Chrome Targeted by Active Exploit Chrome targeted by active in-the-wild exploit activity this week. Researchers confirmed that attackers are abusing a high-severity flaw. However, details about the vulnerability remain restricted to protect users. The issue carries an internal tracking ID and involves a still-undisclosed component. The report notes that the flaw is serious enough to …
STAC6565 Targets Canada: A Growing Cyber Threat STAC6565 targets Canada in most of its recent attacks. Researchers say the campaign shows a sharp rise in focused cyber operations. Moreover, investigators observed almost 40 incidents between early 2024 and mid-2025. The group overlaps with an older cluster known as Gold Blade. However, the report notes that …
AI Vulnerabilities Overview Researchers uncover 30+ flaws across many AI-driven coding tools. These weaknesses allow data theft and remote code execution. Therefore, security concerns around automated development environments continue to grow. The researcher behind the findings calls the flaw group “IDEsaster.” The issues impact a wide range of assistants and extensions. However, the report states …
Researchers Uncover 30+ Flaws in AI-Driven Coding Tools Read More »
False Flag Operations in China Silver Fox continues to expand its malware activity across China. Therefore, researchers warn that the threat actor is attempting to confuse attribution by imitating a Russian group. The operation uses search-engine manipulation and social engineering to push a fake messaging installer. The attackers rely on a modified loader for ValleyRAT, …
Ongoing Expansion of the Malware Campaign North Korean hackers continue to expand their attacks through the npm ecosystem. Therefore, many researchers warn that the threat is growing fast. The attackers have released 197 additional malicious packages tied to the Contagious Interview operation. These packages have already been downloaded more than 31,000 times. They deliver an …
Albiriox Malware Overview New Albiriox malware now threatens Android users with broad fraud capabilities. Therefore, many researchers warn that its rapid spread demands urgent attention. The malware appears under a subscription-based criminal service that offers sophisticated on-device fraud tools. The malware includes a hard-coded list of more than 400 targeted apps. These apps cover banking, …
WordPress King Addons flaw is now under heavy exploitation. The issue affects a popular plugin used with a page-building tool. Researchers warned that attackers can gain full control of vulnerable sites. Therefore, site owners must act quickly to secure their systems. The flaw is tracked as CVE-2025-8489. It carries a critical score because attackers do …
AISURU Botnet’s Record-Breaking DDoS Impact AISURU botnet activity has reached historic levels this year. The latest incident involved a massive 29.7 Tbps DDoS attack. Researchers confirmed that the strike lasted only 69 seconds. However, its scale showed how quickly modern attacks can escalate. The report noted that the attack came from a botnet-for-hire. Therefore, even …
GoldFactory’s Expanding Threat in Southeast Asia GoldFactory has launched new attacks across Indonesia, Thailand, and Vietnam. The group targets mobile users by posing as government services. Moreover, it distributes modified banking apps to deliver malware. These attacks have grown steadily since late 2024. Researchers have linked GoldFactory to earlier threats. They first noticed the group …
GoldFactory Strikes SE Asia with Fake Banking Apps Read More »
Overview of the New Albiriox Threat New Albiriox MaaS malware introduces a broad threat to mobile users. The tool offers a wide range of on-device fraud features. However, it also delivers strong screen control and real-time device interaction. The malware includes a hard-coded list of more than 400 financial and trading apps. Therefore, it targets …
ShadyPanda’s Long Campaign A threat actor called ShadyPanda has operated a seven-year campaign that misused popular browser add-ons. The group used once-trusted tools to collect sensitive data from millions of users. However, the danger grew sharply in mid-2024 when several legitimate extensions received hidden malicious updates. Researchers reported that five of these add-ons began as …
ShadyPanda Turns Browser Add-Ons Into Stealthy Spies Read More »
CISA Warns of Rising Spyware Hijacks CISA warns of rising spyware campaigns targeting high-value users. The agency notes that attackers now use advanced tools to infiltrate messaging apps. Moreover, they rely on social engineering to deliver hidden malware. The alert highlights the growing danger to mobile devices worldwide. How Attackers Infiltrate Messaging Apps Attackers use …
ToddyCat’s New Hacking Tools ToddyCat’s new hacking tools give attackers deeper access to corporate email systems. The group uses custom scripts and advanced techniques to steal sensitive information. Moreover, these tools help the attackers collect tokens and mail files from compromised networks. The activity shows continued evolution in their operations. Stealing OAuth Tokens The attackers …
FBI Reports Rising ATO Fraud FBI Reports rising account takeover fraud across many sectors. The report warns that criminals impersonate financial institutions to steal money. Moreover, the schemes continue to grow as attackers refine social engineering methods. The warning highlights more than $262 million in losses this year. How ATO Fraud Works Account takeover fraud …
