Sophos Annual Threat Report appendix: Most frequently encountered malware and abused software
These are the tools of the trade Sophos detected in use by cybercriminals over 2024
Similar Posts
SmartLoader Attack Uses Trojanized Oura MCP Server to Deploy StealC Infostealer
Bys sCybersecurity researchers have disclosed details of a new SmartLoader campaign that involves distributing a trojanized version of a Model Context Protocol (MCP) server associated with Oura Health to deliver an information stealer known as StealC. “The threat actors cloned a legitimate Oura MCP Server – a tool that connects AI assistants to Oura Ring health…
SpotBugs Access Token Theft Identified as Root Cause of GitHub Supply Chain Attack
Bys sThe cascading supply chain attack that initially targeted Coinbase before becoming more widespread to single out users of the “tj-actions/changed-files” GitHub Action has been traced further back to the theft of a personal access token (PAT) related to SpotBugs. “The attackers obtained initial access by taking advantage of the GitHub Actions workflow of SpotBugs, a…
Scattered Spider is running a VMware ESXi hacking spree
Bys sBill Toulas reports: Scattered Spider hackers have been aggressively targeting virtualized environments by attacking VMware ESXi hypervisors at U.S. companies in the retail, airline, transportation, and insurance sectors. According to the Google Threat Intelligence Group (GITG), the attackers keep employing their usual tactics that do not include vulnerability exploits but rely on perfectly executed social engineering…
Hackers expose information for 700,000 current and former Chicago students, district says
Bys sMila Koumpilova reports an update to the Clop attack on entities using the Cleo file transfer software. In a ransomware attack last year, Russian hackers stole private information for more than 700,000 current and former Chicago Public Schools students and put it on the dark web, district officials said Friday. According to the district, the…
Cline CLI 2.3.0 Supply Chain Attack Installed OpenClaw on Developer Systems
Bys sIn yet another software supply chain attack, the open-source, artificial intelligence (AI)-powered coding assistant Cline CLI was updated to stealthily install OpenClaw, a self-hosted autonomous AI agent that has become exceedingly popular in the past few months. “On February 17, 2026, at 3:26 AM PT, an unauthorized party used a compromised npm publish token to…
⚡ Weekly Recap: AI Skill Malware, 31Tbps DDoS, Notepad++ Hack, LLM Backdoors and More
Bys sCyber threats are no longer coming from just malware or exploits. They’re showing up inside the tools, platforms, and ecosystems organizations use every day. As companies connect AI, cloud apps, developer tools, and communication systems, attackers are following those same paths. A clear pattern this week: attackers are abusing trust. Trusted updates, trusted marketplaces, trusted…