News

Noodlophile’s Global Expansion Noodlophile malware targets businesses worldwide. It uses spear-phishing emails to spread. For example, it hits firms in the U.S. and Europe. The campaign grows rapidly. Fake Copyright Notices Attackers send emails posing as copyright violation alerts. These emails include specific company details. Consequently, they seem legitimate to employees. This tricks users into …

Noodlophile Malware Targets Firms with Fake Copyright Lures Read More »

PS1Bot’s Stealthy Campaign A new malware, PS1Bot, spreads through malvertising. It infects systems with a modular design. For example, it steals data and logs keystrokes. The campaign has been active since early 2025. Malvertising as a Weapon Malvertising hides malware in online ads. Attackers inject harmful code into legitimate networks. Consequently, users visit malicious sites …

PS1Bot Malware Strikes via Malvertising Attacks Read More »

New Threat to Password Managers A new attack targets popular password manager plugins. It steals credentials and sensitive data. For example, it exposes login details and credit card information. The attack uses a clever technique. DOM-Based Clickjacking Explained The attack, called DOM-based clickjacking, manipulates web page elements. Attackers hide auto-fill prompts from plugins. Consequently, users …

DOM-Based Clickjacking Hits Password Managers Hard Read More »

New EDR Killer Emerges A new tool disables security software. Eight ransomware groups use it. For example, it evolved from an earlier version. It targets systems to deploy malicious payloads. Ransomware Groups Involved The tool aids multiple ransomware gangs. These include well-known cybercrime groups. Consequently, it spreads across different attack campaigns. This shows a growing …

EDR Killer Tool Boosts Eight Ransomware Gangs’ Attacks Read More »

FraudOnTok Targets TikTok Shop A new scam, FraudOnTok, targets TikTok Shop users. It uses fake websites to trick users. For example, over 15,000 fake domains mimic the platform. These sites aim to steal credentials and crypto. AI-Driven Deceptive Ads Attackers use AI-generated videos for scams. These videos mimic real influencers. Consequently, users trust fake ads. …

FraudOnTok Scams TikTok Shop with 15,000 Fake Domains Read More »

SocGholish’s Deceptive Spread SocGholish malware tricks users with fake software updates. It infects devices through compromised websites. For example, it mimics browser or app updates. This delivers malicious payloads to victims. Malware-as-a-Service Model Attackers use a Malware-as-a-Service system. They sell infected systems to other criminals. Consequently, groups like ransomware operators gain access. This fuels widespread …

SocGholish Malware Fuels Cybercrime via Fake Updates Read More »

Who Is Mimo and What’s the Motive? Mimo, also known as Hezb, is a financially motivated threat actor long associated with cryptocurrency mining and proxyware abuse. While previously focused on exploiting Craft CMS, Mimo has now shifted attention to Magento CMS and misconfigured Docker instances. Security researchers at Datadog have reported that Mimo’s new tactics …

Threat Actor Mimo Exploits Magento and Docker to Spread Proxyware Read More »

Who Is Behind the Attacks? A well-known Chinese cyber espionage group, APT41, has launched a new campaign in Africa, targeting government IT infrastructure. Researchers linked to the discovery said the hackers embedded hardcoded IPs, service names, and proxy paths into their malware. They even hijacked internal SharePoint servers as command-and-control (C2) hubs to issue commands. …

China-Linked Hackers Target IT Systems in Espionage Campaign Read More »

A New Player in the Ransomware Scene A new ransomware-as-a-service (RaaS) group, GLOBAL GROUP, is expanding fast. Since June 2025, it has attacked organizations in Australia, Brazil, Europe, and the United States. Researchers link the group to a threat actor called “$$$.” This individual also managed previous schemes like BlackLock and Mamona. Notably, GLOBAL GROUP …

GLOBAL GROUP RaaS Uses AI Chatbots to Target Global Firms Read More »

What Is DCHSpy? A new Android spyware called DCHSpy has been discovered by cybersecurity researchers. It collects personal data from mobile devices and targets specific individuals in the Middle East. The malware pretends to be VPN apps or Starlink-related services. Once installed, it secretly steals sensitive information like call logs, photos, WhatsApp chats, and audio …

Android Malware Disguises as VPN to Spy on Middle East Users Read More »