Introduction: RomCom Uses SocGholish RomCom uses SocGholish to deliver a dangerous remote access tool. This tactic targets organizations through fake update alerts. Moreover, the method blends deception with rapid infection. The incident shows how quickly modern threats can evolve. How the Attack Began RomCom threat actors focused on a civil engineering group in the United …
Overview of the Exploited WSUS Flaw ShadowPad Malware activity is increasing due to a severe WSUS vulnerability. Threat actors now use this flaw to gain full control of Windows systems. The vulnerability, known as CVE-2025-59287, enables remote code execution with system privileges. Therefore, attackers can enter networks with minimal resistance. Researchers recently confirmed that attackers …
Dragon Breath’s Expanding Malware Strategy Dragon Breath continues to evolve its tactics. Therefore, the group now relies on a multi-stage loader called RONINGLOADER to deliver a modified Gh0st RAT variant. The operation mainly targets Chinese-speaking users. However, it spreads through installers disguised as trusted tools. Researchers report that the infection chain uses many layers. These …
Threat Actor Dragon Breath Unleashes New Stealth Attack Chain Read More »
Overview of the New Campaign Python-Based WhatsApp Worm activity continues to grow across Brazil. Researchers recently uncovered a social-engineering campaign that uses WhatsApp hijacking to spread a Delphi-based banking stealer called Eternidade Stealer. The attackers rely on a Python script to automate the spread. Therefore, the threat now moves faster than earlier PowerShell-based versions. The …
Sneaky 2FA Kit Evolves Again Sneaky 2FA continues to grow more advanced, according to a recent report. The Phishing-as-a-Service kit now includes Browser-in-the-Browser (BitB) features. Therefore, attackers with limited skills can launch convincing phishing attacks at scale. Researchers say this trend shows how quickly phishing tools are evolving. How BitB Tricks Victims with Fake Pop-ups …
Botnet Targets Windows Users Cybersecurity researchers report that Tsundere is an expanding botnet aimed at Windows systems. They note that it has grown quickly since mid-2025. Moreover, the botnet executes JavaScript code sent from a remote server. Therefore, it gives attackers a flexible way to run harmful commands. Suspicious Installation Paths and Game-Themed Lures Researchers …
Introduction: How Sturnus Threatens Android Users Cybersecurity researchers warn that Sturnus, a new Android banking trojan, poses a serious risk. They note that it steals credentials and takes full control of devices. Moreover, it uses advanced tricks to commit financial fraud. Therefore, experts consider it a rising threat that requires quick attention. Bypassing Encrypted Chats …
GootLoader Is Back With New Stealth Features GootLoader is back and continues to evolve. Recent findings from a new report show a surge in activity. The researchers observed several infections in late October 2025. Moreover, two cases escalated quickly and reached domain controller compromise within hours. The malicious loader now uses custom fonts to hide …
Fantasy Hub Trojan Expands on Telegram Fantasy Hub Trojan continues to grow across Telegram channels. It appears as a rented service that attackers can purchase. Therefore, even inexperienced criminals can launch advanced attacks. This rise increases risks for users and organizations. Researchers note that the malware supports remote device control. It gathers messages, images, contacts, …
Fantasy Hub Trojan Turns Telegram Into Hacker Tool Read More »
Konni Hackers Expand Their Attacks Konni Hackers continue to widen their operations. They now target Android and Windows devices with new tools. They aim to steal data and gain remote control. Moreover, they use social engineering to reach unsuspecting users. Konni actors pretend to be counselors or human rights experts. They spread malware disguised as …
Konni Hackers Turn Find Hub Into a Data-Wipe Threat Read More »
Introduction to the New Threat Whisper Leak attack reveals how encrypted AI chat traffic can still expose user topics. Researchers warn that passive observers can infer sensitive subjects even when communications use HTTPS encryption. Therefore, this discovery raises major privacy concerns for both individuals and organizations. However, many users remain unaware of these hidden risks. …
Introduction to the Expanding Threat GlassWorm malware continues to evolve and now hides inside three new VS Code extensions. Researchers say the add-ons remain available for download, which increases the risk for thousands of developers. Therefore, the campaign shows no signs of slowing. However, many users still do not realize their tools may be compromised. …
GlassWorm Malware Found in Risky VS Code Add-ons Read More »
Overview of the Expanding Threat Large-Scale ClickFix Phishing Attacks now threaten hotel systems worldwide. These attacks rely on fake login pages and harmful tools like PureRAT to harvest credentials. Therefore, hotel managers face growing risks as criminals refine their methods. However, many victims still fall for the deceptive tactics. Attackers often use hijacked email accounts …
