Windows Phone Link Becomes Attack Target Windows Phone Link exploited attacks now threaten users who sync phones with computers. Researchers uncovered a campaign using a remote access trojan called CloudZ. However, the attackers also deployed a custom plugin named Pheno. Therefore, the malware gained access to sensitive synced mobile data. The attack focused on stealing …
Facebook Accounts Hacked in Large Campaign Facebook accounts hacked through phishing attacks have affected nearly 30,000 users worldwide. Researchers uncovered a large operation linked to Vietnam. However, the attackers used trusted online services to avoid detection. Therefore, many victims believed the phishing emails were legitimate. The operation focused mainly on Facebook Business account owners. Moreover, …
Facebook Accounts Hacked Through Phishing Emails Read More »
Mirai-Based Botnet Targets IoT Devices Mirai-based botnet attacks now threaten internet-connected devices worldwide. Researchers recently uncovered a new malware strain called xlabs_v1. However, the botnet mainly targets devices with exposed Android Debug Bridge services. Therefore, many smart devices face serious security risks. The malware infects Android TV boxes, smart TVs, and set-top boxes. Moreover, it …
Python Backdoor Targets Sensitive Data Python backdoor attacks now threaten users and organizations worldwide. Researchers discovered a stealthy malware framework called DEEP#DOOR. However, the campaign appears limited and targeted for now. Therefore, experts continue monitoring its activity closely. The malware uses Python to create persistent remote access. Moreover, it collects sensitive information from infected systems. …
Phishing Campaign Targets Many Organizations Phishing campaign attacks have hit more than 80 organizations since April 2025. Most victims operate in the United States. However, researchers believe the campaign may spread further. Therefore, security teams now monitor the activity closely. The attackers use legitimate remote management software during the attacks. For example, they install trusted …
MuddyWater Attack Targets Organizations MuddyWater uses Teams to steal login credentials in new cyberattacks. Researchers linked the campaign to an Iranian-backed hacking group. However, the attackers disguised the operation as ransomware activity. Therefore, many victims first believed criminals caused the breach. The campaign appeared in early 2026. Researchers observed attackers using social engineering tactics through …
Overview of the Threat New BlackFile extortion group drives a rise in vishing attacks. However, this group focuses on retail and hospitality sectors. Researchers report increased incidents since early 2026. Therefore, organizations now face higher risks of data theft. The attackers aim to steal credentials and demand large ransoms. As a result, businesses may suffer …
BlackFile Extortion Group Fuels Global Vishing Attacks Read More »
Overview of the Attack Threat actor uses Microsoft Teams to launch a new malware campaign. However, this attack relies heavily on social engineering tactics. Researchers discovered a custom malware suite called “Snow.” Therefore, attackers aim to steal sensitive data after gaining access. They focus on deep network compromise and credential theft. As a result, organizations …
Overview of the Issue Popular WordPress redirect plugin hid a hidden backdoor for years. However, many users remained unaware of the threat. Researchers discovered the issue after multiple sites triggered alerts. Therefore, the finding raised serious concerns about plugin security. The plugin had over 70,000 active installations. As a result, the potential impact is very …
Overview of the Scam Fake CAPTCHA IRSF scam campaigns are targeting mobile users worldwide. However, these scams use simple tricks to cause real financial damage. Researchers found that victims unknowingly send international SMS messages. Therefore, users face unexpected charges on their phone bills. The attackers earn money from these hidden fees. As a result, this …
Overview of the Threat VECT 2.0 ransomware is causing serious concern among security experts. However, it behaves more like a data wiper than true ransomware. Researchers found a major flaw in its encryption process. Therefore, victims cannot recover their files after an attack. This issue affects systems running Windows, Linux, and ESXi. As a result, …
Overview of the Threat A new wave of DPRK attacks is targeting developers through malicious software packages. Researchers recently found harmful code hidden inside an npm package. This package appeared safe at first glance. However, it secretly stole sensitive data from infected systems. Therefore, experts warn that modern attacks now rely on deception and automation. …
Overview of Harvester Activity Harvester deploys Linux GoGra backdoor in new cyber attacks. Researchers recently identified this threat in South Asia. Therefore, the campaign shows a clear regional focus. Moreover, the attacker continues to expand its tools. It now targets both Windows and Linux systems. As a result, more organizations face potential risks. In addition, …
