News

Cybersecurity researchers uncovered North Korea-linked Lazarus Group using Medusa ransomware. They attacked an entity in the Middle East and tried a U.S. healthcare organization. This shows a shift to off-the-shelf ransomware for financial gain. Ransomware Deployment Details Lazarus deployed Medusa in a Middle East attack successfully. They also launched an unsuccessful attempt against a U.S. …

Lazarus Group Uses Medusa Ransomware Targets Healthcare Sector Read More »

Cybersecurity researchers uncovered a new espionage campaign. UnsolicitedBooker attacked telecom companies in Kyrgyzstan and Tajikistan. They deployed two distinct backdoors called LuciDoor and MarsSnake. Shift in Targeting Focus The group changed its focus recently. Earlier attacks hit Saudi Arabian organizations. Now they target telecoms in Central Asia. This marks a clear shift in victim selection. …

UnsolicitedBooker Targets Central Asian Telecoms Read More »

Cybersecurity researchers uncovered a new espionage campaign by a Russia-linked group. APT28 attacked specific organizations in Western and Central Europe. They used simple yet effective macro malware in targeted phishing emails. Campaign Timeline and Name The operation lasted from September 2025 to January 2026. Researchers named it Operation MacroMaze. Attackers focused on basic tools and …

Webhook Macros Deliver Stealthy Malware Read More »

Microsoft researchers discovered companies gaming AI chatbots. They abuse “Summarize with AI” buttons to bias recommendations. This new technique poisons AI memory for unfair advantage. How AI Recommendation Poisoning Works Companies embed hidden instructions in clickable buttons. These buttons appear on websites as “Summarize with AI.” When users click them, the link sends special prompts …

AI Recommendation Poisoning Manipulates Chatbots Read More »

Cybersecurity researchers uncovered a clever new ClickFix attack. Attackers hijack legitimate websites to deliver MIMICRAT malware. This previously unknown RAT gives full remote control to criminals. How the Campaign Starts The attack begins on compromised legitimate sites. One example is a BIN validation service that attackers breached. They inject malicious JavaScript code. This code loads …

ClickFix Campaign Abuses Compromised Sites Read More »

The FBI warns of a sharp rise in ATM jackpotting attacks. Criminals use malware to force machines to spit out cash. Since 2020, they recorded 1,900 incidents. In 2025 alone, losses topped $20 million. How Criminals Gain Access Attackers target ATMs with weak physical security. They use generic keys to open the front panel. These …

ATM Jackpotting Surges with $20M Lost in 2025 Read More »

Cybersecurity researchers uncovered a powerful new spyware platform. They call it ZeroDayRAT. Sellers advertise it on Telegram to steal data and watch victims live on Android and iOS. How ZeroDayRAT Works Buyers get a builder tool. They create custom malicious apps. The spyware runs on Android 5 to 16 and iOS up to 26. Operators …

ZeroDayRAT Mobile Spyware Enables Real-Time Surveillance Read More »

Cybersecurity researchers uncovered a dangerous new Android trojan. They call it Massiv. Fake IPTV apps deliver this malware to steal banking credentials and take over devices. How the Malware Spreads Attackers send SMS phishing messages. These messages push fake IPTV apps. Victims download and install the dropper. It looks like a normal TV streaming tool. …

Fake IPTV Apps Spread Massiv Android Malware Read More »

Cybersecurity researchers uncovered a clever supply-chain attack. North Korea-linked Lazarus Group plants malicious packages in npm and PyPI. They trick developers with fake blockchain job offers. Fake Recruitment Tactics Attackers create a phony company called Veltrix Capital. They focus on blockchain and cryptocurrency trading. Recruiters contact people on LinkedIn, Facebook, and Reddit. They offer coding …

Lazarus Campaign Plants Malicious Packages Read More »

Cybersecurity researchers discovered a dangerous backdoor hidden in Android tablet firmware. They named it Keenadu. This malware sneaks in during the build process and survives OTA updates. Deep Firmware Infection Keenadu embeds inside libandroid_runtime.so. This critical library loads at boot. It injects into the Zygote process. Therefore, every app runs with the backdoor active. The …

Keenadu Firmware Backdoor Infects Android Tablets Read More »

Cybersecurity researchers uncovered a previously unknown threat actor. They track it as UAT-9921. This group deploys a new modular malware framework called VoidLink against tech and finance sectors. Threat Actor Background UAT-9921 has operated since 2019. They recently added VoidLink to their toolkit. The actor shows knowledge of Chinese language in code comments. Researchers believe …

UAT-9921 Deploys VoidLink Malware Stealthily Read More »

Cybersecurity researchers discovered a clever Android malware. It abuses Google’s Gemini AI for persistence. PromptSpy keeps itself pinned in recent apps automatically. How PromptSpy Uses Gemini The malware sends the current screen XML dump to Gemini. It includes every UI element with text and position. Gemini acts as an “Android automation assistant.” It returns JSON …

PromptSpy Android Malware Abuses Gemini AI Read More »