Large-Scale ClickFix Phishing Attacks Hit Hotels Read More »
China-Linked Hackers Launch New Cyberattacks Cybersecurity researchers have discovered that China-linked hackers are exploiting a serious Windows shortcut flaw to target European diplomats. These attacks occurred between September and October 2025, focusing on government and diplomatic institutions in several European countries. The campaign highlights growing concerns about cyber espionage and geopolitical intelligence gathering. How the …
China-Linked Hackers Exploit Windows Flaw on Diplomats Read More »
Cybercriminals Target Logistics Networks Cybercriminals exploit remote monitoring tools to infiltrate logistics and freight networks, aiming to steal valuable cargo for profit. According to a recent report from researchers, these attacks have been active since June 2025. The threat actors are believed to be working with organized crime groups that specialize in large-scale cargo theft. …
Cybercriminals Exploit RMM Tools to Steal Freight Read More »
Researcher Uncover Android Trojans Steal Data Cybersecurity researchers uncovered two new Android threats, BankBot-YNRK and DeliveryRAT, that steal sensitive financial data. These malicious programs secretly harvest personal information, run hidden commands, and bypass security defenses on targeted devices. Both have been active since mid-2024, showing how mobile attacks continue to evolve rapidly. How BankBot-YNRK Works …
Researchers Uncover Android Trojans Stealing Data Read More »
Brash Exploit Threatens Chromium Browsers A serious flaw has been discovered in Chromium’s Blink rendering engine, exposing millions of users to sudden browser crashes. The newly identified Brash exploit allows attackers to crash Chromium-based browsers in seconds simply by sending a malicious URL. According to a cybersecurity researcher who analyzed the bug, Brash can cause …
Brash Exploit Crashes Chromium Browser in Seconds Read More »
PhantomRaven Malware Targets npm Developers Cybersecurity researchers have discovered a new software supply chain attack named PhantomRaven. This threat targets the npm registry and steals sensitive data from developers’ systems. It collects GitHub tokens, CI/CD secrets, and authentication credentials. The campaign began around August 2025. Since then, it has grown rapidly, spreading across 126 npm …
AI-Targeted Cloaking Attack Exposes Hidden Risks Cybersecurity researchers have uncovered a new online threat called AI-targeted cloaking. This technique tricks artificial intelligence (AI) crawlers used by agentic web browsers into accepting fake information as verified truth. Unlike traditional search engine cloaking, this new method focuses on AI-driven tools that retrieve and summarize online content automatically. …
Summary of the Threat Researchers found 10 npm packages that delivered a powerful information stealer. For example, the packages aimed at Windows, macOS, and Linux. The researcher reported the operation used heavy obfuscation and fake CAPTCHAs. Therefore, many developers did not notice the malicious behavior during install. How the Attack Works The malicious packages appeared …
A New Android Threat Emerges Herodotus, a newly discovered Android banking trojan, is making waves for its human-like behavior. Researchers recently found it targeting users in Italy and Brazil through active malware campaigns. The malware is designed to take over devices while imitating natural user actions, allowing it to bypass advanced anti-fraud systems. According to …
Herodotus Trojan Mimics Humans to Evade Detection Read More »
GhostCall and GhostHire Overview Threat actors linked to North Korea are running two related malware campaigns named GhostCall and GhostHire. These operations mainly target professionals in the Web3 and blockchain sectors. According to recent research, both campaigns are part of a long-running effort called SnatchCrypto. Since at least 2017, this effort has focused on stealing …
Dangerous New Browser Vulnerability A new ChatGPT Atlas exploit allows cyber attackers to secretly insert hidden commands into the AI’s memory. Security researchers recently discovered that this flaw could let attackers execute arbitrary code and gain control of user systems. According to a new report, this attack uses a cross-site request forgery (CSRF) technique. It …
ChatGPT Atlas Exploit Plants Hidden Malicious Code Read More »
Smishing Operation Expands The Smishing Triad has launched a massive phishing operation using more than 194,000 fake domains worldwide. Since January 2024, these domains have targeted countless users across many industries, according to a recent report. The campaign uses fraudulent text messages that claim to be toll or package delivery notices. However, the real goal …
Smishing Triad Runs 194,000 Fake Phishing Domains Read More »
YouTube Ghost Network Spreads Malware The YouTube Ghost Network is spreading fast. This massive operation uses hacked video accounts to distribute malware. Since 2021, over 3,000 infected videos have appeared, and the number has tripled in 2025. Attackers use these videos to push pirated software and game cheats, especially targeting users searching for free downloads. …
YouTube Ghost Network Spreads Hidden Malware Traps Read More »
