News

BadPilot Cyberattacks Help Hackers Target Networks

BadPilot cyberattacks have been fueling Russian hacker operations for years. A subgroup of the state-sponsored hacking group APT44, also called Sandworm, has been launching widespread network intrusions. According to a recent report, this group focuses on breaching critical infrastructure, including energy, telecommunications, and defense sectors. The hacking campaign has been active since at least 2021. …

BadPilot Cyberattacks Help Hackers Target Networks Read More »

North Korean Hackers Use forceCopy Malware to Steal Data

North Korean hackers are using forceCopy malware to steal browser-stored credentials, according to a recent report. The hacking group Kimsuky is behind a new wave of spear-phishing attacks targeting victims through malicious email attachments. The attack begins with a phishing email containing a Windows shortcut (LNK) file. This file is disguised as a Microsoft Office …

North Korean Hackers Use forceCopy Malware to Steal Data Read More »

Fake Chrome Sites Spread ValleyRAT Malware via DLL Hijacking

Fake Chrome sites are being used to distribute ValleyRAT malware through DLL hijacking. A recent report reveals that attackers trick users into downloading malicious installers disguised as legitimate Chrome downloads. The ValleyRAT malware was first discovered in 2023 and is linked to a hacking group known as Silver Fox. Their attacks mainly target Chinese-speaking users …

Fake Chrome Sites Spread ValleyRAT Malware via DLL Hijacking Read More »

FERRET Malware Targets macOS Users via Fake Job Offers

FERRET malware is being used in a deceptive cyberattack targeting macOS users through fake job interviews. A recent report revealed that North Korean hackers are behind this new campaign, tricking job seekers into installing malicious software. The attackers pose as recruiters on LinkedIn and invite victims to virtual interviews. They send a fake videoconferencing link …

FERRET Malware Targets macOS Users via Fake Job Offers Read More »

Coyote Malware Expands, Targeting More Banks and Websites

Coyote malware is spreading rapidly, now attacking over 1,000 websites and 73 financial institutions. A recent report revealed that Brazilian Windows users are its primary target. This dangerous banking Trojan is designed to steal sensitive information, including login credentials and financial data. Once installed, Coyote can record keystrokes, take screenshots, and display phishing overlays. These …

Coyote Malware Expands, Targeting More Banks and Websites Read More »

Google Blocks 158,000 Malicious App Developers in 2024

Google has taken strong action against harmful Android apps in 2024. The company blocked over 2.36 million policy-violating apps from entering the Google Play Store. Additionally, it banned 158,000 developer accounts that attempted to upload malicious apps. By collaborating with third-party developers, Google also prevented 1.3 million apps from gaining unnecessary access to user data. …

Google Blocks 158,000 Malicious App Developers in 2024 Read More »

Malvertising Scam Uses Fake Ads to Steal Microsoft Logins

Malvertising scams are on the rise, with cybercriminals using fake ads to steal login credentials. A recent report uncovered a campaign targeting Microsoft advertisers through fraudulent Google ads. These deceptive ads lead users to phishing sites designed to harvest sensitive information. According to the report, attackers aim to trick users searching for “Microsoft Ads” on …

Malvertising Scam Uses Fake Ads to Steal Microsoft Logins Read More »

Lazarus Group Uses Hidden Admin Panel for Cyber Attacks

Lazarus Group is using a hidden web-based admin panel to control its global cyber attacks. A recent report reveals that this platform helps manage stolen data and oversee operations. The group built its system using a React-based application with a Node.js API. Researchers found that each command-and-control (C2) server hosted the same admin interface, despite …

Lazarus Group Uses Hidden Admin Panel for Cyber Attacks Read More »

DeepSeek AI Data Leak Exposes Secret Keys and Logs

DeepSeek AI suffered a major security breach, exposing over a million log entries, secret keys, and sensitive database details. The leaked information could have allowed unauthorized access to its internal systems. A security report revealed that DeepSeek left its ClickHouse database open online. This database permitted full control over its operations, allowing attackers to access …

DeepSeek AI Data Leak Exposes Secret Keys and Logs Read More »

MintsLoader Malware Spreads via Fake CAPTCHA Pages

MintsLoader malware is being used in cyberattacks targeting businesses in the U.S. and Europe. A recent report reveals that hackers distribute MintsLoader through fake CAPTCHA pages and spam emails. The malware acts as a loader, delivering harmful payloads like StealC, an information stealer, and BOINC, an open-source computing tool. Attackers trick victims into downloading MintsLoader …

MintsLoader Malware Spreads via Fake CAPTCHA Pages Read More »

PNGPlug Malware Targets Users with Fake Installers

PNGPlug malware is spreading through fake software installers, targeting Chinese-speaking users in Hong Kong, Taiwan, and Mainland China. A recent report highlights how cybercriminals use a phishing campaign to trick victims into downloading a malicious Microsoft Installer (MSI) package. Once executed, the installer deploys a legitimate application to avoid suspicion. However, in the background, it …

PNGPlug Malware Targets Users with Fake Installers Read More »

13,000 MikroTik Routers Hijacked for Cyberattacks

MikroTik routers are at the center of a new cyber threat, with 13,000 devices hijacked and turned into a botnet. This botnet spreads malware through email spam, bypassing security measures by exploiting misconfigured DNS records. According to a recent report, attackers use these compromised routers to send malicious emails disguised as legitimate messages. The campaign, …

13,000 MikroTik Routers Hijacked for Cyberattacks Read More »

Morpheus and HellCat Ransomware Found Sharing Code

Morpheus and HellCat, two new ransomware groups, have been discovered sharing identical code in their payloads. This revelation highlights the interconnected nature of emerging ransomware operations. A detailed analysis by researchers found that both ransomware types use the same codebase, differing only in victim-specific data and attacker contact details. These ransomware families first appeared in …