Cybersecurity researchers uncovered ongoing espionage campaigns. APT36 and SideCopy target Indian defense and government entities. They use cross-platform remote access trojans to steal data and maintain access. Targeted Sectors and Goals Attackers focus on defense, government, and strategic organizations. They also hit policy, research, and critical infrastructure groups. For example, they use defense-themed lures to …

APT36 and SideCopy Launch Cross-Platform RATs Read More »

Cybersecurity researchers uncovered a sophisticated operation by North Korea-linked hackers. Lazarus Group plants malicious packages in npm and PyPI. They use fake job offers to infect developers. Fake Company Setup Attackers create a fake blockchain firm called Veltrix Capital. They register domains and build GitHub organizations. For example, they host Python and JavaScript projects. These …

Lazarus Campaign Plants Malicious Packages Read More »

Google reports state-backed hackers using its Gemini AI. North Korea-linked UNC2970 employs the tool for target profiling. Other groups also misuse it to speed up attacks. North Korean Group Targets Defense UNC2970 overlaps with Lazarus Group activities. They run long campaigns called Operation Dream Job. For example, they pose as recruiters in aerospace and defense. …

Google Reports State Hackers Using Gemini AI Read More »

Cybersecurity researchers uncovered a new malware-as-a-service tool. It promises malicious Chrome extensions that pass Google’s review. The tool helps attackers push phishing pages easily. How the Malware Service Works The service lets buyers create harmful browser add-ons. These extensions overlay full-screen iframes on real websites. For example, they show fake login pages while the address …

Malware Service Guarantees Chrome Phishing Extensions Read More »

Cybersecurity researchers uncovered a new Chinese-linked espionage group. Amaranth Dragon exploits a WinRAR vulnerability. They target government and law enforcement in Southeast Asia. The New Threat Actor Amaranth Dragon connects to the known APT41 operations. They show strong technical skill and careful planning. For example, they limit attacks to specific countries. Therefore, they avoid unnecessary …

Amaranth Dragon Exploits WinRAR Flaw Read More »

Cybersecurity researchers uncovered a clever malware campaign. They call it DEAD#VAX. Attackers use IPFS-hosted VHD files to sneak AsyncRAT onto systems. How the Phishing Starts Attackers send phishing emails with fake purchase orders. They disguise the attachment as a PDF file. However, the link points to a VHD hosted on IPFS. This decentralized network helps …

DEAD#VAX Malware Delivers AsyncRAT Stealthily Read More »

Cybersecurity researchers uncovered attacks by a Russian-linked group. APT28 uses a new Microsoft Office vulnerability. They target users in Ukraine, Slovakia, and Romania for espionage. The Vulnerability Details The flaw is CVE-2026-21509 with a 7.8 severity score. It allows attackers to bypass security features. For example, a crafted Office file triggers unauthorized actions. Microsoft and …

APT28 Exploits Office Flaw for Spying Read More »

Security experts uncovered a large wave of harmful add-ons. More than 230 malicious skills appeared for an open-source AI assistant. These fake tools deliver password-stealing malware to users. The Viral AI Assistant Malware The project started as ClawdBot. It quickly changed to Moltbot and now OpenClaw. This local AI helper remembers chats and connects to …

Malicious Skills Push Stealer Malware Read More »

Cybersecurity experts reported a massive DDoS attack. The Aisuru botnet hit a new peak of 31.4 Tbps. It also reached 200 million requests per second. The Record-Breaking Attack Attackers launched the assault on December 19 last year. They targeted telecom companies and IT providers. For example, the campaign flooded Cloudflare customers and infrastructure. Therefore, it …

Aisuru Botnet Unleashes Record DDoS Surge Read More »

Cybersecurity experts found a sneaky Android malware campaign. Attackers use a trusted AI platform to hide thousands of harmful app versions. These steal login details from banking and payment apps. Scare Tactics Lure Victims Attackers push fake security warnings. They show ads claiming devices face scams or viruses. For example, users see urgent alerts about …

Hugging Face Abused to Spread Android Malware Read More »

Cybersecurity experts spotted Chinese-linked hackers using an improved backdoor. They call it COOLCLIENT. Mustang Panda targets government systems in several countries for deep spying. Targets and Campaign Scope The group hits government entities hard. They focus on Myanmar, Mongolia, Malaysia, and Russia. For example, attacks ran strong in 2025. Therefore, officials face ongoing risks. Mustang …

Mustang Panda Deploys Updated COOLCLIENT Backdoor Read More »

Cybersecurity researchers uncovered harmful Chrome extensions. These add-ons hijack affiliate links and steal ChatGPT access. They also grab user data from popular shopping sites. How Affiliate Hijacking Works One extension claims to block Amazon ads. It installs easily from the Chrome store. However, it secretly replaces affiliate tags in product links. The attacker’s tag earns …

Malicious Chrome Extensions Steal Affiliate Revenue Read More »

