News

Rand-User-Agent Hacked in Supply Chain Attack

Rand-User-Agent’s Hidden Threat Rand-user-agent, a popular npm package, fell victim to a supply chain attack in May 2025. This tool, used for generating random user-agent strings, averages 45,000 weekly downloads. However, attackers exploited its semi-abandoned status to inject malicious code. The code deploys a remote access trojan (RAT) on users’ systems. How the Attack Unfolds …

Rand-User-Agent Hacked in Supply Chain Attack Read More »

CoGUI Phishing Floods Inboxes with 580M Fake Emails

CoGUI’s Massive Phishing Surge CoGUI, a new phishing kit, unleashed over 580 million fake emails from January to April 2025. These emails trick users into sharing account credentials and payment details. For example, they mimic trusted brands like banks and tax agencies. Most attacks target Japan, but some hit the U.S., Canada, Australia, and New …

CoGUI Phishing Floods Inboxes with 580M Fake Emails Read More »

Luna Moth Hackers Trick Firms as Fake IT Helpdesks

Luna Moth’s Deceptive Tactics Luna Moth hackers, also known as Silent Ransom Group, target U.S. legal and financial firms with clever scams. These cybercriminals pose as IT helpdesk staff to steal sensitive data. For example, they send fake emails urging victims to call a phony support number. When victims call, attackers trick them into installing …

Luna Moth Hackers Trick Firms as Fake IT Helpdesks Read More »

Malware in Magento Store Plugins

Malware in Magento Store Plugins Malware campaign widespread affecting hundreds of Magento-powered online stores. This supply chain attack used compromised third-party plugins to quietly install backdoors. The attack impacted between 500 and 1,000 e-commerce sites. Shockingly, the malicious code had been hidden in popular extensions for years. However, the malware was only activated in April …

Malware in Magento Store Plugins Read More »

Phishers Exploit Google Emails to Steal Logins

Phishers Exploit Google Emails to Steal Logins Phishers are using a new, sophisticated trick to steal user credentials through seemingly authentic Google emails. A recent report revealed attackers are sending fake messages using Google’s infrastructure. These emails pass all authentication checks, including DKIM, SPF, and DMARC. For example, one message pretends to be from Google, …

Phishers Exploit Google Emails to Steal Logins Read More »

Golden Chickens Spread Malware to Steal Credentials

Golden Chickens Spread Malware to Steal Credentials Golden Chickens, a known cybercrime group, has launched two new malware tools: TerraStealerV2 and TerraLogger. These tools focus on stealing sensitive user data. According to a recent report, TerraStealerV2 targets browser credentials, crypto wallets, and extension data. TerraLogger, however, logs keystrokes using a basic keyboard hook. Both tools …

Golden Chickens Spread Malware to Steal Credentials Read More »

Fake Plugin Grants Hackers Admin Access to WordPress

Fake plugin attacks are targeting WordPress sites again. Hackers are disguising malware as a security plugin to hijack admin control and spread threats. Researchers found the plugin named WP-antymalwary-bot.php. It grants attackers full access, hides from the dashboard, and executes remote commands. Therefore, it allows them to control the site without detection. The plugin connects …

Fake Plugin Grants Hackers Admin Access to WordPress Read More »

ToyMaker Malware Opens Doors to Ransomware Gangs

ToyMaker, a financially driven cybercriminal group, is selling access to corporate networks to ransomware gangs like CACTUS. The group acts as an initial access broker (IAB), targeting vulnerable systems using custom malware called LAGTOY. LAGTOY, also known as HOLERUN, creates reverse shells and executes remote commands on infected computers. Therefore, it gives attackers control without …

ToyMaker Malware Opens Doors to Ransomware Gangs Read More »

Darcula Phishing Toolkit Upgraded With GenAI

Darcula, a phishing-as-a-service (PhaaS) platform, has introduced powerful GenAI features to its toolkit. This major update lowers the barrier for cybercrime. Now, attackers with little or no coding experience can build phishing sites in just minutes. The AI tools help create multi-language pages with custom forms. Therefore, even unskilled actors can launch scams at scale. …

Darcula Phishing Toolkit Upgraded With GenAI Read More »

Earth Kurma APT Uses Rootkits to Target Southeast Asia

Earth Kurma APT Uses Rootkits to Target Southeast Asia Earth Kurma, a new advanced persistent threat group, has launched cyberattacks across Southeast Asia. Since mid-2024, it has targeted government and telecom sectors. The attackers use powerful rootkits and custom malware to steal sensitive data. They also hide their tracks using trusted platforms like Dropbox and …

Earth Kurma APT Uses Rootkits to Target Southeast Asia Read More »

OttoKit Plugin Flaw Lets Hackers Create Admins

OttoKit, a WordPress automation plugin, is under active attack after a major security flaw was disclosed. Hackers are exploiting the bug to gain admin access. The vulnerability, tracked as CVE-2025-3102, received a high CVSS score of 8.1. It allows attackers to bypass authentication and create administrator accounts without permission. Therefore, a hacker can take full …

OttoKit Plugin Flaw Lets Hackers Create Admins Read More »

