News

Hackers Exploit Windows NTLM Flaw to Spread RAT Malware

Cybersecurity researchers have discovered that a vulnerability in Windows NT LAN Manager (NTLM), tracked as CVE-2024-43451, has been actively exploited as a zero-day in targeted cyberattacks. The flaw, with a CVSS score of 6.5, was patched by Microsoft earlier this week but had already been abused in attacks linked to a suspected Russian-affiliated threat group. …

Hackers Exploit Windows NTLM Flaw to Spread RAT Malware Read More »

New Malware Targets Gamers with Fake Game Boosting Apps

Cybersecurity experts have uncovered a dangerous malware framework called Winos 4.0, which is being distributed through fake gaming optimization tools, speed boosters, and installation utilities. Designed with advanced modular capabilities, the malware allows attackers to control infected systems, execute further attacks, and steal sensitive data. Built on the foundation of Gh0st RAT, Winos 4.0 introduces …

New Malware Targets Gamers with Fake Game Boosting Apps Read More »

Copyright Scams Fuel Spread of Advanced Malware, Exploiting AI

A sophisticated phishing campaign has been leveraging copyright infringement claims to trick users into downloading an updated version of the Rhadamanthys information stealer since July 2024. This operation, dubbed CopyRh(ight)adamantys by researchers, has primarily targeted victims in the U.S., Europe, East Asia, and South America. Emails in this campaign impersonate various companies, often tailored to …

Copyright Scams Fuel Spread of Advanced Malware, Exploiting AI Read More »

Massive ‘Sitting Ducks’ Scheme Exploits 70,000 Hijacked Domains for Cybercrime

Researchers have uncovered a large-scale cyberattack technique known as Sitting Ducks, which has been used by multiple threat actors to hijack legitimate domains for phishing schemes and fraudulent activities over several years. Recent investigations revealed that nearly 70,000 domains have been compromised out of 800,000 identified as vulnerable in the past three months. This attack …

Massive ‘Sitting Ducks’ Scheme Exploits 70,000 Hijacked Domains for Cybercrime Read More »

RustyAttr Malware Exploits macOS Metadata in Cyber Threat

A newly identified malware called RustyAttr is targeting macOS systems by abusing extended attributes in files, marking a novel and sophisticated technique in the cyber threat landscape. Researchers have tentatively linked this activity to the Lazarus Group, a North Korea-associated entity, due to similarities with previous campaigns like RustBucket. Extended attributes are specialized metadata fields …

RustyAttr Malware Exploits macOS Metadata in Cyber Threat Read More »

A Malware Targets Android Users with Fraudulent Money Transfers

A newly discovered Android banking malware, dubbed ToxicPanda, has infected over 1,500 devices, enabling attackers to conduct unauthorized money transfers. This malware employs account takeover (ATO) tactics and on-device fraud (ODF) techniques to bypass bank verification measures and behavioral detection systems. Reports suggest that ToxicPanda originates from a Chinese-speaking threat actor, sharing foundational code with …

A Malware Targets Android Users with Fraudulent Money Transfers Read More »

New Phishing Kit Launches 2,000 Fake Sites Across 5 Countries

Cybersecurity researchers have unveiled a new phishing kit called Xiū gǒu, used in recent campaigns across Australia, Japan, Spain, the United Kingdom, and the United States. This kit, active since at least September 2024, has enabled cybercriminals to set up more than 2,000 phishing sites, primarily targeting sectors such as government, postal services, digital platforms, …

New Phishing Kit Launches 2,000 Fake Sites Across 5 Countries Read More »

Git Config Leak Exposes 15,000 Credentials and Clones Private Repos

Cybersecurity researchers have identified an extensive attack campaign exploiting exposed Git configuration files to steal credentials, clone private repositories, and even extract cloud service credentials embedded within source code. Dubbed “EMERALDWHALE,” this operation has successfully harvested over 10,000 private repositories, storing the stolen data in an Amazon S3 bucket belonging to a previously compromised victim. …

Git Config Leak Exposes 15,000 Credentials and Clones Private Repos Read More »