Morpheus and HellCat Ransomware Found Sharing Code Read More »

QakBot-Linked Malware Gains Enhanced Remote Access Tools

QakBot, a notorious malware originally designed as a banking trojan, has evolved into a sophisticated threat. Researchers have revealed a new BackConnect (BC) malware linked to QakBot, equipped with enhanced capabilities for remote access and data gathering. This development highlights the persistence of QakBot-associated threat actors, despite previous law enforcement takedowns. The BC malware, which …

QakBot-Linked Malware Gains Enhanced Remote Access Tools Read More »

Mirai Botnet Hits Record DDoS Attack Linked to Indonesia

The Mirai botnet has launched a record-breaking distributed denial-of-service (DDoS) attack, reaching a staggering 5.6 terabits per second (Tbps). This massive assault, detected on October 29, 2024, targeted an internet service provider (ISP) in Eastern Asia. The attack was facilitated by over 13,000 compromised Internet of Things (IoT) devices, including some linked to Indonesia. Reports …

Mirai Botnet Hits Record DDoS Attack Linked to Indonesia Read More »

PlushDaemon APT Targets VPN Provider in Cyber Attack

PlushDaemon, a China-linked advanced persistent threat (APT) group, has launched a supply chain attack against a South Korean VPN provider. Reports reveal that this attack involved replacing the legitimate VPN installer with a compromised version. This altered installer deployed SlowStepper, a backdoor featuring over 30 components designed for data collection and espionage. PlushDaemon, active since …

PlushDaemon APT Targets VPN Provider in Cyber Attack Read More »

Fake CAPTCHA Malware Targets Multiple Industries

Fake CAPTCHA campaigns are being used to spread the Lumma information stealer globally, targeting industries such as healthcare, banking, and telecommunications. The campaign affects countries including Argentina, Colombia, the U.S., and the Philippines, according to a recent report. The attack begins when users visit compromised websites. These sites redirect visitors to a fake CAPTCHA page …

Fake CAPTCHA Malware Targets Multiple Industries Read More »

Hackers Use Images to Deploy Keyloggers and Stealers

Hackers are increasingly using images to conceal malware, including VIP Keylogger and 0bj3ctivity Stealer, in separate but similar campaigns. According to a report, these attackers hide malicious code in images uploaded to file-hosting platforms and employ a .NET loader to install the malware. The attack begins with phishing emails disguised as invoices or purchase orders. …

Hackers Use Images to Deploy Keyloggers and Stealers Read More »

Google Ads Users Hit by Malvertising Phishing Scam

Google Ads users are the target of a sophisticated malvertising scam designed to steal credentials and bypass two-factor authentication (2FA). Cybersecurity researchers report that attackers are using fraudulent ads to redirect victims to phishing sites. These fake ads impersonate legitimate Google Ads, tricking users into sharing sensitive account details. The goal of the campaign is …

Google Ads Users Hit by Malvertising Phishing Scam Read More »

Python Malware Fuels RansomHub Ransomware Attacks

Python-based malware is powering a new wave of ransomware attacks, researchers report. The malware facilitates persistent access to networks, enabling the deployment of RansomHub ransomware across compromised systems. The attack begins with SocGholish, a JavaScript-based malware, delivered through drive-by campaigns. Victims unknowingly download it via fake web browser update alerts on compromised websites. SocGholish communicates …

Python Malware Fuels RansomHub Ransomware Attacks Read More »

Banshee Malware Threatens macOS Users with New Tactics

Banshee Stealer, a macOS-focused malware, has re-emerged with a stealthier version, according to researchers. This updated malware uses advanced encryption techniques inspired by Apple’s XProtect to bypass antivirus systems, putting millions of macOS users at risk. Initially uncovered in 2024, Banshee Stealer was thought to be inactive after its source code was leaked. However, a …

Banshee Malware Threatens macOS Users with New Tactics Read More »

WordPress Skimmer Targets E-commerce Checkout Pages

WordPress e-commerce websites are the latest target of a stealthy credit card skimmer campaign, according to researchers. The malware uses malicious JavaScript code injected into WordPress database tables to steal sensitive payment information. This skimmer specifically attacks checkout pages by hijacking payment fields or generating fake credit card forms. The malicious code, hidden within the …

WordPress Skimmer Targets E-commerce Checkout Pages Read More »

Phishing Scam Targets iMessage Users

Phishing scams are increasingly targeting Apple iMessage users, exploiting a trick that disables the app’s built-in phishing protection. This manipulation aims to re-enable disabled links, putting users at risk. Mobile devices have become central to daily activities such as paying bills, shopping, and staying connected. As a result, cybercriminals are escalating SMS phishing (smishing) attacks …

Phishing Scam Targets iMessage Users Read More »

Malware Exploits Windows UI Tools to Bypass Security

Malware creators have discovered a way to exploit Windows UI Automation (UIA), a framework initially designed to help users with accessibility needs. This new technique enables attackers to perform malicious activities while avoiding detection by endpoint detection and response (EDR) tools. To execute this attack, users must run a program that uses UI Automation. Once …

Malware Exploits Windows UI Tools to Bypass Security Read More »

Mask APT Strikes Again with Advanced Multi-Platform Malware

Mask APT, also known as Careto, has resurfaced with a new wave of sophisticated attacks targeting an organization in Latin America. This notorious cyber espionage group has a long history of infiltrating high-profile entities, including governments, research institutions, and diplomatic bodies, since at least 2007. First documented in 2014, the group’s origins remain a mystery. …

