Overview of the New Campaign Python-Based WhatsApp Worm activity continues to grow across Brazil. Researchers recently uncovered a social-engineering campaign that uses WhatsApp hijacking to spread a Delphi-based banking stealer called Eternidade Stealer. The attackers rely on a Python script to automate the spread. Therefore, the threat now moves faster than earlier PowerShell-based versions. The …
Sneaky 2FA Kit Evolves Again Sneaky 2FA continues to grow more advanced, according to a recent report. The Phishing-as-a-Service kit now includes Browser-in-the-Browser (BitB) features. Therefore, attackers with limited skills can launch convincing phishing attacks at scale. Researchers say this trend shows how quickly phishing tools are evolving. How BitB Tricks Victims with Fake Pop-ups …
Botnet Targets Windows Users Cybersecurity researchers report that Tsundere is an expanding botnet aimed at Windows systems. They note that it has grown quickly since mid-2025. Moreover, the botnet executes JavaScript code sent from a remote server. Therefore, it gives attackers a flexible way to run harmful commands. Suspicious Installation Paths and Game-Themed Lures Researchers …
Introduction: How Sturnus Threatens Android Users Cybersecurity researchers warn that Sturnus, a new Android banking trojan, poses a serious risk. They note that it steals credentials and takes full control of devices. Moreover, it uses advanced tricks to commit financial fraud. Therefore, experts consider it a rising threat that requires quick attention. Bypassing Encrypted Chats …
GootLoader Is Back With New Stealth Features GootLoader is back and continues to evolve. Recent findings from a new report show a surge in activity. The researchers observed several infections in late October 2025. Moreover, two cases escalated quickly and reached domain controller compromise within hours. The malicious loader now uses custom fonts to hide …
Fantasy Hub Trojan Expands on Telegram Fantasy Hub Trojan continues to grow across Telegram channels. It appears as a rented service that attackers can purchase. Therefore, even inexperienced criminals can launch advanced attacks. This rise increases risks for users and organizations. Researchers note that the malware supports remote device control. It gathers messages, images, contacts, …
Fantasy Hub Trojan Turns Telegram Into Hacker Tool Read More »
Konni Hackers Expand Their Attacks Konni Hackers continue to widen their operations. They now target Android and Windows devices with new tools. They aim to steal data and gain remote control. Moreover, they use social engineering to reach unsuspecting users. Konni actors pretend to be counselors or human rights experts. They spread malware disguised as …
Konni Hackers Turn Find Hub Into a Data-Wipe Threat Read More »
Introduction to the New Threat Whisper Leak attack reveals how encrypted AI chat traffic can still expose user topics. Researchers warn that passive observers can infer sensitive subjects even when communications use HTTPS encryption. Therefore, this discovery raises major privacy concerns for both individuals and organizations. However, many users remain unaware of these hidden risks. …
Introduction to the Expanding Threat GlassWorm malware continues to evolve and now hides inside three new VS Code extensions. Researchers say the add-ons remain available for download, which increases the risk for thousands of developers. Therefore, the campaign shows no signs of slowing. However, many users still do not realize their tools may be compromised. …
GlassWorm Malware Found in Risky VS Code Add-ons Read More »
Overview of the Expanding Threat Large-Scale ClickFix Phishing Attacks now threaten hotel systems worldwide. These attacks rely on fake login pages and harmful tools like PureRAT to harvest credentials. Therefore, hotel managers face growing risks as criminals refine their methods. However, many victims still fall for the deceptive tactics. Attackers often use hijacked email accounts …
Large-Scale ClickFix Phishing Attacks Hit Hotels Read More »
China-Linked Hackers Launch New Cyberattacks Cybersecurity researchers have discovered that China-linked hackers are exploiting a serious Windows shortcut flaw to target European diplomats. These attacks occurred between September and October 2025, focusing on government and diplomatic institutions in several European countries. The campaign highlights growing concerns about cyber espionage and geopolitical intelligence gathering. How the …
China-Linked Hackers Exploit Windows Flaw on Diplomats Read More »
Cybercriminals Target Logistics Networks Cybercriminals exploit remote monitoring tools to infiltrate logistics and freight networks, aiming to steal valuable cargo for profit. According to a recent report from researchers, these attacks have been active since June 2025. The threat actors are believed to be working with organized crime groups that specialize in large-scale cargo theft. …
Cybercriminals Exploit RMM Tools to Steal Freight Read More »
Researcher Uncover Android Trojans Steal Data Cybersecurity researchers uncovered two new Android threats, BankBot-YNRK and DeliveryRAT, that steal sensitive financial data. These malicious programs secretly harvest personal information, run hidden commands, and bypass security defenses on targeted devices. Both have been active since mid-2024, showing how mobile attacks continue to evolve rapidly. How BankBot-YNRK Works …