Who Is UNG0002? UNG0002 is a cyber threat group. It has launched espionage campaigns against several countries in Asia. Since May 2024, this group has targeted China, Hong Kong, and Pakistan. The attackers use shortcut (LNK) files and Remote Access Trojans (RATs) to break into systems. Experts believe the group is based in Southeast Asia. …

UNG0002 Targets Asia with LNK Files and Remote Access Tools Read More »

What Is Matanbuchus 3.0? Matanbuchus 3.0 is a dangerous malware loader. It belongs to a growing Malware-as-a-Service (MaaS) trend. Cybercriminals use this loader to install more harmful tools like ransomware or data stealers. First seen in 2021, Matanbuchus was sold on underground forums. Now, version 3.0 has become more advanced and harder to detect. This …

Hackers Leverage Microsoft Teams to Deploy Matanbuchus Read More »

WinRAR Flaw Endangers PCs Worldwide WinRAR flaw endangers PCs with a critical bug in July 2025. Researchers uncovered a directory traversal issue. For example, it lets malware launch from archives. This threatens user security globally. How the Vulnerability Works The flaw, CVE-2025-6218, affects older WinRAR versions. It tricks the software into extracting files to startup …

WinRAR Flaw Endangers PCs Read More »

Konfety Tricks Android Users Globally Konfety tricks Android users with a sneaky malware variant in July 2025. Researchers uncovered its malformed APKs. For example, it mimics legit apps to evade detection. This threat endangers millions of devices. How the Attack Works The malware hides in fake app copies on third-party stores. It uses a malformed …

Konfety Tricks Android Users with Malware Read More »

ZuRu Threatens Mac Users Worldwide ZuRu threatens Mac users with a new malware variant since July 2025. Researchers spotted it in trojanized Termius apps. For example, it targets developers with fake downloads. This endangers macOS security globally. How the Attack Starts Attackers disguise ZuRu as legit SSH tools. They hijack web searches to lure victims. …

ZuRu Malware Threatens Mac Users Read More »

Interlock RAT Strikes Now Globally Interlock RAT strikes now with a new PHP variant since July 2025. Researchers detected this threat targeting multiple industries. For example, it uses FileFix to spread malware widely. This endangers systems worldwide. How the Attack Begins Attackers inject hidden scripts into compromised websites. They deploy a traffic distribution system to …

Interlock RAT Strikes Now with a New Variant Read More »

eSIM Flaw Hits Devices Worldwide eSIM flaw hits devices with a new hacking risk in July 2025. Researchers found vulnerabilities in eUICC cards. For example, it affects over two billion IoT devices. This threat exposes users to serious attacks. How the Vulnerability Works The flaw lies in eSIM technology used in smartphones. Attackers exploit weak …

eSIM Flaw Hits Devices Read More »

DoNot Hits New Targets Globally DoNot hits new targets with a cunning malware attack in July 2025. Researchers linked it to an APT group active since 2016. For example, it targets European foreign ministries with LoptikMod. This threat endangers sensitive data worldwide. How the Attack Starts Attackers send spear-phishing emails to trick users. They use …

DoNot Malware Hits New Targets Globally Read More »

Fake Firms Trap Crypto Users Globally Fake firms trap crypto users with malware scams since July 2025. Researchers uncovered this social engineering plot. For example, it targets Windows and macOS with stealer malware. This threat endangers digital assets worldwide. How the Scam Works Attackers impersonate AI and gaming startups. They use spoofed social media accounts …

Fake Firms Trap Crypto Users Read More »

TapTrap Tricks Android Users Globally TapTrap tricks Android users with a sneaky UI attack. Researchers revealed this flaw in July 2025. For example, it bypasses permissions on Android 15 and 16. This threat risks sensitive data worldwide. How the Attack Works The attack uses custom animations to hide prompts. A malicious app launches a transparent …

TapTrap Malware Tricks Android Users Read More »

SEO Poisoning Traps Users Worldwide SEO poisoning traps users with malware disguised as AI tools. Researchers uncovered this campaign in July 2025. For example, it targets over 8,500 SMBs with fake downloads. This threat jeopardizes online safety globally. How the Attack Works Attackers manipulate search results with black hat SEO. They promote fake sites hosting …

SEO Poisoning Traps Users Read More »

Android Malware Anatsa Resurfaces in Google Play Android malware Anatsa has once again managed to infiltrate Google Play. This time, it disguised itself as a PDF viewer app. The malicious app, called Document Viewer – File Reader, was published by a developer using a misleading name. Before it was discovered, the app had already surpassed …