Phishing Emails Use Google Tricks to Steal Logins

Phishing emails are getting smarter and more dangerous. A new campaign uses Google services to fool users into sharing their credentials. These emails appear real, with valid signatures and no alerts from Gmail. According to a report, attackers sent fake messages from the address no-reply@google.com. These emails passed all security checks, including SPF, DKIM, and …

Phishing Emails Use Google Tricks to Steal Logins Read More »

Spyware Campaign Targets Southeast Asia Governments

Spyware campaign operators known as Lotus Panda have launched a wave of cyberattacks across Southeast Asia. Active between August 2024 and February 2025, the group infiltrated government and private organizations. Targets included a ministry, air traffic control, telecoms, and even a construction firm. A separate news agency and air freight company in nearby countries were …

Spyware Campaign Targets Southeast Asia Governments Read More »

Spyware Apps Pre-Installed on Budget Android Phones

Spyware apps have been discovered on budget Android smartphones, preloaded before reaching customers. These apps impersonate popular messengers like WhatsApp and Telegram. Researchers found that these malicious apps specifically target cryptocurrency users. The spyware can swap wallet addresses in messages, rerouting funds to cybercriminals. This campaign, active since June 2024, focuses on low-end Chinese smartphones. …

Spyware Apps Pre-Installed on Budget Android Phones Read More »

Phishing Tactic Uses Email Checks Before Attack

Phishing tactic attackers are using real-time checks to verify victims’ emails before stealing credentials. This method improves success rates while staying hidden. A recent report highlights this new approach, called precision-validating phishing. Unlike bulk email scams, this attack targets only verified, active users. Therefore, only victims on a pre-selected list reach the fake login screen. …

Phishing Tactic Uses Email Checks Before Attack Read More »

ResolverRAT Malware Hits Global Health Sector

ResolverRAT malware is targeting the healthcare and pharmaceutical sectors in a new, sophisticated cyberattack campaign. The attack uses phishing emails to deliver its payload. These emails create urgency with topics like copyright violations or legal threats. They trick users into clicking a malicious link. Once clicked, the link directs the victim to download a file. …

ResolverRAT Malware Hits Global Health Sector Read More »

Malicious Packages Steal Data from Python Users

Malicious packages have been discovered on the Python Package Index (PyPI), putting developers and businesses at serious risk. Researchers revealed that several harmful libraries were uploaded to PyPI to steal sensitive data. They also tested stolen credit cards using e-commerce checkout systems. For example, two packages named bitcoinlibdbfix and bitcoinlib-dev posed as fixes for real …

Malicious Packages Steal Data from Python Users Read More »

Tax Scams Spread Malware Through PDFs and QR Codes

Tax scams are becoming more dangerous, with new phishing campaigns using PDF attachments and QR codes to infect devices and steal login credentials. According to a report, attackers send fake tax-related emails, often during tax season. These messages contain malicious PDFs that lead to phishing pages or install malware. Some campaigns use a phishing-as-a-service tool …

Tax Scams Spread Malware Through PDFs and QR Codes Read More »

Triada Malware Found in Fake Android Phones

Triada Malware Infects Counterfeit Android Phones Triada malware is making a comeback by infecting counterfeit Android smartphones. These fake devices are often sold at low prices and come with pre-installed malware that users don’t notice. According to a report, more than 2,600 users—mainly in Russia—were affected between March 13 and 27, 2025. The malware is …

Triada Malware Found in Fake Android Phones Read More »

Hackers Abuse WordPress mu-Plugins for Spam Attacks

Hackers Target WordPress mu-Plugins to Hide Malware Hackers are using WordPress’s mu-plugins to secretly plant malicious scripts on websites. These plugins, short for “must-use” plugins, run automatically without admin activation. Because of this, they don’t appear in the WordPress plugin dashboard, making them harder to spot during routine security checks. According to a report, this …

Hackers Abuse WordPress mu-Plugins for Spam Attacks Read More »

Phishing Platform Lucid Targets 169 Victims Globally

Phishing Attacks Are Evolving Phishing campaigns have become more sophisticated than ever. A new threat platform called Lucid has targeted 169 organizations in 88 countries. It delivers smishing messages using Apple iMessage and Android RCS, avoiding traditional SMS spam filters. Instead of relying on old-school methods, Lucid operates as a phishing-as-a-service (PhaaS) tool. This subscription-based …

Phishing Platform Lucid Targets 169 Victims Globally Read More »

Ransomware Exposes DBS & Bank of China Customer Data in Vendor Attack

Ransomware Attack Exposes DBS and BOC Customer Data Ransomware attack on a third-party printing vendor has exposed sensitive customer data from DBS and Bank of China (BOC) in Singapore. The vendor, Toppan Next Tech (TNT), reported the breach to authorities on April 6. The Cyber Security Agency (CSA) and the Monetary Authority of Singapore (MAS) …

Ransomware Exposes DBS & Bank of China Customer Data in Vendor Attack Read More »

ClearFake Malware Spreads Fast Through Fake Checks

ClearFake malware is spreading quickly by tricking users with fake security verifications. Over 9,300 websites are now infected. The attackers behind ClearFake use fake reCAPTCHA and Cloudflare Turnstile pop-ups. These appear real but are used to deliver malware like Lumma and Vidar Stealer. ClearFake first surfaced in mid-2023. It started by placing fake browser update …