Mask APT Strikes Again with Advanced Multi-Platform Malware Read More »

3 Million Mail Servers at Risk Due to Missing Encryption

Over three million mail servers lack TLS encryption, leaving them vulnerable to network sniffing attacks. These servers, which run IMAP or POP3 protocols, expose users’ sensitive data such as usernames and passwords when accessed over unsecured networks. IMAP and POP3 are protocols used to access emails from servers. IMAP is popular for synchronizing messages across …

3 Million Mail Servers at Risk Due to Missing Encryption Read More »

EAGERBEE Malware Targets ISPs and Governments

EAGERBEE, an advanced malware variant, is targeting ISPs and government systems across the Middle East and East Asia. Researchers have identified its enhanced capabilities, which include deploying payloads, exploring processes, and manipulating files. This malware also uses sophisticated backdoor functions to maintain persistent access. The EAGERBEE framework includes plugins for managing files, network connections, and …

EAGERBEE Malware Targets ISPs and Governments Read More »

DoubleClickjacking Exploit Threatens Major Websites’ Security

A new exploit named DoubleClickjacking exposes vulnerabilities in major websites, allowing attackers to bypass existing clickjacking protections. This attack uses a double-click sequence to perform malicious actions, including account takeovers, with minimal user interaction. Unlike traditional clickjacking, which tricks users into clicking deceptive elements, DoubleClickjacking exploits the gap between the first and second clicks. This …

DoubleClickjacking Exploit Threatens Major Websites’ Security Read More »

FireScam Malware Masquerades as Telegram to Steal Data

FireScam, a new Android malware, disguises itself as a Telegram Premium app to steal sensitive data and control infected devices. Distributed through phishing websites, it poses as a legitimate application from RuStore, a trusted app store in Russia. The malware uses a sophisticated infection process starting with a dropper APK. Once installed, it exfiltrates data …

FireScam Malware Masquerades as Telegram to Steal Data Read More »

Malicious NPM Package Deploys Quasar RAT on Developer Systems

Malicious software targeting developers has surfaced in the form of an npm package named ethereumvulncontracthandler. Disguised as a tool for detecting Ethereum vulnerabilities, it secretly delivers a powerful remote access trojan (RAT) called Quasar RAT. This threat, first released publicly in 2014, is notorious for enabling cybercrime and espionage campaigns. The package, uploaded on December …

Malicious NPM Package Deploys Quasar RAT on Developer Systems Read More »

AI Jailbreak ‘Bad Likert Judge’ Raises Security Risks

A new AI jailbreak method, called Bad Likert Judge, poses significant challenges to large language models (LLMs). Researchers revealed that this technique bypasses safety measures, enabling harmful or malicious outputs. By exploiting LLMs’ advanced capabilities, the approach raises concerns about AI security and responsible use. The method uses a psychological tool called the Likert scale, …

AI Jailbreak ‘Bad Likert Judge’ Raises Security Risks Read More »

PLAYFULGHOST Malware Targets Users via Phishing and SEO

Researchers have identified a new threat called PLAYFULGHOST. This malware has numerous spying capabilities, such as logging keystrokes, capturing screens and audio, running remote shells, and managing file operations. Moreover, PLAYFULGHOST shares similarities with an old tool known as Gh0st RAT, which became public in 2008. The malware enters systems through phishing emails or SEO …

PLAYFULGHOST Malware Targets Users via Phishing and SEO Read More »

Iran’s Charming Kitten Adopts New BellaCPP Malware Variant

Iran’s hacking group Charming Kitten is deploying a new malware variant called BellaCPP. This variant is a C++ adaptation of the previously documented BellaCiao malware. A recent investigation uncovered BellaCPP on a compromised machine in Asia. Researchers noted that BellaCiao, first identified in April 2023, is a custom dropper used to deliver malicious payloads. This …

Iran’s Charming Kitten Adopts New BellaCPP Malware Variant Read More »

North Korean Hackers Unleash OtterCookie Malware in New Attack

North Korean hackers are using new OtterCookie malware to target job seekers. The malware is part of the ongoing Contagious Interview campaign, which relies on social engineering tricks. Hackers pose as recruiters and trick individuals into downloading malicious software disguised as job-related tools. The attackers use malware-laden videoconferencing apps or npm packages. These are often …

North Korean Hackers Unleash OtterCookie Malware in New Attack Read More »

Chrome Extensions Hacked: Data of 600K Users Exposed

Chrome extensions hacked, putting over 600,000 users at risk. A targeted attack has compromised 16 extensions, allowing hackers to steal sensitive data like cookies and access tokens. This attack started with phishing emails sent to developers. These emails, pretending to be from Chrome Web Store Developer Support, falsely warned of policy violations. They urged recipients …

Chrome Extensions Hacked: Data of 600K Users Exposed Read More »

Malicious npm Packages Trick Developers and Spread Trojan

Researchers have uncovered a campaign involving malicious npm packages impersonating legitimate tools. These counterfeit packages, like @typescript_eslinter/eslint and types-node, have been downloaded thousands of times, compromising developers’ systems. The fraudulent packages mimic popular libraries to gain trust. For example, @typescript_eslinter/eslint uses a fake GitHub repository created in late November 2024. This library contains a file …

Malicious npm Packages Trick Developers and Spread Trojan Read More »

HubPhish Targets Microsoft Cloud with Phishing Scams

Cybersecurity researchers have uncovered a phishing campaign called HubPhish. This scheme aims to steal account credentials and take over Microsoft Azure cloud systems. The attack targeted over 20,000 individuals working in the automotive, chemical, and industrial manufacturing sectors across Europe. The phishing attacks peaked in June 2024. Attackers sent emails mimicking Docusign, enticing users to …