Google Finds Three New Russian Malware Threats Google identifies three new Russian malware families linked to the COLDRIVER hacking group. According to a recent threat report, the cyber group has intensified its operations since May 2025, rapidly evolving its malware arsenal to target high-profile individuals. Researchers revealed that these malware variants named NOROBOT, YESROBOT, and …
Massive Spam Campaign Uncovered 131 Chrome extensions hijacked WhatsApp Web in a large-scale spam campaign targeting thousands of users. According to a cybersecurity report, the operation focused on Brazilian accounts and relied on cloned automation tools disguised as business aids. Researchers discovered that these browser extensions shared nearly identical code, design, and infrastructure. In total, …
Cyberattack Overview Hackers used Snappybee malware and a Citrix security flaw to target a major European telecom network. The attack occurred in early July 2025, according to a cybersecurity report. Investigators linked the intrusion to a China-based cyber espionage group called Salt Typhoon. This group has been active since 2019 and is known for attacking …
Hackers Used Snappybee to Breach Telecom Network Read More »
Critical Risk to Enterprise Systems A newly uncovered security flaw could let attackers take full control of enterprise servers without needing a login. Researchers warned that the bug allows silent command execution, putting valuable data and operations at serious risk. Therefore, applying the latest security updates is an urgent priority for every organization. How the …
Severe Server Flaw Opens Door to Silent Takeovers Read More »
Android devices: What Pixnapping steals Android devices are vulnerable to a pixel-stealing attack. Researchers call the technique Pixnapping. It can take two-factor authentication codes without app permissions. Therefore, users should treat the threat as urgent. Who discovered it A team of academics from multiple universities found the flaw. They published a detailed paper with proofs …
Android Devices Face 2FA Theft Without Permissions Read More »
Astaroth Trojan Uses GitHub to Evade Disruption Cybersecurity researchers have discovered a new campaign delivering the Astaroth banking trojan, which cleverly remains operational even after takedowns. The malware uses GitHub as a backup control system to keep running when its main servers are blocked. Therefore, removing its infrastructure does not immediately stop the infection chain. …
RondoDox Botnet Expands to 50+ Vulnerabilities Researchers have warned that the RondoDox Botnet is becoming more dangerous than ever. It now exploits over 50 security flaws across more than 30 technology vendors. This campaign uses what experts call an “exploit shotgun” approach. It targets many kinds of internet-connected devices, including routers, DVRs, NVRs, CCTV cameras, …
Rust-Based Malware ChaosBot Targets Financial Firms A new Rust-Based Malware, known as ChaosBot, has been discovered targeting financial organizations. Researchers found that it allows attackers to spy on victims and execute remote commands on infected computers. However, what makes ChaosBot unusual is how it communicates. Instead of using traditional control servers, it leverages Discord channels …
Rust-Based Malware ChaosBot Exploits Discord Control Read More »
Hackers Turn Velociraptor Tool Into Ransomware Weapon Hackers are abusing the Velociraptor DFIR tool to launch ransomware attacks. A new report revealed that a group called Storm-2603 has used this open-source security tool to deliver multiple ransomware strains, including LockBit, Warlock, and Babuk. However, the group didn’t exploit a flaw in Velociraptor itself. Instead, it …
Hackers Turn Velociraptor Tool Into Ransomware Weapon Read More »
Astaroth Banking Trojan resurfaces with new trick Astaroth Banking Trojan now uses a code hosting platform as backup. This lets it recover when takedown teams remove its servers. Therefore, the malware can stay active after infrastructure disruption. Researchers reported the tactic in a recent analysis. However, the campaign still relies on classic phishing. For example, …
Stealit Malware Exploits Node.js Feature Stealit Malware is abusing a feature in Node.js known as the Single Executable Application (SEA) to distribute its payloads. Researchers have revealed that this malware campaign disguises itself as installers for popular games and VPN applications. However, these fake installers are actually packed with malicious code and are being shared …
Stealit Malware Hides in Game and VPN Installers Read More »
Payroll Pirates Target Employee Salaries Payroll Pirates are hijacking HR software accounts to steal salaries from employees. A recent report from researchers revealed that the group, also known as Storm-2657, is attacking U.S.-based organizations, especially universities and other large employers. However, experts warn that any company using online HR or payroll systems could be at …
Payroll Pirates Steal Salaries via HR Account Hacks Read More »
Deceptive Campaign Targets Android Users A fast-evolving Android spyware called ClayRat is targeting users through fake versions of popular apps. The campaign mainly spreads through messaging channels and phishing websites, luring users with counterfeit WhatsApp, TikTok, YouTube, and Google Photos apps. Once installed, ClayRat secretly collects private data such as SMS messages, call logs, and …