ClearFake Malware Spreads Fast Through Fake Checks Read More »

GitHub Vulnerability Exposes Secrets in Workflows

GitHub vulnerability CVE-2025-30066 is now actively exploited, posing a major threat to developers and organizations using GitHub Actions. According to a recent report, attackers targeted a GitHub Action called tj-actions/changed-files to access sensitive data. They injected malicious code into workflows by exploiting a supply chain weakness. The attack allows hackers to steal secrets from action …

GitHub Vulnerability Exposes Secrets in Workflows Read More »

Rules File Backdoor Attack Targets AI Coders

Rules File Backdoor is a new attack targeting AI-powered code editors. It silently injects malicious code into projects by corrupting the tools developers rely on. This threat affects popular AI tools such as Copilot and Cursor. These editors use configuration or “rules” files to guide their code suggestions. However, attackers can secretly poison these files …

Rules File Backdoor Attack Targets AI Coders Read More »

Chinese Hackers Use Backdoors to Hijack Juniper Routers

Chinese Hackers Exploit Juniper Routers with Custom Malware Chinese hackers have been caught installing backdoors and rootkits on outdated Juniper Networks MX Series routers. A recent report revealed that cyber espionage group UNC3886 is behind the attack. Their goal is to establish long-term access and steal sensitive data from targeted networks. How Hackers Compromise Juniper …

Chinese Hackers Use Backdoors to Hijack Juniper Routers Read More »

MassJacker Malware Hijacks Crypto from Piracy Users

Piracy Users Targeted by New Crypto-Stealing Malware MassJacker, a newly discovered malware, is stealing cryptocurrency from users searching for pirated software. A recent report found that cybercriminals use this malware to hijack copied wallet addresses and reroute funds. This attack method poses a serious threat to cryptocurrency holders. How MassJacker Infects Devices The infection starts …

MassJacker Malware Hijacks Crypto from Piracy Users Read More »

Malicious PyPI Packages Stole Cloud Tokens in 14,000+ Downloads

Malicious PyPI packages have been discovered stealing cloud tokens, compromising thousands of users. Researchers found 20 harmful packages disguised as useful tools, tricking developers into installing them. These packages, downloaded over 14,100 times, targeted cloud service credentials from major platforms A recent report identified two clusters of malicious PyPI packages. The first set included tools …

Malicious PyPI Packages Stole Cloud Tokens in 14,000+ Downloads Read More »

Cybercriminals Use CSS Tricks to Bypass Filters and Spy

Hackers Exploit CSS to Evade Spam Filters Cybercriminals are using Cascading Style Sheets (CSS) to evade spam filters and track email users. A recent report revealed that attackers exploit CSS features to bypass security measures. They can even monitor user actions without requiring JavaScript. This method threatens both privacy and security. How Attackers Use CSS …

Cybercriminals Use CSS Tricks to Bypass Filters and Spy Read More »

Malware Uses Fake CAPTCHA to Deploy Rootkit and Hide

Hackers Exploit CAPTCHA Scams to Evade Detection Malware campaigns are becoming more deceptive. Hackers now use fake CAPTCHA pages to trick users into downloading malicious files. A recent report uncovered OBSCURE#BAT, a malware that delivers the r77 rootkit. This rootkit allows attackers to remain undetected while controlling infected systems. How the Attack Works The attack …

Malware Uses Fake CAPTCHA to Deploy Rootkit and Hide Read More »

Medusa Ransomware Attacks Surge, Demanding Millions

Medusa ransomware is rapidly expanding its attacks in 2025, demanding ransoms as high as $15 million. A recent report highlights over 40 new victims this year. The ransomware group has targeted healthcare, financial, and government organizations. Researchers note a 42% rise in Medusa-related incidents between 2023 and 2024. This increase suggests the group is filling …

Medusa Ransomware Attacks Surge, Demanding Millions Read More »

EncryptHub Spreads Ransomware via Phishing and Fake Apps

EncryptHub is actively spreading ransomware and information stealers through phishing and fake apps. A recent report highlights how this threat actor deceives users. The campaign began in mid-2024 and has compromised over 600 high-value targets. Attackers use phishing, trojanized applications, and Pay-Per-Install (PPI) services to distribute malware. Their goal is to steal credentials and deploy …

EncryptHub Spreads Ransomware via Phishing and Fake Apps Read More »

SideWinder APT Targets Key Industries in Asia and Beyond

SideWinder APT is actively targeting industries across Asia, the Middle East, and Africa. Maritime, nuclear, and IT sectors are among the main victims of this cyber threat. A recent report found attacks in Bangladesh, Cambodia, Djibouti, Egypt, the UAE, and Vietnam. The group also focuses on nuclear power plants and energy infrastructure in South Asia …

SideWinder APT Targets Key Industries in Asia and Beyond Read More »

Malvertising Campaign Infects 1 Million Devices Globally

Malvertising is spreading rapidly, infecting over 1 million devices worldwide. A recent report reveals that attackers use illegal streaming sites to deliver malware. The campaign began in December 2024 and affects both individuals and businesses. Attackers use phishing, SEO poisoning, and fake ads to trick users into downloading harmful software. The malware steals sensitive data, …