HubPhish Targets Microsoft Cloud with Phishing Scams Read More »

BadBox Malware Infects 192K Android Devices Despite Crackdown

The BadBox Android malware botnet has now infected over 192,000 devices globally, despite recent attempts to disrupt its operations in Germany. Researchers report that this a sophisticated malware is targeting not just obscure Chinese devices. This malware also well-known brands such as Yandex TVs and Hisense smartphones. BadBox, linked to the notorious Triada malware family, …

BadBox Malware Infects 192K Android Devices Despite Crackdown Read More »

Fake Job Offers Lead to Banking Trojan in New Phishing Scam

Cybersecurity experts have uncovered a new phishing scam targeting mobile users, using fake job offers to spread a banking trojan. The attackers pose as recruiters and lure victims with offers of high-paying jobs, such as customer service positions. Once a victim engages with the fake recruiter, they are prompted to download a malicious app disguised …

Fake Job Offers Lead to Banking Trojan in New Phishing Scam Read More »

AI-Powered Investment Scam Targets Through Social Media Ads

A sophisticated investment scam is spreading across the globe, using artificial intelligence (AI) and social media ads to deceive victims. This alarming scheme combines fake endorsements, phishing websites, and AI-generated video testimonials featuring celebrity likenesses to steal both money and sensitive personal data. Cybersecurity researchers report that the scam, known as “Nomani” (a play on …

AI-Powered Investment Scam Targets Through Social Media Ads Read More »

DeceptionAds Campaign Exploits Ad Networks to Steal Data

Cybersecurity experts have exposed a major malvertising campaign called DeceptionAds, which delivers over 1 million ad impressions daily. This campaign targets thousands of victims each day, using more than 3,000 websites to spread malicious content. The attack relies on a single ad network to redirect users from pirated content sites to fake CAPTCHA pages. These …

DeceptionAds Campaign Exploits Ad Networks to Steal Data Read More »

Botnet Exploits 85,000+ Devices for Illegal Proxy Service

The Socks5Systemz botnet is exploiting over 85,000 compromised devices to fuel an illegal proxy service called PROXY.AM. According to a recent report, the botnet converts infected systems into proxy exit nodes, enabling cybercriminals to mask the origins of their attacks. The botnet has been active since 2016 but saw significant changes in December 2023. Its …

Botnet Exploits 85,000+ Devices for Illegal Proxy Service Read More »

Black Basta Ramps Up Attacks Using Email Bombing

Black Basta ransomware is evolving, leveraging new tactics to target victims. Since October 2024, attackers have adopted email bombing and social engineering to distribute malware payloads such as Zbot and DarkGate. In one strategy, threat actors overwhelm victims’ inboxes by signing them up for numerous mailing lists. This “email bombing” technique not only disrupts communication …

Black Basta Ramps Up Attacks Using Email Bombing Read More »

CISA and FBI Warn About Exploited Vulnerabilities

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has flagged two newly exploited vulnerabilities in its Known Exploited Vulnerabilities (KEV) catalog. Both flaws are under active attack, putting systems at risk. Although the details of these exploits remain limited, proof-of-concept exploits for both are publicly available. CISA urges Federal Civilian Executive Branch (FCEB) agencies to …

CISA and FBI Warn About Exploited Vulnerabilities Read More »

390,000+ WordPress Accounts Compromised in New GitHub Scam

Hackers have stolen over 390,000 WordPress credentials by exploiting a malicious GitHub repository posing as a tool for publishing posts. The repository, which has since been removed, was part of a larger cyberattack campaign targeting security researchers and threat actors alike. This breach exposed sensitive data, including SSH private keys and cloud access credentials, to …

390,000+ WordPress Accounts Compromised in New GitHub Scam Read More »

Bashe Ransomware: A New Threat to Critical Industries

Bashe ransomware, an emerging cyber threat, has been targeting critical industries worldwide since mid-April 2024. This group, formerly known as APT73 and Eraleig, uses tactics similar to LockBit, leveraging a Tor-based Data Leak Site (DLS) for data extortion. Their approach has quickly gained attention due to its sophistication and widespread impact. The Origins of Bashe …

Bashe Ransomware: A New Threat to Critical Industries Read More »

Fake Video Apps Steal Sensitive Data

Hackers are using fake video conferencing apps to target Web3 professionals in a sophisticated scam campaign. The malicious apps, disguised as business meeting tools, deploy an information-stealing malware called Realst to compromise sensitive data. According to cybersecurity researchers, the attackers create fake companies using AI-generated content to appear legitimate. The attackers reach out to victims …

Fake Video Apps Steal Sensitive Data Read More »

New $3,000 Android Trojan Targets Banks

A newly discovered Android remote access trojan (RAT), called DroidBot, is targeting banks, cryptocurrency exchanges, and government organizations. This sophisticated malware affects 77 institutions and employs advanced techniques to steal sensitive information. DroidBot combines hidden Virtual Network Computing (VNC) and overlay attack strategies with spyware-like capabilities. For example, it can monitor user activity and log …

New $3,000 Android Trojan Targets Banks Read More »

Hackers Use Corrupted Files to Evade Email Security Systems

Hackers are leveraging corrupted ZIP files and Microsoft Office documents in a new phishing campaign designed to bypass email security defenses. This technique exploits built-in recovery features in common software, making it difficult for antivirus programs and email filters to detect. The phishing emails often include corrupted ZIP archives or Office attachments that appear harmless …

Hackers Use Corrupted Files to Evade Email Security Systems Read More »