Researchers Uncover Android Trojans Stealing Data Read More »
Brash Exploit Threatens Chromium Browsers A serious flaw has been discovered in Chromium’s Blink rendering engine, exposing millions of users to sudden browser crashes. The newly identified Brash exploit allows attackers to crash Chromium-based browsers in seconds simply by sending a malicious URL. According to a cybersecurity researcher who analyzed the bug, Brash can cause …
Brash Exploit Crashes Chromium Browser in Seconds Read More »
PhantomRaven Malware Targets npm Developers Cybersecurity researchers have discovered a new software supply chain attack named PhantomRaven. This threat targets the npm registry and steals sensitive data from developers’ systems. It collects GitHub tokens, CI/CD secrets, and authentication credentials. The campaign began around August 2025. Since then, it has grown rapidly, spreading across 126 npm …
AI-Targeted Cloaking Attack Exposes Hidden Risks Cybersecurity researchers have uncovered a new online threat called AI-targeted cloaking. This technique tricks artificial intelligence (AI) crawlers used by agentic web browsers into accepting fake information as verified truth. Unlike traditional search engine cloaking, this new method focuses on AI-driven tools that retrieve and summarize online content automatically. …
Summary of the Threat Researchers found 10 npm packages that delivered a powerful information stealer. For example, the packages aimed at Windows, macOS, and Linux. The researcher reported the operation used heavy obfuscation and fake CAPTCHAs. Therefore, many developers did not notice the malicious behavior during install. How the Attack Works The malicious packages appeared …
A New Android Threat Emerges Herodotus, a newly discovered Android banking trojan, is making waves for its human-like behavior. Researchers recently found it targeting users in Italy and Brazil through active malware campaigns. The malware is designed to take over devices while imitating natural user actions, allowing it to bypass advanced anti-fraud systems. According to …
Herodotus Trojan Mimics Humans to Evade Detection Read More »
GhostCall and GhostHire Overview Threat actors linked to North Korea are running two related malware campaigns named GhostCall and GhostHire. These operations mainly target professionals in the Web3 and blockchain sectors. According to recent research, both campaigns are part of a long-running effort called SnatchCrypto. Since at least 2017, this effort has focused on stealing …
Dangerous New Browser Vulnerability A new ChatGPT Atlas exploit allows cyber attackers to secretly insert hidden commands into the AI’s memory. Security researchers recently discovered that this flaw could let attackers execute arbitrary code and gain control of user systems. According to a new report, this attack uses a cross-site request forgery (CSRF) technique. It …
ChatGPT Atlas Exploit Plants Hidden Malicious Code Read More »
Smishing Operation Expands The Smishing Triad has launched a massive phishing operation using more than 194,000 fake domains worldwide. Since January 2024, these domains have targeted countless users across many industries, according to a recent report. The campaign uses fraudulent text messages that claim to be toll or package delivery notices. However, the real goal …
Smishing Triad Runs 194,000 Fake Phishing Domains Read More »
YouTube Ghost Network Spreads Malware The YouTube Ghost Network is spreading fast. This massive operation uses hacked video accounts to distribute malware. Since 2021, over 3,000 infected videos have appeared, and the number has tripled in 2025. Attackers use these videos to push pirated software and game cheats, especially targeting users searching for free downloads. …
YouTube Ghost Network Spreads Hidden Malware Traps Read More »
Google Finds Three New Russian Malware Threats Google identifies three new Russian malware families linked to the COLDRIVER hacking group. According to a recent threat report, the cyber group has intensified its operations since May 2025, rapidly evolving its malware arsenal to target high-profile individuals. Researchers revealed that these malware variants named NOROBOT, YESROBOT, and …
Massive Spam Campaign Uncovered 131 Chrome extensions hijacked WhatsApp Web in a large-scale spam campaign targeting thousands of users. According to a cybersecurity report, the operation focused on Brazilian accounts and relied on cloned automation tools disguised as business aids. Researchers discovered that these browser extensions shared nearly identical code, design, and infrastructure. In total, …
Cyberattack Overview Hackers used Snappybee malware and a Citrix security flaw to target a major European telecom network. The attack occurred in early July 2025, according to a cybersecurity report. Investigators linked the intrusion to a China-based cyber espionage group called Salt Typhoon. This group has been active since 2019 and is known for attacking …
Hackers Used Snappybee to Breach Telecom Network Read More »
Critical Risk to Enterprise Systems A newly uncovered security flaw could let attackers take full control of enterprise servers without needing a login. Researchers warned that the bug allows silent command execution, putting valuable data and operations at serious risk. Therefore, applying the latest security updates is an urgent priority for every organization. How the …