ClayRat Spyware Tricks Android Users with Fake Apps Read More »
BatShadow Group’s New Campaign A recent report revealed that BatShadow Group is running a new cyber campaign targeting job seekers and digital marketing professionals. The attackers use social engineering tricks to pose as recruiters, sending malicious files disguised as job descriptions or company documents. When opened, these files trigger a hidden infection chain that installs …
BatShadow Group Targets Job Seekers with Vampire Bot Read More »
Chinese Cybercrime Group Runs New Wave Attacks Cybersecurity experts recently exposed a Chinese-speaking cybercrime group called UAT-8099. The group engages in large-scale SEO fraud and data theft targeting Microsoft IIS servers. Most attacks have been reported in India, Thailand, Vietnam, Canada, and Brazil. The hackers mainly focus on universities, telecom firms, and technology companies. UAT-8099 …
XWorm Malware the Resurfacing Threat XWorm malware has resurfaced with new ransomware features and more than 35 plugins. After its original developer abandoned the project, several cybercriminals began spreading new versions through phishing campaigns. Researchers discovered versions 6.0, 6.4, and 6.5 circulating widely. These versions can steal sensitive data, control infected devices, and encrypt files. …
Cavalry Werewolf attacks with cyber campaign Cavalry Werewolf has targeted public agencies and firms. Researchers tracked the campaign recently. For example, the attackers used phishing to gain access. Therefore, many victims were state and critical-sector organizations. How the attackers operated The group sent targeted emails that looked official. In some cases they used addresses tied …
Self-Spreading New Malware Target WhatsApp Users Self-spreading WhatsApp malware is attacking users in Brazil, spreading fast through phishing messages with ZIP attachments. Researchers discovered that this campaign, called SORVEPOTEL, aims for speed and reach rather than stealing data or locking systems. However, its quick spread still poses serious risks to users and organizations. The malware …
Phantom Taurus’s Espionage Campaign China-aligned Phantom Taurus targets governments in Africa, Asia, and the Middle East. It uses stealthy NET-STAR malware. For example, it focuses on ministries and embassies. Attacks began in 2022. The group seeks diplomatic and military data. It aligns with geopolitical events. Consequently, it prioritizes intelligence collection. This serves China’s interests. Custom …
Phantom Taurus Targets Governments with NET-STAR Malware Read More »
Vane Viper’s Malicious Ad Network Vane Viper runs a hidden adtech empire. It powers malvertising and fraud. For example, it generates 1 trillion DNS queries yearly. The network evades detection for a decade. Attackers use tangled shell companies. They obscure ownership structures. Consequently, they avoid responsibility. This enables widespread cyberthreats. Compromised WordPress Sites Vane Viper …
Vane Viper’s 1 Trillion DNS Queries Fuel Malware Network Read More »
EvilAI’s Global Reach EvilAI malware targets organizations worldwide. It disguises as AI and productivity tools. For example, it hits manufacturing and healthcare. The campaign spans Europe, Americas, and AMEA. The malware mimics legitimate apps. It uses valid digital signatures. Consequently, it appears trustworthy. This fools users and security tools. Targeted Sectors Top sectors include government …
EvilAI Malware Poses as AI Tools to Target Global Firms Read More »
Oyster Malware Campaign Hackers use fake Microsoft Teams installers to deliver Oyster malware. This backdoor targets corporate networks. For example, it enables remote access. The campaign uses SEO poisoning. Malvertising Tactics Attackers promote fake sites via search ads. These mimic Teams download pages. Consequently, users download malicious files. The campaign was spotted in 2025. The …
Fake Microsoft Teams Installers Spread Oyster Malware Read More »
Phishing Campaign A new phishing campaign hits agencies. It uses SVG files to deliver CountLoader. For example, it drops Amatera Stealer. The attacks began in 2025. Emails pose as official notices. They contain malicious SVG attachments. Consequently, users open ZIP archives. This triggers the infection chain. The ZIP file holds a CHM file. It launches …
CountLoader and PureRAT Spread via Phishing SVG Attacks Read More »
Datzbro Targets Elderly Users A new Android trojan, Datzbro, preys on seniors. It uses AI-generated Facebook events. For example, it promotes travel trips. The campaign hit Australia in August 2025. Scammers create groups for active seniors. They share AI content about meetings. Consequently, victims seek social connections. This builds trust fast. Attackers reach out via …
Datzbro Trojan Tricks Seniors with Fake AI Travel Events Read More »
PhaaS Campaign Surge Lighthouse and Lucid PhaaS platforms fuel phishing attacks. They target 316 brands across 74 countries. For example, they hit financial and postal sectors. Over 17,500 domains are involved. Lucid’s Capabilities Lucid, linked to the XinXin group, sends smishing via iMessage. It uses customizable templates. Consequently, it targets specific users. This ensures high …
Lighthouse and Lucid PhaaS Target 316 Brands Globally Read More »