Cybersecurity experts uncovered an active phishing campaign. It targets users in India with fake tax notices. Attackers aim to install a powerful backdoor for spying and data theft. Fake Tax Emails Start the Attack Attackers send emails pretending to come from India’s tax department. They claim victims owe penalties. For example, the subject lines look …

Tax Phishing Delivers Blackmoon Malware Read More »

Cybersecurity experts revealed a clever new campaign. Fake CAPTCHAs trick users into running malicious commands. These attacks deliver an information stealer called Amatera using trusted Microsoft tools. The Fake CAPTCHA Trick Begins Attackers show fake verification prompts on websites. They urge users to copy a command and paste it into the Windows Run box. For …

Fake CAPTCHAs Spread Amatera Stealer Read More »

Researchers uncovered a major cyber attack on Poland’s energy system. Russian-linked hackers used new wiper malware called DynoWiper. The attempt happened in late December 2025 but failed to disrupt power. The Attack Hits Critical Targets Hackers struck on December 29 and 30, 2025. They aimed at two combined heat and power plants. Additionally, they targeted …

DynoWiper Malware Targets Polish Power Read More »

Cybersecurity experts uncovered a clever multi-stage phishing campaign. It targets people in Russia. Attackers deliver ransomware and a dangerous remote access tool called Amnesia RAT. How the Attack Begins Attackers send phishing emails with business documents. These look like normal routine files. For example, they pretend to be work tasks or reports. Therefore, victims open …

Multi-Stage Phishing Hits Email Users Read More »

Cybersecurity experts warn about a clever phishing campaign. Attackers use stolen credentials to install trusted remote tools. These tools give them lasting access to computers. The Sneaky Phishing Start Attackers send fake invitation emails. They pretend the messages come from a popular online card service. For example, the subject looks like a friendly invite. Therefore, …

Stolen Credentials Deploy RMM Backdoors Read More »

Microsoft warns of multi-stage adversary-in-the-middle (AitM) phishing and business email compromise attacks. These target energy sector organizations. Attackers use clever tricks to steal credentials and take control. How the Attack Starts Attackers begin with a phishing email. They send it from a trusted, previously compromised email address. The message pretends to be a SharePoint document-sharing …

Adversary-in-the-Middle Phishing Hits Energy Firms Read More »

Evelyn Stealer Targets VS Code Cybersecurity experts uncovered a dangerous new threat. Evelyn Stealer targets VS Code extensions to steal developer credentials and crypto. It hits software developers hard. Therefore, attackers gain access to valuable company systems. How Attackers Hide in VS Code Hackers publish fake extensions in the marketplace. These extensions look useful at …

Evelyn Stealer Targets VS Code to Steal Credentials Read More »

New Android Malware Uses AI Hackers created a smart Android threat. New Android malware uses AI to click on hidden browser ads. It tricks ad systems for profit. Therefore, it drains phone resources quietly. How the AI-Powered Click Fraud Works The malware loads a hidden browser inside the app. This browser stays invisible to users. …

New Android Malware Uses AI Read More »

LinkedIn Messages Spread RAT Malware Cybersecurity experts found a clever phishing trick. Hackers send private messages on LinkedIn. They target important people this way. Therefore, victims often trust the sender quickly. Hackers pretend to be friendly contacts. They build trust fast. Then, they trick users into downloading a fake file. For example, the file looks …

LinkedIn Messages Spread RAT Malware Read More »

Malware Targets Linux Cloud and Containers Cybersecurity experts revealed a new threat. They call it VoidLink Malware. This advanced framework targets Linux systems in the cloud. Therefore, it stays hidden for long periods. Researchers discovered it in December 2025. The malware uses custom tools. For example, it includes loaders, implants, and rootkits. Attackers can add …

VoidLink Malware Targets Linux Cloud and Containers Read More »

Malicious Extensions Steal Logins Cybersecurity experts found five bad Chrome extensions. These fake add-ons pretend to help with work tools. They target popular business platforms like HR and ERP systems. Therefore, they trick users into installing them. The extensions promise premium access. For example, they claim to simplify tasks on these platforms. However, they actually …

Malicious Chrome Extensions Steal Logins Read More »

GootLoader Malware Tricks Cybercriminals use a clever trick. They hide dangerous code inside GootLoader Malware. This loader combines 500 to 1,000 ZIP files into one broken archive. Therefore, most security tools fail to open it properly.Many unzipping programs struggle. For example, popular tools like third-party archivers cannot extract the contents reliably. However, Windows’ built-in extractor …

GootLoader Malware Tricks Detection with 500+ ZIP Files Read More »

Rising Android Malware Operations Android malware operations have grown more advanced and widespread. Threat actors now combine multiple attack techniques at scale. Therefore, mobile users face higher risks than before. Researchers observed these attacks targeting users in Central Asia. However, similar methods now appear globally. As a result, mobile security faces new pressure. Shift From …

Android Malware Operations Grow More Advanced Read More »