Severe Server Flaw Opens Door to Silent Takeovers Read More »
Android devices: What Pixnapping steals Android devices are vulnerable to a pixel-stealing attack. Researchers call the technique Pixnapping. It can take two-factor authentication codes without app permissions. Therefore, users should treat the threat as urgent. Who discovered it A team of academics from multiple universities found the flaw. They published a detailed paper with proofs …
Android Devices Face 2FA Theft Without Permissions Read More »
Astaroth Trojan Uses GitHub to Evade Disruption Cybersecurity researchers have discovered a new campaign delivering the Astaroth banking trojan, which cleverly remains operational even after takedowns. The malware uses GitHub as a backup control system to keep running when its main servers are blocked. Therefore, removing its infrastructure does not immediately stop the infection chain. …
RondoDox Botnet Expands to 50+ Vulnerabilities Researchers have warned that the RondoDox Botnet is becoming more dangerous than ever. It now exploits over 50 security flaws across more than 30 technology vendors. This campaign uses what experts call an “exploit shotgun” approach. It targets many kinds of internet-connected devices, including routers, DVRs, NVRs, CCTV cameras, …
Rust-Based Malware ChaosBot Targets Financial Firms A new Rust-Based Malware, known as ChaosBot, has been discovered targeting financial organizations. Researchers found that it allows attackers to spy on victims and execute remote commands on infected computers. However, what makes ChaosBot unusual is how it communicates. Instead of using traditional control servers, it leverages Discord channels …
Rust-Based Malware ChaosBot Exploits Discord Control Read More »
Hackers Turn Velociraptor Tool Into Ransomware Weapon Hackers are abusing the Velociraptor DFIR tool to launch ransomware attacks. A new report revealed that a group called Storm-2603 has used this open-source security tool to deliver multiple ransomware strains, including LockBit, Warlock, and Babuk. However, the group didn’t exploit a flaw in Velociraptor itself. Instead, it …
Hackers Turn Velociraptor Tool Into Ransomware Weapon Read More »
Astaroth Banking Trojan resurfaces with new trick Astaroth Banking Trojan now uses a code hosting platform as backup. This lets it recover when takedown teams remove its servers. Therefore, the malware can stay active after infrastructure disruption. Researchers reported the tactic in a recent analysis. However, the campaign still relies on classic phishing. For example, …
Stealit Malware Exploits Node.js Feature Stealit Malware is abusing a feature in Node.js known as the Single Executable Application (SEA) to distribute its payloads. Researchers have revealed that this malware campaign disguises itself as installers for popular games and VPN applications. However, these fake installers are actually packed with malicious code and are being shared …
Stealit Malware Hides in Game and VPN Installers Read More »
Payroll Pirates Target Employee Salaries Payroll Pirates are hijacking HR software accounts to steal salaries from employees. A recent report from researchers revealed that the group, also known as Storm-2657, is attacking U.S.-based organizations, especially universities and other large employers. However, experts warn that any company using online HR or payroll systems could be at …
Payroll Pirates Steal Salaries via HR Account Hacks Read More »
Deceptive Campaign Targets Android Users A fast-evolving Android spyware called ClayRat is targeting users through fake versions of popular apps. The campaign mainly spreads through messaging channels and phishing websites, luring users with counterfeit WhatsApp, TikTok, YouTube, and Google Photos apps. Once installed, ClayRat secretly collects private data such as SMS messages, call logs, and …
ClayRat Spyware Tricks Android Users with Fake Apps Read More »
BatShadow Group’s New Campaign A recent report revealed that BatShadow Group is running a new cyber campaign targeting job seekers and digital marketing professionals. The attackers use social engineering tricks to pose as recruiters, sending malicious files disguised as job descriptions or company documents. When opened, these files trigger a hidden infection chain that installs …
BatShadow Group Targets Job Seekers with Vampire Bot Read More »
Chinese Cybercrime Group Runs New Wave Attacks Cybersecurity experts recently exposed a Chinese-speaking cybercrime group called UAT-8099. The group engages in large-scale SEO fraud and data theft targeting Microsoft IIS servers. Most attacks have been reported in India, Thailand, Vietnam, Canada, and Brazil. The hackers mainly focus on universities, telecom firms, and technology companies. UAT-8099 …
XWorm Malware the Resurfacing Threat XWorm malware has resurfaced with new ransomware features and more than 35 plugins. After its original developer abandoned the project, several cybercriminals began spreading new versions through phishing campaigns. Researchers discovered versions 6.0, 6.4, and 6.5 circulating widely. These versions can steal sensitive data, control infected devices, and encrypt files. …