Overview of Kyber Ransomware Gang Kyber ransomware gang activity has recently increased across networks. Researchers observed new attacks targeting Windows and virtual systems. Therefore, this threat continues to evolve quickly. Moreover, attackers use multiple versions of the ransomware in one campaign. They aim to maximize damage across different environments. As a result, both file servers …
Overview of the SystemBC C2 Server SystemBC C2 server activity has revealed a large cybercrime operation. Researchers uncovered over 1,570 infected systems worldwide. Therefore, this discovery highlights the scale of modern ransomware threats. Moreover, attackers linked this activity to a ransomware-as-a-service group. This group operates under a structured criminal model. As a result, affiliates can …
Overview of the NGate Campaign NGate campaign activity has increased with a new attack wave. Researchers recently identified a fresh Android malware variant. This version targets users in Brazil specifically. Therefore, it marks a shift toward regional targeting. Moreover, the malware uses a modified version of a legitimate app. Attackers altered the app to include …
Overview of the Supply Chain Worm Self-propagating supply chain worm attacks are rising quickly. Researchers recently found infected software packages in developer ecosystems. These packages spread malware using stolen access tokens. Therefore, the threat grows fast across multiple systems. Moreover, attackers designed the worm to move automatically between projects. It steals sensitive data during installation …
Overview of the Lotus Wiper Malware Lotus Wiper malware has emerged as a serious cyber threat. Researchers identified it during attacks in late 2025 and early 2026. Specifically, the attacks targeted Venezuela’s energy and utilities sector. Moreover, experts found that this malware focuses on destruction, not profit. Therefore, it stands out from typical ransomware threats. …
Overview of the Plugin Attack WordPress plugin suite hacked to spread malware across many websites. This attack affects over 30 plugins in one package. Moreover, these plugins run on thousands of active sites. Therefore, the impact reaches a large number of users. A malicious actor inserted hidden code into the plugins. However, the code stayed …
Overview of ZionSiphon Malware ZionSiphon malware targets water systems with harmful intent. It focuses on operational technology environments. Moreover, it aims to disrupt water treatment and desalination processes. Researchers identified this threat during a recent analysis. Therefore, experts warn about its future risks. This malware can manipulate critical system settings. For example, it may increase …
Introduction to the ATHR Vishing Platform The ATHR vishing platform uses AI to run automated voice scams. It targets users through clever social engineering tactics. Moreover, it combines human input with AI-driven voice agents. As a result, attackers can scale their operations quickly. This platform simplifies complex cybercrime processes. Therefore, even less skilled attackers can …
Overview of Mirax Android RAT Mirax Android RAT is a new mobile threat targeting users. It mainly affects Spanish-speaking regions. Researchers observed campaigns reaching over 220,000 users through ads. Moreover, attackers spread the malware using social media promotions. These ads appear on popular platforms and look legitimate. Therefore, many users trust and click them. However, …
Overview of JanelaRAT Malware JanelaRAT malware continues to target banks in Latin America. It mainly affects countries like Brazil and Mexico. This threat focuses on stealing financial and cryptocurrency data. Moreover, security researchers report a sharp rise in attacks. In 2025, attackers launched 14,739 attacks in Brazil alone. Meanwhile, they recorded over 11,000 attacks in …
JanelaRAT Malware Hits Banks with 14,739 Attacks Read More »
Overview of the Threat Cybersecurity experts have uncovered a serious online threat. They identified 108 harmful Chrome extensions targeting users. These extensions aim to steal sensitive personal data. They also enable browser abuse through hidden scripts. Moreover, the extensions connect to a shared command system. This system collects data from all infected users. Therefore, attackers …
108 Malicious Chrome Extensions Hit 20,000 Users Read More »
Overview of VENOM Phishing Attacks VENOM phishing attacks now target senior executives across industries. Attackers aim to steal login credentials from high-level staff. Therefore, CEOs, CFOs, and VPs face higher risk. This campaign started around last November. However, it remains hidden from public forums. As a result, researchers have limited visibility into its spread. Experts …
