hackers

Tech Optimizer
July 6, 2026
Check Point Research has identified a public relations-style campaign by hackers to distribute a Rust clipboard hijacker disguised as legitimate software, targeting both Windows and macOS. The malware monitors clipboard activity for cryptocurrency wallet addresses and replaces them with those of the attackers, leading victims to send funds to the hackers. The threat actors use a phishing page as a hub, promote projects on GitHub and SourceForge through fake accounts, and operate a YouTube channel with AI-generated narrators to create a false sense of credibility.
Tech Optimizer
July 3, 2026
Cybercriminals are using a sophisticated method to bypass security measures by embedding malware within the VLC media player. This campaign exploits VLC to install ValleyRAT, a remote access trojan, through phishing emails that contain links to download a seemingly harmless file. Once the file is opened, it activates a hidden backdoor that evades detection by antivirus solutions. The malware has been active since 2023, with a significant increase in activity noted through 2025 and into 2026, particularly targeting Chinese and Japanese-speaking users. The infection process begins when a victim clicks a link in a phishing email, leading to a ZIP archive containing a disguised executable and a malicious DLL (libvlc.dll). The executable mimics a legitimate VLC file, and when executed, it loads the DLL, allowing the malware to run under the guise of VLC. The malware establishes persistence by creating a registry entry and connects to a remote server to retrieve the final payload. ValleyRAT employs evasion tactics to avoid detection, such as performing checks on system behavior and using a fileless approach to inject its payload directly into memory, avoiding storage on disk. Researchers recommend training employees to recognize suspicious filenames and deploying endpoint detection tools to identify DLL sideloading behavior. For organizations affected by this campaign, isolating compromised systems and reviewing security logs are critical initial steps. Indicators of compromise include a malicious email domain, a ZIP archive containing a fake VLC executable, and a download URL for ValleyRAT.
TrendTechie
July 2, 2026
The hacker known as voices38 has breached the Denuvo protection system in the game 007 First Light, which was released on May 27, 2026, approximately two weeks before the hack was reported. Voices38's method is a conventional executable "crack" that does not require users to disable security mechanisms, making it more user-friendly than previous attempts by the group DenuvOwO. Voices38 has also successfully bypassed protections in other high-profile games, including Pragmata, Stellar Blade, Resident Evil: Requiem, and Mafia: The Old Country. The effectiveness of DRM solutions like Denuvo is being questioned as hackers develop more sophisticated methods to breach these systems.
AppWizard
June 18, 2026
Treyarch announced that Call of Duty: Black Ops (2010) and Call of Duty: Black Ops 2 (2012) will be ported to PlayStation platforms, likely for PS4 and PS5, starting in July. Iron Galaxy Studios will handle the modernization of these titles. The games have been available on Xbox One and Xbox Series X|S since 2016 through Microsoft's Backwards Compatibility Program. There are uncertainties about whether existing PS3 owners will access the new versions for free or transfer their progress. The new ports are expected to integrate with the existing server network. Xbox and PC players have expressed frustration over issues with Black Ops and Black Ops 2 on Xbox, including a locked 720p resolution and hacking problems, as well as the absence of these titles on Xbox Game Pass.
Winsage
June 17, 2026
Google, in collaboration with Back Market, is offering a USB memory stick that allows users to install the free ChromeOS Flex operating system on their existing PCs and Macs. This initiative aims to provide a cost-effective alternative for Windows 10 users, especially after Microsoft ceased support for the operating system in October 2022. The USB kits, designed for easy installation, have sold out quickly since their launch. ChromeOS Flex offers essential security updates and is designed to run on hardware originally intended for Windows and macOS, although it does not support Android apps or Windows virtual machines. The initiative also emphasizes environmental benefits by extending the life of existing devices and reducing e-waste.
AppWizard
June 15, 2026
A trojan named Android.MagicAd.1 has been identified as a significant threat to Android users, capable of delivering persistent background advertisements by circumventing built-in defenses. Detected in 2025, it has spread through over 50 infected games and utility applications, infiltrating both dubious download sites and official app stores like the Samsung Galaxy Store and Xiaomi’s GetApps. The malware employs a strategy of rotating applications to evade detection, remaining active on user devices after download. It uses hidden, encrypted components within native code libraries and conducts environment checks to avoid monitoring before launching its payload. Android.MagicAd.1 bypasses Android's restrictions by targeting trusted system applications, utilizing methods that vary by device manufacturer. For example, it uses a delayed system command on Xiaomi and Amazon devices, exploits Android Binder on Vivo devices, and employs a universal fallback method for other brands to gain priority for displaying ads. All identified malicious applications have been removed from official stores, but the campaign highlights the vulnerability of security software.
Winsage
June 12, 2026
OnyxC2 is a sophisticated credential stealer available for a subscription fee of 0 per month, distributed through disguised lures such as fake Windows updates and legitimate software installers. It functions as a commercial product with features like an automated payload builder, tiered licensing, and a centralized web dashboard. The malware boasts a 99% detection-evasion rate, successfully evading major antivirus solutions during tests. It is developed in C++, utilizing direct system calls and mutating with each build to avoid detection. OnyxC2 collects data from around 210 applications, targeting 45 web browsers, password managers, cryptocurrency wallets, and FTP clients. The malware is delivered using DLL sideloading, where a password-protected archive contains a legitimate application and a malicious DLL. The attacker's DLL is disguised by inflating its size and is loaded by a trusted binary. The malicious code remains encrypted on disk and decrypts in memory to evade analysis. OnyxC2 communicates with a Cloudflare-fronted command-and-control server to manage infected hosts and execute commands like hardware registration and cookie uploads. The threat extends to business environments, targeting FTP and email clients, with stolen session cookies allowing ongoing access to corporate infrastructure. Implementing anti-data exfiltration controls is recommended as a mitigation strategy.
AppWizard
June 9, 2026
Old-school gaming consoles are seeing a resurgence, but hackers are exploiting this trend with a malware campaign called "WeedHack," which emerged in January. This malware operates on a "Malware-as-a-Service" model, allowing users to purchase it to infect victims. WeedHack functions as a remote access infostealer, compromising computers to manipulate screens, access webcams, and steal sensitive data. It propagates by enticing users with unofficial "Minecraft" mods and clients, often using videos and download links as bait. Additionally, it employs "SEO poisoning" to promote fake websites as legitimate sources for these mods on platforms like Discord and Reddit. WeedHack disguises itself as a JAR file, similar to the official "Minecraft" client, and once executed, it installs its payload from Ethereum server domains. It can insert itself into antivirus exclusion lists, evading detection, and McAfee's tests show that Windows Defender is ineffective against it. The malware collects extensive information, including Wi-Fi networks and browser cookies, and grants hackers complete control over infected computers. The WeedHack virus serves as both malware and a training ground for aspiring hackers, structured into two tiers: a free version with core capabilities and a paid subscription for advanced features. A community has formed around WeedHack, offering tutorials, a Discord server, and a website for feature requests and custom payload creation. This community aspect lowers the barrier for newcomers, particularly targeting a younger audience that may not understand online safety.
Search