Cavalry Werewolf attacks with cyber campaign Cavalry Werewolf has targeted public agencies and firms. Researchers tracked the campaign recently. For example, the attackers used phishing to gain access. Therefore, many victims were state and critical-sector organizations. How the attackers operated The group sent targeted emails that looked official. In some cases they used addresses tied …
Self-Spreading New Malware Target WhatsApp Users Self-spreading WhatsApp malware is attacking users in Brazil, spreading fast through phishing messages with ZIP attachments. Researchers discovered that this campaign, called SORVEPOTEL, aims for speed and reach rather than stealing data or locking systems. However, its quick spread still poses serious risks to users and organizations. The malware …
Phantom Taurus’s Espionage Campaign China-aligned Phantom Taurus targets governments in Africa, Asia, and the Middle East. It uses stealthy NET-STAR malware. For example, it focuses on ministries and embassies. Attacks began in 2022. The group seeks diplomatic and military data. It aligns with geopolitical events. Consequently, it prioritizes intelligence collection. This serves China’s interests. Custom …
Phantom Taurus Targets Governments with NET-STAR Malware Read More »
Vane Viper’s Malicious Ad Network Vane Viper runs a hidden adtech empire. It powers malvertising and fraud. For example, it generates 1 trillion DNS queries yearly. The network evades detection for a decade. Attackers use tangled shell companies. They obscure ownership structures. Consequently, they avoid responsibility. This enables widespread cyberthreats. Compromised WordPress Sites Vane Viper …
Vane Viper’s 1 Trillion DNS Queries Fuel Malware Network Read More »
EvilAI’s Global Reach EvilAI malware targets organizations worldwide. It disguises as AI and productivity tools. For example, it hits manufacturing and healthcare. The campaign spans Europe, Americas, and AMEA. The malware mimics legitimate apps. It uses valid digital signatures. Consequently, it appears trustworthy. This fools users and security tools. Targeted Sectors Top sectors include government …
EvilAI Malware Poses as AI Tools to Target Global Firms Read More »
Oyster Malware Campaign Hackers use fake Microsoft Teams installers to deliver Oyster malware. This backdoor targets corporate networks. For example, it enables remote access. The campaign uses SEO poisoning. Malvertising Tactics Attackers promote fake sites via search ads. These mimic Teams download pages. Consequently, users download malicious files. The campaign was spotted in 2025. The …
Fake Microsoft Teams Installers Spread Oyster Malware Read More »
Phishing Campaign A new phishing campaign hits agencies. It uses SVG files to deliver CountLoader. For example, it drops Amatera Stealer. The attacks began in 2025. Emails pose as official notices. They contain malicious SVG attachments. Consequently, users open ZIP archives. This triggers the infection chain. The ZIP file holds a CHM file. It launches …
CountLoader and PureRAT Spread via Phishing SVG Attacks Read More »
Datzbro Targets Elderly Users A new Android trojan, Datzbro, preys on seniors. It uses AI-generated Facebook events. For example, it promotes travel trips. The campaign hit Australia in August 2025. Scammers create groups for active seniors. They share AI content about meetings. Consequently, victims seek social connections. This builds trust fast. Attackers reach out via …
Datzbro Trojan Tricks Seniors with Fake AI Travel Events Read More »
PhaaS Campaign Surge Lighthouse and Lucid PhaaS platforms fuel phishing attacks. They target 316 brands across 74 countries. For example, they hit financial and postal sectors. Over 17,500 domains are involved. Lucid’s Capabilities Lucid, linked to the XinXin group, sends smishing via iMessage. It uses customizable templates. Consequently, it targets specific users. This ensures high …
Lighthouse and Lucid PhaaS Target 316 Brands Globally Read More »
UNC1549’s Telecom Attacks Iran-linked UNC1549 targets telecom firms. It compromises 34 devices across 11 companies. For example, it uses LinkedIn job lures. The campaign began in 2022. Attackers pose as HR on LinkedIn. They offer fake job opportunities. Consequently, they trick employees into clicking links. This delivers malware. The campaign deploys MINIBIKE backdoor. It uses …
UNC1549 Targets Telecoms with MINIBIKE Malware via LinkedIn Read More »
RedNovember’s Global Campaign Chinese hackers, RedNovember, target governments worldwide. They use Pantegana and Cobalt Strike. For example, they hit defense and aerospace sectors. Attacks began in June 2024. The group breaches high-profile organizations. It targets ministries and security agencies. Consequently, it focuses on the U.S. and Asia. This shows broad espionage goals. RedNovember exploits known …
RedNovember Hackers Target Global Governments with Pantegana Read More »
ComicForm Targets Eurasia A new group, ComicForm, attacks Belarus, Kazakhstan, and Russia. It uses phishing emails since April 2025. For example, it targets finance and biotech. The campaign deploys Formbook malware. Emails mimic official documents. They urge users to open archives. Consequently, victims run malicious executables. These pose as PDFs. The executable launches a .NET …
ComicForm and SectorJ149 Deploy Formbook in Cyber Attacks Read More »
Malicious PyPI Packages Found Two fake Python packages deliver SilentSync RAT. They target Windows systems. For example, they steal browser data. The packages were removed from PyPI. The packages mimic legitimate tools. One poses as a health system API. Consequently, developers trust and install them. They were uploaded in 2025. The packages run malicious code …