Overview of the LucidRook Threat LucidRook malware has emerged as a new cyber threat. It targets NGOs and universities in Taiwan. Attackers use spear-phishing emails to spread it. These emails often include password-protected files. As a result, victims may trust and open them. Researchers linked this malware to a skilled threat group. They describe the …
Overview of the Threat Security researchers have uncovered 36 malicious npm packages targeting developers. These packages pretend to be legitimate plugins for a popular content system. However, they contain harmful code designed to exploit systems. These fake packages use simple naming tricks to appear trustworthy. For example, they include terms like “server” or “database.” Therefore, …
Overview of the Ransomware Threat Qilin and Warlock ransomware disable security tools using advanced methods. These groups target systems to weaken defenses before attacks. Moreover, they use a technique called vulnerable driver abuse. Therefore, they can bypass many modern protections. Researchers recently uncovered this dangerous activity. They found that attackers use trusted drivers with known …
Qilin and Warlock Ransomware Disable Security Tools Read More »
Overview of the Supply Chain Attack N. Korean hackers spread malicious packages across developer platforms. They target ecosystems like npm, PyPI, Go, and Rust. Moreover, they disguise malware as useful development tools. Therefore, developers may install them without suspicion. Researchers link this activity to an ongoing campaign. This campaign focuses on supply chain attacks. In …
Overview of the Masjesu Botnet Masjesu botnet powers a growing DDoS-for-hire service. It targets IoT devices across the world. Moreover, attackers promote it through messaging platforms. Therefore, more users can access this illegal service easily. Researchers first observed this botnet in 2023. It focuses on stealth and long-term survival. However, it avoids high-profile targets to …
Overview of the Phishing Campaign Casbaneiro phishing targets users across Latin America and Europe. It mainly focuses on Spanish-speaking organizations and individuals. Moreover, attackers use multiple methods to spread malware. Therefore, the campaign has a wide reach and impact. Researchers link this activity to a cybercrime group from Brazil. This group uses a mix of …
Casbaneiro Phishing Uses PDF Lures to Spread Malware Read More »
Overview of the Impersonation Campaign CERT-UA impersonation spreads malware through a large phishing campaign. Attackers pretended to be a trusted cybersecurity agency. Moreover, they sent fake emails to trick users into downloading malicious files. Therefore, many organizations became potential targets. Researchers identified this activity in late March 2026. The attackers targeted various sectors across the …
CERT-UA Impersonation Spreads Malware via Emails Read More »
Overview of the WhatsApp Malware Campaign Microsoft warns of a new malware campaign spreading through WhatsApp messages. Attackers send harmful Visual Basic Script files to users. Moreover, these files start a complex infection process. Therefore, victims may lose control of their systems quickly. Researchers first observed this activity in early 2026. The campaign uses social …
Microsoft Warns of WhatsApp Malware Hijacking Windows Read More »
Overview of the Targeted Attack Campaign TA446 deploys DarkSword in a new spear-phishing campaign. This campaign targets iPhone users with advanced exploits. Moreover, the attackers send fake emails to trick victims. Therefore, users may unknowingly expose sensitive data. Researchers link this activity to a Russia-backed threat group. The group has a history of targeting high-value …
Overview of the Espionage Campaign China-linked hackers are running a long-term cyber espionage campaign. They target telecom networks to access sensitive government data. Moreover, they embed hidden tools inside critical systems. Therefore, they can maintain access for long periods. Researchers have tracked this group under several different names. The group has attacked telecom providers across …
Overview of the WebRTC Skimmer Threat WebRTC skimmer is a new malware targeting online stores. It steals payment data using advanced techniques. Moreover, it avoids traditional detection methods used by security systems. Therefore, many websites may remain vulnerable without knowing. Researchers recently identified this new attack method in active use. This malware uses WebRTC data …
Overview of the Global Botnet Disruption The DoJ has disrupted several large IoT botnets used in global cyberattacks. These botnets controlled millions of infected devices worldwide. Moreover, they launched powerful distributed denial-of-service attacks against many targets. Therefore, authorities acted quickly to stop the growing threat. The operation focused on shutting down command-and-control infrastructure. Authorities from …
Overview of the Espionage Campaign A China-linked hacking group has launched a long-term cyber campaign. It targets telecom networks to spy on government systems. Moreover, the attackers maintain hidden access inside critical infrastructure. Therefore, they can monitor sensitive communications over time. Researchers have tracked this group under several different names. This group has attacked telecom …