New Malware Uses Linux VM to Bypass Windows Antivirus

Cybersecurity researchers have discovered a sophisticated malware campaign, CRON#TRAP, which evades antivirus detection on Windows by leveraging a hidden Linux virtual machine with a backdoor for remote access. The malware initiates its infection with a Windows shortcut (LNK) file, often delivered through a phishing email as a ZIP archive. This email may impersonate legitimate organizations, …

New Malware Uses Linux VM to Bypass Windows Antivirus Read More »

New Phishing Tool Targets Developers with Precision Emails

Cybersecurity researchers have highlighted a new phishing tool, GoIssue, that is designed to conduct bulk phishing campaigns targeting GitHub users. Developed by a threat actor known as cyberdluffy (also referred to as Cyber D’ Luffy), this tool was first promoted on the Runion forum earlier in August. GoIssue enables attackers to scrape email addresses from …

New Phishing Tool Targets Developers with Precision Emails Read More »

Chinese Botnet Exploits Router Weaknesses to Steal Credentials

Recent findings by cybersecurity researchers indicate that a Chinese threat actor known as Storm-0940 is deploying a botnet called Quad7, or CovertNetwork-1658, to conduct stealthy password spray attacks aimed at credential theft. These attacks primarily target accounts across several organizations, with the goal of unauthorized access to sensitive data. Since 2021, Storm-0940 has reportedly gained …

Chinese Botnet Exploits Router Weaknesses to Steal Credentials Read More »

Ymir Ransomware Attacks on Corporate Networks

A new strain of ransomware, named Ymir, has been flagged by cybersecurity researchers for its unusual use of memory management techniques to evade detection. Ymir first appears on targeted systems just days after they are initially infected with another malware, RustyStealer, which steals sensitive information to enable further network compromise. This sophisticated campaign uses unconventional …

Ymir Ransomware Attacks on Corporate Networks Read More »

LightSpy Spyware Targets iPhones with Advanced Surveillance

Researchers have identified a more sophisticated version of the LightSpy spyware targeting Apple iOS devices, now equipped with expanded surveillance features and even destructive capabilities that can render a device unbootable. This latest iteration builds on its original modular structure, incorporating multiple plugins that enable the collection of extensive sensitive data. The deployment of LightSpy …

LightSpy Spyware Targets iPhones with Advanced Surveillance Read More »

Hackers Hijack Facebook Accounts to Spread Malware via Ads

A new malvertising campaign has been detected, using hijacked Facebook accounts and Meta’s ad platform to distribute a malware variant called SYS01stealer. Researchers found that the attackers use trusted brands in their ads to gain reach, operating through nearly a hundred malicious domains for both malware distribution and live command-and-control (C2) operations, which lets them …

Hackers Hijack Facebook Accounts to Spread Malware via Ads Read More »

New Android Malware Exploits Calls to Steal Banking Information

Cybersecurity experts recently identified an updated version of the FakeCall malware, a notorious Android threat, that now uses voice phishing—or “vishing”—to deceive users into revealing sensitive information. This advanced malware employs sophisticated methods to gain almost full control over an infected device, including the ability to intercept and manipulate calls, allowing attackers to pose as …

New Android Malware Exploits Calls to Steal Banking Information Read More »

Malicious npm Packages with Malware Threaten Developers

In September 2024, three npm packages were found to be infected with BeaverTail, a type of JavaScript-based malware designed to steal information. These packages, uploaded to the npm registry, are suspected to be part of a larger North Korean-led campaign known as Contagious Interview. The campaign has been actively tracked and analyzed by a research …

Malicious npm Packages with Malware Threaten Developers Read More »

Vulnerability in Plugin Puts Millions of WordPress Sites at Risk

A severe vulnerability has been identified in the LiteSpeed Cache plugin for WordPress, potentially allowing unauthorized attackers to gain admin-level access and conduct harmful actions. The flaw, listed as CVE-2024-50550 with a CVSS severity score of 8.1, was recently patched in the plugin’s 6.5.2 version. This vulnerability, reported by a security researcher, stems from an …

