Active malware exploits DLL side-loading in a signed GitKraken binary to deliver trojans, stealers, and remote access malware.

The Tidyverse Blog offers insights, tutorials, and updates on the Tidyverse, a collection of R packages for data science and statistical computing. Covering topics such as data manipulation, visualization, and analysis, the blog provides resources for R developers looking to leverage the power of the Tidyverse for their data projects. Developers can learn how to use Tidyverse packages effectively to clean, transform, and analyze data in R.

The Hacker News

Active malware campaigns are exploiting DLL side-loading vulnerabilities in GitKraken's signed ahost.exe binary to bypass security controls and deploy trojans, stealers, and remote access tools like Agent Tesla, Formbook, Lumma Stealer, and Remcos RAT. Attackers pair malicious libcares-2.dll files with legitimate signed executables, leveraging search order hijacking to execute malicious code. Separate phishing campaigns use Browser-in-the-Browser techniques to simulate Facebook login screens and steal credentials, while multi-stage attacks abuse TryCloudflare tunnels and Python payloads to distribute AsyncRAT. These campaigns target finance, procurement, and supply chain employees across commercial and industrial sectors using invoice and legal notice lures in multiple languages.

Hackers Exploit c-ares DLL Side-Loading to Bypass Security and Deploy Malware