China-Linked Hackers Use BPFDoor for Telecom Spying Read More »
Overview of the Speagle Malware Threat Cybersecurity experts have identified a new malware called Speagle. It targets a document protection tool to steal sensitive data. Specifically, it abuses trusted software functions to hide its activity. As a result, victims may not notice the attack quickly. Moreover, the malware sends stolen data through compromised servers. Therefore, …
Overview of the Ghost Campaign Cybersecurity researchers have uncovered a new threat called the Ghost campaign. It uses malicious npm packages to steal sensitive data. These packages target developers and crypto users. Therefore, the campaign poses a serious risk to modern software environments. The attackers designed the packages to appear helpful and legitimate. However, they …
Ghost Campaign Tricks Developers Into Data Theft Read More »
Hackers use fake resumes to steal credentials in a new phishing campaign. Researchers found the attack targeting French-speaking corporate environments. However, the attackers designed the campaign to appear harmless. The emails contain fake resume attachments. For example, they pretend to be job applications. Therefore, HR teams often open them without suspicion. Once opened, the files …
Tax Search Ads Deliver ScreenConnect Malware through a large malvertising campaign. Researchers observed the activity starting in early 2026. However, the attackers specifically targeted users searching for tax forms. The campaign used sponsored search results to lure victims. For example, users searching for “W-2 tax form” saw malicious ads. Therefore, many users clicked without suspecting …
Malicious npm Package Steals macOS Credentials Malicious npm Package Steals macOS Credentials through a disguised developer tool. Researchers recently discovered the threat in a public code registry. However, the package pretended to install a popular software tool. The package used the name “@openclaw-ai/openclawai.” Attackers uploaded it on March 3, 2026. Although downloads were limited, the …
KadNap Malware Infects 14,000 Edge Devices KadNap Malware Infects 14,000 Edge Devices in a growing cyber campaign. Researchers recently uncovered this new malware threat. However, the attack mainly targets network edge devices. Most infections involve routers used in homes and small offices. Therefore, many victims may not notice the compromise. Reports show that more than …
BlackSanta EDR Killer Targets HR Teams BlackSanta EDR Killer Targets HR Teams in a long-running cyber campaign. Researchers discovered the activity after months of investigation. However, the attackers remained hidden for over a year. The campaign focuses on human resources departments. These teams often handle resumes and personal data. Therefore, attackers exploit this workflow to …
MuddyWater Hackers Target Networks MuddyWater Hackers Target U.S. Networks in a new cyber campaign. Researchers recently found signs of intrusion in several organizations. These include banks, airports, and non-profit institutions. However, the attackers also reached a technology supplier. Experts attribute the activity to MuddyWater. This group is also known as Seedworm. It reportedly links to …
MuddyWater Hackers Target Networks in Cyber Campaign Read More »
Malicious NuGet Packages Stole ASP.NET Data Malicious NuGet Packages Stole ASP.NET Data in a recent supply chain attack. Researchers discovered four harmful packages targeting developers. These packages aimed at ASP.NET web application projects. However, the real goal was to compromise deployed applications. A security report revealed that the campaign stole ASP.NET Identity data. For example, …
UAC-0050 Targets Financial Institution UAC-0050 Targets Financial Institution in a new cyber campaign. Researchers observed the attack against a European organization. However, the group usually focuses on Ukrainian entities. Therefore, this shift may signal broader targeting. The threat actor aligns with Russian interests. Experts also link the group to intelligence gathering and financial theft. In …
Microsoft Warns OAuth Redirect Abuse Campaign Microsoft Warns OAuth Redirect Abuse in new phishing attacks. Researchers observed campaigns targeting government and public-sector groups. However, these attacks do not exploit software flaws. Instead, they misuse built-in OAuth features. The researchers described this as an identity-based threat. Therefore, attackers rely on normal OAuth behavior. They do not …
Starkiller Phishing Suite Targets MFA Starkiller Phishing Suite is a new tool that bypasses multi-factor authentication. Researchers recently revealed its advanced capabilities. However, this phishing platform does more than steal passwords. It uses a reverse proxy method to intercept live login sessions. A threat group calling itself Jinkusu promotes the platform online. The group markets …
