GlassWorm Malware Returns With 73 Sleeper Extensions
Developers who use VS Code-compatible editors have a new threat to watch out for. GlassWorm malware has resurfaced in a fresh wave of attacks, this time through 73 fake extensions planted inside the OpenVSX marketplace. The extensions looked completely clean at upload. Then, after collecting installs, they received silent updates that activated hidden malware. It is a calculated tactic —
Itron Cyberattack: Utility Firm Discloses Internal IT Breach
A cyberattack has hit one of the most quietly critical companies in the global utility sector. Itron, Inc., a Washington-based technology firm whose smart meters and data platforms underpin electricity, gas, and water systems across 100+ countries, has confirmed that unauthorized attackers accessed its internal IT network in April 2026. The Itron cyberattack came to light through a formal regulatory
Firestarter Malware Hides on Cisco Firewalls After Patching
A dangerous backdoor called Firestarter malware is persisting on Cisco network security devices even after administrators apply security patches and reboot their systems. U.S. and British cybersecurity agencies issued a joint warning this week, revealing that the implant has been found on a federal government network and can outlast standard remediation efforts. For organizations that rely on Cisco firewalls to
Trigona Ransomware Returns With Custom Data Theft Tool
Trigona ransomware is back, and it has upgraded its playbook. New attacks observed in March 2026 show the group using a purpose-built data theft tool — one designed specifically to fly under the radar of modern security software. The shift marks one of the more technically significant developments in the ransomware landscape this year, and it raises a serious question:
Kyber Ransomware Hits Windows and VMware With PQC Twist
A new cyber threat is making waves in the security community — and it comes with a bold claim. Kyber ransomware has emerged as a cross-platform operation hitting both Windows file servers and VMware ESXi infrastructure, with operators advertising post-quantum encryption as part of their attack. The reality, however, is more complicated than the ransom note suggests. Two Variants, One
Lotus Wiper Malware Targets Venezuela’s Energy Sector
A newly discovered cyberweapon is raising serious concerns about the security of critical infrastructure. Lotus Wiper malware was deployed against energy and utility organizations in Venezuela in late 2025, and unlike most malicious software, it was built for one purpose: permanent destruction. There was no ransom demand, no data theft, and no path to recovery. Once Lotus Wiper malware executes,
NGate Android Malware Steals Card Data via HandyPay
A dangerous piece of Android malware is back with a new disguise. NGate, which security researchers first identified in 2024, now poses as a legitimate NFC payment app called HandyPay. Once installed, it silently captures data from the victim's physical bank card and sends it straight to an attacker waiting at an ATM. No card theft required. The NGate Android
ZionSiphon Malware Targets Israel’s Water Supply
A newly discovered piece of malware is raising serious alarms about the security of critical water infrastructure. Called ZionSiphon malware, it was built with one goal: to infiltrate and sabotage water treatment and desalination systems in Israel. Researchers at AI-powered cybersecurity firm Darktrace uncovered the threat and published a detailed analysis of its capabilities, its targets, and the political messaging
AgingFly Malware Hits Ukrainian Hospitals and Government
A newly discovered threat called AgingFly malware has been striking Ukrainian hospitals, emergency services, and local government bodies in a campaign that ran from March through April 2026. The attacks, identified by Ukraine's Computer Emergency Response Team (CERT-UA), are designed to steal login credentials, extract sensitive data from messaging apps, and hand attackers full remote control over infected systems. The
Storm Infostealer Hijacks Sessions Without Touching Passwords
A new malware called Storm infostealer appeared on criminal underground markets in early 2026, and it works differently from anything most security tools are built to catch. Instead of decrypting stolen browser data on the victim's machine, Storm ships the encrypted data to attacker-controlled servers and decrypts it there. Defenders have no visibility into that infrastructure. By the time the