Android Malware Anatsa Targets US Bank Users Again Read More »

Spyware Threat Looms Over Russian Firms Spyware is a type of malicious software that secretly collects user data. It can steal browsing history, personal files, login credentials, and even keystrokes. Often, it hides in fake or bundled software, making it hard to detect. Once installed, it sends stolen data to cybercriminals without the user’s consent. …

Batavia Windows Spyware Hits Industries Hard Read More »

Malicious Extensions Threaten Browser Safety Malicious extensions create major risks for Chrome users. These dangerous add-ons, downloaded 1.7 million times, lurk in the Chrome Web Store. They disguise themselves as trusted tools, such as VPNs, emoji keyboards, or color pickers. However, they can steal personal data, track online activity, or redirect users to harmful websites. …

Malicious Extensions Target 1.7M Chrome Users Read More »

Hunters International Ends Era on July Hunters International, a notorious ransomware group, ends its era this month, July 2025. It shuts down and offers free decryptors to victims. For example, it targets companies with data recovery tools. This shift impacts global cybersecurity. How the Shutdown Happened The group announced closure on its dark web site. …

Hunters International Ends Ransomware Era Read More »

TA829 Strikes with Malware Globally TA829 strikes with malware, targeting users with sophisticated tactics since June 2025. It teams up with UNK_GreenSec for advanced attacks. For example, it delivers RomCom RAT and TransferLoader. This threat endangers systems worldwide. How the Attack Begins Attackers send phishing emails with links or PDFs. Victims click to reach fake …

TA829 Strikes with Malware Read More »

GIFTEDCROOK Malware Spies on Users Globally GIFTEDCROOK, a crafty malware, spies on users with upgraded features since June 2025. It shifts from stealing browser data to gathering intelligence. For example, it targets Ukrainian military and government bodies. This threat endangers sensitive information worldwide. How the Attack Starts Attackers send phishing emails with macro-laced Excel files. …

GIFTEDCROOK Malware Spies on Users Read More »

Godfather Hijacks Banking Apps Worldwide Godfather, a cunning Android malware, hijacks banking apps using virtualization. It emerged with a new version in 2025. For example, it targets over 500 apps across regions. This threat endangers financial security for users globally. How the Attack Works The malware creates isolated virtual environments on devices. It launches legit …

Godfather Hijacks Banking Apps Read More »

XDigo Hits Government Targets in Region XDigo, a sneaky Go-based malware, targets Eastern European governments since March 2025. Attackers use it to steal sensitive data from agencies. For example, it exploits Windows LNK flaws. This threat jeopardizes regional cybersecurity. How the Attack Unfolds The malware spreads via crafted LNK files in ZIP archives. It triggers …

XDigo Hits Government Targets Read More »

Hackers Fake Brands with PDFs Globally Hackers fake brands like Microsoft and DocuSign with PDFs in phishing campaigns. These attacks surged between May and June 2025. For example, they trick users into calling threat-controlled numbers. This threat undermines online trust worldwide. How the Attack Works Phishing emails include PDFs with fake brand logos. They embed …

Hackers Fake Brands like Microsoft and DocuSign with PDFs Read More »

FileFix Tricks Windows Users Easily FileFix, a sly social engineering attack, tricks Windows users via File Explorer. It emerged as a ClickFix variant in recent research. For example, it executes malicious commands stealthily. This threat endangers system security worldwide. How the Attack Works Attackers use phishing pages with a fake file-sharing ruse. Users click an …

FileFix Tricks Windows Users Read More »

SparkKitty Steals Photos from Devices SparkKitty, a sneaky crypto-stealing malware, targets Android and iOS devices. It emerged since February 2024 on Google Play and App Store. For example, it steals photos to find wallet recovery phrases. This threat endangers user privacy and funds. How the Attack Starts The malware hides in apps like SOEX and …

SparkKitty Malware Steals Your Photos Read More »

APT29 Tricks Email Users with Phishing APT29, a Russian-linked threat group, tricks email users with a clever phishing campaign. It targets academics and critics since April 2025. For example, it exploits Gmail app passwords to bypass 2FA. This attack threatens secure communications globally. How the Attack Begins Attackers build rapport over weeks with tailored lures. …

APT29 Tricks Email Users Read More »

