Rand-User-Agent’s Hidden Threat Rand-user-agent, a popular npm package, fell victim to a supply chain attack in May 2025. This tool, used for generating random user-agent strings, averages 45,000 weekly downloads. However, attackers exploited its semi-abandoned status to inject malicious code. The code deploys a remote access trojan (RAT) on users’ systems. How the Attack Unfolds …
CoGUI’s Massive Phishing Surge CoGUI, a new phishing kit, unleashed over 580 million fake emails from January to April 2025. These emails trick users into sharing account credentials and payment details. For example, they mimic trusted brands like banks and tax agencies. Most attacks target Japan, but some hit the U.S., Canada, Australia, and New …
CoGUI Phishing Floods Inboxes with 580M Fake Emails Read More »
Luna Moth’s Deceptive Tactics Luna Moth hackers, also known as Silent Ransom Group, target U.S. legal and financial firms with clever scams. These cybercriminals pose as IT helpdesk staff to steal sensitive data. For example, they send fake emails urging victims to call a phony support number. When victims call, attackers trick them into installing …
Luna Moth Hackers Trick Firms as Fake IT Helpdesks Read More »
Dangerous malware hidden in a fake Python package called discordpydebug. This package was uploaded to the PyPI repository in March 2022. Since then, it has been downloaded more than 11,500 times. At first, it appeared to help developers working with Discord bots. However, it actually contained a remote access trojan (RAT). The malware connects to …
Malware in Magento Store Plugins Malware campaign widespread affecting hundreds of Magento-powered online stores. This supply chain attack used compromised third-party plugins to quietly install backdoors. The attack impacted between 500 and 1,000 e-commerce sites. Shockingly, the malicious code had been hidden in popular extensions for years. However, the malware was only activated in April …
Uncover a new version of the StealC malware with advanced stealth features and powerful data theft tools. StealC first appeared on the dark web in early 2023, offered for \$200 per month. Since then, it has evolved rapidly. In 2024, reports showed its use in large malvertising campaigns and attacks using kiosk mode to trap …
Phishers Exploit Google Emails to Steal Logins Phishers are using a new, sophisticated trick to steal user credentials through seemingly authentic Google emails. A recent report revealed attackers are sending fake messages using Google’s infrastructure. These emails pass all authentication checks, including DKIM, SPF, and DMARC. For example, one message pretends to be from Google, …
Golden Chickens Spread Malware to Steal Credentials Golden Chickens, a known cybercrime group, has launched two new malware tools: TerraStealerV2 and TerraLogger. These tools focus on stealing sensitive user data. According to a recent report, TerraStealerV2 targets browser credentials, crypto wallets, and extension data. TerraLogger, however, logs keystrokes using a basic keyboard hook. Both tools …
Golden Chickens Spread Malware to Steal Credentials Read More »
Fake plugin attacks are targeting WordPress sites again. Hackers are disguising malware as a security plugin to hijack admin control and spread threats. Researchers found the plugin named WP-antymalwary-bot.php. It grants attackers full access, hides from the dashboard, and executes remote commands. Therefore, it allows them to control the site without detection. The plugin connects …
Fake Plugin Grants Hackers Admin Access to WordPress Read More »
ToyMaker, a financially driven cybercriminal group, is selling access to corporate networks to ransomware gangs like CACTUS. The group acts as an initial access broker (IAB), targeting vulnerable systems using custom malware called LAGTOY. LAGTOY, also known as HOLERUN, creates reverse shells and executes remote commands on infected computers. Therefore, it gives attackers control without …
ToyMaker Malware Opens Doors to Ransomware Gangs Read More »
Darcula, a phishing-as-a-service (PhaaS) platform, has introduced powerful GenAI features to its toolkit. This major update lowers the barrier for cybercrime. Now, attackers with little or no coding experience can build phishing sites in just minutes. The AI tools help create multi-language pages with custom forms. Therefore, even unskilled actors can launch scams at scale. …
Earth Kurma APT Uses Rootkits to Target Southeast Asia Earth Kurma, a new advanced persistent threat group, has launched cyberattacks across Southeast Asia. Since mid-2024, it has targeted government and telecom sectors. The attackers use powerful rootkits and custom malware to steal sensitive data. They also hide their tracks using trusted platforms like Dropbox and …
Earth Kurma APT Uses Rootkits to Target Southeast Asia Read More »
OttoKit, a WordPress automation plugin, is under active attack after a major security flaw was disclosed. Hackers are exploiting the bug to gain admin access. The vulnerability, tracked as CVE-2025-3102, received a high CVSS score of 8.1. It allows attackers to bypass authentication and create administrator accounts without permission. Therefore, a hacker can take full …
Phishing emails are getting smarter and more dangerous. A new campaign uses Google services to fool users into sharing their credentials. These emails appear real, with valid signatures and no alerts from Gmail. According to a report, attackers sent fake messages from the address no-reply@google.com. These emails passed all security checks, including SPF, DKIM, and …