Introduction to Fake Laravel Packages Fake Laravel Packages are spreading a dangerous remote access trojan. Security experts recently uncovered this serious threat. These malicious tools target developers who use popular PHP resources. However, many users install them without noticing the hidden risk. Researchers found the harmful packages on Packagist. The packages pretend to offer Laravel …
Cybersecurity researchers uncovered North Korea-linked Lazarus Group using Medusa ransomware. They attacked an entity in the Middle East and tried a U.S. healthcare organization. This shows a shift to off-the-shelf ransomware for financial gain. Ransomware Deployment Details Lazarus deployed Medusa in a Middle East attack successfully. They also launched an unsuccessful attempt against a U.S. …
Lazarus Group Uses Medusa Ransomware Targets Healthcare Sector Read More »
Cybersecurity researchers uncovered a new espionage campaign. UnsolicitedBooker attacked telecom companies in Kyrgyzstan and Tajikistan. They deployed two distinct backdoors called LuciDoor and MarsSnake. Shift in Targeting Focus The group changed its focus recently. Earlier attacks hit Saudi Arabian organizations. Now they target telecoms in Central Asia. This marks a clear shift in victim selection. …
UnsolicitedBooker Targets Central Asian Telecoms Read More »
Cybersecurity researchers uncovered a new espionage campaign by a Russia-linked group. APT28 attacked specific organizations in Western and Central Europe. They used simple yet effective macro malware in targeted phishing emails. Campaign Timeline and Name The operation lasted from September 2025 to January 2026. Researchers named it Operation MacroMaze. Attackers focused on basic tools and …
Microsoft researchers discovered companies gaming AI chatbots. They abuse “Summarize with AI” buttons to bias recommendations. This new technique poisons AI memory for unfair advantage. How AI Recommendation Poisoning Works Companies embed hidden instructions in clickable buttons. These buttons appear on websites as “Summarize with AI.” When users click them, the link sends special prompts …
AI Recommendation Poisoning Manipulates Chatbots Read More »
Cybersecurity researchers uncovered a clever new ClickFix attack. Attackers hijack legitimate websites to deliver MIMICRAT malware. This previously unknown RAT gives full remote control to criminals. How the Campaign Starts The attack begins on compromised legitimate sites. One example is a BIN validation service that attackers breached. They inject malicious JavaScript code. This code loads …
The FBI warns of a sharp rise in ATM jackpotting attacks. Criminals use malware to force machines to spit out cash. Since 2020, they recorded 1,900 incidents. In 2025 alone, losses topped $20 million. How Criminals Gain Access Attackers target ATMs with weak physical security. They use generic keys to open the front panel. These …
Cybersecurity researchers uncovered a powerful new spyware platform. They call it ZeroDayRAT. Sellers advertise it on Telegram to steal data and watch victims live on Android and iOS. How ZeroDayRAT Works Buyers get a builder tool. They create custom malicious apps. The spyware runs on Android 5 to 16 and iOS up to 26. Operators …
ZeroDayRAT Mobile Spyware Enables Real-Time Surveillance Read More »
Cybersecurity researchers uncovered a dangerous new Android trojan. They call it Massiv. Fake IPTV apps deliver this malware to steal banking credentials and take over devices. How the Malware Spreads Attackers send SMS phishing messages. These messages push fake IPTV apps. Victims download and install the dropper. It looks like a normal TV streaming tool. …
Cybersecurity researchers uncovered a clever supply-chain attack. North Korea-linked Lazarus Group plants malicious packages in npm and PyPI. They trick developers with fake blockchain job offers. Fake Recruitment Tactics Attackers create a phony company called Veltrix Capital. They focus on blockchain and cryptocurrency trading. Recruiters contact people on LinkedIn, Facebook, and Reddit. They offer coding …
Cybersecurity researchers discovered a dangerous backdoor hidden in Android tablet firmware. They named it Keenadu. This malware sneaks in during the build process and survives OTA updates. Deep Firmware Infection Keenadu embeds inside libandroid_runtime.so. This critical library loads at boot. It injects into the Zygote process. Therefore, every app runs with the backdoor active. The …
Keenadu Firmware Backdoor Infects Android Tablets Read More »
Cybersecurity researchers uncovered a previously unknown threat actor. They track it as UAT-9921. This group deploys a new modular malware framework called VoidLink against tech and finance sectors. Threat Actor Background UAT-9921 has operated since 2019. They recently added VoidLink to their toolkit. The actor shows knowledge of Chinese language in code comments. Researchers believe …