Malvertising Campaign Infects 1 Million Devices Globally Read More »

WordPress Sites Hacked with JavaScript Backdoors

Hackers are targeting WordPress sites by injecting JavaScript backdoors to maintain persistent access. A recent report found over 1,000 infected websites, where malicious code delivers four different backdoors. These backdoors give attackers multiple ways to regain control, even if website owners remove one method. The compromised sites load harmful scripts from an external domain, affecting …

WordPress Sites Hacked with JavaScript Backdoors Read More »

Poco RAT Malware Targets Businesses

Poco RAT malware is being used to target Spanish-speaking businesses in Latin America. A hacker group, identified as Dark Caracal, has launched phishing attacks to infect organizations in Venezuela, Chile, Colombia, Ecuador, and the Dominican Republic. A recent report highlights how the malware operates. Poco RAT can upload files, capture screenshots, execute commands, and manipulate …

Poco RAT Malware Targets Businesses Read More »

Lumma Stealer Malware Spreading through Phishing Attack

Lumma Stealer malware has been linked to cyberattacks in Russia and Belarus. A hacker group, tracked as Sticky Werewolf, is using an undocumented implant to infect victims. Researchers found that the attackers focus on employees of large organizations, including government agencies and contractors. Reports suggest that the group communicates in fluent Russian, indicating that they …

Lumma Stealer Malware Spreading through Phishing Attack Read More »

API Keys and Passwords Leaked in AI Training Data

API keys and passwords have been discovered in public datasets used to train AI models. Researchers found nearly 12,000 live secrets, exposing users and organizations to security risks. These credentials allow unauthorized access to various services, leading to potential data breaches. A recent report analyzed an archive from a large web dataset, revealing 400TB of …

API Keys and Passwords Leaked in AI Training Data Read More »

AWS Misconfigurations Let Hackers Launch Phishing Attacks

AWS misconfigurations are allowing hackers to exploit Amazon Simple Email Service (SES) and WorkMail for phishing attacks. Researchers have linked this activity to a group known as TGR-UNK-0011, which has been active since 2019. Initially, the group focused on defacing websites. However, in 2022, they shifted to phishing campaigns for financial gain. These attacks do …

AWS Misconfigurations Let Hackers Launch Phishing Attacks Read More »

Fake CAPTCHA PDFs Spread Lumma Stealer Malware

Fake CAPTCHA PDFs are being used to spread Lumma Stealer malware through phishing campaigns. Researchers have found 260 domains hosting 5,000 malicious PDFs. These files redirect victims to dangerous websites, where attackers steal data or install malware. Cybercriminals use SEO techniques to make their malicious pages appear in search engine results. Many victims unknowingly click …

Fake CAPTCHA PDFs Spread Lumma Stealer Malware Read More »

Vo1d Botnet Infects 1.59M Android TVs Worldwide

Vo1d botnet has infected over 1.59 million Android TVs across 226 countries. Reports show a surge in infections, especially in India, where cases jumped from 3,901 to 217,771 within weeks. This malware evolves rapidly, improving its stealth and resilience while making detection difficult. Researchers found that Vo1d uses RSA encryption to secure communication. This prevents …

Vo1d Botnet Infects 1.59M Android TVs Worldwide Read More »

Black Basta Leak Exposes Ransomware Group’s Secrets

Black Basta Leak Exposes Ransomware Group’s Secrets Black Basta ransomware has been exposed in a major data leak, revealing internal conflicts and attack strategies. A recent report published chat logs from the cybercriminal group, offering an inside look at their operations. The leak, which includes over 200,000 messages, details tactics, leadership disputes, and security flaws …

Black Basta Leak Exposes Ransomware Group’s Secrets Read More »

Cybercriminals Use Darcula PhaaS to Clone Sites in Minutes

Cybercriminals Use Darcula PhaaS to Clone Sites in Minutes Cybercriminals now have an even easier way to create phishing websites using Darcula PhaaS v3. Researchers report that this latest version lets hackers clone any brand’s website and launch phishing attacks with minimal effort. The tool lowers the skill needed to create realistic fake sites, making …

Cybercriminals Use Darcula PhaaS to Clone Sites in Minutes Read More »

FatalRAT Malware Targets APAC Industries in Phishing Attacks

FatalRAT Malware Targets APAC Industries in Phishing Attacks FatalRAT malware is being used in phishing attacks across APAC industries. Researchers have identified a campaign that delivers this malware through Chinese cloud services to infect organizations in manufacturing, IT, healthcare, and logistics. These attacks pose a serious risk, allowing hackers to steal data, manipulate systems, and …

FatalRAT Malware Targets APAC Industries in Phishing Attacks Read More »

Linux Malware Auto-Color Gives Hackers Full Access

Linux malware called Auto-Color is targeting universities and government organizations across North America and Asia. A recent report revealed that this stealthy threat grants hackers full remote access to compromised systems. Once installed, it is difficult to remove without specialized tools. How Auto-Color Works The malware gets its name from the file name it renames …

Linux Malware Auto-Color Gives Hackers Full Access Read More »