Phishing Emails Use Google Tricks to Steal Logins Read More »
Spyware campaign operators known as Lotus Panda have launched a wave of cyberattacks across Southeast Asia. Active between August 2024 and February 2025, the group infiltrated government and private organizations. Targets included a ministry, air traffic control, telecoms, and even a construction firm. A separate news agency and air freight company in nearby countries were …
Spyware Campaign Targets Southeast Asia Governments Read More »
Spyware apps have been discovered on budget Android smartphones, preloaded before reaching customers. These apps impersonate popular messengers like WhatsApp and Telegram. Researchers found that these malicious apps specifically target cryptocurrency users. The spyware can swap wallet addresses in messages, rerouting funds to cybercriminals. This campaign, active since June 2024, focuses on low-end Chinese smartphones. …
Spyware Apps Pre-Installed on Budget Android Phones Read More »
Spyware apps are back in the spotlight. A new report reveals that malware like SpyNote, BadBazaar, and MOONSHINE are being spread through fake websites and apps. These apps pretend to be real software like browsers or antivirus tools. However, once installed, they steal data and give hackers remote access to your phone. Researchers found that …
Phishing Trojan Exploits Windows Zero-Day Bug Phishing trojan campaigns are evolving fast. A recent report shows that a new threat called PipeMagic is abusing a Windows zero-day flaw. The exploit targets a vulnerability in the Windows Common Log File System (CLFS). The flaw allows attackers to gain full SYSTEM privileges. Researchers say the attackers used …
Phishing Bot Targets Sites With AI Spam Messages Phishing bot campaigns are now using AI-generated messages to spam websites at scale. These bots exploit contact forms, chats, and comment sections. A recent report reveals a tool called AkiraBot has sent spam to over 420,000 websites. It successfully targeted at least 80,000 sites since late 2024. …
Phishing Bot Targets Sites With AI Spam Messages Read More »
Phishing tactic attackers are using real-time checks to verify victims’ emails before stealing credentials. This method improves success rates while staying hidden. A recent report highlights this new approach, called precision-validating phishing. Unlike bulk email scams, this attack targets only verified, active users. Therefore, only victims on a pre-selected list reach the fake login screen. …
ResolverRAT malware is targeting the healthcare and pharmaceutical sectors in a new, sophisticated cyberattack campaign. The attack uses phishing emails to deliver its payload. These emails create urgency with topics like copyright violations or legal threats. They trick users into clicking a malicious link. Once clicked, the link directs the victim to download a file. …
Job scams are evolving fast, especially for professionals in the crypto world. A new report reveals that fake interviews are being used to spread malware called GolangGhost. These scams target job seekers in centralized finance roles, luring them with fake offers from known crypto companies. Attackers pretend to be recruiters and reach out on platforms …
Job Scams Target Crypto Pros With Malware Tricks Read More »
Malicious packages have been discovered on the Python Package Index (PyPI), putting developers and businesses at serious risk. Researchers revealed that several harmful libraries were uploaded to PyPI to steal sensitive data. They also tested stolen credit cards using e-commerce checkout systems. For example, two packages named bitcoinlibdbfix and bitcoinlib-dev posed as fixes for real …
Tax scams are becoming more dangerous, with new phishing campaigns using PDF attachments and QR codes to infect devices and steal login credentials. According to a report, attackers send fake tax-related emails, often during tax season. These messages contain malicious PDFs that lead to phishing pages or install malware. Some campaigns use a phishing-as-a-service tool …
Tax Scams Spread Malware Through PDFs and QR Codes Read More »
Triada Malware Infects Counterfeit Android Phones Triada malware is making a comeback by infecting counterfeit Android smartphones. These fake devices are often sold at low prices and come with pre-installed malware that users don’t notice. According to a report, more than 2,600 users—mainly in Russia—were affected between March 13 and 27, 2025. The malware is …
Hackers Target WordPress mu-Plugins to Hide Malware Hackers are using WordPress’s mu-plugins to secretly plant malicious scripts on websites. These plugins, short for “must-use” plugins, run automatically without admin activation. Because of this, they don’t appear in the WordPress plugin dashboard, making them harder to spot during routine security checks. According to a report, this …
Hackers Abuse WordPress mu-Plugins for Spam Attacks Read More »
Phishing Attacks Are Evolving Phishing campaigns have become more sophisticated than ever. A new threat platform called Lucid has targeted 169 organizations in 88 countries. It delivers smishing messages using Apple iMessage and Android RCS, avoiding traditional SMS spam filters. Instead of relying on old-school methods, Lucid operates as a phishing-as-a-service (PhaaS) tool. This subscription-based …