Discovery of Malicious Chrome Extensions Two Chrome extensions were recently found stealing user credentials. Cybersecurity researchers uncovered both add-ons during routine analysis. Therefore, the threat raises serious privacy concerns. Both extensions share the same name and developer. However, each has a different extension ID. As a result, detection became harder. Disguised as a Legitimate Tool …

Two Chrome Extensions Steal Credentials Silently Read More »

Overview of the Nomani Investment Scam Nomani investment scam activity has increased sharply in recent months. According to a researcher report, incidents rose by 62% this year. Therefore, online users face higher financial risk. The scam now spreads across multiple social platforms. However, earlier campaigns focused on a single network. As a result, detection has …

Nomani Investment Scam Jumps 62% Online Read More »

Overview of the Kimwolf Android Botnet Kimwolf Android Botnet has infected more than two million devices worldwide. According to a recent researcher report, the malware spreads quietly through proxy networks. Therefore, many users remain unaware of the compromise. The botnet has remained active since at least August 2025. However, its scale only became clear after …

Kimwolf Android Botnet Hits 2 Million Devices Read More »

Overview of Fake Booking Emails Campaign Fake Booking Emails have emerged as a new phishing campaign targeting hotel staff across Europe. According to a recent researcher report, attackers used deceptive messages to trigger malware infections. Therefore, hospitality organizations faced serious operational and security risks. The campaign appeared in late December 2025. Moreover, it relied on …

Fake Booking Emails Deliver Malware to Hotels Read More »

Overview of Chrome Extensions Steal ChatGPT Chats Chrome Extensions Steal ChatGPT Chats through malicious add-ons found in the browser marketplace. According to a researcher report, attackers designed these extensions to collect chatbot conversations and browsing data. Therefore, nearly 900,000 users faced silent data exposure. The extensions targeted conversations from popular AI chat platforms. Moreover, attackers …

Chrome Extensions Steal ChatGPT Chats from Users Read More »

Overview of VVS Stealer Malware VVS Stealer Malware has emerged as a new threat targeting Discord users worldwide. According to a recent researcher report, this Python-based malware steals login credentials and authentication tokens. Therefore, affected users risk account takeovers and data loss. The malware has circulated in underground markets since early 2025. Moreover, attackers marketed …

VVS Stealer Malware Targets Discord Accounts Read More »

Overview of the Trust Wallet Chrome Extension Hack Trust Wallet Chrome Extension Hack exposed a serious software supply chain breach in late 2025. According to an incident report, attackers compromised a browser extension update to steal user assets. Therefore, the breach quickly escalated into a large financial loss. The attack resulted in approximately $8.5 million …

Trust Wallet Chrome Extension Hack Drains $8.5M Read More »

Overview of DarkSpectre Browser Extension Campaigns DarkSpectre Browser Extension Campaigns exposed a long-running threat affecting users worldwide. According to a recent researcher report, attackers operated multiple malicious extension campaigns across major browsers. Therefore, millions of users unknowingly installed tools designed for surveillance and fraud. In total, these campaigns impacted more than 8.8 million users over …

DarkSpectre Browser Extension Campaigns Exposed Read More »

Overview of the Chrome Extension Hack Crypto Wallet Chrome Extension Hack exposed users to a large supply chain attack in late 2025. According to a public incident report, attackers used a compromised update to steal digital assets. Therefore, the breach quickly escalated into a major financial loss affecting thousands of users. The incident resulted in …

Crypto Wallet Chrome Extension Hack Drains $8.5M Read More »

Overview of the RondoDox Botnet Campaign RondoDox Botnet has driven a long-running cyber campaign that targets IoT devices and web servers across the internet. According to a recent report, attackers sustained this operation for nine months, which therefore shows careful planning and long-term intent. Moreover, the threat actors focused on quietly expanding their botnet while …

RondoDox Botnet Exploits React2Shell to Hijack Devices Read More »

Overview of the New Android Malware Campaign Kimsuky spreads DocSwap malware through deceptive QR phishing attacks. The campaign targets Android users by impersonating a delivery service. Researchers linked the activity to phishing websites hosting malicious QR codes. Therefore, mobile users face a growing risk. The attackers rely on social engineering rather than technical exploits. However, …

Kimsuky Spreads DocSwap Malware via QR Phishing Read More »

Overview of the Kimwolf Botnet Threat Kimwolf botnet has emerged as a massive DDoS threat targeting Android-based devices. Researchers discovered that the botnet controls at least 1.8 million infected systems. These devices include smart TVs, set-top boxes, and tablets. Therefore, the scale of the operation is unusually large. The botnet supports more than basic DDoS …

Kimwolf Botnet Hijacks 1.8 Million Android TVs Read More »

Overview of the ATM Jackpotting Scheme U.S. DOJ charges have revealed a large criminal operation targeting ATM machines nationwide. Authorities announced charges against 54 individuals involved in the scheme. The operation relied on malware to force ATMs to dispense cash. Therefore, the attacks caused significant financial damage across the country. Investigators described the scheme as …

