Security news aggregator

Latest coverage for Malware

Stay informed on the latest malware threats. Explore news, analysis, and insights on malicious software that targets data security. Stay safe online.

58 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

Malware is a contraction of "malicious software," which encompasses a variety of software programs designed with the intent to harm, exploit, or otherwise negatively affect computers, servers, networks, and computer systems. In the realm of information security, malware represents one of the most pervasive and challenging threats.

Malware comes in multiple forms, including viruses, worms, spyware, trojan horses, ransomware, and adware, among others. Each type has a unique behavior but shares the common goal of disrupting operations, stealing sensitive information, gaining unauthorized access to system resources, and potentially causing significant damage to data and infrastructure.

In the context of information security, the presence of malware can compromise the confidentiality, integrity, and availability of information. It can also lead to financial losses, damage to an organization's reputation, and legal consequences. Information security strategies, therefore, prioritize the prevention, detection, and removal of malware to safeguard information assets from these malicious threats.

Volume over time

Weekly headline count for the current query.

Showing 20 most recent headlines of 58 Filtered view
Security Affairs 3 days, 9 hours ago

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 99

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter Ghost CMS Mass Compromised via CVE-2026-26980, Now Fueling ClickFix Attacks   TrapDoor Crypto Stealer Supply Chain Attack Hits 34 Packages and Hundreds of Versions Across npm, PyPI, and Crates.io   RemotePE: The Lazarus RAT that lives […]

More from Security Affairs 1 Jun 2026, 2:53 a.m. Incident · 2 stories CVE-2026-26980 CVE Compromise Cryptocurrency Malware Node.js Remote Access Trojan Research Supply Chain

Threat actors are exploiting a critical FortiClient EMS flaw, tracked as CVE-2026-35616, to deploy malware on unpatched systems. Threat actors are exploiting a critical FortiClient EMS vulnerability, tracked as CVE-2026-35616 (CVSS score of 9.1), that allows remote code execution without authentication. Fortinet released fixes in April after confirming zero-day attacks in the wild and urged […]

More from Security Affairs 29 May 2026, 4:05 a.m. Incident · 10 stories Actively exploited CVE-2026-35616 0-Day Authentication CVE Critical Flaw Fortinet Malware Patch Remote Code Execution Theft Threat Actor Vulnerability

The Russia-linked state-sponsored threat actor known as APT28 (aka UAC-0001) has been attributed to attacks exploiting a newly disclosed security flaw in Microsoft Office as part of a campaign codenamed Operation Neusploit

More from The Hacker News 3 Feb 2026, 10:12 p.m. Actively exploited CVE-2026-21509 CVE Disclosure Flaw Hacking Malware Microsoft Microsoft Office Nation State Russia Threat Actor Ukraine Zscaler
Bank Info Security 5 months, 2 weeks ago

Nation-State and Cybercrime Exploits Tied to React2Shell

2 More Vulnerabilities Need Patching in React Server Components, Warns VercelMass exploitation of the "React2Shell" - CVE-2025-55182 - vulnerability remains underway by nation-state hackers tied to China, North Korea and Iran, as well as financially motivated cybercriminals running everything from cryptomining malware to DDoS services, security experts warn.

More from Bank Info Security 16 Dec 2025, 6:30 a.m. Actively exploited CVE-2025-55182 CVE China Cryptocurrency DoS Exploit Iran Malware Nation State North Korea Vulnerability Warning
Bleeping Computer 6 months, 3 weeks ago

Hackers exploited Citrix, Cisco ISE flaws in zero-day attacks

An advanced threat actor exploited the critical vulnerabilities "Citrix Bleed 2" (CVE-2025-5777) in NetScaler ADC and Gateway, and CVE-2025-20337 affecting Cisco Identity Service Engine (ISE) as zero-days to deploy custom malware. [...]

More from Bleeping Computer 13 Nov 2025, 3:00 a.m. Actively exploited CVE-2025-5777 CVE-2025-20337 0-Day CVE Cisco Citrix Critical Flaw Malware Threat Actor Vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday released details of two sets of malware that were discovered in an unnamed organization's network following the exploitation of security flaws in Ivanti Endpoint Manager Mobile (EPMM)

More from The Hacker News 19 Sep 2025, 4:10 p.m. Actively exploited CVE-2025-4427 CVE-2025-4428 America CISA CVE Compromise Flaw Malware Mobile Threat Actor Warning

Cybersecurity researchers have discovered a new ransomware strain dubbed HybridPetya that resembles the notorious Petya/NotPetya malware, while also incorporating the ability to bypass the Secure Boot mechanism in Unified Extensible Firmware Interface (UEFI) systems using a now-patched vulnerability disclosed earlier this year

More from The Hacker News 12 Sep 2025, 11:50 p.m. CVE-2024-7344 Antivirus Bypass CVE Disclosure Exploit Firmware Malware Patch Ransomware Research Vulnerability

Researchers have released a report detailing how a recent WinRAR path traversal vulnerability tracked as CVE-2025-8088 was exploited in zero-day attacks by the Russian 'RomCom' hacking group to drop different malware payloads. [...]

More from Bleeping Computer 12 Aug 2025, 6:05 a.m. Actively exploited CVE-2025-8088 0-Day CVE Hacking Infection Malware Report Research Russia Vulnerability