Phishing Platform Lucid Targets 169 Victims Globally Read More »
Ransomware Attack Exposes DBS and BOC Customer Data Ransomware attack on a third-party printing vendor has exposed sensitive customer data from DBS and Bank of China (BOC) in Singapore. The vendor, Toppan Next Tech (TNT), reported the breach to authorities on April 6. The Cyber Security Agency (CSA) and the Monetary Authority of Singapore (MAS) …
Ransomware Exposes DBS & Bank of China Customer Data in Vendor Attack Read More »
ClearFake malware is spreading quickly by tricking users with fake security verifications. Over 9,300 websites are now infected. The attackers behind ClearFake use fake reCAPTCHA and Cloudflare Turnstile pop-ups. These appear real but are used to deliver malware like Lumma and Vidar Stealer. ClearFake first surfaced in mid-2023. It started by placing fake browser update …
ClearFake Malware Spreads Fast Through Fake Checks Read More »
GitHub vulnerability CVE-2025-30066 is now actively exploited, posing a major threat to developers and organizations using GitHub Actions. According to a recent report, attackers targeted a GitHub Action called tj-actions/changed-files to access sensitive data. They injected malicious code into workflows by exploiting a supply chain weakness. The attack allows hackers to steal secrets from action …
GitHub Vulnerability Exposes Secrets in Workflows Read More »
Rules File Backdoor is a new attack targeting AI-powered code editors. It silently injects malicious code into projects by corrupting the tools developers rely on. This threat affects popular AI tools such as Copilot and Cursor. These editors use configuration or “rules” files to guide their code suggestions. However, attackers can secretly poison these files …
Chinese Hackers Exploit Juniper Routers with Custom Malware Chinese hackers have been caught installing backdoors and rootkits on outdated Juniper Networks MX Series routers. A recent report revealed that cyber espionage group UNC3886 is behind the attack. Their goal is to establish long-term access and steal sensitive data from targeted networks. How Hackers Compromise Juniper …
Chinese Hackers Use Backdoors to Hijack Juniper Routers Read More »
Piracy Users Targeted by New Crypto-Stealing Malware MassJacker, a newly discovered malware, is stealing cryptocurrency from users searching for pirated software. A recent report found that cybercriminals use this malware to hijack copied wallet addresses and reroute funds. This attack method poses a serious threat to cryptocurrency holders. How MassJacker Infects Devices The infection starts …
MassJacker Malware Hijacks Crypto from Piracy Users Read More »
Malicious PyPI packages have been discovered stealing cloud tokens, compromising thousands of users. Researchers found 20 harmful packages disguised as useful tools, tricking developers into installing them. These packages, downloaded over 14,100 times, targeted cloud service credentials from major platforms A recent report identified two clusters of malicious PyPI packages. The first set included tools …
Malicious PyPI Packages Stole Cloud Tokens in 14,000+ Downloads Read More »
Hackers Exploit CSS to Evade Spam Filters Cybercriminals are using Cascading Style Sheets (CSS) to evade spam filters and track email users. A recent report revealed that attackers exploit CSS features to bypass security measures. They can even monitor user actions without requiring JavaScript. This method threatens both privacy and security. How Attackers Use CSS …
Cybercriminals Use CSS Tricks to Bypass Filters and Spy Read More »
Hackers Exploit CAPTCHA Scams to Evade Detection Malware campaigns are becoming more deceptive. Hackers now use fake CAPTCHA pages to trick users into downloading malicious files. A recent report uncovered OBSCURE#BAT, a malware that delivers the r77 rootkit. This rootkit allows attackers to remain undetected while controlling infected systems. How the Attack Works The attack …
Malware Uses Fake CAPTCHA to Deploy Rootkit and Hide Read More »
Medusa ransomware is rapidly expanding its attacks in 2025, demanding ransoms as high as $15 million. A recent report highlights over 40 new victims this year. The ransomware group has targeted healthcare, financial, and government organizations. Researchers note a 42% rise in Medusa-related incidents between 2023 and 2024. This increase suggests the group is filling …
Medusa Ransomware Attacks Surge, Demanding Millions Read More »
EncryptHub is actively spreading ransomware and information stealers through phishing and fake apps. A recent report highlights how this threat actor deceives users. The campaign began in mid-2024 and has compromised over 600 high-value targets. Attackers use phishing, trojanized applications, and Pay-Per-Install (PPI) services to distribute malware. Their goal is to steal credentials and deploy …
EncryptHub Spreads Ransomware via Phishing and Fake Apps Read More »
SideWinder APT is actively targeting industries across Asia, the Middle East, and Africa. Maritime, nuclear, and IT sectors are among the main victims of this cyber threat. A recent report found attacks in Bangladesh, Cambodia, Djibouti, Egypt, the UAE, and Vietnam. The group also focuses on nuclear power plants and energy infrastructure in South Asia …
SideWinder APT Targets Key Industries in Asia and Beyond Read More »