Banana Squad Deceives Gamers and Devs Banana Squad, a cunning campaign, tricks gamers and developers with fake GitHub repos. It launched over 67 trojanized repositories since 2023. For example, it targets Python tools with data-stealing payloads. This threat jeopardizes software supply chains. How the Attack Unfolds Attackers post repos mimicking hacking tools and game cheats. …

Banana Squad’s Malware Tricks Developers Read More »

AntiDot Threatens Android Users Globally AntiDot, a dangerous Android malware, threatens over 3,775 devices since May 2024. Attackers use it in 273 campaigns for financial gain. For example, it targets users via phishing and malicious ads. This Malware-as-a-Service (MaaS) poses a serious risk to mobile security. How the Attack Begins Phishing emails or ads deliver …

AntiDot Threatens Android Users Read More »

Massive DDoS Hits Hosting Provider Massive DDoS attacks struck a hosting provider with a record 7.3 Tbps in May 2025. Attackers overwhelmed the target with 37.4 TB in 45 seconds. For example, it targeted critical internet infrastructure. This event signals a rising threat to online services worldwide. Attack Details and Scale The attack hit 21,925 …

Massive DDoS Shakes Web Host Read More »

Serpent Cloud Spreads Malware via Phishing Serpent Cloud, a new campaign, delivers malware using Cloudflare Tunnels. It targets users with phishing emails since recent months. For example, it infects systems in the U.S., U.K., and Europe. This stealthy attack poses a growing threat to online security. How the Attack Starts Phishing emails send zipped documents …

Serpent Cloud Delivers Malware Read More »

Echo Chamber Manipulates AI Models Echo Chamber, a new jailbreak method, tricks AI models like OpenAI and Google. It bypasses safety features since recent research emerged. For example, it generates harmful content with subtle tactics. This threat challenges AI ethics and security. How the Attack Works Echo Chamber uses indirect references and multi-step reasoning. It …

Echo Chamber Tricks AI Models Read More »

JSFireTruck Spreads Across Websites JSFireTruck, a malicious JavaScript, infects over 269,000 websites since March 2025. Attackers use it to inject hidden code into legitimate pages. For example, it hit a peak of 50,000 sites in one day. This campaign threatens online users globally. How the Malware Operates The code uses JSFuck obfuscation with symbols like …

JSFireTruck Infects Web Pages Read More »

Anubis Ransomware Causes Chaos with Wiping Anubis Ransomware disrupts systems by encrypting and wiping files since December 2024. It targets healthcare, hospitality, and construction sectors globally. For example, it renders recovery impossible even after payment. This dual-threat raises serious data security concerns. How the Attack Unfolds Attackers use phishing emails to gain initial access. They …

Anubis Ransomware Wreaks Havoc Read More »

Scattered Spider Targets Insurance Firms Scattered Spider, a cybercrime group, now targets U.S. insurance companies. It uses advanced social engineering since recent months. For example, it attacks IT support teams with cunning tactics. This threat poses a significant risk to corporate security across the industry. How the Attacks Begin The group impersonates employees to deceive …

Scattered Spider Hits Insurance Firms Read More »

Silver Fox Targets Users with Sneaky Malware Silver Fox, an APT group, attacks users with advanced malware since January 2025. It uses phishing emails to spread HoldingHands RAT and Gh0stCringe. For example, it mimics tax notices to trick victims. This campaign poses a serious threat to data security. How the Attack Begins Phishing emails pretend …

Silver Fox Strikes with Sneaky Malware Read More »

Rare Werewolf Targets Hundreds of Firms Rare Werewolf, an APT group, attacks enterprises in Russia and CIS countries. It uses legitimate software to infiltrate systems since 2019. For example, it hits industrial firms and schools with stealthy methods. This threat steals data and mines cryptocurrency. How the Attack Begins Phishing emails deliver password-protected archives with …

Rare Werewolf Strikes Enterprises Read More »

Brute-Force Attacks Target Apache Tomcat Brute-force attacks hit Apache Tomcat Manager interfaces on June 5, 2025. Attackers use 295 malicious IPs to target exposed services. For example, they attempt mass logins to breach secure systems. This coordinated effort poses a growing threat to web servers. Scale and Scope of Attacks The attacks involve 188 unique …

Brute-Force Hits Apache Tomcat Sites Read More »