SmokeLoader Malware Targets Key Industries

A new campaign targeting Taiwan’s manufacturing, healthcare, and IT sectors has been distributing SmokeLoader malware. This malware is known for its versatility and advanced evasion capabilities, making it a significant threat. First appearing on cybercrime forums in 2011, SmokeLoader primarily functions as a downloader for other malware. However, it can also carry out direct attacks …

SmokeLoader Malware Targets Key Industries Read More »

Fake Emails Spread Malware in Retail Sector

A sophisticated malware campaign, dubbed Horns&Hooves, is targeting private users, retailers, and service businesses in Russia. This attack delivers Remote Access Trojans (RATs), including NetSupport RAT and BurnsRAT, using fake email attachments and malicious JavaScript payloads. Since its discovery in March 2023, the campaign has impacted over 1,000 victims. Cybercriminals exploit these RATs to gain …

Fake Emails Spread Malware in Retail Sector Read More »

SpyLoan Malware Hits 8 Million Android Users via Loan Apps

A new wave of malicious Android apps has been discovered, targeting users in multiple countries through fraudulent loan services. These apps, collectively downloaded over 8 million times from the Google Play Store, harbor a dangerous malware known as SpyLoan. According to a recent report, these apps exploit social engineering to trick users into granting intrusive …

SpyLoan Malware Hits 8 Million Android Users via Loan Apps Read More »

Russian Hackers Launch HATVIBE and CHERRYSPY Attacks Globally

Russian-linked hackers, identified as TAG-110, are behind a sophisticated cyber espionage campaign targeting organizations in Central Asia, East Asia, and Europe. The threat actors focus on government agencies, human rights organizations, and educational institutions. Using custom malware tools HATVIBE and CHERRYSPY, TAG-110 gains access to systems and steals sensitive data. HATVIBE acts as a loader, …

Russian Hackers Launch HATVIBE and CHERRYSPY Attacks Globally Read More »

Godot Game Engine Misused in Cross-Platform Malware Outbreak

Cybercriminals have turned the widely used Godot Engine into a tool for delivering malware through a campaign dubbed “GodLoader.” Since June 2024, over 17,000 devices have been compromised using this strategy, researchers revealed. Attackers exploit Godot’s scripting language, GDScript, to execute malicious commands and deploy malware. This tactic has gone undetected by nearly all antivirus …

Godot Game Engine Misused in Cross-Platform Malware Outbreak Read More »

WordPress Anti-Spam Plugin Flaws Put 200,000+ Sites at Risk

Two major vulnerabilities have been discovered in a popular WordPress plugin used for spam protection, exposing over 200,000 websites to potential attacks. The plugin, widely promoted as a comprehensive anti-spam solution, is at risk of exploitation by attackers who could install and enable malicious plugins, potentially leading to remote code execution. These vulnerabilities, identified as …

WordPress Anti-Spam Plugin Flaws Put 200,000+ Sites at Risk Read More »

Malware Exploits Vulnerable Drivers to Disable Antivirus Tools

Cybersecurity experts have uncovered a malicious campaign using the Bring Your Own Vulnerable Driver (BYOVD) technique to bypass antivirus protections and compromise systems. This approach involves leveraging legitimate but flawed drivers to disable security tools, leaving systems exposed to further attacks. The malware drops a legitimate Avast Anti-Rootkit driver (aswArPot.sys) and exploits its elevated access …

Malware Exploits Vulnerable Drivers to Disable Antivirus Tools Read More »

AI Scams on LinkedIn: North Korean Hackers Steal Millions

North Korean hackers, identified as Sapphire Sleet, have stolen over $10 million in cryptocurrency through advanced scams and malware campaigns over six months. These campaigns heavily exploit social engineering tactics, including creating fake profiles on LinkedIn. By impersonating recruiters or job seekers, the group tricks individuals into downloading malware, giving hackers access to sensitive credentials …

AI Scams on LinkedIn: North Korean Hackers Steal Millions Read More »

Chinese Hackers Target Telecoms Using GHOSTSPIDER Malware

A China-linked hacking group, identified as Earth Estries, has been leveraging a new malware known as GHOSTSPIDER to target telecommunications companies across over 12 countries. This advanced persistent threat (APT) group has also deployed other tools, such as the MASOL RAT backdoor, to infiltrate government and corporate networks, especially in Southeast Asia. Earth Estries has …

Chinese Hackers Target Telecoms Using GHOSTSPIDER Malware Read More »

BabbleLoader Malware Delivering Advanced Stealers

A newly identified malware loader, BabbleLoader, is raising alarms due to its sophisticated evasion techniques and its role in delivering powerful information-stealing malware such as WhiteSnake and Meduza. This loader has been spotted in campaigns targeting both English and Russian-speaking users, often posing as cracked or accounting software to lure victims. BabbleLoader is an advanced, …

BabbleLoader Malware Delivering Advanced Stealers Read More »

NSO Group Exploits WhatsApp Even After Legal Challenges

Recent legal documents from an ongoing case reveal that the NSO Group, a controversial Israeli spyware vendor, exploited vulnerabilities in WhatsApp to install its Pegasus spyware—even after a lawsuit was filed against it. The revelations highlight the group’s ability to bypass security measures and adapt to countermeasures implemented by the messaging app. In 2019, WhatsApp …

NSO Group Exploits WhatsApp Even After Legal Challenges Read More »

Hackers Exploit NFC to Steal Funds Through Mobile Payments

Cybercriminals are adopting a sophisticated attack method called “Ghost Tap,” which uses near-field communication (NFC) technology to drain funds from mobile payment services like Google Pay and Apple Pay. This method allows attackers to relay payment data from stolen credit cards across global locations in real-time. The attack typically starts by infecting victims with banking …