Malvertising is spreading rapidly, infecting over 1 million devices worldwide. A recent report reveals that attackers use illegal streaming sites to deliver malware. The campaign began in December 2024 and affects both individuals and businesses. Attackers use phishing, SEO poisoning, and fake ads to trick users into downloading harmful software. The malware steals sensitive data, …
Malvertising Campaign Infects 1 Million Devices Globally Read More »
Hackers are targeting WordPress sites by injecting JavaScript backdoors to maintain persistent access. A recent report found over 1,000 infected websites, where malicious code delivers four different backdoors. These backdoors give attackers multiple ways to regain control, even if website owners remove one method. The compromised sites load harmful scripts from an external domain, affecting …
WordPress Sites Hacked with JavaScript Backdoors Read More »
Desert Dexter is targeting users in the Middle East and North Africa with a new malware campaign. The attackers use Facebook ads and Telegram links to spread a modified version of AsyncRAT. A recent report found nearly 900 victims since September 2024. Most cases have been identified in Libya, Saudi Arabia, Egypt, Turkey, the UAE, …
Desert Dexter Spreads Malware Through Facebook Ads Read More »
Poco RAT malware is being used to target Spanish-speaking businesses in Latin America. A hacker group, identified as Dark Caracal, has launched phishing attacks to infect organizations in Venezuela, Chile, Colombia, Ecuador, and the Dominican Republic. A recent report highlights how the malware operates. Poco RAT can upload files, capture screenshots, execute commands, and manipulate …
Lumma Stealer malware has been linked to cyberattacks in Russia and Belarus. A hacker group, tracked as Sticky Werewolf, is using an undocumented implant to infect victims. Researchers found that the attackers focus on employees of large organizations, including government agencies and contractors. Reports suggest that the group communicates in fluent Russian, indicating that they …
Lumma Stealer Malware Spreading through Phishing Attack Read More »
API keys and passwords have been discovered in public datasets used to train AI models. Researchers found nearly 12,000 live secrets, exposing users and organizations to security risks. These credentials allow unauthorized access to various services, leading to potential data breaches. A recent report analyzed an archive from a large web dataset, revealing 400TB of …
API Keys and Passwords Leaked in AI Training Data Read More »
AWS misconfigurations are allowing hackers to exploit Amazon Simple Email Service (SES) and WorkMail for phishing attacks. Researchers have linked this activity to a group known as TGR-UNK-0011, which has been active since 2019. Initially, the group focused on defacing websites. However, in 2022, they shifted to phishing campaigns for financial gain. These attacks do …
AWS Misconfigurations Let Hackers Launch Phishing Attacks Read More »
Fake CAPTCHA PDFs are being used to spread Lumma Stealer malware through phishing campaigns. Researchers have found 260 domains hosting 5,000 malicious PDFs. These files redirect victims to dangerous websites, where attackers steal data or install malware. Cybercriminals use SEO techniques to make their malicious pages appear in search engine results. Many victims unknowingly click …
Vo1d botnet has infected over 1.59 million Android TVs across 226 countries. Reports show a surge in infections, especially in India, where cases jumped from 3,901 to 217,771 within weeks. This malware evolves rapidly, improving its stealth and resilience while making detection difficult. Researchers found that Vo1d uses RSA encryption to secure communication. This prevents …
Black Basta Leak Exposes Ransomware Group’s Secrets Black Basta ransomware has been exposed in a major data leak, revealing internal conflicts and attack strategies. A recent report published chat logs from the cybercriminal group, offering an inside look at their operations. The leak, which includes over 200,000 messages, details tactics, leadership disputes, and security flaws …
Black Basta Leak Exposes Ransomware Group’s Secrets Read More »
Cybercriminals Use Darcula PhaaS to Clone Sites in Minutes Cybercriminals now have an even easier way to create phishing websites using Darcula PhaaS v3. Researchers report that this latest version lets hackers clone any brand’s website and launch phishing attacks with minimal effort. The tool lowers the skill needed to create realistic fake sites, making …
Cybercriminals Use Darcula PhaaS to Clone Sites in Minutes Read More »
FatalRAT Malware Targets APAC Industries in Phishing Attacks FatalRAT malware is being used in phishing attacks across APAC industries. Researchers have identified a campaign that delivers this malware through Chinese cloud services to infect organizations in manufacturing, IT, healthcare, and logistics. These attacks pose a serious risk, allowing hackers to steal data, manipulate systems, and …
FatalRAT Malware Targets APAC Industries in Phishing Attacks Read More »
Linux malware called Auto-Color is targeting universities and government organizations across North America and Asia. A recent report revealed that this stealthy threat grants hackers full remote access to compromised systems. Once installed, it is difficult to remove without specialized tools. How Auto-Color Works The malware gets its name from the file name it renames …