U.S. DOJ Charges 54 in ATM Jackpotting Case Read More »

Overview of the Phishing Campaign Russia-linked hackers use device code phishing to hijack online accounts. The campaign targets cloud email users across several sectors. Researchers observed this activity starting in September 2025. Therefore, the threat remains active and evolving. The attackers focus on organizations in the U.S. and Europe. These include government, education, and transportation …

Hackers Use Device Code Phishing to Hijack Accounts Read More »

Overview of the Malware Distribution Campaign Cracked software has become a major delivery method for modern malware. Recently, researchers uncovered a campaign abusing piracy websites to spread CountLoader malware. However, attackers also rely on video platforms to widen their reach. Therefore, everyday users face increased risks when seeking free software. The campaign uses CountLoader as …

Cracked Software Spreads CountLoader Malware Read More »

Overview of the ForumTroll Phishing Campaign ForumTroll phishing attacks have resurfaced with a new and focused strategy. This time, the attackers targeted individuals inside Russia rather than large organizations. Since late 2025, the campaign has aimed at academic professionals. Therefore, the threat shows a clear shift in targeting priorities. Security researchers detected the new activity …

ForumTroll Phishing Attacks Target Scholars Using Fake eLibrary Emails Read More »

Overview of the APT28 Phishing Campaign APT28 has launched a long-running credential phishing campaign targeting users. The campaign specifically focuses on users of UKR-net, a popular webmail and news service. Since mid-2024, the activity has continued steadily without major disruption. Therefore, the operation reflects a sustained and deliberate effort. Security researchers observed this activity between …

APT28 Targets Users via Phishing Campaign Read More »

Overview of the Ink Dragon Threat Campaign Ink Dragon has intensified its cyber operations against government organizations. Since mid-2025, the group has increasingly focused on targets across Europe. However, it continues to attack entities in Southeast Asia and South America. Therefore, the campaign reflects a broad and sustained global effort. Security researchers track this activity …

Ink Dragon Targets Governments with Advanced Malware Read More »

Overview of the GhostPoster Malware Campaign GhostPoster malware has emerged as a serious browser-based threat after being discovered inside multiple Firefox add-ons. The campaign secretly abused image logo files to hide malicious JavaScript code, allowing attackers to operate unnoticed. As a result, many users installed these extensions believing they were safe and useful. Therefore, the …

GhostPoster Malware Hides Inside Popular Firefox Add-ons Read More »

A New Ransomware Emerges Cybersecurity researchers have recently documented four advanced phishing kits. The phishin kits enable large-scale credential theft by incorporating cutting-edge techniques. Some example of the techniques such as artificial intelligence and multi-factor authentication bypass methods. These kits are openly sold on underground forums, making it easier for even novice attackers to launch …

New Advanced Phishing Kits Steal Credentials Read More »

A New Ransomware Emerges Researchers uncovered a new ransomware threat in August 2025. A pro-Russian hacktivist group developed it. They named this service VolkLocker.This ransomware targets both Windows and Linux systems. Developers wrote it in Golang. However, early versions contain major security mistakes. The group offers it as a service. Therefore, other attackers can buy …

VolkLocker Ransomware Flaw Lets Victims Decrypt Files Read More »

The New Threat Emerges Researchers have spotted a sneaky campaign. Attackers use fake code repositories on a popular platform to spread a new remote access trojan. They call it PyStoreRAT. These fake repositories look like helpful tools. For example, they pretend to be OSINT utilities or AI wrappers. However, they hide simple code that downloads …

Fake OSINT Tools Hide Dangerous Malware Read More »

Overview of the Espionage Campaign WIRTE is an advanced threat group linked to long-running espionage campaigns. The group has targeted government and diplomatic organizations across the Middle East since 2020. Therefore, researchers classify the activity as persistent and strategic. Security researchers discovered a previously undocumented malware suite called AshTag. However, evidence shows the campaign likely …

WIRTE Uses AshenLoader to Deploy Espionage Malware Read More »

Overview of the Security Issue Chrome targeted by attackers through an active exploit that affects real users worldwide. A browser developer released urgent security updates to fix multiple vulnerabilities. However, one high-severity flaw already faced confirmed exploitation in the wild. Therefore, users faced immediate risk before patches became widely installed. Security researchers warned that attackers …

Chrome Targeted by Active High-Severity Exploit Read More »

Overview of the Threat NANOREMOTE malware is a newly discovered Windows backdoor with advanced capabilities. It allows attackers to remotely control infected systems by abusing cloud-based services. As a result, malicious activity blends into legitimate traffic and becomes harder to detect by traditional security tools. Security researchers explained that the malware functions as a fully …

NANOREMOTE Malware Hides Control in Cloud Read More »

Chrome Targeted by Active Exploit Chrome targeted by active in-the-wild exploit activity this week. Researchers confirmed that attackers are abusing a high-severity flaw. However, details about the vulnerability remain restricted to protect users. The issue carries an internal tracking ID and involves a still-undisclosed component. The report notes that the flaw is serious enough to …