LightSpy Malware Gains Control Over Multiple Platforms

LightSpy Malware Gains Control Over Multiple Platforms LightSpy malware has expanded its capabilities, now supporting over 100 commands across Windows, macOS, Linux, and mobile devices. According to a recent report, this advanced spyware can now extract data from Facebook and Instagram, increasing its surveillance potential. As a result, cybercriminals can access sensitive user information more …

LightSpy Malware Gains Control Over Multiple Platforms Read More »

OpenSSH Vulnerabilities May Lead to Cybersecurity Threats

OpenSSH vulnerabilities could expose users to cyber threats. Researchers have identified two flaws that could allow man-in-the-middle (MitM) attacks or denial of service (DoS). These security risks could enable attackers to steal credentials or crash systems, making it crucial for users to update their software immediately. Security experts have identified two key flaws: CVE-2025-26465 and …

OpenSSH Vulnerabilities May Lead to Cybersecurity Threats Read More »

Chinese Hackers Use MAVInject.exe to Bypass Security

Chinese Hackers Exploit MAVInject.exe to Evade Detection Chinese state-sponsored hackers, identified as Mustang Panda, have been caught using a stealthy technique to evade cybersecurity measures and maintain persistent access to infected systems. They leverage a legitimate Windows utility, Microsoft Application Virtualization Injector (MAVInject.exe), to inject malicious payloads into external processes. This tactic helps them bypass …

Chinese Hackers Use MAVInject.exe to Bypass Security Read More »

FrigidStealer Malware Targets macOS via Fake Updates

FrigidStealer malware is a new cybersecurity threat targeting macOS users through fake browser updates, a recent report warns. Attackers inject malicious scripts into compromised websites, tricking users into downloading malware. How the Attack Works The attack originates from TA2727, a cybercriminal group that uses fake update lures to spread malware. These attackers distribute multiple info-stealers, …

FrigidStealer Malware Targets macOS via Fake Updates Read More »

Xerox Printer Flaws Could Expose Windows Credentials

Xerox printer vulnerabilities could let attackers steal Windows Active Directory credentials, a recent report warns. Hackers can exploit security flaws to capture authentication data using LDAP and SMB/FTP services. How the Attack Works Researchers discovered two major vulnerabilities in Xerox VersaLink C7025 printers. These flaws allow attackers to manipulate printer settings and redirect authentication credentials …

Xerox Printer Flaws Could Expose Windows Credentials Read More »

whoAMI Attack Exploits AWS AMI Flaws for Code Execution

whoAMI attack is a new name confusion exploit that allows the hackers to gain remote code execution (RCE) within AWS accounts based on a warns from recent report. This attack relies on Amazon Machine Image (AMI) misuse. Hackers upload malicious AMIs with deceptive names, tricking misconfigured software into using them. If successful, the attacker can …

whoAMI Attack Exploits AWS AMI Flaws for Code Execution Read More »

Lazarus Group Targets Developers with New JavaScript Malware

Lazarus Group has launched a new JavaScript malware called Marstech1, targeting developers in a series of highly focused attacks based on a recent report reveals. The operation called Marstech Mayhem, began the attack in late 2024. The malware was delivered through an open-source GitHub repository under a profile with name “SuccessFriend.” This profile, active since …

Lazarus Group Targets Developers with New JavaScript Malware Read More »

Ransomware Attack Linked to Chinese Hacker’s Side Job

Ransomware linked to Chinese cyberespionage tools has surfaced in a recent attack, suggesting that an individual hacker may be using these resources for personal financial gain, a recent report reveals. The hacker used a legitimate executable to sideload a malicious DLL, which then deployed a heavily disguised PlugX backdoor. This backdoor, previously tied to a …

Ransomware Attack Linked to Chinese Hacker’s Side Job Read More »

Hackers Use CAPTCHA Tricks in Phishing Scam to Steal Data

Hackers are using fake CAPTCHA challenges in a new phishing scam to steal credit card details and other sensitive information, according to a recent report. The campaign, active since mid-2024, involves malicious PDF files hosted on a content delivery network (CDN). Attackers target users searching for documents on search engines like Google. Clicking on infected …

Hackers Use CAPTCHA Tricks in Phishing Scam to Steal Data Read More »

Aquabot Botnet Exploits Mitel Phone Flaws for DDoS Attacks

Aquabot botnet has started exploiting vulnerable in Mitel SIP phones to launch the DDoS attacks, according to a recent report. This Mirai-based malware targets CVE-2024-41710, a high-severity command injection flaw found in multiple Mitel phone series. In July 2024, Mitel released firmware updates to patch the flaw. The vulnerability allows an authenticated attacker with admin …

Aquabot Botnet Exploits Mitel Phone Flaws for DDoS Attacks Read More »

BadPilot Cyberattacks Help Hackers Target Networks

BadPilot cyberattacks have been fueling Russian hacker operations for years. A subgroup of the state-sponsored hacking group APT44, also called Sandworm, has been launching widespread network intrusions. According to a recent report, this group focuses on breaching critical infrastructure, including energy, telecommunications, and defense sectors. The hacking campaign has been active since at least 2021. …

BadPilot Cyberattacks Help Hackers Target Networks Read More »