Myth Stealer Hits Gamers with Fake Sites Myth Stealer, a Rust-based malware, targets gamers worldwide via fake websites. Attackers spread it through fraudulent gaming platforms since late 2024. For example, it infects Chrome and Firefox users with a disguised setup window. This malware-as-a-service steals sensitive data. How the Attack Starts Phony sites, including a Google …

Myth Stealer Targets Gamers Globally Read More »

SmartAttack Uses Smartwatches to Steal Data SmartAttack exploits smartwatches to steal data from air-gapped systems. Attackers use ultrasonic signals to bypass isolation in secure environments. For example, it targets government and nuclear facilities worldwide. This innovative method poses a new threat to sensitive data. How the Attack Works Malware infects air-gapped computers to collect sensitive …

SmartAttack Steals Data with Smartwatches Read More »

Malware Extensions Infect Users Worldwide Malware extensions target users globally since early 2025. Attackers use phishing emails to spread these extensions to Chromium-based browsers. For example, over 700 users in Brazil and beyond got infected. The campaign, dubbed Operation Phantom Enigma, steals authentication data from victims. How the Attack Begins Phishing emails disguise themselves as …

Malware Extensions Hit Users Globally Read More »

Supply Chain Malware Hits Millions Worldwide Supply chain malware targets users through compromised npm and PyPI packages. Attackers inject malicious code into popular libraries like GlueStack. For example, nearly 1 million weekly downloads carry risks of data theft. This attack, detected on June 6, 2025, affects global ecosystems. How the Malware Spreads The malware modifies …

Supply Chain Malware Strikes Global Users Read More »

Chrome Extensions Leak Sensitive Data Chrome extensions leak user data due to insecure practices. Many popular extensions send info over unencrypted HTTP. For example, they expose API keys and machine IDs to attackers. This flaw puts privacy and security at risk for millions of users. How Data Gets Exposed Some extensions transmit browsing domains and …

Chrome Extensions Expose User Data Risks Read More »

Spear Phishing Targets Financial Leaders Spear phishing attacks target CFOs and financial executives across six regions. Attackers use NetBird, a legitimate remote access tool, to infiltrate systems. For example, they send fake recruiter emails posing as Rothschild & Co. This campaign, detected in May 2025, aims to steal sensitive financial data. How the Attack Unfolds …

Spear Phishing Hits CFOs with Fake Tools Read More »

Chaos RAT Tricks Users with Fake Tools Chaos RAT, a remote access trojan, targets Windows and Linux users. Attackers disguise it as a network troubleshooting utility. For example, a file named “NetworkAnalyzer.tar.gz” lures victims into downloading it. This malware, written in Golang, supports cross-platform attacks. How the Attack Spreads Phishing emails deliver malicious links or …

Chaos RAT Strikes with Fake Tool Downloads Read More »

Phishing Campaign Uses Trusted Platform Phishing attacks now exploit Google Apps Script to steal login credentials. Attackers create fake login pages that look legitimate. For example, they send emails posing as invoices to trick users. These pages, hosted on Google’s trusted domain, make the scam hard to detect. How the Attack Works The phishing email …

Phishing Attacks Exploit Google Apps Script Read More »

CyberLock Targets AI Tool Users CyberLock ransomware spreads through fake installers mimicking popular AI tools. These fraudulent installers impersonate software like ChatGPT and InVideo AI. For example, users download a ZIP file expecting a legitimate application. Instead, they receive malware that encrypts files or disrupts their systems entirely. How the Attack Begins Fraudulent websites like …

CyberLock Malware Hits AI Users with Fake Installers Read More »

APT41 Targets Governments with Cloud Tactics APT41, a Chinese state-sponsored group, exploits Google Calendar to control malware. Discovered in late October 2024, the malware, named TOUGHPROGRESS, targets government entities. For example, it was hosted on a compromised government website to blend in. This method allows attackers to hide among legitimate cloud activity. How the Attack …

APT41 Uses Google Calendar for Malware Control Read More »

EDDIESTEALER Targets Users with Deceptive Tactics EDDIESTEALER, a Rust-based malware, spreads through fake CAPTCHA pages. These pages trick users into running a malicious PowerShell script. For example, the script deploys the infostealer to harvest credentials and crypto wallets. The campaign uses a social engineering tactic called ClickFix to initiate attacks. How the Attack Begins Attackers …

EDDIESTEALER Malware Steals Data via Fake CAPTCHAs Read More »