Linux Malware Auto-Color Gives Hackers Full Access Read More »
LightSpy Malware Gains Control Over Multiple Platforms LightSpy malware has expanded its capabilities, now supporting over 100 commands across Windows, macOS, Linux, and mobile devices. According to a recent report, this advanced spyware can now extract data from Facebook and Instagram, increasing its surveillance potential. As a result, cybercriminals can access sensitive user information more …
LightSpy Malware Gains Control Over Multiple Platforms Read More »
OpenSSH vulnerabilities could expose users to cyber threats. Researchers have identified two flaws that could allow man-in-the-middle (MitM) attacks or denial of service (DoS). These security risks could enable attackers to steal credentials or crash systems, making it crucial for users to update their software immediately. Security experts have identified two key flaws: CVE-2025-26465 and …
OpenSSH Vulnerabilities May Lead to Cybersecurity Threats Read More »
Chinese Hackers Exploit MAVInject.exe to Evade Detection Chinese state-sponsored hackers, identified as Mustang Panda, have been caught using a stealthy technique to evade cybersecurity measures and maintain persistent access to infected systems. They leverage a legitimate Windows utility, Microsoft Application Virtualization Injector (MAVInject.exe), to inject malicious payloads into external processes. This tactic helps them bypass …
Chinese Hackers Use MAVInject.exe to Bypass Security Read More »
FrigidStealer malware is a new cybersecurity threat targeting macOS users through fake browser updates, a recent report warns. Attackers inject malicious scripts into compromised websites, tricking users into downloading malware. How the Attack Works The attack originates from TA2727, a cybercriminal group that uses fake update lures to spread malware. These attackers distribute multiple info-stealers, …
FrigidStealer Malware Targets macOS via Fake Updates Read More »
Xerox printer vulnerabilities could let attackers steal Windows Active Directory credentials, a recent report warns. Hackers can exploit security flaws to capture authentication data using LDAP and SMB/FTP services. How the Attack Works Researchers discovered two major vulnerabilities in Xerox VersaLink C7025 printers. These flaws allow attackers to manipulate printer settings and redirect authentication credentials …
Xerox Printer Flaws Could Expose Windows Credentials Read More »
whoAMI attack is a new name confusion exploit that allows the hackers to gain remote code execution (RCE) within AWS accounts based on a warns from recent report. This attack relies on Amazon Machine Image (AMI) misuse. Hackers upload malicious AMIs with deceptive names, tricking misconfigured software into using them. If successful, the attacker can …
whoAMI Attack Exploits AWS AMI Flaws for Code Execution Read More »
Lazarus Group has launched a new JavaScript malware called Marstech1, targeting developers in a series of highly focused attacks based on a recent report reveals. The operation called Marstech Mayhem, began the attack in late 2024. The malware was delivered through an open-source GitHub repository under a profile with name “SuccessFriend.” This profile, active since …
Lazarus Group Targets Developers with New JavaScript Malware Read More »
Ransomware linked to Chinese cyberespionage tools has surfaced in a recent attack, suggesting that an individual hacker may be using these resources for personal financial gain, a recent report reveals. The hacker used a legitimate executable to sideload a malicious DLL, which then deployed a heavily disguised PlugX backdoor. This backdoor, previously tied to a …
Ransomware Attack Linked to Chinese Hacker’s Side Job Read More »
Hackers are using fake CAPTCHA challenges in a new phishing scam to steal credit card details and other sensitive information, according to a recent report. The campaign, active since mid-2024, involves malicious PDF files hosted on a content delivery network (CDN). Attackers target users searching for documents on search engines like Google. Clicking on infected …
Hackers Use CAPTCHA Tricks in Phishing Scam to Steal Data Read More »
Aquabot botnet has started exploiting vulnerable in Mitel SIP phones to launch the DDoS attacks, according to a recent report. This Mirai-based malware targets CVE-2024-41710, a high-severity command injection flaw found in multiple Mitel phone series. In July 2024, Mitel released firmware updates to patch the flaw. The vulnerability allows an authenticated attacker with admin …
Aquabot Botnet Exploits Mitel Phone Flaws for DDoS Attacks Read More »
BadPilot cyberattacks have been fueling Russian hacker operations for years. A subgroup of the state-sponsored hacking group APT44, also called Sandworm, has been launching widespread network intrusions. According to a recent report, this group focuses on breaching critical infrastructure, including energy, telecommunications, and defense sectors. The hacking campaign has been active since at least 2021. …
BadPilot Cyberattacks Help Hackers Target Networks Read More »
North Korean hackers are using forceCopy malware to steal browser-stored credentials, according to a recent report. The hacking group Kimsuky is behind a new wave of spear-phishing attacks targeting victims through malicious email attachments. The attack begins with a phishing email containing a Windows shortcut (LNK) file. This file is disguised as a Microsoft Office …