North Korean Hackers Use forceCopy Malware to Steal Data

North Korean hackers are using forceCopy malware to steal browser-stored credentials, according to a recent report. The hacking group Kimsuky is behind a new wave of spear-phishing attacks targeting victims through malicious email attachments. The attack begins with a phishing email containing a Windows shortcut (LNK) file. This file is disguised as a Microsoft Office …

North Korean Hackers Use forceCopy Malware to Steal Data Read More »

Fake Chrome Sites Spread ValleyRAT Malware via DLL Hijacking

Fake Chrome sites are being used to distribute ValleyRAT malware through DLL hijacking. A recent report reveals that attackers trick users into downloading malicious installers disguised as legitimate Chrome downloads. The ValleyRAT malware was first discovered in 2023 and is linked to a hacking group known as Silver Fox. Their attacks mainly target Chinese-speaking users …

Fake Chrome Sites Spread ValleyRAT Malware via DLL Hijacking Read More »

FERRET Malware Targets macOS Users via Fake Job Offers

FERRET malware is being used in a deceptive cyberattack targeting macOS users through fake job interviews. A recent report revealed that North Korean hackers are behind this new campaign, tricking job seekers into installing malicious software. The attackers pose as recruiters on LinkedIn and invite victims to virtual interviews. They send a fake videoconferencing link …

FERRET Malware Targets macOS Users via Fake Job Offers Read More »

Coyote Malware Expands, Targeting More Banks and Websites

Coyote malware is spreading rapidly, now attacking over 1,000 websites and 73 financial institutions. A recent report revealed that Brazilian Windows users are its primary target. This dangerous banking Trojan is designed to steal sensitive information, including login credentials and financial data. Once installed, Coyote can record keystrokes, take screenshots, and display phishing overlays. These …

Coyote Malware Expands, Targeting More Banks and Websites Read More »

Google Blocks 158,000 Malicious App Developers in 2024

Google has taken strong action against harmful Android apps in 2024. The company blocked over 2.36 million policy-violating apps from entering the Google Play Store. Additionally, it banned 158,000 developer accounts that attempted to upload malicious apps. By collaborating with third-party developers, Google also prevented 1.3 million apps from gaining unnecessary access to user data. …

Google Blocks 158,000 Malicious App Developers in 2024 Read More »

Malvertising Scam Uses Fake Ads to Steal Microsoft Logins

Malvertising scams are on the rise, with cybercriminals using fake ads to steal login credentials. A recent report uncovered a campaign targeting Microsoft advertisers through fraudulent Google ads. These deceptive ads lead users to phishing sites designed to harvest sensitive information. According to the report, attackers aim to trick users searching for “Microsoft Ads” on …

Malvertising Scam Uses Fake Ads to Steal Microsoft Logins Read More »

Lazarus Group Uses Hidden Admin Panel for Cyber Attacks

Lazarus Group is using a hidden web-based admin panel to control its global cyber attacks. A recent report reveals that this platform helps manage stolen data and oversee operations. The group built its system using a React-based application with a Node.js API. Researchers found that each command-and-control (C2) server hosted the same admin interface, despite …

Lazarus Group Uses Hidden Admin Panel for Cyber Attacks Read More »

DeepSeek AI Data Leak Exposes Secret Keys and Logs

DeepSeek AI suffered a major security breach, exposing over a million log entries, secret keys, and sensitive database details. The leaked information could have allowed unauthorized access to its internal systems. A security report revealed that DeepSeek left its ClickHouse database open online. This database permitted full control over its operations, allowing attackers to access …

DeepSeek AI Data Leak Exposes Secret Keys and Logs Read More »

MintsLoader Malware Spreads via Fake CAPTCHA Pages

MintsLoader malware is being used in cyberattacks targeting businesses in the U.S. and Europe. A recent report reveals that hackers distribute MintsLoader through fake CAPTCHA pages and spam emails. The malware acts as a loader, delivering harmful payloads like StealC, an information stealer, and BOINC, an open-source computing tool. Attackers trick victims into downloading MintsLoader …

MintsLoader Malware Spreads via Fake CAPTCHA Pages Read More »

PNGPlug Malware Targets Users with Fake Installers

PNGPlug malware is spreading through fake software installers, targeting Chinese-speaking users in Hong Kong, Taiwan, and Mainland China. A recent report highlights how cybercriminals use a phishing campaign to trick victims into downloading a malicious Microsoft Installer (MSI) package. Once executed, the installer deploys a legitimate application to avoid suspicion. However, in the background, it …

PNGPlug Malware Targets Users with Fake Installers Read More »

13,000 MikroTik Routers Hijacked for Cyberattacks

MikroTik routers are at the center of a new cyber threat, with 13,000 devices hijacked and turned into a botnet. This botnet spreads malware through email spam, bypassing security measures by exploiting misconfigured DNS records. According to a recent report, attackers use these compromised routers to send malicious emails disguised as legitimate messages. The campaign, …

13,000 MikroTik Routers Hijacked for Cyberattacks Read More »

Morpheus and HellCat Ransomware Found Sharing Code

Morpheus and HellCat, two new ransomware groups, have been discovered sharing identical code in their payloads. This revelation highlights the interconnected nature of emerging ransomware operations. A detailed analysis by researchers found that both ransomware types use the same codebase, differing only in victim-specific data and attacker contact details. These ransomware families first appeared in …