Chrome Targeted by Hidden High-Risk Exploit Read More »

STAC6565 Targets Canada: A Growing Cyber Threat STAC6565 targets Canada in most of its recent attacks. Researchers say the campaign shows a sharp rise in focused cyber operations. Moreover, investigators observed almost 40 incidents between early 2024 and mid-2025. The group overlaps with an older cluster known as Gold Blade. However, the report notes that …

STAC6565 Major Attack Wave with Ransomware Read More »

AI Vulnerabilities Overview Researchers uncover 30+ flaws across many AI-driven coding tools. These weaknesses allow data theft and remote code execution. Therefore, security concerns around automated development environments continue to grow. The researcher behind the findings calls the flaw group “IDEsaster.” The issues impact a wide range of assistants and extensions. However, the report states …

Researchers Uncover 30+ Flaws in AI-Driven Coding Tools Read More »

False Flag Operations in China Silver Fox continues to expand its malware activity across China. Therefore, researchers warn that the threat actor is attempting to confuse attribution by imitating a Russian group. The operation uses search-engine manipulation and social engineering to push a fake messaging installer. The attackers rely on a modified loader for ValleyRAT, …

Silver Fox Spreads Fake Teams Malware Read More »

Ongoing Expansion of the Malware Campaign North Korean hackers continue to expand their attacks through the npm ecosystem. Therefore, many researchers warn that the threat is growing fast. The attackers have released 197 additional malicious packages tied to the Contagious Interview operation. These packages have already been downloaded more than 31,000 times. They deliver an …

North Korean Hackers Launch 197 npm Attacks Read More »

Albiriox Malware Overview New Albiriox malware now threatens Android users with broad fraud capabilities. Therefore, many researchers warn that its rapid spread demands urgent attention. The malware appears under a subscription-based criminal service that offers sophisticated on-device fraud tools. The malware includes a hard-coded list of more than 400 targeted apps. These apps cover banking, …

New Albiriox Malware Hits 400+ Apps Read More »

WordPress King Addons flaw is now under heavy exploitation. The issue affects a popular plugin used with a page-building tool. Researchers warned that attackers can gain full control of vulnerable sites. Therefore, site owners must act quickly to secure their systems. The flaw is tracked as CVE-2025-8489. It carries a critical score because attackers do …

WordPress King Addons Flaw Draws Active Attacks Read More »

AISURU Botnet’s Record-Breaking DDoS Impact AISURU botnet activity has reached historic levels this year. The latest incident involved a massive 29.7 Tbps DDoS attack. Researchers confirmed that the strike lasted only 69 seconds. However, its scale showed how quickly modern attacks can escalate. The report noted that the attack came from a botnet-for-hire. Therefore, even …

AISURU Botnet Drives Record 29.7 Tbps DDoS Hit Read More »

GoldFactory’s Expanding Threat in Southeast Asia GoldFactory has launched new attacks across Indonesia, Thailand, and Vietnam. The group targets mobile users by posing as government services. Moreover, it distributes modified banking apps to deliver malware. These attacks have grown steadily since late 2024. Researchers have linked GoldFactory to earlier threats. They first noticed the group …

GoldFactory Strikes SE Asia with Fake Banking Apps Read More »

Overview of the New Albiriox Threat New Albiriox MaaS malware introduces a broad threat to mobile users. The tool offers a wide range of on-device fraud features. However, it also delivers strong screen control and real-time device interaction. The malware includes a hard-coded list of more than 400 financial and trading apps. Therefore, it targets …

New Albiriox MaaS Malware Hits 400+ Mobile Apps Read More »

ShadyPanda’s Long Campaign A threat actor called ShadyPanda has operated a seven-year campaign that misused popular browser add-ons. The group used once-trusted tools to collect sensitive data from millions of users. However, the danger grew sharply in mid-2024 when several legitimate extensions received hidden malicious updates. Researchers reported that five of these add-ons began as …

ShadyPanda Turns Browser Add-Ons Into Stealthy Spies Read More »

CISA Warns of Rising Spyware Hijacks CISA warns of rising spyware campaigns targeting high-value users. The agency notes that attackers now use advanced tools to infiltrate messaging apps. Moreover, they rely on social engineering to deliver hidden malware. The alert highlights the growing danger to mobile devices worldwide. How Attackers Infiltrate Messaging Apps Attackers use …

CISA Warns of Rising Spyware Hijacks Read More »

ToddyCat’s New Hacking Tools ToddyCat’s new hacking tools give attackers deeper access to corporate email systems. The group uses custom scripts and advanced techniques to steal sensitive information. Moreover, these tools help the attackers collect tokens and mail files from compromised networks. The activity shows continued evolution in their operations. Stealing OAuth Tokens The attackers …

ToddyCat’s New Hacking Tools Target Email Data Read More »