SEO Poisoning Targets Payroll Systems SEO poisoning campaigns trick employees searching for payroll portals online. First spotted in May 2025, attackers create fake login pages to steal credentials. For example, they redirect paychecks to their own accounts after gaining access. This scam poses a serious risk of payroll fraud, especially on mobile devices. How the …

SEO Poisoning Scam Targets Employee Paychecks Read More »

Venom RAT Campaign Deceives with Fake Website Venom RAT spreads through a fake antivirus website mimicking a trusted service. The fraudulent site, bitdefender-download[.]com, lures users to download malware. For example, clicking the “Download for Windows” button retrieves a file from an Amazon S3 bucket. This campaign aims to steal credentials and crypto wallets. How the …

Venom RAT Scam Targets Users via Fake Antivirus Site Read More »

Skitnet Malware Empowers Cybercriminals Skitnet malware is becoming a powerful tool for ransomware groups. It’s being used to steal sensitive data and gain remote control over infected devices. Skitnet is a multi-stage malware built by a group tracked as LARVA-306. Its key functions include stealing files, controlling devices remotely, and maintaining long-term access. It even …

Skitnet Malware Fuels Ransomware Attacks Read More »

Quishing Scams Hit Parking Lots Quishing scams trick drivers using fake QR codes at parking payment spots. Fraudsters place these codes on machines or posts in car parks. For example, a driver scans the code expecting to pay for parking. Instead, they land on a fake site that steals their payment details. You park your …

Quishing Scam Targets Drivers with Fake QR Codes Read More »

Ransomware Strikes Critical Supplier Ransomware hit a logistics firm supplying major UK supermarkets on May 2025. The Somerset-based company, which delivers chilled food to regional stores, stopped order processing after the attack. For example, this disrupted supplies to large retailers, causing delays. The incident reveals serious vulnerabilities in supply chain cybersecurity. Details of the Cyberattack …

Ransomware Halts Supermarket Supplier Read More »

ClickFix Campaign on Social Media ClickFix, a dangerous social engineering tactic, spreads malware through TikTok videos. These videos trick users into running harmful PowerShell commands. For example, they promise to activate software like Spotify or Microsoft Office. The campaign, active in May 2025, delivers Vidar and StealC malware. How the Attack Works The videos guide …

ClickFix Malware Spreads via TikTok Videos Read More »

Winos 4.0 Targets Chinese-Speaking Users Winos 4.0 malware spreads through fake software installers mimicking tools like LetsVPN. First detected in February 2025, this campaign uses a loader called Catena. For example, it targets Chinese-speaking environments with precision. The attacks show careful planning by a skilled threat actor. Deceptive NSIS Installers The infection starts with trojanized …

Winos 4.0 Malware Spreads via Fake VPN Installers Read More »

Bumblebee Malware Targets IT Professionals Bumblebee malware spreads through deceptive websites mimicking trusted IT tools. These fake sites impersonate popular tools like Zenmap and WinMTR, often used by IT staff. For example, domains such as zenmap[.]pro trick users into downloading harmful files. The campaign aims to infiltrate corporate networks and steal sensitive data. Typosquatting and …

Bumblebee Malware Tricks IT Staff with Fake Sites Read More »

SideWinder’s Ongoing Cyberespionage SideWinder, a state-sponsored hacking group, attacks South Asian government institutions. Active since 2012, they target entities in Sri Lanka, Bangladesh, and Pakistan. For example, Bangladesh’s Ministry of Finance and Sri Lanka’s Central Bank are among the victims. Researchers suggest the group likely originates from India. Spear-Phishing as the Starting Point The campaign …

SideWinder APT Targets Asian Governments Read More »

Kling AI Impersonation on Social Media Kling AI, a popular AI video tool, becomes a target for cybercriminals in 2025. Fake Facebook ads and pages mimic the platform, tricking users into downloading malware. For example, these ads lead to fraudulent sites like klingaimedia[.]com. With over 22 million users, Kling AI’s fame makes it an attractive …

Kling AI Scams Spread RAT Malware on Facebook Read More »

3AM Ransomware’s Deceptive Tactics 3AM ransomware, a rising threat since late 2023, targets organizations with cunning strategies. This Rust-coded malware encrypts files and steals data, demanding payment to avoid leaks. For example, it adds a “.threeamtime” extension to files. It also deletes backups, making recovery nearly impossible. Spoofed IT Calls and Email Bombing Attackers use …

3AM Ransomware Tricks Users with Fake IT Calls Read More »