UNC1549’s Telecom Attacks Iran-linked UNC1549 targets telecom firms. It compromises 34 devices across 11 companies. For example, it uses LinkedIn job lures. The campaign began in 2022. Attackers pose as HR on LinkedIn. They offer fake job opportunities. Consequently, they trick employees into clicking links. This delivers malware. The campaign deploys MINIBIKE backdoor. It uses …
UNC1549 Targets Telecoms with MINIBIKE Malware via LinkedIn Read More »
RedNovember’s Global Campaign Chinese hackers, RedNovember, target governments worldwide. They use Pantegana and Cobalt Strike. For example, they hit defense and aerospace sectors. Attacks began in June 2024. The group breaches high-profile organizations. It targets ministries and security agencies. Consequently, it focuses on the U.S. and Asia. This shows broad espionage goals. RedNovember exploits known …
RedNovember Hackers Target Global Governments with Pantegana Read More »
ComicForm Targets Eurasia A new group, ComicForm, attacks Belarus, Kazakhstan, and Russia. It uses phishing emails since April 2025. For example, it targets finance and biotech. The campaign deploys Formbook malware. Emails mimic official documents. They urge users to open archives. Consequently, victims run malicious executables. These pose as PDFs. The executable launches a .NET …
ComicForm and SectorJ149 Deploy Formbook in Cyber Attacks Read More »
Malicious PyPI Packages Found Two fake Python packages deliver SilentSync RAT. They target Windows systems. For example, they steal browser data. The packages were removed from PyPI. The packages mimic legitimate tools. One poses as a health system API. Consequently, developers trust and install them. They were uploaded in 2025. The packages run malicious code …
SilentSync RAT Targets Python Devs via Malicious PyPI Packages Read More »
TA558 Targets Hotels The TA558 group, also known as RevengeHotels, attacks hotels in Brazil. It uses AI-generated phishing emails. For example, it deploys Venom RAT. The campaign started in summer 2025. Attackers use AI to craft phishing emails. These emails mimic invoices and job offers. Consequently, they appear legitimate. This tricks hotel staff into clicking …
TA558 Deploys Venom RAT via AI-Generated Phishing Targeting Hotels Read More »
SEO Poisoning Campaign Chinese users face a new SEO poisoning attack. Fake sites mimic software downloads. For example, they rank high in searches. This tricks users into malware. Attackers register similar domain names. They use subtle character changes. Consequently, sites seem legitimate. Victims download trojanized installers. The campaign deploys HiddenGh0st and Winos. Both are Gh0st …
HiddenGh0st, Winos Exploit SEO for Chinese Malware Attacks Read More »
HybridPetya Targets UEFI Systems A new ransomware, HybridPetya, mimics Petya/NotPetya. It bypasses UEFI Secure Boot. For example, it encrypts critical file data. It was detected in February 2025. HybridPetya exploits a patched UEFI flaw. This allows unauthorized code execution. Consequently, it compromises modern systems. The flaw was fixed in January 2025. Two Main Components The …
HybridPetya Ransomware Bypasses UEFI Secure Boot Read More »
Mustang Panda’s New Campaign Mustang Panda targets Thailand with new malware. It uses a USB worm called SnakeDisk. For example, it drops the Yokai backdoor. The group aligns with China. Hive0154, also known as Mustang Panda, acts since 2012. It focuses on espionage. Consequently, it evolves its tools often. This keeps attacks effective. Updated TONESHELL …
RatOn’s Advanced Evolution RatOn Android malware now includes sophisticated features. It evolved from NFC relay attacks. For example, it performs automated money transfers. This makes it a powerful threat. RatOn uses overlay attacks on financial apps. It automates transfers via banking systems. Consequently, it steals funds without user knowledge. Attackers control it remotely. Targeting Crypto …
RatOn Malware Evolves with NFC Relay and Banking Fraud Read More »
Axios in Phishing Attacks Threat actors exploit Axios for phishing. It surges in use by 241% recently. For example, it aids Microsoft 365 attacks. This creates efficient pipelines. Attackers misuse Microsoft’s Direct Send. It spoofs trusted emails. Consequently, messages bypass security gateways. This lands in user inboxes. High Success Rates Axios with Direct Send achieves …
New Malware Threats Emerge Two new malware families target multiple platforms. CHILLYHELL attacks macOS, while ZynorRAT hits Windows and Linux. For example, they steal data and enable remote control. The campaigns are highly sophisticated. CHILLYHELL is a macOS backdoor. It targets Intel-based systems. Consequently, it compromises government websites. The malware has been active since October …
CHILLYHELL and ZynorRAT Malware Target macOS, Windows Read More »
GhostRedirector’s Server Attacks A new threat group, GhostRedirector, has compromised 65 Windows servers. It targets multiple countries. For example, Brazil and Thailand are hit hardest. The attacks started in August 2024. Rungan and Gamshen Malware GhostRedirector deploys two main tools. Rungan is a passive C++ backdoor. Gamshen is an IIS module for SEO fraud. Consequently, …
GhostRedirector Hacks 65 Servers with Rungan Backdoor Read More »