Hackers Exploit NFC to Steal Funds Through Mobile Payments Read More »

Helldown Ransomware Targets VMware and Linux Systems

Cybersecurity experts have identified a new variant of the Helldown ransomware targeting Linux systems, signaling a shift toward broader attack strategies. Previously focused on Windows systems, the ransomware now also threatens virtualized infrastructures, including VMware environments. Helldown, first documented in mid-August 2024, is an aggressive ransomware strain that exploits security vulnerabilities to infiltrate networks. It …

Helldown Ransomware Targets VMware and Linux Systems Read More »

Vietnamese Hackers Launch New PXA Stealer Targeting Asia

A Vietnamese-speaking hacking group has been linked to a campaign deploying a new Python-based malware called PXA Stealer, which targets sensitive information from government and educational organizations across Europe and Asia. This malware specializes in extracting login credentials, financial details, browser cookies, VPN and FTP client data, and gaming-related information. The malware can decrypt browser …

Vietnamese Hackers Launch New PXA Stealer Targeting Asia Read More »

Malware Targets Facebook Ads Manager to Stealing Credit Card Data

Cybersecurity researchers are raising alarms over an upgraded version of NodeStealer, a Python-based malware designed to infiltrate Facebook Ads Manager accounts and steal sensitive information, including credit card data stored in web browsers. This updated malware variant now employs advanced tactics, such as utilizing the Windows Restart Manager to access browser database files, embedding junk …

Malware Targets Facebook Ads Manager to Stealing Credit Card Data Read More »

Hackers Exploit Windows NTLM Flaw to Spread RAT Malware

Cybersecurity researchers have discovered that a vulnerability in Windows NT LAN Manager (NTLM), tracked as CVE-2024-43451, has been actively exploited as a zero-day in targeted cyberattacks. The flaw, with a CVSS score of 6.5, was patched by Microsoft earlier this week but had already been abused in attacks linked to a suspected Russian-affiliated threat group. …

Hackers Exploit Windows NTLM Flaw to Spread RAT Malware Read More »

New Malware Targets Gamers with Fake Game Boosting Apps

Cybersecurity experts have uncovered a dangerous malware framework called Winos 4.0, which is being distributed through fake gaming optimization tools, speed boosters, and installation utilities. Designed with advanced modular capabilities, the malware allows attackers to control infected systems, execute further attacks, and steal sensitive data. Built on the foundation of Gh0st RAT, Winos 4.0 introduces …

New Malware Targets Gamers with Fake Game Boosting Apps Read More »

Copyright Scams Fuel Spread of Advanced Malware, Exploiting AI

A sophisticated phishing campaign has been leveraging copyright infringement claims to trick users into downloading an updated version of the Rhadamanthys information stealer since July 2024. This operation, dubbed CopyRh(ight)adamantys by researchers, has primarily targeted victims in the U.S., Europe, East Asia, and South America. Emails in this campaign impersonate various companies, often tailored to …

Copyright Scams Fuel Spread of Advanced Malware, Exploiting AI Read More »

Massive ‘Sitting Ducks’ Scheme Exploits 70,000 Hijacked Domains for Cybercrime

Researchers have uncovered a large-scale cyberattack technique known as Sitting Ducks, which has been used by multiple threat actors to hijack legitimate domains for phishing schemes and fraudulent activities over several years. Recent investigations revealed that nearly 70,000 domains have been compromised out of 800,000 identified as vulnerable in the past three months. This attack …

Massive ‘Sitting Ducks’ Scheme Exploits 70,000 Hijacked Domains for Cybercrime Read More »

RustyAttr Malware Exploits macOS Metadata in Cyber Threat

A newly identified malware called RustyAttr is targeting macOS systems by abusing extended attributes in files, marking a novel and sophisticated technique in the cyber threat landscape. Researchers have tentatively linked this activity to the Lazarus Group, a North Korea-associated entity, due to similarities with previous campaigns like RustBucket. Extended attributes are specialized metadata fields …

RustyAttr Malware Exploits macOS Metadata in Cyber Threat Read More »

A Malware Targets Android Users with Fraudulent Money Transfers

A newly discovered Android banking malware, dubbed ToxicPanda, has infected over 1,500 devices, enabling attackers to conduct unauthorized money transfers. This malware employs account takeover (ATO) tactics and on-device fraud (ODF) techniques to bypass bank verification measures and behavioral detection systems. Reports suggest that ToxicPanda originates from a Chinese-speaking threat actor, sharing foundational code with …

A Malware Targets Android Users with Fraudulent Money Transfers Read More »

New Phishing Kit Launches 2,000 Fake Sites Across 5 Countries

Cybersecurity researchers have unveiled a new phishing kit called Xiū gǒu, used in recent campaigns across Australia, Japan, Spain, the United Kingdom, and the United States. This kit, active since at least September 2024, has enabled cybercriminals to set up more than 2,000 phishing sites, primarily targeting sectors such as government, postal services, digital platforms, …

New Phishing Kit Launches 2,000 Fake Sites Across 5 Countries Read More »

Git Config Leak Exposes 15,000 Credentials and Clones Private Repos

Cybersecurity researchers have identified an extensive attack campaign exploiting exposed Git configuration files to steal credentials, clone private repositories, and even extract cloud service credentials embedded within source code. Dubbed “EMERALDWHALE,” this operation has successfully harvested over 10,000 private repositories, storing the stolen data in an Amazon S3 bucket belonging to a previously compromised victim. …

Git Config Leak Exposes 15,000 Credentials and Clones Private Repos Read More »

