Discover the roles of AI in cloud security, from the limitations of traditional approaches to how AI fills the gap, in this comprehensive guide.

Why Even Advanced Detection Engines Miss Adaptive Malware—and How to Fight Back

Stopping malware isn’t about catching one-off alerts. It’s about finding and shutting down the persistence that keeps them in your systems. Here’s how Huntress found, fought, and drop-kicked malware that others missed.

Researchers have build a new tool to spot malware exploiting phone accessibility features and help users remove it. Accessibility features like screen readers and voice-to-text have made smartphones more...

 Cybersecurity experts have discovered ransomware hidden within two Visual Studio Code (VSCode) Marketplace extensions, raising concerns about Microsoft’s ability to detect malicious software in its platform. The compromised extensions, named “ahban.shiba” and “ahban.cychelloworld,” were downloaded by users before security researchers flagged them and they were subsequently removed.  Despite Microsoft’s security measures, the extensions remained publicly accessible for a significant period, highlighting potential gaps in the company’s review process. The “ahban.cychelloworld” extension was first uploaded on October 27, 2024, followed by “ahban.shiba” on February 17, 2025. The VSCode Marketplace, designed to provide developers with additional tools for Microsoft’s popular coding platform, has come under scrutiny for failing to identify these threats.  Researchers at ReversingLabs determined that both extensions included a PowerShell script that connected to a remote Amazon Web Services (AWS) server to download further malicious code. This secondary payload functioned as ransomware, though evidence suggests it was still in a testing phase.  Unlike traditional ransomware that encrypts entire systems, this malware specifically targeted files stored in C:\users%username%\Desktop\testShiba.  Once the encryption was complete, victims received a Windows notification stating: “Your files have been encrypted. Pay 1 ShibaCoin to ShibaWallet to recover them.” However, no further instructions or payment details were provided, suggesting the malware was not yet fully developed.   Although Microsoft eventually removed the extensions, security researcher Italy Kruk from ExtensionTotal disclosed that their automated detection system had identified the malicious code much earlier. Kruk stated that they had alerted Microsoft about the issue but received no response. Further analysis revealed that the initial version of “ahban.cychelloworld” was clean, but the ransomware was introduced in version 0.0.2, which was released on November 24, 2024. ExtensionTotal flagged this version to Microsoft on November 25, yet the extension remained available for months.  During this time, five more versions were uploaded, all containing the same ransomware. This case has intensified concerns about Microsoft’s ability to monitor third-party extensions effectively. The security lapse within the VSCode Marketplace highlights the risk developers face when downloading extensions, even from official sources. Microsoft has previously faced criticism for both slow responses to security threats and for mistakenly removing non-malicious extensions.  A notable example involved two popular VSCode themes, ‘Material Theme – Free’ and ‘Material Theme Icons – Free,’ which were taken down due to suspected obfuscated JavaScript. However, after further review, Microsoft determined the extensions were safe, reinstated them, and apologized, promising improvements to its security screening process. The presence of ransomware in widely used developer tools underscores the need for stronger security measures. Developers must stay cautious, regularly update security protocols, and carefully evaluate third-party extensions before installing them, even when they come from official platforms like the VSCode Marketplace.

Wee Ki Joon, an intern at the ISC as part of the SANS.edu Applied Cybersecurity Bachelor's Degree Program (BACS), published an article on March 26 about using Convolutional Neural Networks (CNNs) and entropy-based feature selection to identify potential malware artifacts. The article details an advanced method for detecting suspicious elements using Convolutional Neural Networks (CNNs) and entropy-based feature selection techniques. This approach aims to improve the efficiency of threat detection in cybersecurity.

Explore how .NET MAUI is revolutionizing Android malware, challenging traditional security measures with innovative evasion tactics.

Explore the recent Microsoft Exchange Online bug causing email quarantine issues and its impact on users and admins.

Solving the "problem behind the cybersecurity problem" - from the server room to the Board room.

:::info Authors: (1) S M Rakib Hasan, Department of Computer Science and Engineering, BRAC University, Dhaka, Bangladesh (sm.rakib.hasan@g.bracu.ac.bd); (2) Aakar Dhakal, Department of Computer Science...

  Cybercriminals are evolving their tactics, shifting from traditional email-based phishing scams to more sophisticated Android phishing apps. According to the 2025 State of Malware report by Malwarebytes, over 22,800 phishing apps were detected on…

Spyware maker SIO suspected of being behind 'Spyrtacus', a not-so new spywareIt was previously found on Google Play but now largely on phishing websitesA convincing paper trail links Spyrtacus back to...

1. Check Startup Programs

ARC Labs analyzed the Rhadamanthys Stealer infection chain to provide actionable detection insights. Learn about phishing tactics, process injection, and specific queries to strengthen your defenses

community generated yara rules for detection of malware families - harryeetsource/yara_rules