North Korean Hackers Use forceCopy Malware to Steal Data Read More »
Fake Chrome sites are being used to distribute ValleyRAT malware through DLL hijacking. A recent report reveals that attackers trick users into downloading malicious installers disguised as legitimate Chrome downloads. The ValleyRAT malware was first discovered in 2023 and is linked to a hacking group known as Silver Fox. Their attacks mainly target Chinese-speaking users …
Fake Chrome Sites Spread ValleyRAT Malware via DLL Hijacking Read More »
Password spraying is a growing threat using HTTP client tools to attack cloud accounts. Cybercriminals frequently turn to HTTP client tools for launching account takeover (ATO) attacks. A report has documented how these tools manage to send and receive HTTP requests, aiming to compromise Microsoft 365 systems. Originally, tools like Axios and Node Fetch were …
FERRET malware is being used in a deceptive cyberattack targeting macOS users through fake job interviews. A recent report revealed that North Korean hackers are behind this new campaign, tricking job seekers into installing malicious software. The attackers pose as recruiters on LinkedIn and invite victims to virtual interviews. They send a fake videoconferencing link …
FERRET Malware Targets macOS Users via Fake Job Offers Read More »
Coyote malware is spreading rapidly, now attacking over 1,000 websites and 73 financial institutions. A recent report revealed that Brazilian Windows users are its primary target. This dangerous banking Trojan is designed to steal sensitive information, including login credentials and financial data. Once installed, Coyote can record keystrokes, take screenshots, and display phishing overlays. These …
Coyote Malware Expands, Targeting More Banks and Websites Read More »
Google has taken strong action against harmful Android apps in 2024. The company blocked over 2.36 million policy-violating apps from entering the Google Play Store. Additionally, it banned 158,000 developer accounts that attempted to upload malicious apps. By collaborating with third-party developers, Google also prevented 1.3 million apps from gaining unnecessary access to user data. …
Google Blocks 158,000 Malicious App Developers in 2024 Read More »
CISA and the FDA have issued urgent warnings about security flaws in certain patient monitors. These vulnerabilities could let hackers access and manipulate device data remotely. A report identified CVE-2025-0626, a critical flaw with a CVSS v4 score of 7.7. The affected monitors send remote access requests to a hard-coded IP address, bypassing network settings. …
Malvertising scams are on the rise, with cybercriminals using fake ads to steal login credentials. A recent report uncovered a campaign targeting Microsoft advertisers through fraudulent Google ads. These deceptive ads lead users to phishing sites designed to harvest sensitive information. According to the report, attackers aim to trick users searching for “Microsoft Ads” on …
Malvertising Scam Uses Fake Ads to Steal Microsoft Logins Read More »
Lazarus Group is using a hidden web-based admin panel to control its global cyber attacks. A recent report reveals that this platform helps manage stolen data and oversee operations. The group built its system using a React-based application with a Node.js API. Researchers found that each command-and-control (C2) server hosted the same admin interface, despite …
Lazarus Group Uses Hidden Admin Panel for Cyber Attacks Read More »
Tanzeem malware is being used in targeted cyber attacks to collect intelligence. A recent report links this Android malware to DoNot Team, a known hacking group. The malware, named Tanzeem and Tanzeem Update, was discovered in October and December 2024. It appears as a chat app but does not function after installation. Instead, it shuts …
Tanzeem Malware Used for Spying in Targeted Attacks Read More »
DeepSeek AI suffered a major security breach, exposing over a million log entries, secret keys, and sensitive database details. The leaked information could have allowed unauthorized access to its internal systems. A security report revealed that DeepSeek left its ClickHouse database open online. This database permitted full control over its operations, allowing attackers to access …
DeepSeek AI Data Leak Exposes Secret Keys and Logs Read More »
MintsLoader malware is being used in cyberattacks targeting businesses in the U.S. and Europe. A recent report reveals that hackers distribute MintsLoader through fake CAPTCHA pages and spam emails. The malware acts as a loader, delivering harmful payloads like StealC, an information stealer, and BOINC, an open-source computing tool. Attackers trick victims into downloading MintsLoader …
MintsLoader Malware Spreads via Fake CAPTCHA Pages Read More »
PNGPlug malware is spreading through fake software installers, targeting Chinese-speaking users in Hong Kong, Taiwan, and Mainland China. A recent report highlights how cybercriminals use a phishing campaign to trick victims into downloading a malicious Microsoft Installer (MSI) package. Once executed, the installer deploys a legitimate application to avoid suspicion. However, in the background, it …
PNGPlug Malware Targets Users with Fake Installers Read More »