FBI Reports Rising ATO Fraud FBI Reports rising account takeover fraud across many sectors. The report warns that criminals impersonate financial institutions to steal money. Moreover, the schemes continue to grow as attackers refine social engineering methods. The warning highlights more than $262 million in losses this year. How ATO Fraud Works Account takeover fraud …

FBI Reports Rising ATO Fraud Driven by Scams Read More »

Introduction: RomCom Uses SocGholish RomCom uses SocGholish to deliver a dangerous remote access tool. This tactic targets organizations through fake update alerts. Moreover, the method blends deception with rapid infection. The incident shows how quickly modern threats can evolve. How the Attack Began RomCom threat actors focused on a civil engineering group in the United …

RomCom Uses SocGholish in New Malware Strike Read More »

Overview of the Exploited WSUS Flaw ShadowPad Malware activity is increasing due to a severe WSUS vulnerability. Threat actors now use this flaw to gain full control of Windows systems. The vulnerability, known as CVE-2025-59287, enables remote code execution with system privileges. Therefore, attackers can enter networks with minimal resistance. Researchers recently confirmed that attackers …

ShadowPad Malware Exploits WSUS for Full Access Read More »

Dragon Breath’s Expanding Malware Strategy Dragon Breath continues to evolve its tactics. Therefore, the group now relies on a multi-stage loader called RONINGLOADER to deliver a modified Gh0st RAT variant. The operation mainly targets Chinese-speaking users. However, it spreads through installers disguised as trusted tools. Researchers report that the infection chain uses many layers. These …

Threat Actor Dragon Breath Unleashes New Stealth Attack Chain Read More »

Overview of the New Campaign Python-Based WhatsApp Worm activity continues to grow across Brazil. Researchers recently uncovered a social-engineering campaign that uses WhatsApp hijacking to spread a Delphi-based banking stealer called Eternidade Stealer. The attackers rely on a Python script to automate the spread. Therefore, the threat now moves faster than earlier PowerShell-based versions. The …

Python-Based WhatsApp Worm Spreads New Stealer Read More »

Sneaky 2FA Kit Evolves Again Sneaky 2FA continues to grow more advanced, according to a recent report. The Phishing-as-a-Service kit now includes Browser-in-the-Browser (BitB) features. Therefore, attackers with limited skills can launch convincing phishing attacks at scale. Researchers say this trend shows how quickly phishing tools are evolving. How BitB Tricks Victims with Fake Pop-ups …

Sneaky 2FA Kit Uses Fake Browser Pop-ups Read More »

Botnet Targets Windows Users Cybersecurity researchers report that Tsundere is an expanding botnet aimed at Windows systems. They note that it has grown quickly since mid-2025. Moreover, the botnet executes JavaScript code sent from a remote server. Therefore, it gives attackers a flexible way to run harmful commands. Suspicious Installation Paths and Game-Themed Lures Researchers …

Tsundere Botnet Spreads Through Game Lures Read More »

Introduction: How Sturnus Threatens Android Users Cybersecurity researchers warn that Sturnus, a new Android banking trojan, poses a serious risk. They note that it steals credentials and takes full control of devices. Moreover, it uses advanced tricks to commit financial fraud. Therefore, experts consider it a rising threat that requires quick attention. Bypassing Encrypted Chats …

Sturnus Trojan Steals Chats and Seizes Phones Read More »

GootLoader Is Back With New Stealth Features GootLoader is back and continues to evolve. Recent findings from a new report show a surge in activity. The researchers observed several infections in late October 2025. Moreover, two cases escalated quickly and reached domain controller compromise within hours. The malicious loader now uses custom fonts to hide …

GootLoader Is Back With a New Font-Hiding Trick Read More »

Fantasy Hub Trojan Expands on Telegram Fantasy Hub Trojan continues to grow across Telegram channels. It appears as a rented service that attackers can purchase. Therefore, even inexperienced criminals can launch advanced attacks. This rise increases risks for users and organizations. Researchers note that the malware supports remote device control. It gathers messages, images, contacts, …

Fantasy Hub Trojan Turns Telegram Into Hacker Tool Read More »

Konni Hackers Expand Their Attacks Konni Hackers continue to widen their operations. They now target Android and Windows devices with new tools. They aim to steal data and gain remote control. Moreover, they use social engineering to reach unsuspecting users. Konni actors pretend to be counselors or human rights experts. They spread malware disguised as …

Konni Hackers Turn Find Hub Into a Data-Wipe Threat Read More »

Introduction to the New Threat Whisper Leak attack reveals how encrypted AI chat traffic can still expose user topics. Researchers warn that passive observers can infer sensitive subjects even when communications use HTTPS encryption. Therefore, this discovery raises major privacy concerns for both individuals and organizations. However, many users remain unaware of these hidden risks. …

Whisper Leak Attack Exposes Encrypted AI Topics Read More »

Introduction to the Expanding Threat GlassWorm malware continues to evolve and now hides inside three new VS Code extensions. Researchers say the add-ons remain available for download, which increases the risk for thousands of developers. Therefore, the campaign shows no signs of slowing. However, many users still do not realize their tools may be compromised. …