Morpheus and HellCat Ransomware Found Sharing Code Read More »

QakBot-Linked Malware Gains Enhanced Remote Access Tools

QakBot, a notorious malware originally designed as a banking trojan, has evolved into a sophisticated threat. Researchers have revealed a new BackConnect (BC) malware linked to QakBot, equipped with enhanced capabilities for remote access and data gathering. This development highlights the persistence of QakBot-associated threat actors, despite previous law enforcement takedowns. The BC malware, which …

QakBot-Linked Malware Gains Enhanced Remote Access Tools Read More »

Mirai Botnet Hits Record DDoS Attack Linked to Indonesia

The Mirai botnet has launched a record-breaking distributed denial-of-service (DDoS) attack, reaching a staggering 5.6 terabits per second (Tbps). This massive assault, detected on October 29, 2024, targeted an internet service provider (ISP) in Eastern Asia. The attack was facilitated by over 13,000 compromised Internet of Things (IoT) devices, including some linked to Indonesia. Reports …

Mirai Botnet Hits Record DDoS Attack Linked to Indonesia Read More »

PlushDaemon APT Targets VPN Provider in Cyber Attack

PlushDaemon, a China-linked advanced persistent threat (APT) group, has launched a supply chain attack against a South Korean VPN provider. Reports reveal that this attack involved replacing the legitimate VPN installer with a compromised version. This altered installer deployed SlowStepper, a backdoor featuring over 30 components designed for data collection and espionage. PlushDaemon, active since …

PlushDaemon APT Targets VPN Provider in Cyber Attack Read More »

Fake CAPTCHA Malware Targets Multiple Industries

Fake CAPTCHA campaigns are being used to spread the Lumma information stealer globally, targeting industries such as healthcare, banking, and telecommunications. The campaign affects countries including Argentina, Colombia, the U.S., and the Philippines, according to a recent report. The attack begins when users visit compromised websites. These sites redirect visitors to a fake CAPTCHA page …

Fake CAPTCHA Malware Targets Multiple Industries Read More »

Hackers Use Images to Deploy Keyloggers and Stealers

Hackers are increasingly using images to conceal malware, including VIP Keylogger and 0bj3ctivity Stealer, in separate but similar campaigns. According to a report, these attackers hide malicious code in images uploaded to file-hosting platforms and employ a .NET loader to install the malware. The attack begins with phishing emails disguised as invoices or purchase orders. …

Hackers Use Images to Deploy Keyloggers and Stealers Read More »

Google Ads Users Hit by Malvertising Phishing Scam

Google Ads users are the target of a sophisticated malvertising scam designed to steal credentials and bypass two-factor authentication (2FA). Cybersecurity researchers report that attackers are using fraudulent ads to redirect victims to phishing sites. These fake ads impersonate legitimate Google Ads, tricking users into sharing sensitive account details. The goal of the campaign is …

Google Ads Users Hit by Malvertising Phishing Scam Read More »

Python Malware Fuels RansomHub Ransomware Attacks

Python-based malware is powering a new wave of ransomware attacks, researchers report. The malware facilitates persistent access to networks, enabling the deployment of RansomHub ransomware across compromised systems. The attack begins with SocGholish, a JavaScript-based malware, delivered through drive-by campaigns. Victims unknowingly download it via fake web browser update alerts on compromised websites. SocGholish communicates …

Python Malware Fuels RansomHub Ransomware Attacks Read More »

Banshee Malware Threatens macOS Users with New Tactics

Banshee Stealer, a macOS-focused malware, has re-emerged with a stealthier version, according to researchers. This updated malware uses advanced encryption techniques inspired by Apple’s XProtect to bypass antivirus systems, putting millions of macOS users at risk. Initially uncovered in 2024, Banshee Stealer was thought to be inactive after its source code was leaked. However, a …

Banshee Malware Threatens macOS Users with New Tactics Read More »

WordPress Skimmer Targets E-commerce Checkout Pages

WordPress e-commerce websites are the latest target of a stealthy credit card skimmer campaign, according to researchers. The malware uses malicious JavaScript code injected into WordPress database tables to steal sensitive payment information. This skimmer specifically attacks checkout pages by hijacking payment fields or generating fake credit card forms. The malicious code, hidden within the …

WordPress Skimmer Targets E-commerce Checkout Pages Read More »

Phishing Scam Targets iMessage Users

Phishing scams are increasingly targeting Apple iMessage users, exploiting a trick that disables the app’s built-in phishing protection. This manipulation aims to re-enable disabled links, putting users at risk. Mobile devices have become central to daily activities such as paying bills, shopping, and staying connected. As a result, cybercriminals are escalating SMS phishing (smishing) attacks …

Phishing Scam Targets iMessage Users Read More »

Malware Exploits Windows UI Tools to Bypass Security

Malware creators have discovered a way to exploit Windows UI Automation (UIA), a framework initially designed to help users with accessibility needs. This new technique enables attackers to perform malicious activities while avoiding detection by endpoint detection and response (EDR) tools. To execute this attack, users must run a program that uses UI Automation. Once …

Malware Exploits Windows UI Tools to Bypass Security Read More »