MikroTik routers are at the center of a new cyber threat, with 13,000 devices hijacked and turned into a botnet. This botnet spreads malware through email spam, bypassing security measures by exploiting misconfigured DNS records. According to a recent report, attackers use these compromised routers to send malicious emails disguised as legitimate messages. The campaign, …
13,000 MikroTik Routers Hijacked for Cyberattacks Read More »
Morpheus and HellCat, two new ransomware groups, have been discovered sharing identical code in their payloads. This revelation highlights the interconnected nature of emerging ransomware operations. A detailed analysis by researchers found that both ransomware types use the same codebase, differing only in victim-specific data and attacker contact details. These ransomware families first appeared in …
Morpheus and HellCat Ransomware Found Sharing Code Read More »
QakBot, a notorious malware originally designed as a banking trojan, has evolved into a sophisticated threat. Researchers have revealed a new BackConnect (BC) malware linked to QakBot, equipped with enhanced capabilities for remote access and data gathering. This development highlights the persistence of QakBot-associated threat actors, despite previous law enforcement takedowns. The BC malware, which …
QakBot-Linked Malware Gains Enhanced Remote Access Tools Read More »
The Mirai botnet has launched a record-breaking distributed denial-of-service (DDoS) attack, reaching a staggering 5.6 terabits per second (Tbps). This massive assault, detected on October 29, 2024, targeted an internet service provider (ISP) in Eastern Asia. The attack was facilitated by over 13,000 compromised Internet of Things (IoT) devices, including some linked to Indonesia. Reports …
Mirai Botnet Hits Record DDoS Attack Linked to Indonesia Read More »
PlushDaemon, a China-linked advanced persistent threat (APT) group, has launched a supply chain attack against a South Korean VPN provider. Reports reveal that this attack involved replacing the legitimate VPN installer with a compromised version. This altered installer deployed SlowStepper, a backdoor featuring over 30 components designed for data collection and espionage. PlushDaemon, active since …
PlushDaemon APT Targets VPN Provider in Cyber Attack Read More »
Fake CAPTCHA campaigns are being used to spread the Lumma information stealer globally, targeting industries such as healthcare, banking, and telecommunications. The campaign affects countries including Argentina, Colombia, the U.S., and the Philippines, according to a recent report. The attack begins when users visit compromised websites. These sites redirect visitors to a fake CAPTCHA page …
Fake CAPTCHA Malware Targets Multiple Industries Read More »
Hackers are increasingly using images to conceal malware, including VIP Keylogger and 0bj3ctivity Stealer, in separate but similar campaigns. According to a report, these attackers hide malicious code in images uploaded to file-hosting platforms and employ a .NET loader to install the malware. The attack begins with phishing emails disguised as invoices or purchase orders. …
Hackers Use Images to Deploy Keyloggers and Stealers Read More »
Google Ads users are the target of a sophisticated malvertising scam designed to steal credentials and bypass two-factor authentication (2FA). Cybersecurity researchers report that attackers are using fraudulent ads to redirect victims to phishing sites. These fake ads impersonate legitimate Google Ads, tricking users into sharing sensitive account details. The goal of the campaign is …
Google Ads Users Hit by Malvertising Phishing Scam Read More »
Python-based malware is powering a new wave of ransomware attacks, researchers report. The malware facilitates persistent access to networks, enabling the deployment of RansomHub ransomware across compromised systems. The attack begins with SocGholish, a JavaScript-based malware, delivered through drive-by campaigns. Victims unknowingly download it via fake web browser update alerts on compromised websites. SocGholish communicates …
Python Malware Fuels RansomHub Ransomware Attacks Read More »
Banshee Stealer, a macOS-focused malware, has re-emerged with a stealthier version, according to researchers. This updated malware uses advanced encryption techniques inspired by Apple’s XProtect to bypass antivirus systems, putting millions of macOS users at risk. Initially uncovered in 2024, Banshee Stealer was thought to be inactive after its source code was leaked. However, a …
Banshee Malware Threatens macOS Users with New Tactics Read More »
WordPress e-commerce websites are the latest target of a stealthy credit card skimmer campaign, according to researchers. The malware uses malicious JavaScript code injected into WordPress database tables to steal sensitive payment information. This skimmer specifically attacks checkout pages by hijacking payment fields or generating fake credit card forms. The malicious code, hidden within the …
WordPress Skimmer Targets E-commerce Checkout Pages Read More »
Phishing scams are increasingly targeting Apple iMessage users, exploiting a trick that disables the app’s built-in phishing protection. This manipulation aims to re-enable disabled links, putting users at risk. Mobile devices have become central to daily activities such as paying bills, shopping, and staying connected. As a result, cybercriminals are escalating SMS phishing (smishing) attacks …