Cybersecurity researchers discovered a clever Android malware. It abuses Google’s Gemini AI for persistence. PromptSpy keeps itself pinned in recent apps automatically. How PromptSpy Uses Gemini The malware sends the current screen XML dump to Gemini. It includes every UI element with text and position. Gemini acts as an “Android automation assistant.” It returns JSON …
Cybersecurity researchers uncovered ongoing espionage campaigns. APT36 and SideCopy target Indian defense and government entities. They use cross-platform remote access trojans to steal data and maintain access. Targeted Sectors and Goals Attackers focus on defense, government, and strategic organizations. They also hit policy, research, and critical infrastructure groups. For example, they use defense-themed lures to …
Cybersecurity researchers uncovered a sophisticated operation by North Korea-linked hackers. Lazarus Group plants malicious packages in npm and PyPI. They use fake job offers to infect developers. Fake Company Setup Attackers create a fake blockchain firm called Veltrix Capital. They register domains and build GitHub organizations. For example, they host Python and JavaScript projects. These …
Google reports state-backed hackers using its Gemini AI. North Korea-linked UNC2970 employs the tool for target profiling. Other groups also misuse it to speed up attacks. North Korean Group Targets Defense UNC2970 overlaps with Lazarus Group activities. They run long campaigns called Operation Dream Job. For example, they pose as recruiters in aerospace and defense. …
Cybersecurity researchers uncovered a new malware-as-a-service tool. It promises malicious Chrome extensions that pass Google’s review. The tool helps attackers push phishing pages easily. How the Malware Service Works The service lets buyers create harmful browser add-ons. These extensions overlay full-screen iframes on real websites. For example, they show fake login pages while the address …
Malware Service Guarantees Chrome Phishing Extensions Read More »
Cybersecurity researchers uncovered a new Chinese-linked espionage group. Amaranth Dragon exploits a WinRAR vulnerability. They target government and law enforcement in Southeast Asia. The New Threat Actor Amaranth Dragon connects to the known APT41 operations. They show strong technical skill and careful planning. For example, they limit attacks to specific countries. Therefore, they avoid unnecessary …
Cybersecurity researchers uncovered a clever malware campaign. They call it DEAD#VAX. Attackers use IPFS-hosted VHD files to sneak AsyncRAT onto systems. How the Phishing Starts Attackers send phishing emails with fake purchase orders. They disguise the attachment as a PDF file. However, the link points to a VHD hosted on IPFS. This decentralized network helps …
Cybersecurity researchers uncovered attacks by a Russian-linked group. APT28 uses a new Microsoft Office vulnerability. They target users in Ukraine, Slovakia, and Romania for espionage. The Vulnerability Details The flaw is CVE-2026-21509 with a 7.8 severity score. It allows attackers to bypass security features. For example, a crafted Office file triggers unauthorized actions. Microsoft and …
Security experts uncovered a large wave of harmful add-ons. More than 230 malicious skills appeared for an open-source AI assistant. These fake tools deliver password-stealing malware to users. The Viral AI Assistant Malware The project started as ClawdBot. It quickly changed to Moltbot and now OpenClaw. This local AI helper remembers chats and connects to …
Cybersecurity experts reported a massive DDoS attack. The Aisuru botnet hit a new peak of 31.4 Tbps. It also reached 200 million requests per second. The Record-Breaking Attack Attackers launched the assault on December 19 last year. They targeted telecom companies and IT providers. For example, the campaign flooded Cloudflare customers and infrastructure. Therefore, it …
Cybersecurity experts found a sneaky Android malware campaign. Attackers use a trusted AI platform to hide thousands of harmful app versions. These steal login details from banking and payment apps. Scare Tactics Lure Victims Attackers push fake security warnings. They show ads claiming devices face scams or viruses. For example, users see urgent alerts about …
Cybersecurity experts spotted Chinese-linked hackers using an improved backdoor. They call it COOLCLIENT. Mustang Panda targets government systems in several countries for deep spying. Targets and Campaign Scope The group hits government entities hard. They focus on Myanmar, Mongolia, Malaysia, and Russia. For example, attacks ran strong in 2025. Therefore, officials face ongoing risks. Mustang …
Mustang Panda Deploys Updated COOLCLIENT Backdoor Read More »
Cybersecurity researchers uncovered harmful Chrome extensions. These add-ons hijack affiliate links and steal ChatGPT access. They also grab user data from popular shopping sites. How Affiliate Hijacking Works One extension claims to block Amazon ads. It installs easily from the Chrome store. However, it secretly replaces affiliate tags in product links. The attacker’s tag earns …
Malicious Chrome Extensions Steal Affiliate Revenue Read More »
