Find notable cyber news and cases, enriched with sources, timelines, and signals.

TAMECAT PowerShell backdoor deployment and exfiltration

Malware Activity
First reported
Last updated
Happening score
H score 23
1 unique sources, 1 articles

Summary

Hide ▲

TAMECAT is being used as a PowerShell backdoor to maintain persistent access on compromised hosts and move data out through HTTPS, Discord, and Telegram. The malware matters because it adds remote control, reconnaissance, browser theft, mailbox collection, and screenshot capture to the operator's intrusion toolkit.

Related Happenings

Trojanized Pyrogram forks with hidden Telegram backdoor

Malware Activity
H score14 First: 01.07.2026 00:02 Last: 01.07.2026 00:02 Sources 1

About this happening: Trojanized **Pyrogram** forks on **PyPI** now ship a hidden backdoor that gives attackers remote command execution and file access on compromised **Telegram bot servers**. The mal...

Edgecution malicious Microsoft Edge extension backdoor activity

Malware Activity
H score23 First: 24.06.2026 23:58 Last: 24.06.2026 23:58 Sources 1

About this happening: The **Edgecution** malware is extending a **Microsoft Edge** browser foothold into host-level compromise by abusing **Chrome Native Messaging** and launching a **Python-based back...

USB-spreading clipboard-stealing malware targeting cryptocurrency wallets

Malware Activity
H score27 First: 18.06.2026 19:20 Last: 18.06.2026 19:20 Sources 1

About this happening: A **USB-spreading** clipboard-stealing malware family is actively stealing **seed phrases**, **private keys**, and wallet addresses from **Windows** victims, putting cryptocurrenc...

Windows cryptocurrency clipper malware using USB LNK worming and Tor C2

Malware Activity
H score29 First: 18.06.2026 17:30 Last: 18.06.2026 17:30 Sources 1

About this happening: A **Windows-based cryptocurrency clipper** has been active since **February 2026**, using **USB-delivered LNK** worming to steal wallet data and reroute payments. The malware adds...

WeedHack Minecraft MaaS campaign expands with malicious JARs and remote access

Malware Activity
H score65 First: 03.06.2026 00:54 Last: 03.06.2026 00:54 Sources 1

About this happening: **WeedHack** is a **Minecraft-focused malware-as-a-service** operation that has been active since **January 2026** and uses **SEO poisoning** and **YouTube** to push malicious dow...

Timeline

  1. 14.11.2025 16:40 2 articles · 7mo ago

    TAMECAT PowerShell backdoor deployment and exfiltration

    Initial Disclosure

    The initial stage centers on **TAMECAT** being delivered as a **PowerShell backdoor** after a malicious link chain reaches a loader. This phase establishes the foothold needed for **persistent access** and follow-on exfiltration.

    Show sources