Mask APT Strikes Again with Advanced Multi-Platform Malware

Mask APT, also known as Careto, has resurfaced with a new wave of sophisticated attacks targeting an organization in Latin America. This notorious cyber espionage group has a long history of infiltrating high-profile entities, including governments, research institutions, and diplomatic bodies, since at least 2007. First documented in 2014, the group’s origins remain a mystery. …

Mask APT Strikes Again with Advanced Multi-Platform Malware Read More »

3 Million Mail Servers at Risk Due to Missing Encryption

Over three million mail servers lack TLS encryption, leaving them vulnerable to network sniffing attacks. These servers, which run IMAP or POP3 protocols, expose users’ sensitive data such as usernames and passwords when accessed over unsecured networks. IMAP and POP3 are protocols used to access emails from servers. IMAP is popular for synchronizing messages across …

3 Million Mail Servers at Risk Due to Missing Encryption Read More »

EAGERBEE Malware Targets ISPs and Governments

EAGERBEE, an advanced malware variant, is targeting ISPs and government systems across the Middle East and East Asia. Researchers have identified its enhanced capabilities, which include deploying payloads, exploring processes, and manipulating files. This malware also uses sophisticated backdoor functions to maintain persistent access. The EAGERBEE framework includes plugins for managing files, network connections, and …

EAGERBEE Malware Targets ISPs and Governments Read More »

DoubleClickjacking Exploit Threatens Major Websites’ Security

A new exploit named DoubleClickjacking exposes vulnerabilities in major websites, allowing attackers to bypass existing clickjacking protections. This attack uses a double-click sequence to perform malicious actions, including account takeovers, with minimal user interaction. Unlike traditional clickjacking, which tricks users into clicking deceptive elements, DoubleClickjacking exploits the gap between the first and second clicks. This …

DoubleClickjacking Exploit Threatens Major Websites’ Security Read More »

FireScam Malware Masquerades as Telegram to Steal Data

FireScam, a new Android malware, disguises itself as a Telegram Premium app to steal sensitive data and control infected devices. Distributed through phishing websites, it poses as a legitimate application from RuStore, a trusted app store in Russia. The malware uses a sophisticated infection process starting with a dropper APK. Once installed, it exfiltrates data …

FireScam Malware Masquerades as Telegram to Steal Data Read More »

Malicious NPM Package Deploys Quasar RAT on Developer Systems

Malicious software targeting developers has surfaced in the form of an npm package named ethereumvulncontracthandler. Disguised as a tool for detecting Ethereum vulnerabilities, it secretly delivers a powerful remote access trojan (RAT) called Quasar RAT. This threat, first released publicly in 2014, is notorious for enabling cybercrime and espionage campaigns. The package, uploaded on December …

Malicious NPM Package Deploys Quasar RAT on Developer Systems Read More »

AI Jailbreak ‘Bad Likert Judge’ Raises Security Risks

A new AI jailbreak method, called Bad Likert Judge, poses significant challenges to large language models (LLMs). Researchers revealed that this technique bypasses safety measures, enabling harmful or malicious outputs. By exploiting LLMs’ advanced capabilities, the approach raises concerns about AI security and responsible use. The method uses a psychological tool called the Likert scale, …

AI Jailbreak ‘Bad Likert Judge’ Raises Security Risks Read More »

PLAYFULGHOST Malware Targets Users via Phishing and SEO

Researchers have identified a new threat called PLAYFULGHOST. This malware has numerous spying capabilities, such as logging keystrokes, capturing screens and audio, running remote shells, and managing file operations. Moreover, PLAYFULGHOST shares similarities with an old tool known as Gh0st RAT, which became public in 2008. The malware enters systems through phishing emails or SEO …

PLAYFULGHOST Malware Targets Users via Phishing and SEO Read More »

Iran’s Charming Kitten Adopts New BellaCPP Malware Variant

Iran’s hacking group Charming Kitten is deploying a new malware variant called BellaCPP. This variant is a C++ adaptation of the previously documented BellaCiao malware. A recent investigation uncovered BellaCPP on a compromised machine in Asia. Researchers noted that BellaCiao, first identified in April 2023, is a custom dropper used to deliver malicious payloads. This …

Iran’s Charming Kitten Adopts New BellaCPP Malware Variant Read More »

North Korean Hackers Unleash OtterCookie Malware in New Attack

North Korean hackers are using new OtterCookie malware to target job seekers. The malware is part of the ongoing Contagious Interview campaign, which relies on social engineering tricks. Hackers pose as recruiters and trick individuals into downloading malicious software disguised as job-related tools. The attackers use malware-laden videoconferencing apps or npm packages. These are often …

North Korean Hackers Unleash OtterCookie Malware in New Attack Read More »

Chrome Extensions Hacked: Data of 600K Users Exposed

Chrome extensions hacked, putting over 600,000 users at risk. A targeted attack has compromised 16 extensions, allowing hackers to steal sensitive data like cookies and access tokens. This attack started with phishing emails sent to developers. These emails, pretending to be from Chrome Web Store Developer Support, falsely warned of policy violations. They urged recipients …

Chrome Extensions Hacked: Data of 600K Users Exposed Read More »