PupkinStealer’s Rising Threat PupkinStealer, a dangerous new malware, threatens Windows users worldwide by stealing sensitive data. First detected in April 2025, this C#-based malware leverages the .NET framework. For example, it targets browser credentials, messaging sessions, and desktop files. Both individuals and organizations face significant risks from this growing threat. How It Spreads The malware …

PupkinStealer Malware Targets Windows Users’ Data Read More »

Horabot’s Sneaky Phishing Campaign Horabot malware targets Windows users in six Latin American countries, including Mexico and Colombia. Attackers send phishing emails disguised as invoices. For example, these emails trick users into opening malicious attachments. The campaign, active in April 2025, aims to steal credentials and spread banking trojans. How the Attack Begins The attack …

Horabot Malware Use Invoice for Phishing Read More »

Defendnot’s Threat to Windows Security Defendnot, a new hacking tool, disables Windows Defender, a trusted antivirus solution. This tool tricks the Windows Security Center (WSC) into thinking another antivirus is installed. For example, it bypasses Defender’s protections without third-party code. The tool’s release raises alarms for Windows users. How Defendnot Works Defendnot exploits undocumented WSC …

Defendnot Tool Disables Windows Defender Easily Read More »

RoundPress Targets Global Governments RoundPress, a sophisticated cyberespionage campaign, hacks webmail systems to steal sensitive data. Attackers exploit cross-site scripting (XSS) vulnerabilities in platforms like Roundcube and Zimbra. For example, they target governments in Greece, Ukraine, and Serbia. Active since 2023, the campaign persists with new exploits in 2024. Spear-Phishing as the Entry Point The …

RoundPress Spies Hack Webmail in Global Campaign Read More »

Scattered Spider’s Expanding Reach Scattered Spider, a notorious hacking group, now targets US retailers after attacking UK retail chains. These cybercriminals use ransomware and extortion to disrupt businesses. For example, they encrypt systems and steal sensitive data. Their shift to the US follows a year of high-profile breaches. Sophisticated Social Engineering The group excels in …

Scattered Spider Hits US Retail with Clever Hacks Read More »

Noodlophile’s Social Media Trap Noodlophile malware spreads through fake AI tools promoted on social media platforms. Cybercriminals craft convincing websites that mimic legitimate AI services. For example, they advertise video editors and image generators on Facebook groups. These deceptive posts attract over 62,000 views each, targeting users eager for AI solutions. Mechanics of the Scam …

Noodlophile Malware Lures Users with Fake AI Tools Read More »

Rand-User-Agent’s Hidden Threat Rand-user-agent, a popular npm package, fell victim to a supply chain attack in May 2025. This tool, used for generating random user-agent strings, averages 45,000 weekly downloads. However, attackers exploited its semi-abandoned status to inject malicious code. The code deploys a remote access trojan (RAT) on users’ systems. How the Attack Unfolds …

Rand-User-Agent Hacked in Supply Chain Attack Read More »

CoGUI’s Massive Phishing Surge CoGUI, a new phishing kit, unleashed over 580 million fake emails from January to April 2025. These emails trick users into sharing account credentials and payment details. For example, they mimic trusted brands like banks and tax agencies. Most attacks target Japan, but some hit the U.S., Canada, Australia, and New …

CoGUI Phishing Floods Inboxes with 580M Fake Emails Read More »

Luna Moth’s Deceptive Tactics Luna Moth hackers, also known as Silent Ransom Group, target U.S. legal and financial firms with clever scams. These cybercriminals pose as IT helpdesk staff to steal sensitive data. For example, they send fake emails urging victims to call a phony support number. When victims call, attackers trick them into installing …

Luna Moth Hackers Trick Firms as Fake IT Helpdesks Read More »

Dangerous malware hidden in a fake Python package called discordpydebug. This package was uploaded to the PyPI repository in March 2022. Since then, it has been downloaded more than 11,500 times. At first, it appeared to help developers working with Discord bots. However, it actually contained a remote access trojan (RAT). The malware connects to …

Dangerous Malware in Popular Python Package Read More »

Malware in Magento Store Plugins Malware campaign widespread affecting hundreds of Magento-powered online stores. This supply chain attack used compromised third-party plugins to quietly install backdoors. The attack impacted between 500 and 1,000 e-commerce sites. Shockingly, the malicious code had been hidden in popular extensions for years. However, the malware was only activated in April …

