RedLine Stealer | Breaking Cybersecurity News | The Hacker News

A popular open-source game engine called Godot Engine is being misused as part of a new GodLoader malware campaign, infecting over 17,000 systems since at least June 2024. "Cybercriminals have been taking advantage of Godot Engine to execute crafted GDScript code which triggers malicious commands and delivers malware," Check Point said in a new analysis published Wednesday. "The technique remains undetected by almost all antivirus engines in VirusTotal." It's no surprise that threat actors are constantly on the lookout for new tools and techniques that can help them deliver malware while sidestepping detection by security controls, even as defenders continue to erect new guardrails. The newest addition is Godot Engine , a game development platform that allows users to design 2D and 3D games across platforms , including Windows, macOS, Linux, Android, iOS, PlayStation, Xbox, Nintendo Switch, and the web. The multi-platform support also makes it an attract...

A new information stealer has been found leveraging Lua bytecode for added stealth and sophistication, findings from McAfee Labs reveal. The cybersecurity firm has assessed it to be a variant of a known malware called RedLine Stealer owing to the fact that the command-and-control (C2) server  IP address  has been previously identified as associated with the malware. RedLine Stealer,  first documented  in March 2020, is typically delivered via email and malvertising campaigns, either directly or via  exploit kits  and loader malware like  dotRunpeX  and  HijackLoader . The off-the-shelf malware is capable of harvesting information from cryptocurrency wallets, VPN software, and web browsers, such as saved credentials, autocomplete data, credit card information, and geolocations based on the victims' IP addresses. Over the years, RedLine Stealer has been co-opted by several threat actors into their attack chains, making it a prevalent strai...

The LodaRAT malware has resurfaced with new variants that are being deployed in conjunction with other sophisticated malware, such as RedLine Stealer and Neshta. "The ease of access to its source code makes LodaRAT an attractive tool for any threat actor who is interested in its capabilities," Cisco Talos researcher Chris Neal  said  in a write-up published Thursday. Aside from being dropped alongside other malware families, LodaRAT has also been observed being delivered through a previously unknown variant of another commodity trojan called  Venom RAT , which has been codenamed S500. An AutoIT-based malware, LodaRAT (aka  Nymeria ) is attributed to a group called Kasablanca and is capable of harvesting sensitive information from compromised machines. In February 2021, an  Android version  of the malware sprang forth as a way for the threat actors to expand their attack surface. Then in September 2022, Zscaler ThreatLabz uncovered a new delivery mecha...

Artificial intelligence is driving a massive shift in enterprise productivity, from GitHub Copilot's code completions to chatbots that mine internal knowledge bases for instant answers. Each new agent must authenticate to other services, quietly swelling the population of non‑human identities (NHIs) across corporate clouds. That population is already overwhelming the enterprise: many companies now juggle at least 45 machine identities for every human user . Service accounts, CI/CD bots, containers, and AI agents all need secrets, most commonly in the form of API keys, tokens, or certificates, to connect securely to other systems to do their work. GitGuardian's State of Secrets Sprawl 2025 report reveals the cost of this sprawl: over 23.7 million secrets surfaced on public GitHub in 2024 alone. And instead of making the situation better, repositories with Copilot enabled the leak of secrets 40 percent more often .  NHIs Are Not People Unlike human beings logging into systems, ...