SilentSync RAT Targets Python Devs via Malicious PyPI Packages Read More »
TA558 Targets Hotels The TA558 group, also known as RevengeHotels, attacks hotels in Brazil. It uses AI-generated phishing emails. For example, it deploys Venom RAT. The campaign started in summer 2025. Attackers use AI to craft phishing emails. These emails mimic invoices and job offers. Consequently, they appear legitimate. This tricks hotel staff into clicking …
TA558 Deploys Venom RAT via AI-Generated Phishing Targeting Hotels Read More »
SEO Poisoning Campaign Chinese users face a new SEO poisoning attack. Fake sites mimic software downloads. For example, they rank high in searches. This tricks users into malware. Attackers register similar domain names. They use subtle character changes. Consequently, sites seem legitimate. Victims download trojanized installers. The campaign deploys HiddenGh0st and Winos. Both are Gh0st …
HiddenGh0st, Winos Exploit SEO for Chinese Malware Attacks Read More »
HybridPetya Targets UEFI Systems A new ransomware, HybridPetya, mimics Petya/NotPetya. It bypasses UEFI Secure Boot. For example, it encrypts critical file data. It was detected in February 2025. HybridPetya exploits a patched UEFI flaw. This allows unauthorized code execution. Consequently, it compromises modern systems. The flaw was fixed in January 2025. Two Main Components The …
HybridPetya Ransomware Bypasses UEFI Secure Boot Read More »
Mustang Panda’s New Campaign Mustang Panda targets Thailand with new malware. It uses a USB worm called SnakeDisk. For example, it drops the Yokai backdoor. The group aligns with China. Hive0154, also known as Mustang Panda, acts since 2012. It focuses on espionage. Consequently, it evolves its tools often. This keeps attacks effective. Updated TONESHELL …
RatOn’s Advanced Evolution RatOn Android malware now includes sophisticated features. It evolved from NFC relay attacks. For example, it performs automated money transfers. This makes it a powerful threat. RatOn uses overlay attacks on financial apps. It automates transfers via banking systems. Consequently, it steals funds without user knowledge. Attackers control it remotely. Targeting Crypto …
RatOn Malware Evolves with NFC Relay and Banking Fraud Read More »
Axios in Phishing Attacks Threat actors exploit Axios for phishing. It surges in use by 241% recently. For example, it aids Microsoft 365 attacks. This creates efficient pipelines. Attackers misuse Microsoft’s Direct Send. It spoofs trusted emails. Consequently, messages bypass security gateways. This lands in user inboxes. High Success Rates Axios with Direct Send achieves …
New Malware Threats Emerge Two new malware families target multiple platforms. CHILLYHELL attacks macOS, while ZynorRAT hits Windows and Linux. For example, they steal data and enable remote control. The campaigns are highly sophisticated. CHILLYHELL is a macOS backdoor. It targets Intel-based systems. Consequently, it compromises government websites. The malware has been active since October …
CHILLYHELL and ZynorRAT Malware Target macOS, Windows Read More »
GhostRedirector’s Server Attacks A new threat group, GhostRedirector, has compromised 65 Windows servers. It targets multiple countries. For example, Brazil and Thailand are hit hardest. The attacks started in August 2024. Rungan and Gamshen Malware GhostRedirector deploys two main tools. Rungan is a passive C++ backdoor. Gamshen is an IIS module for SEO fraud. Consequently, …
GhostRedirector Hacks 65 Servers with Rungan Backdoor Read More »
Noisy Bear Attacks Energy Sector A new threat group, Noisy Bear, targets Kazakhstan’s energy sector. The campaign, Operation BarrelFire, began in April 2025. For example, it focuses on KazMunaiGas employees. It uses phishing to deliver malware. Tactics and Attachments The attack starts with phishing emails. These emails mimic internal KMG communications. Consequently, they trick employees …
TamperedChef Targets Users A new malware, TamperedChef, spreads through fake PDF editors. It uses malvertising to trick users. For example, it mimics legitimate software. The campaign steals sensitive data. Malvertising Campaign Tactics Attackers promote fake PDF editors via ads. These ads lead to fraudulent websites. Consequently, users download malicious installers. The campaign started in June …
TamperedChef Malware Poses as PDF Editors to Steal Data Read More »
Shift in Android Malware Android dropper apps now deliver more than banking trojans. They spread SMS stealers and spyware. For example, they mimic government apps in Asia. This marks a new trend. Evading Google’s Defenses Google’s security blocks risky app installations. Attackers adapt with droppers that avoid detection. Consequently, they bypass permission checks. This keeps …
Android Droppers Now Spread SMS Stealers, Spyware Read More »
Silver Fox Targets Security Systems The Silver Fox group uses a new attack method. It exploits a vulnerable driver to disable security tools. For example, it deploys ValleyRAT malware. The campaign targets critical firms. Vulnerable WatchDog Driver The attack uses a Microsoft-signed driver. This driver has multiple flaws. Consequently, it allows attackers to gain high-level …