Malware in Magento Store Plugins Read More »

Uncover a new version of the StealC malware with advanced stealth features and powerful data theft tools. StealC first appeared on the dark web in early 2023, offered for \$200 per month. Since then, it has evolved rapidly. In 2024, reports showed its use in large malvertising campaigns and attacks using kiosk mode to trap …

Uncover Stealthier Version of StealC Malware Read More »

Phishers Exploit Google Emails to Steal Logins Phishers are using a new, sophisticated trick to steal user credentials through seemingly authentic Google emails. A recent report revealed attackers are sending fake messages using Google’s infrastructure. These emails pass all authentication checks, including DKIM, SPF, and DMARC. For example, one message pretends to be from Google, …

Phishers Exploit Google Emails to Steal Logins Read More »

Golden Chickens Spread Malware to Steal Credentials Golden Chickens, a known cybercrime group, has launched two new malware tools: TerraStealerV2 and TerraLogger. These tools focus on stealing sensitive user data. According to a recent report, TerraStealerV2 targets browser credentials, crypto wallets, and extension data. TerraLogger, however, logs keystrokes using a basic keyboard hook. Both tools …

Golden Chickens Spread Malware to Steal Credentials Read More »

Fake plugin attacks are targeting WordPress sites again. Hackers are disguising malware as a security plugin to hijack admin control and spread threats. Researchers found the plugin named WP-antymalwary-bot.php. It grants attackers full access, hides from the dashboard, and executes remote commands. Therefore, it allows them to control the site without detection. The plugin connects …

Fake Plugin Grants Hackers Admin Access to WordPress Read More »

ToyMaker, a financially driven cybercriminal group, is selling access to corporate networks to ransomware gangs like CACTUS. The group acts as an initial access broker (IAB), targeting vulnerable systems using custom malware called LAGTOY. LAGTOY, also known as HOLERUN, creates reverse shells and executes remote commands on infected computers. Therefore, it gives attackers control without …

ToyMaker Malware Opens Doors to Ransomware Gangs Read More »

Darcula, a phishing-as-a-service (PhaaS) platform, has introduced powerful GenAI features to its toolkit. This major update lowers the barrier for cybercrime. Now, attackers with little or no coding experience can build phishing sites in just minutes. The AI tools help create multi-language pages with custom forms. Therefore, even unskilled actors can launch scams at scale. …

Darcula Phishing Toolkit Upgraded With GenAI Read More »

Earth Kurma APT Uses Rootkits to Target Southeast Asia Earth Kurma, a new advanced persistent threat group, has launched cyberattacks across Southeast Asia. Since mid-2024, it has targeted government and telecom sectors. The attackers use powerful rootkits and custom malware to steal sensitive data. They also hide their tracks using trusted platforms like Dropbox and …

Earth Kurma APT Uses Rootkits to Target Southeast Asia Read More »

OttoKit, a WordPress automation plugin, is under active attack after a major security flaw was disclosed. Hackers are exploiting the bug to gain admin access. The vulnerability, tracked as CVE-2025-3102, received a high CVSS score of 8.1. It allows attackers to bypass authentication and create administrator accounts without permission. Therefore, a hacker can take full …

OttoKit Plugin Flaw Lets Hackers Create Admins Read More »

Phishing emails are getting smarter and more dangerous. A new campaign uses Google services to fool users into sharing their credentials. These emails appear real, with valid signatures and no alerts from Gmail. According to a report, attackers sent fake messages from the address no-reply@google.com. These emails passed all security checks, including SPF, DKIM, and …

Phishing Emails Use Google Tricks to Steal Logins Read More »

Spyware campaign operators known as Lotus Panda have launched a wave of cyberattacks across Southeast Asia. Active between August 2024 and February 2025, the group infiltrated government and private organizations. Targets included a ministry, air traffic control, telecoms, and even a construction firm. A separate news agency and air freight company in nearby countries were …

Spyware Campaign Targets Southeast Asia Governments Read More »

Spyware apps have been discovered on budget Android smartphones, preloaded before reaching customers. These apps impersonate popular messengers like WhatsApp and Telegram. Researchers found that these malicious apps specifically target cryptocurrency users. The spyware can swap wallet addresses in messages, rerouting funds to cybercriminals. This campaign, active since June 2024, focuses on low-end Chinese smartphones. …

Spyware Apps Pre-Installed on Budget Android Phones Read More »