New Malware Uses Linux VM to Bypass Windows Antivirus

Cybersecurity researchers have discovered a sophisticated malware campaign, CRON#TRAP, which evades antivirus detection on Windows by leveraging a hidden Linux virtual machine with a backdoor for remote access. The malware initiates its infection with a Windows shortcut (LNK) file, often delivered through a phishing email as a ZIP archive. This email may impersonate legitimate organizations, …

New Malware Uses Linux VM to Bypass Windows Antivirus Read More »

New Phishing Tool Targets Developers with Precision Emails

Cybersecurity researchers have highlighted a new phishing tool, GoIssue, that is designed to conduct bulk phishing campaigns targeting GitHub users. Developed by a threat actor known as cyberdluffy (also referred to as Cyber D’ Luffy), this tool was first promoted on the Runion forum earlier in August. GoIssue enables attackers to scrape email addresses from …

New Phishing Tool Targets Developers with Precision Emails Read More »

Chinese Botnet Exploits Router Weaknesses to Steal Credentials

Recent findings by cybersecurity researchers indicate that a Chinese threat actor known as Storm-0940 is deploying a botnet called Quad7, or CovertNetwork-1658, to conduct stealthy password spray attacks aimed at credential theft. These attacks primarily target accounts across several organizations, with the goal of unauthorized access to sensitive data. Since 2021, Storm-0940 has reportedly gained …

Chinese Botnet Exploits Router Weaknesses to Steal Credentials Read More »

Ymir Ransomware Attacks on Corporate Networks

A new strain of ransomware, named Ymir, has been flagged by cybersecurity researchers for its unusual use of memory management techniques to evade detection. Ymir first appears on targeted systems just days after they are initially infected with another malware, RustyStealer, which steals sensitive information to enable further network compromise. This sophisticated campaign uses unconventional …

Ymir Ransomware Attacks on Corporate Networks Read More »

LightSpy Spyware Targets iPhones with Advanced Surveillance

Researchers have identified a more sophisticated version of the LightSpy spyware targeting Apple iOS devices, now equipped with expanded surveillance features and even destructive capabilities that can render a device unbootable. This latest iteration builds on its original modular structure, incorporating multiple plugins that enable the collection of extensive sensitive data. The deployment of LightSpy …

LightSpy Spyware Targets iPhones with Advanced Surveillance Read More »

Hackers Hijack Facebook Accounts to Spread Malware via Ads

A new malvertising campaign has been detected, using hijacked Facebook accounts and Meta’s ad platform to distribute a malware variant called SYS01stealer. Researchers found that the attackers use trusted brands in their ads to gain reach, operating through nearly a hundred malicious domains for both malware distribution and live command-and-control (C2) operations, which lets them …

Hackers Hijack Facebook Accounts to Spread Malware via Ads Read More »

New Android Malware Exploits Calls to Steal Banking Information

Cybersecurity experts recently identified an updated version of the FakeCall malware, a notorious Android threat, that now uses voice phishing—or “vishing”—to deceive users into revealing sensitive information. This advanced malware employs sophisticated methods to gain almost full control over an infected device, including the ability to intercept and manipulate calls, allowing attackers to pose as …

New Android Malware Exploits Calls to Steal Banking Information Read More »

Malicious npm Packages with Malware Threaten Developers

In September 2024, three npm packages were found to be infected with BeaverTail, a type of JavaScript-based malware designed to steal information. These packages, uploaded to the npm registry, are suspected to be part of a larger North Korean-led campaign known as Contagious Interview. The campaign has been actively tracked and analyzed by a research …

Malicious npm Packages with Malware Threaten Developers Read More »

Vulnerability in Plugin Puts Millions of WordPress Sites at Risk

A severe vulnerability has been identified in the LiteSpeed Cache plugin for WordPress, potentially allowing unauthorized attackers to gain admin-level access and conduct harmful actions. The flaw, listed as CVE-2024-50550 with a CVSS severity score of 8.1, was recently patched in the plugin’s 6.5.2 version. This vulnerability, reported by a security researcher, stems from an …

Vulnerability in Plugin Puts Millions of WordPress Sites at Risk Read More »

North Korean Hackers Partner with Play Ransomware in Major Cyber Attack

Researchers have identified North Korean-affiliated threat actors collaborating with the Play ransomware group in a recent cyber attack. This development suggests an evolving strategy where North Korean hackers leverage ransomware operations to achieve financially motivated goals. The activity, tracked from May to September 2024, is attributed to the North Korean group Jumpy Pisces, also known …

North Korean Hackers Partner with Play Ransomware in Major Cyber Attack Read More »

Hacker Group TeamTNT Intensifies Cloud Attacks

The notorious hacking collective TeamTNT has initiated a fresh campaign targeting cloud-native setups to mine cryptocurrencies, while also monetizing by leasing compromised servers to third-party clients. This new wave of attacks seems poised for significant impact, aimed at Docker environments to mine digital currency and deploy malicious software. The group is primarily focusing on vulnerable …

Hacker Group TeamTNT Intensifies Cloud Attacks Read More »

Lazarus Group Exploits Google Chrome Flaw through Fake Gaming Site

The North Korean hacking group, known as the Lazarus Group, has been linked to a recent cyberattack that exploited a serious flaw in Google Chrome to take over users’ devices. The attack, which has now been patched, leveraged a zero-day vulnerability, allowing hackers to gain control over infected computers through a carefully crafted fake gaming …

Lazarus Group Exploits Google Chrome Flaw through Fake Gaming Site Read More »

Cybercriminals Exploit LockBit’s Notoriety to Intimidate Victims

Cybercriminals have started to use the fame of the LockBit ransomware brand to add intimidation to their attacks, even disguising their malware as the well-known LockBit to pressure victims into quick payment. Researchers have observed ransomware operators abusing Amazon’s S3 Transfer Acceleration feature, allowing them to upload stolen data to Amazon S3 buckets under their …