GlassWorm Malware Found in Risky VS Code Add-ons Read More »

Overview of the Expanding Threat Large-Scale ClickFix Phishing Attacks now threaten hotel systems worldwide. These attacks rely on fake login pages and harmful tools like PureRAT to harvest credentials. Therefore, hotel managers face growing risks as criminals refine their methods. However, many victims still fall for the deceptive tactics. Attackers often use hijacked email accounts …

Large-Scale ClickFix Phishing Attacks Hit Hotels Read More »

China-Linked Hackers Launch New Cyberattacks Cybersecurity researchers have discovered that China-linked hackers are exploiting a serious Windows shortcut flaw to target European diplomats. These attacks occurred between September and October 2025, focusing on government and diplomatic institutions in several European countries. The campaign highlights growing concerns about cyber espionage and geopolitical intelligence gathering. How the …

China-Linked Hackers Exploit Windows Flaw on Diplomats Read More »

Cybercriminals Target Logistics Networks Cybercriminals exploit remote monitoring tools to infiltrate logistics and freight networks, aiming to steal valuable cargo for profit. According to a recent report from researchers, these attacks have been active since June 2025. The threat actors are believed to be working with organized crime groups that specialize in large-scale cargo theft. …

Cybercriminals Exploit RMM Tools to Steal Freight Read More »

Researcher Uncover Android Trojans Steal Data Cybersecurity researchers uncovered two new Android threats, BankBot-YNRK and DeliveryRAT, that steal sensitive financial data. These malicious programs secretly harvest personal information, run hidden commands, and bypass security defenses on targeted devices. Both have been active since mid-2024, showing how mobile attacks continue to evolve rapidly. How BankBot-YNRK Works …

Researchers Uncover Android Trojans Stealing Data Read More »

Brash Exploit Threatens Chromium Browsers A serious flaw has been discovered in Chromium’s Blink rendering engine, exposing millions of users to sudden browser crashes. The newly identified Brash exploit allows attackers to crash Chromium-based browsers in seconds simply by sending a malicious URL. According to a cybersecurity researcher who analyzed the bug, Brash can cause …

Brash Exploit Crashes Chromium Browser in Seconds Read More »

PhantomRaven Malware Targets npm Developers Cybersecurity researchers have discovered a new software supply chain attack named PhantomRaven. This threat targets the npm registry and steals sensitive data from developers’ systems. It collects GitHub tokens, CI/CD secrets, and authentication credentials. The campaign began around August 2025. Since then, it has grown rapidly, spreading across 126 npm …

PhantomRaven Malware Hits npm Packages Hard Read More »

AI-Targeted Cloaking Attack Exposes Hidden Risks Cybersecurity researchers have uncovered a new online threat called AI-targeted cloaking. This technique tricks artificial intelligence (AI) crawlers used by agentic web browsers into accepting fake information as verified truth. Unlike traditional search engine cloaking, this new method focuses on AI-driven tools that retrieve and summarize online content automatically. …

AI-Targeted Cloaking Attack Spreads Fake Facts Read More »

Summary of the Threat Researchers found 10 npm packages that delivered a powerful information stealer. For example, the packages aimed at Windows, macOS, and Linux. The researcher reported the operation used heavy obfuscation and fake CAPTCHAs. Therefore, many developers did not notice the malicious behavior during install. How the Attack Works The malicious packages appeared …

10 npm Packages Steal Dev Credentials Read More »

A New Android Threat Emerges Herodotus, a newly discovered Android banking trojan, is making waves for its human-like behavior. Researchers recently found it targeting users in Italy and Brazil through active malware campaigns. The malware is designed to take over devices while imitating natural user actions, allowing it to bypass advanced anti-fraud systems. According to …

Herodotus Trojan Mimics Humans to Evade Detection Read More »

GhostCall and GhostHire Overview Threat actors linked to North Korea are running two related malware campaigns named GhostCall and GhostHire. These operations mainly target professionals in the Web3 and blockchain sectors. According to recent research, both campaigns are part of a long-running effort called SnatchCrypto. Since at least 2017, this effort has focused on stealing …

GhostCall and GhostHire: Web3 Mac Malware Read More »

Dangerous New Browser Vulnerability A new ChatGPT Atlas exploit allows cyber attackers to secretly insert hidden commands into the AI’s memory. Security researchers recently discovered that this flaw could let attackers execute arbitrary code and gain control of user systems. According to a new report, this attack uses a cross-site request forgery (CSRF) technique. It …

ChatGPT Atlas Exploit Plants Hidden Malicious Code Read More »

Smishing Operation Expands The Smishing Triad has launched a massive phishing operation using more than 194,000 fake domains worldwide. Since January 2024, these domains have targeted countless users across many industries, according to a recent report. The campaign uses fraudulent text messages that claim to be toll or package delivery notices. However, the real goal …

Smishing Triad Runs 194,000 Fake Phishing Domains Read More »