Cybersecurity experts uncovered an active phishing campaign. It targets users in India with fake tax notices. Attackers aim to install a powerful backdoor for spying and data theft. Fake Tax Emails Start the Attack Attackers send emails pretending to come from India’s tax department. They claim victims owe penalties. For example, the subject lines look …
Cybersecurity experts revealed a clever new campaign. Fake CAPTCHAs trick users into running malicious commands. These attacks deliver an information stealer called Amatera using trusted Microsoft tools. The Fake CAPTCHA Trick Begins Attackers show fake verification prompts on websites. They urge users to copy a command and paste it into the Windows Run box. For …
Researchers uncovered a major cyber attack on Poland’s energy system. Russian-linked hackers used new wiper malware called DynoWiper. The attempt happened in late December 2025 but failed to disrupt power. The Attack Hits Critical Targets Hackers struck on December 29 and 30, 2025. They aimed at two combined heat and power plants. Additionally, they targeted …
Cybersecurity experts uncovered a clever multi-stage phishing campaign. It targets people in Russia. Attackers deliver ransomware and a dangerous remote access tool called Amnesia RAT. How the Attack Begins Attackers send phishing emails with business documents. These look like normal routine files. For example, they pretend to be work tasks or reports. Therefore, victims open …
Cybersecurity experts warn about a clever phishing campaign. Attackers use stolen credentials to install trusted remote tools. These tools give them lasting access to computers. The Sneaky Phishing Start Attackers send fake invitation emails. They pretend the messages come from a popular online card service. For example, the subject looks like a friendly invite. Therefore, …
Microsoft warns of multi-stage adversary-in-the-middle (AitM) phishing and business email compromise attacks. These target energy sector organizations. Attackers use clever tricks to steal credentials and take control. How the Attack Starts Attackers begin with a phishing email. They send it from a trusted, previously compromised email address. The message pretends to be a SharePoint document-sharing …
Adversary-in-the-Middle Phishing Hits Energy Firms Read More »
Evelyn Stealer Targets VS Code Cybersecurity experts uncovered a dangerous new threat. Evelyn Stealer targets VS Code extensions to steal developer credentials and crypto. It hits software developers hard. Therefore, attackers gain access to valuable company systems. How Attackers Hide in VS Code Hackers publish fake extensions in the marketplace. These extensions look useful at …
Evelyn Stealer Targets VS Code to Steal Credentials Read More »
New Android Malware Uses AI Hackers created a smart Android threat. New Android malware uses AI to click on hidden browser ads. It tricks ad systems for profit. Therefore, it drains phone resources quietly. How the AI-Powered Click Fraud Works The malware loads a hidden browser inside the app. This browser stays invisible to users. …
LinkedIn Messages Spread RAT Malware Cybersecurity experts found a clever phishing trick. Hackers send private messages on LinkedIn. They target important people this way. Therefore, victims often trust the sender quickly. Hackers pretend to be friendly contacts. They build trust fast. Then, they trick users into downloading a fake file. For example, the file looks …
Malware Targets Linux Cloud and Containers Cybersecurity experts revealed a new threat. They call it VoidLink Malware. This advanced framework targets Linux systems in the cloud. Therefore, it stays hidden for long periods. Researchers discovered it in December 2025. The malware uses custom tools. For example, it includes loaders, implants, and rootkits. Attackers can add …
VoidLink Malware Targets Linux Cloud and Containers Read More »
Malicious Extensions Steal Logins Cybersecurity experts found five bad Chrome extensions. These fake add-ons pretend to help with work tools. They target popular business platforms like HR and ERP systems. Therefore, they trick users into installing them. The extensions promise premium access. For example, they claim to simplify tasks on these platforms. However, they actually …
GootLoader Malware Tricks Cybercriminals use a clever trick. They hide dangerous code inside GootLoader Malware. This loader combines 500 to 1,000 ZIP files into one broken archive. Therefore, most security tools fail to open it properly.Many unzipping programs struggle. For example, popular tools like third-party archivers cannot extract the contents reliably. However, Windows’ built-in extractor …
GootLoader Malware Tricks Detection with 500+ ZIP Files Read More »
Rising Android Malware Operations Android malware operations have grown more advanced and widespread. Threat actors now combine multiple attack techniques at scale. Therefore, mobile users face higher risks than before. Researchers observed these attacks targeting users in Central Asia. However, similar methods now appear globally. As a result, mobile security faces new pressure. Shift From …