Noisy Bear Attacks Energy Sector A new threat group, Noisy Bear, targets Kazakhstan’s energy sector. The campaign, Operation BarrelFire, began in April 2025. For example, it focuses on KazMunaiGas employees. It uses phishing to deliver malware. Tactics and Attachments The attack starts with phishing emails. These emails mimic internal KMG communications. Consequently, they trick employees …
TamperedChef Targets Users A new malware, TamperedChef, spreads through fake PDF editors. It uses malvertising to trick users. For example, it mimics legitimate software. The campaign steals sensitive data. Malvertising Campaign Tactics Attackers promote fake PDF editors via ads. These ads lead to fraudulent websites. Consequently, users download malicious installers. The campaign started in June …
TamperedChef Malware Poses as PDF Editors to Steal Data Read More »
Shift in Android Malware Android dropper apps now deliver more than banking trojans. They spread SMS stealers and spyware. For example, they mimic government apps in Asia. This marks a new trend. Evading Google’s Defenses Google’s security blocks risky app installations. Attackers adapt with droppers that avoid detection. Consequently, they bypass permission checks. This keeps …
Android Droppers Now Spread SMS Stealers, Spyware Read More »
Silver Fox Targets Security Systems The Silver Fox group uses a new attack method. It exploits a vulnerable driver to disable security tools. For example, it deploys ValleyRAT malware. The campaign targets critical firms. Vulnerable WatchDog Driver The attack uses a Microsoft-signed driver. This driver has multiple flaws. Consequently, it allows attackers to gain high-level …
Silver Fox Uses Microsoft-Signed Driver to Spread ValleyRAT Read More »
Lazarus Group’s New Campaign North Korean hackers, Lazarus Group, target DeFi firms. They use three new malware types. For example, PondRAT and ThemeForestRAT steal data. The attacks began in 2024. Social Engineering Tactics Attackers impersonate company employees. They use fake meeting scheduler websites. Consequently, victims trust the communication. This leads to system compromise. Initial Access …
Lazarus Group Deploys PondRAT, ThemeForestRAT in Attacks Read More »
QuirkyLoader Targets Global Firms A new malware loader, QuirkyLoader, spreads harmful payloads. It uses email spam campaigns. For example, it delivers data stealers and trojans. The attacks began in November 2024. Malicious Email Tactics Attackers send spam from trusted email services. Some use self-hosted servers. Consequently, emails seem legitimate to users. This tricks them into …
QuirkyLoader Malware Spreads Trojans via Email Spam Read More »
VShell Malware Targets Linux A new attack delivers VShell malware via phishing emails. It hides in RAR archive filenames. For example, it exploits Linux systems’ weaknesses. The campaign evades antivirus detection. Malicious Filename Trick The malware uses a clever technique. It encodes harmful code in filenames. Consequently, simple file operations trigger execution. This bypasses traditional …
VShell Malware Hides in RAR Filenames to Evade Detection Read More »
HOOK Trojan’s New Features A new Android trojan, HOOK, now includes ransomware. It displays full-screen extortion messages. For example, it demands payments via crypto wallets. The trojan evolves rapidly. Ransomware Overlay Tactics HOOK shows alarming warning screens. These overlays demand ransom payments. Consequently, victims face pressure to pay. Attackers control these screens remotely. Expanded Command …
HOOK Trojan Adds Ransomware Overlays to Android Attacks Read More »
ShadowCaptcha Targets WordPress Sites A new campaign, ShadowCaptcha, exploits over 100 WordPress sites. It spreads ransomware and data stealers. For example, it uses fake CAPTCHA pages. The attacks began in August 2025. Social Engineering Tactics Attackers trick users with fake verification pages. These pages mimic trusted services. Consequently, users download harmful files. This relies on …
ShadowCaptcha Exploits WordPress to Spread Malware Read More »
MixShell Targets Supply Chain A new malware, MixShell, targets U.S. manufacturers. It uses company contact forms for attacks. For example, it hits industrial and biotech firms. The campaign, ZipLine, is highly sophisticated. Social Engineering Tactics Attackers avoid traditional phishing emails. They use contact forms to start conversations. Consequently, employees trust the exchanges. This leads to …
MixShell Malware Targets Firms via Contact Forms Read More »
New Sni5Gect Attack Emerges A new attack, Sni5Gect, targets 5G phone connections. It crashes devices and downgrades networks. For example, it forces 5G to 4G. This exposes users to vulnerabilities. No Rogue Base Station Needed Sni5Gect doesn’t require fake base stations. It sniffs unencrypted 5G messages. Consequently, attackers manipulate phone connections. This makes the attack …
Sni5Gect Attack Downgrades 5G to 4G, Crashes Phones Read More »
Kimsuky’s Diplomatic Cyberattacks North Korean hackers target South Korean diplomats. They send spear-phishing emails to embassy staff. For example, emails mimic trusted contacts. The campaign ran from March to July 2025. Using GitHub for Control Attackers use GitHub as a hidden control channel. They host malicious files on cloud services. Consequently, they deliver a powerful …
Kimsuky Targets Diplomats with GitHub-Powered Malware Read More »