Silver Fox Uses Microsoft-Signed Driver to Spread ValleyRAT Read More »
Lazarus Group’s New Campaign North Korean hackers, Lazarus Group, target DeFi firms. They use three new malware types. For example, PondRAT and ThemeForestRAT steal data. The attacks began in 2024. Social Engineering Tactics Attackers impersonate company employees. They use fake meeting scheduler websites. Consequently, victims trust the communication. This leads to system compromise. Initial Access …
Lazarus Group Deploys PondRAT, ThemeForestRAT in Attacks Read More »
QuirkyLoader Targets Global Firms A new malware loader, QuirkyLoader, spreads harmful payloads. It uses email spam campaigns. For example, it delivers data stealers and trojans. The attacks began in November 2024. Malicious Email Tactics Attackers send spam from trusted email services. Some use self-hosted servers. Consequently, emails seem legitimate to users. This tricks them into …
QuirkyLoader Malware Spreads Trojans via Email Spam Read More »
VShell Malware Targets Linux A new attack delivers VShell malware via phishing emails. It hides in RAR archive filenames. For example, it exploits Linux systems’ weaknesses. The campaign evades antivirus detection. Malicious Filename Trick The malware uses a clever technique. It encodes harmful code in filenames. Consequently, simple file operations trigger execution. This bypasses traditional …
VShell Malware Hides in RAR Filenames to Evade Detection Read More »
HOOK Trojan’s New Features A new Android trojan, HOOK, now includes ransomware. It displays full-screen extortion messages. For example, it demands payments via crypto wallets. The trojan evolves rapidly. Ransomware Overlay Tactics HOOK shows alarming warning screens. These overlays demand ransom payments. Consequently, victims face pressure to pay. Attackers control these screens remotely. Expanded Command …
HOOK Trojan Adds Ransomware Overlays to Android Attacks Read More »
ShadowCaptcha Targets WordPress Sites A new campaign, ShadowCaptcha, exploits over 100 WordPress sites. It spreads ransomware and data stealers. For example, it uses fake CAPTCHA pages. The attacks began in August 2025. Social Engineering Tactics Attackers trick users with fake verification pages. These pages mimic trusted services. Consequently, users download harmful files. This relies on …
ShadowCaptcha Exploits WordPress to Spread Malware Read More »
MixShell Targets Supply Chain A new malware, MixShell, targets U.S. manufacturers. It uses company contact forms for attacks. For example, it hits industrial and biotech firms. The campaign, ZipLine, is highly sophisticated. Social Engineering Tactics Attackers avoid traditional phishing emails. They use contact forms to start conversations. Consequently, employees trust the exchanges. This leads to …
MixShell Malware Targets Firms via Contact Forms Read More »
New Sni5Gect Attack Emerges A new attack, Sni5Gect, targets 5G phone connections. It crashes devices and downgrades networks. For example, it forces 5G to 4G. This exposes users to vulnerabilities. No Rogue Base Station Needed Sni5Gect doesn’t require fake base stations. It sniffs unencrypted 5G messages. Consequently, attackers manipulate phone connections. This makes the attack …
Sni5Gect Attack Downgrades 5G to 4G, Crashes Phones Read More »
Kimsuky’s Diplomatic Cyberattacks North Korean hackers target South Korean diplomats. They send spear-phishing emails to embassy staff. For example, emails mimic trusted contacts. The campaign ran from March to July 2025. Using GitHub for Control Attackers use GitHub as a hidden control channel. They host malicious files on cloud services. Consequently, they deliver a powerful …
Kimsuky Targets Diplomats with GitHub-Powered Malware Read More »
Malicious Packages Uncovered New malicious packages target software developers. They hide in trusted code repositories. For example, a harmful Python package was found. It triggers multi-stage attacks. How the Attack Starts The Python package depends on another malicious one. This dependency loads harmful code. Consequently, it runs without user knowledge. The packages were downloaded hundreds …
Malicious PyPI Packages Target Developers in Supply Chain Attacks Read More »
PipeMagic Targets Windows Systems A new ransomware campaign deploys PipeMagic malware. It exploits a Windows security flaw. For example, it targets industrial firms. The attacks aim to encrypt systems. Exploiting Windows Vulnerability The campaign uses a patched Windows flaw. This flaw allows privilege escalation. Consequently, attackers gain high-level system access. This helps them deploy malicious …
PipeMagic Malware Exploits Windows Flaw for Ransomware Read More »
Noodlophile’s Global Expansion Noodlophile malware targets businesses worldwide. It uses spear-phishing emails to spread. For example, it hits firms in the U.S. and Europe. The campaign grows rapidly. Fake Copyright Notices Attackers send emails posing as copyright violation alerts. These emails include specific company details. Consequently, they seem legitimate to employees. This tricks users into …
Noodlophile Malware Targets Firms with Fake Copyright Lures Read More »
PS1Bot’s Stealthy Campaign A new malware, PS1Bot, spreads through malvertising. It infects systems with a modular design. For example, it steals data and logs keystrokes. The campaign has been active since early 2025. Malvertising as a Weapon Malvertising hides malware in online ads. Attackers inject harmful code into legitimate networks. Consequently, users visit malicious sites …