Discovery of Malicious Chrome Extensions Two Chrome extensions were recently found stealing user credentials. Cybersecurity researchers uncovered both add-ons during routine analysis. Therefore, the threat raises serious privacy concerns. Both extensions share the same name and developer. However, each has a different extension ID. As a result, detection became harder. Disguised as a Legitimate Tool …
Two Chrome Extensions Steal Credentials Silently Read More »
Overview of the Nomani Investment Scam Nomani investment scam activity has increased sharply in recent months. According to a researcher report, incidents rose by 62% this year. Therefore, online users face higher financial risk. The scam now spreads across multiple social platforms. However, earlier campaigns focused on a single network. As a result, detection has …
Overview of the Kimwolf Android Botnet Kimwolf Android Botnet has infected more than two million devices worldwide. According to a recent researcher report, the malware spreads quietly through proxy networks. Therefore, many users remain unaware of the compromise. The botnet has remained active since at least August 2025. However, its scale only became clear after …
Overview of Fake Booking Emails Campaign Fake Booking Emails have emerged as a new phishing campaign targeting hotel staff across Europe. According to a recent researcher report, attackers used deceptive messages to trigger malware infections. Therefore, hospitality organizations faced serious operational and security risks. The campaign appeared in late December 2025. Moreover, it relied on …
Overview of Chrome Extensions Steal ChatGPT Chats Chrome Extensions Steal ChatGPT Chats through malicious add-ons found in the browser marketplace. According to a researcher report, attackers designed these extensions to collect chatbot conversations and browsing data. Therefore, nearly 900,000 users faced silent data exposure. The extensions targeted conversations from popular AI chat platforms. Moreover, attackers …
Chrome Extensions Steal ChatGPT Chats from Users Read More »
Overview of VVS Stealer Malware VVS Stealer Malware has emerged as a new threat targeting Discord users worldwide. According to a recent researcher report, this Python-based malware steals login credentials and authentication tokens. Therefore, affected users risk account takeovers and data loss. The malware has circulated in underground markets since early 2025. Moreover, attackers marketed …
Overview of the Trust Wallet Chrome Extension Hack Trust Wallet Chrome Extension Hack exposed a serious software supply chain breach in late 2025. According to an incident report, attackers compromised a browser extension update to steal user assets. Therefore, the breach quickly escalated into a large financial loss. The attack resulted in approximately $8.5 million …
Overview of DarkSpectre Browser Extension Campaigns DarkSpectre Browser Extension Campaigns exposed a long-running threat affecting users worldwide. According to a recent researcher report, attackers operated multiple malicious extension campaigns across major browsers. Therefore, millions of users unknowingly installed tools designed for surveillance and fraud. In total, these campaigns impacted more than 8.8 million users over …
Overview of the Chrome Extension Hack Crypto Wallet Chrome Extension Hack exposed users to a large supply chain attack in late 2025. According to a public incident report, attackers used a compromised update to steal digital assets. Therefore, the breach quickly escalated into a major financial loss affecting thousands of users. The incident resulted in …
Crypto Wallet Chrome Extension Hack Drains $8.5M Read More »
Overview of the RondoDox Botnet Campaign RondoDox Botnet has driven a long-running cyber campaign that targets IoT devices and web servers across the internet. According to a recent report, attackers sustained this operation for nine months, which therefore shows careful planning and long-term intent. Moreover, the threat actors focused on quietly expanding their botnet while …
RondoDox Botnet Exploits React2Shell to Hijack Devices Read More »
Overview of the New Android Malware Campaign Kimsuky spreads DocSwap malware through deceptive QR phishing attacks. The campaign targets Android users by impersonating a delivery service. Researchers linked the activity to phishing websites hosting malicious QR codes. Therefore, mobile users face a growing risk. The attackers rely on social engineering rather than technical exploits. However, …
Overview of the Kimwolf Botnet Threat Kimwolf botnet has emerged as a massive DDoS threat targeting Android-based devices. Researchers discovered that the botnet controls at least 1.8 million infected systems. These devices include smart TVs, set-top boxes, and tablets. Therefore, the scale of the operation is unusually large. The botnet supports more than basic DDoS …
Copyright © 2026 PT PROTERGO SIBER SEKURITI