made just to beat Apple's Mac protections. All these stories remind us: the same tech that makes life better can very easily be turned into a weapon. Here's a simple look at the biggest cybersecurity news happening right now — from the hidde...
cyber security

New Webinar: How Phishing Attacks Evolved in 2025

websitePush SecurityOnline Security / Phishing Detection
Get the latest phishing insights with key stats, phish kit demo's, and real-world case studies from 2025.
cyber security

Zscaler achieved highest rating in the independent SSE Threat Protection testing from CyberRatings. Compare the results.

websiteZscalerZero Trust / Endpoint Security
Zscaler Zero Trust Exchange achieves 100% in Overall Security Effectiveness for the second year in a row plus 100% in Malware and Exploit Block rates
New Sturnus Android Trojan Quietly Captures Encrypted Chats and Hijacks Devices

New Sturnus Android Trojan Quietly Captures Encrypted Chats and Hijacks Devices

Nov 20, 2025 Malware / Mobile Security
Cybersecurity researchers have disclosed details of a new Android banking trojan called Sturnus that enables credential theft and full device takeover to conduct financial fraud. "A key differentiator is its ability to bypass encrypted messaging," ThreatFabric said in a report shared with The Hacker News. "By capturing content directly from the device screen after decryption, Sturnus can monitor communications via WhatsApp, Telegram, and Signal." Another notable feature is its ability to stage overlay attacks by serving fake login screens atop banking apps to capture victims' credentials. According to the Dutch mobile security company, Sturnus is privately operated and is currently assessed to be in the evaluation stage. Artifacts distributing the banking malware are listed below - Google Chrome ("com.klivkfbky.izaybebnx") Preemix Box ("com.uvxuthoq.noscjahae") The malware has been designed to specifically single out financial inst...
TamperedChef Malware Spreads via Fake Software Installers in Ongoing Global Campaign

TamperedChef Malware Spreads via Fake Software Installers in Ongoing Global Campaign

Nov 20, 2025 Malvertising / Artificial Intelligence
Threat actors are leveraging bogus installers masquerading as popular software to trick users into installing malware as part of a global malvertising campaign dubbed TamperedChef . The end goal of the attacks is to establish persistence and deliver JavaScript malware that facilitates remote access and control, per a new report from Acronis Threat Research Unit (TRU). The campaign , per the Singapore-headquartered company, is still ongoing, with new artifacts being detected and associated infrastructure remaining active. "The operator(s) rely on social engineering by using everyday application names, malvertising, Search Engine Optimization (SEO), and abused digital certificates that aim to increase user trust and evade security detection," researchers Darrel Virtusio and Jozsef Gegeny said. TamperedChef is the name assigned to a long-running campaign that has leveraged seemingly legitimate installers for various utilities to distribute an information stealer malware of...
c
Expert Insights Articles Videos
Cybersecurity Resources