Malware creators have discovered a way to exploit Windows UI Automation (UIA), a framework initially designed to help users with accessibility needs. This new technique enables attackers to perform malicious activities while avoiding detection by endpoint detection and response (EDR) tools. To execute this attack, users must run a program that uses UI Automation. Once …
Malware Exploits Windows UI Tools to Bypass Security Read More »
Mask APT, also known as Careto, has resurfaced with a new wave of sophisticated attacks targeting an organization in Latin America. This notorious cyber espionage group has a long history of infiltrating high-profile entities, including governments, research institutions, and diplomatic bodies, since at least 2007. First documented in 2014, the group’s origins remain a mystery. …
Mask APT Strikes Again with Advanced Multi-Platform Malware Read More »
Over three million mail servers lack TLS encryption, leaving them vulnerable to network sniffing attacks. These servers, which run IMAP or POP3 protocols, expose users’ sensitive data such as usernames and passwords when accessed over unsecured networks. IMAP and POP3 are protocols used to access emails from servers. IMAP is popular for synchronizing messages across …
3 Million Mail Servers at Risk Due to Missing Encryption Read More »
EAGERBEE, an advanced malware variant, is targeting ISPs and government systems across the Middle East and East Asia. Researchers have identified its enhanced capabilities, which include deploying payloads, exploring processes, and manipulating files. This malware also uses sophisticated backdoor functions to maintain persistent access. The EAGERBEE framework includes plugins for managing files, network connections, and …
A new exploit named DoubleClickjacking exposes vulnerabilities in major websites, allowing attackers to bypass existing clickjacking protections. This attack uses a double-click sequence to perform malicious actions, including account takeovers, with minimal user interaction. Unlike traditional clickjacking, which tricks users into clicking deceptive elements, DoubleClickjacking exploits the gap between the first and second clicks. This …
DoubleClickjacking Exploit Threatens Major Websites’ Security Read More »
FireScam, a new Android malware, disguises itself as a Telegram Premium app to steal sensitive data and control infected devices. Distributed through phishing websites, it poses as a legitimate application from RuStore, a trusted app store in Russia. The malware uses a sophisticated infection process starting with a dropper APK. Once installed, it exfiltrates data …
FireScam Malware Masquerades as Telegram to Steal Data Read More »
Malicious software targeting developers has surfaced in the form of an npm package named ethereumvulncontracthandler. Disguised as a tool for detecting Ethereum vulnerabilities, it secretly delivers a powerful remote access trojan (RAT) called Quasar RAT. This threat, first released publicly in 2014, is notorious for enabling cybercrime and espionage campaigns. The package, uploaded on December …
Malicious NPM Package Deploys Quasar RAT on Developer Systems Read More »
A new AI jailbreak method, called Bad Likert Judge, poses significant challenges to large language models (LLMs). Researchers revealed that this technique bypasses safety measures, enabling harmful or malicious outputs. By exploiting LLMs’ advanced capabilities, the approach raises concerns about AI security and responsible use. The method uses a psychological tool called the Likert scale, …
AI Jailbreak ‘Bad Likert Judge’ Raises Security Risks Read More »
Researchers have identified a new threat called PLAYFULGHOST. This malware has numerous spying capabilities, such as logging keystrokes, capturing screens and audio, running remote shells, and managing file operations. Moreover, PLAYFULGHOST shares similarities with an old tool known as Gh0st RAT, which became public in 2008. The malware enters systems through phishing emails or SEO …
PLAYFULGHOST Malware Targets Users via Phishing and SEO Read More »
Iran’s hacking group Charming Kitten is deploying a new malware variant called BellaCPP. This variant is a C++ adaptation of the previously documented BellaCiao malware. A recent investigation uncovered BellaCPP on a compromised machine in Asia. Researchers noted that BellaCiao, first identified in April 2023, is a custom dropper used to deliver malicious payloads. This …
Iran’s Charming Kitten Adopts New BellaCPP Malware Variant Read More »
North Korean hackers are using new OtterCookie malware to target job seekers. The malware is part of the ongoing Contagious Interview campaign, which relies on social engineering tricks. Hackers pose as recruiters and trick individuals into downloading malicious software disguised as job-related tools. The attackers use malware-laden videoconferencing apps or npm packages. These are often …
North Korean Hackers Unleash OtterCookie Malware in New Attack Read More »
Chrome extensions hacked, putting over 600,000 users at risk. A targeted attack has compromised 16 extensions, allowing hackers to steal sensitive data like cookies and access tokens. This attack started with phishing emails sent to developers. These emails, pretending to be from Chrome Web Store Developer Support, falsely warned of policy violations. They urged recipients …
Chrome Extensions Hacked: Data of 600K Users Exposed Read More »
Copyright © 2025 PT PROTERGO SIBER SEKURITI