New Threat to Password Managers A new attack targets popular password manager plugins. It steals credentials and sensitive data. For example, it exposes login details and credit card information. The attack uses a clever technique. DOM-Based Clickjacking Explained The attack, called DOM-based clickjacking, manipulates web page elements. Attackers hide auto-fill prompts from plugins. Consequently, users …
DOM-Based Clickjacking Hits Password Managers Hard Read More »
New EDR Killer Emerges A new tool disables security software. Eight ransomware groups use it. For example, it evolved from an earlier version. It targets systems to deploy malicious payloads. Ransomware Groups Involved The tool aids multiple ransomware gangs. These include well-known cybercrime groups. Consequently, it spreads across different attack campaigns. This shows a growing …
EDR Killer Tool Boosts Eight Ransomware Gangs’ Attacks Read More »
FraudOnTok Targets TikTok Shop A new scam, FraudOnTok, targets TikTok Shop users. It uses fake websites to trick users. For example, over 15,000 fake domains mimic the platform. These sites aim to steal credentials and crypto. AI-Driven Deceptive Ads Attackers use AI-generated videos for scams. These videos mimic real influencers. Consequently, users trust fake ads. …
FraudOnTok Scams TikTok Shop with 15,000 Fake Domains Read More »
SocGholish’s Deceptive Spread SocGholish malware tricks users with fake software updates. It infects devices through compromised websites. For example, it mimics browser or app updates. This delivers malicious payloads to victims. Malware-as-a-Service Model Attackers use a Malware-as-a-Service system. They sell infected systems to other criminals. Consequently, groups like ransomware operators gain access. This fuels widespread …
SocGholish Malware Fuels Cybercrime via Fake Updates Read More »
GreedyBear’s Crypto Heist GreedyBear, a new cyberattack campaign, has stolen over $1 million in cryptocurrency. Attackers use fake Firefox browser extensions. These extensions mimic popular crypto wallets. For example, they impersonate well-known wallet brands. Fake Extensions Trick Users The malicious add-ons pose as trusted crypto wallets. They capture users’ wallet credentials. Consequently, attackers send stolen …
GreedyBear Steals $1M via Fake Firefox Wallet Add-Ons Read More »
New Threat: Win-DDoS Attack A new attack method, Win-DDoS, threatens global systems. Attackers can turn public domain controllers into botnets. These botnets launch powerful distributed denial-of-service (DDoS) attacks. For example, attackers exploit flaws in Windows systems. How Win-DDoS Works Attackers send a remote procedure call (RPC) to domain controllers. This triggers them to act as …
Win-DDoS Flaw Turns Windows into Powerful DDoS Weapons Read More »
PlayPraetor’s Rapid Spread A new Android trojan, PlayPraetor, has infected over 11,000 devices. It targets users in multiple countries. For example, Portugal, Spain, and Morocco face heavy attacks. The trojan spreads through fake ads and pages. Aggressive Attack Campaigns The trojan grows by 2,000 infections weekly. Attackers focus on Spanish and French speakers. Consequently, they …
PXA Stealer malvertising hits hard with a new campaign since August 2025. Researchers flagged its spread by Vietnamese hackers. For example, it infects 4,000 IPs worldwide. This threatens global user security. How the Attack Begins Attackers distribute the malware via phishing emails. They use ZIP files with hidden loaders to trick users. Additionally, decoy documents …
JSCEAL Malvertising Strikes Now Globally JSCEAL malvertising strikes now with a deceptive campaign since August 2025. Researchers highlighted its spread via fake apps. For example, it uses Facebook ads to lure victims. This threatens global online users. How the Attack Starts Attackers post thousands of malicious ads on Facebook. They use stolen or new accounts …
CL-STA-0969 Strikes Telecoms Worldwide CL-STA-0969 strikes telecoms with a stealthy espionage campaign since August 2025. Researchers at a security firm uncovered this threat. For example, it targeted Southeast Asia for 10 months. This endangers global communication networks. How the Attack Unfolds The group infiltrates telecom systems with advanced malware. They use custom tools to gain …
Plague backdoor sneaks in, threatening Linux systems since August 2025. Researchers uncovered this silent threat. For example, it steals credentials undetected for a year. This endangers critical systems worldwide. How the Attack Works The backdoor embeds itself as a rogue PAM module. It bypasses authentication to grant SSH access. Additionally, it exploits system weaknesses silently. …
Hacker Spread Infostealer Malware Cybersecurity researchers have uncovered a disturbing case of malware hidden inside a legitimate early access Steam game. The threat actor behind the attack, known as EncryptHub (also tracked as Larva-208), used the game Chemia to distribute info-stealing malware to unsuspecting gamers. Chemia, a survival crafting game by Aether Forge Studios, is …
Hacker Injects Malware into Steam Game to Steal User Data Read More »