Malicious Packages Uncovered New malicious packages target software developers. They hide in trusted code repositories. For example, a harmful Python package was found. It triggers multi-stage attacks. How the Attack Starts The Python package depends on another malicious one. This dependency loads harmful code. Consequently, it runs without user knowledge. The packages were downloaded hundreds …
Malicious PyPI Packages Target Developers in Supply Chain Attacks Read More »
PipeMagic Targets Windows Systems A new ransomware campaign deploys PipeMagic malware. It exploits a Windows security flaw. For example, it targets industrial firms. The attacks aim to encrypt systems. Exploiting Windows Vulnerability The campaign uses a patched Windows flaw. This flaw allows privilege escalation. Consequently, attackers gain high-level system access. This helps them deploy malicious …
PipeMagic Malware Exploits Windows Flaw for Ransomware Read More »
Noodlophile’s Global Expansion Noodlophile malware targets businesses worldwide. It uses spear-phishing emails to spread. For example, it hits firms in the U.S. and Europe. The campaign grows rapidly. Fake Copyright Notices Attackers send emails posing as copyright violation alerts. These emails include specific company details. Consequently, they seem legitimate to employees. This tricks users into …
Noodlophile Malware Targets Firms with Fake Copyright Lures Read More »
PS1Bot’s Stealthy Campaign A new malware, PS1Bot, spreads through malvertising. It infects systems with a modular design. For example, it steals data and logs keystrokes. The campaign has been active since early 2025. Malvertising as a Weapon Malvertising hides malware in online ads. Attackers inject harmful code into legitimate networks. Consequently, users visit malicious sites …
New Threat to Password Managers A new attack targets popular password manager plugins. It steals credentials and sensitive data. For example, it exposes login details and credit card information. The attack uses a clever technique. DOM-Based Clickjacking Explained The attack, called DOM-based clickjacking, manipulates web page elements. Attackers hide auto-fill prompts from plugins. Consequently, users …
DOM-Based Clickjacking Hits Password Managers Hard Read More »
New EDR Killer Emerges A new tool disables security software. Eight ransomware groups use it. For example, it evolved from an earlier version. It targets systems to deploy malicious payloads. Ransomware Groups Involved The tool aids multiple ransomware gangs. These include well-known cybercrime groups. Consequently, it spreads across different attack campaigns. This shows a growing …
EDR Killer Tool Boosts Eight Ransomware Gangs’ Attacks Read More »
FraudOnTok Targets TikTok Shop A new scam, FraudOnTok, targets TikTok Shop users. It uses fake websites to trick users. For example, over 15,000 fake domains mimic the platform. These sites aim to steal credentials and crypto. AI-Driven Deceptive Ads Attackers use AI-generated videos for scams. These videos mimic real influencers. Consequently, users trust fake ads. …
FraudOnTok Scams TikTok Shop with 15,000 Fake Domains Read More »
SocGholish’s Deceptive Spread SocGholish malware tricks users with fake software updates. It infects devices through compromised websites. For example, it mimics browser or app updates. This delivers malicious payloads to victims. Malware-as-a-Service Model Attackers use a Malware-as-a-Service system. They sell infected systems to other criminals. Consequently, groups like ransomware operators gain access. This fuels widespread …
SocGholish Malware Fuels Cybercrime via Fake Updates Read More »
GreedyBear’s Crypto Heist GreedyBear, a new cyberattack campaign, has stolen over $1 million in cryptocurrency. Attackers use fake Firefox browser extensions. These extensions mimic popular crypto wallets. For example, they impersonate well-known wallet brands. Fake Extensions Trick Users The malicious add-ons pose as trusted crypto wallets. They capture users’ wallet credentials. Consequently, attackers send stolen …
GreedyBear Steals $1M via Fake Firefox Wallet Add-Ons Read More »
New Threat: Win-DDoS Attack A new attack method, Win-DDoS, threatens global systems. Attackers can turn public domain controllers into botnets. These botnets launch powerful distributed denial-of-service (DDoS) attacks. For example, attackers exploit flaws in Windows systems. How Win-DDoS Works Attackers send a remote procedure call (RPC) to domain controllers. This triggers them to act as …
Win-DDoS Flaw Turns Windows into Powerful DDoS Weapons Read More »
PlayPraetor’s Rapid Spread A new Android trojan, PlayPraetor, has infected over 11,000 devices. It targets users in multiple countries. For example, Portugal, Spain, and Morocco face heavy attacks. The trojan spreads through fake ads and pages. Aggressive Attack Campaigns The trojan grows by 2,000 infections weekly. Attackers focus on Spanish and French speakers. Consequently, they …
PXA Stealer malvertising hits hard with a new campaign since August 2025. Researchers flagged its spread by Vietnamese hackers. For example, it infects 4,000 IPs worldwide. This threatens global user security. How the Attack Begins Attackers distribute the malware via phishing emails. They use ZIP files with hidden loaders to trick users. Additionally, decoy documents …
Copyright © 2025 PT PROTERGO SIBER SEKURITI