Cybercriminals Exploit LockBit’s Notoriety to Intimidate Victims Read More »

Cybercriminals Exploit EDRSilencer Tool to Bypass Security

Cybercriminals have recently begun exploiting the open-source tool EDRSilencer to bypass endpoint detection and response (EDR) solutions, allowing them to mask their malicious activities. Researchers have observed attackers attempting to integrate EDRSilencer into their attacks as a stealthy means of avoiding detection. EDRSilencer, inspired by the NightHawk FireBlock tool, uses the Windows Filtering Platform (WFP) …

Cybercriminals Exploit EDRSilencer Tool to Bypass Security Read More »

Enhanced Qilin.B Ransomware Adopts Anti-Detection Tactics

Cybersecurity experts have identified a new version of Qilin ransomware, named Qilin.B, which employs sophisticated encryption and evasion strategies to make detection and decryption nearly impossible. This latest variant, tracked as Qilin.B, reflects an ongoing evolution of tactics that make it a significant threat in the ransomware landscape. According to recent reports, Qilin.B now supports …

Enhanced Qilin.B Ransomware Adopts Anti-Detection Tactics Read More »

New Grandoreiro Malware Variants Target Banks Worldwide

Newly evolved variants of the Grandoreiro banking malware are adopting sophisticated techniques to evade detection, showing that the malicious software remains active despite law enforcement crackdowns. Researchers have observed the malware’s operators employing updated tactics, including a domain generation algorithm (DGA) for command-and-control communications, ciphertext stealing (CTS) encryption, and even mouse-tracking functionalities to simulate legitimate …

New Grandoreiro Malware Variants Target Banks Worldwide Read More »

New Cyber Attacks RomCom Unleashes RAT Variant

A recent wave of cyberattacks has targeted Ukrainian government agencies and select Polish entities, with the Russian-based threat actor known as RomCom behind the operations. These attacks, ongoing since late 2023, feature a new variant of the RomCom remote access trojan (RAT), called SingleCamper (also known as SnipBot or RomCom 5.0), according to a report …

New Cyber Attacks RomCom Unleashes RAT Variant Read More »

Apple’s macOS Flaw in Safari Privacy Controls Exposed, Now Patched

Microsoft has revealed details about a recently patched security vulnerability in macOS, which exploited a flaw in Apple’s Transparency, Consent, and Control (TCC) framework. This vulnerability, codenamed HM Surf, allowed attackers to bypass a user’s privacy settings, gaining unauthorized access to sensitive data. Tracked as CVE-2024-44133, the flaw was fixed by Apple with the release …

Apple’s macOS Flaw in Safari Privacy Controls Exposed, Now Patched Read More »

Inside Cicada3301: The Rising Ransomware Group and Its Affiliate Program

Cybersecurity researchers have uncovered new details about the ransomware-as-a-service (RaaS) operation known as Cicada3301. The group’s affiliate program, which was accessed via the dark web, sheds light on the inner workings of this emerging threat. The investigation, conducted by a research team, began after they contacted Cicada3301 through a cybercrime forum, following the group’s advertisement …

Inside Cicada3301: The Rising Ransomware Group and Its Affiliate Program Read More »

Crypt Ghouls Unleashes Ransomware Using LockBit 3.0 and Babuk

A new cybercriminal group, Crypt Ghouls, has been identified as the perpetrator behind a series of ransomware attacks targeting Russian businesses and government agencies. These attacks aim to disrupt operations and extort financial payouts. The group employs various tools to infiltrate systems, steal data, and ultimately encrypt sensitive files using the LockBit 3.0 and Babuk …

Crypt Ghouls Unleashes Ransomware Using LockBit 3.0 and Babuk Read More »

New Wave of Astaroth Banking Malware via Spear-Phishing Scams

A new spear-phishing campaign is targeting Brazilian users, delivering the notorious Astaroth (also known as Guildma) banking malware by employing obfuscated JavaScript to bypass security defenses. According to a report, this campaign has heavily impacted industries such as manufacturing, retail, and government agencies. The phishing emails often disguise themselves as official tax-related documents, using the …

New Wave of Astaroth Banking Malware via Spear-Phishing Scams Read More »

Fake Google Meet Pages Spread Infostealing Malware

Cybercriminals are using counterfeit Google Meet websites as part of an ongoing malware campaign, known as ClickFix, to deliver information-stealing malware to both Windows and macOS users. The strategy involves tricking users with fake error messages in their web browsers, prompting them to copy and run malicious PowerShell commands, ultimately leading to their systems being …

Fake Google Meet Pages Spread Infostealing Malware Read More »

Malware Campaign Uses Stolen Certificates to Spread Hijack Loader

Cybersecurity experts have uncovered a new malware campaign that deploys Hijack Loader, a malicious program signed with legitimate code-signing certificates. The attack, detected earlier this month, is aimed at distributing an information-stealing malware called Lumma. Hijack Loader, also known as DOILoader, first emerged in September 2023. Attackers often trick users into downloading this malware by …

Malware Campaign Uses Stolen Certificates to Spread Hijack Loader Read More »

New Phishing Tactics Target Finance and Insurance Sectors

A recent phishing campaign is using GitHub links to bypass security and spread Remcos RAT, targeting the insurance and finance industries. The attacks trick victims into downloading malware by embedding links in legitimate-looking repositories like tax filing software. By leveraging trusted repositories, the attackers make their phishing attempts more convincing and harder to detect. Central …

New Phishing Tactics Target Finance and Insurance Sectors Read More »