Hackers Exploit Fake OAuth Apps and Phishing Kits Cybersecurity researchers have uncovered a sophisticated cyberattack campaign where threat actors impersonate trusted companies using fake Microsoft OAuth applications to compromise Microsoft 365 accounts. First identified in early 2025, this ongoing campaign uses phishing kits like Tycoon and ODx to bypass multi-factor authentication (MFA) and harvest user …
Hackers Exploit Fake Apps to Breach Microsoft 365 Accounts Read More »
Fake Apps and Malware Surge Across Asia’s Mobile Networks Cybersecurity researchers have identified a large-scale mobile malware campaign dubbed SarangTrap, targeting Android and iOS users in South Korea and other parts of Asia. The attackers use fake apps disguised as dating, social networking, cloud storage, and car service platforms to steal sensitive data and exploit …
Fake Apps Used to Steal Data, Spy, and Blackmail Users Read More »
Supply Chain Attack Compromises npm Packages Cybersecurity researchers have uncovered a supply chain attack that compromised several popular npm packages after project maintainers fell victim to a phishing campaign designed to steal npm access tokens. Attackers used the stolen tokens to publish malicious versions directly to the npm registry, bypassing GitHub workflows such as pull …
First Malware Using UIA for Credential Theft The notorious Windows banking trojan Coyote has evolved into the first known malware strain to exploit Windows UI Automation (UIA), a legitimate accessibility framework, to steal sensitive banking credentials. “The new Coyote variant is targeting Brazilian users and leverages UIA to extract credentials tied to 75 financial institutions …
New Coyote Banking Trojan Variant Exploits Windows UI Automation Read More »
Who Is Mimo and What’s the Motive? Mimo, also known as Hezb, is a financially motivated threat actor long associated with cryptocurrency mining and proxyware abuse. While previously focused on exploiting Craft CMS, Mimo has now shifted attention to Magento CMS and misconfigured Docker instances. Security researchers at Datadog have reported that Mimo’s new tactics …
Threat Actor Mimo Exploits Magento and Docker to Spread Proxyware Read More »
Who Is Behind the Attacks? A well-known Chinese cyber espionage group, APT41, has launched a new campaign in Africa, targeting government IT infrastructure. Researchers linked to the discovery said the hackers embedded hardcoded IPs, service names, and proxy paths into their malware. They even hijacked internal SharePoint servers as command-and-control (C2) hubs to issue commands. …
China-Linked Hackers Target IT Systems in Espionage Campaign Read More »
A New Player in the Ransomware Scene A new ransomware-as-a-service (RaaS) group, GLOBAL GROUP, is expanding fast. Since June 2025, it has attacked organizations in Australia, Brazil, Europe, and the United States. Researchers link the group to a threat actor called “$$$.” This individual also managed previous schemes like BlackLock and Mamona. Notably, GLOBAL GROUP …
GLOBAL GROUP RaaS Uses AI Chatbots to Target Global Firms Read More »
What Is DCHSpy? A new Android spyware called DCHSpy has been discovered by cybersecurity researchers. It collects personal data from mobile devices and targets specific individuals in the Middle East. The malware pretends to be VPN apps or Starlink-related services. Once installed, it secretly steals sensitive information like call logs, photos, WhatsApp chats, and audio …
Android Malware Disguises as VPN to Spy on Middle East Users Read More »
Who Is UNG0002? UNG0002 is a cyber threat group. It has launched espionage campaigns against several countries in Asia. Since May 2024, this group has targeted China, Hong Kong, and Pakistan. The attackers use shortcut (LNK) files and Remote Access Trojans (RATs) to break into systems. Experts believe the group is based in Southeast Asia. …
UNG0002 Targets Asia with LNK Files and Remote Access Tools Read More »
What Is Matanbuchus 3.0? Matanbuchus 3.0 is a dangerous malware loader. It belongs to a growing Malware-as-a-Service (MaaS) trend. Cybercriminals use this loader to install more harmful tools like ransomware or data stealers. First seen in 2021, Matanbuchus was sold on underground forums. Now, version 3.0 has become more advanced and harder to detect. This …
Hackers Leverage Microsoft Teams to Deploy Matanbuchus Read More »
WinRAR Flaw Endangers PCs Worldwide WinRAR flaw endangers PCs with a critical bug in July 2025. Researchers uncovered a directory traversal issue. For example, it lets malware launch from archives. This threatens user security globally. How the Vulnerability Works The flaw, CVE-2025-6218, affects older WinRAR versions. It tricks the software into extracting files to startup …
Konfety Tricks Android Users Globally Konfety tricks Android users with a sneaky malware variant in July 2025. Researchers uncovered its malformed APKs. For example, it mimics legit apps to evade detection. This threat endangers millions of devices. How the Attack Works The malware hides in fake app copies on third-party stores. It uses a malformed …
ZuRu Threatens Mac Users Worldwide ZuRu threatens Mac users with a new malware variant since July 2025. Researchers spotted it in trojanized Termius apps. For example, it targets developers with fake downloads. This endangers macOS security globally. How the Attack Starts Attackers disguise ZuRu as legit SSH tools. They hijack web searches to lure victims. …
Copyright © 2026 PT PROTERGO SIBER SEKURITI