Vulnerability in Plugin Puts Millions of WordPress Sites at Risk Read More »

North Korean Hackers Partner with Play Ransomware in Major Cyber Attack

Researchers have identified North Korean-affiliated threat actors collaborating with the Play ransomware group in a recent cyber attack. This development suggests an evolving strategy where North Korean hackers leverage ransomware operations to achieve financially motivated goals. The activity, tracked from May to September 2024, is attributed to the North Korean group Jumpy Pisces, also known …

North Korean Hackers Partner with Play Ransomware in Major Cyber Attack Read More »

Hacker Group TeamTNT Intensifies Cloud Attacks

The notorious hacking collective TeamTNT has initiated a fresh campaign targeting cloud-native setups to mine cryptocurrencies, while also monetizing by leasing compromised servers to third-party clients. This new wave of attacks seems poised for significant impact, aimed at Docker environments to mine digital currency and deploy malicious software. The group is primarily focusing on vulnerable …

Hacker Group TeamTNT Intensifies Cloud Attacks Read More »

Lazarus Group Exploits Google Chrome Flaw through Fake Gaming Site

The North Korean hacking group, known as the Lazarus Group, has been linked to a recent cyberattack that exploited a serious flaw in Google Chrome to take over users’ devices. The attack, which has now been patched, leveraged a zero-day vulnerability, allowing hackers to gain control over infected computers through a carefully crafted fake gaming …

Lazarus Group Exploits Google Chrome Flaw through Fake Gaming Site Read More »

Cybercriminals Exploit LockBit’s Notoriety to Intimidate Victims

Cybercriminals have started to use the fame of the LockBit ransomware brand to add intimidation to their attacks, even disguising their malware as the well-known LockBit to pressure victims into quick payment. Researchers have observed ransomware operators abusing Amazon’s S3 Transfer Acceleration feature, allowing them to upload stolen data to Amazon S3 buckets under their …

Cybercriminals Exploit LockBit’s Notoriety to Intimidate Victims Read More »

Cybercriminals Exploit EDRSilencer Tool to Bypass Security

Cybercriminals have recently begun exploiting the open-source tool EDRSilencer to bypass endpoint detection and response (EDR) solutions, allowing them to mask their malicious activities. Researchers have observed attackers attempting to integrate EDRSilencer into their attacks as a stealthy means of avoiding detection. EDRSilencer, inspired by the NightHawk FireBlock tool, uses the Windows Filtering Platform (WFP) …

Cybercriminals Exploit EDRSilencer Tool to Bypass Security Read More »

Enhanced Qilin.B Ransomware Adopts Anti-Detection Tactics

Cybersecurity experts have identified a new version of Qilin ransomware, named Qilin.B, which employs sophisticated encryption and evasion strategies to make detection and decryption nearly impossible. This latest variant, tracked as Qilin.B, reflects an ongoing evolution of tactics that make it a significant threat in the ransomware landscape. According to recent reports, Qilin.B now supports …

Enhanced Qilin.B Ransomware Adopts Anti-Detection Tactics Read More »

New Grandoreiro Malware Variants Target Banks Worldwide

Newly evolved variants of the Grandoreiro banking malware are adopting sophisticated techniques to evade detection, showing that the malicious software remains active despite law enforcement crackdowns. Researchers have observed the malware’s operators employing updated tactics, including a domain generation algorithm (DGA) for command-and-control communications, ciphertext stealing (CTS) encryption, and even mouse-tracking functionalities to simulate legitimate …

New Grandoreiro Malware Variants Target Banks Worldwide Read More »

New Cyber Attacks RomCom Unleashes RAT Variant

A recent wave of cyberattacks has targeted Ukrainian government agencies and select Polish entities, with the Russian-based threat actor known as RomCom behind the operations. These attacks, ongoing since late 2023, feature a new variant of the RomCom remote access trojan (RAT), called SingleCamper (also known as SnipBot or RomCom 5.0), according to a report …

New Cyber Attacks RomCom Unleashes RAT Variant Read More »

Apple’s macOS Flaw in Safari Privacy Controls Exposed, Now Patched

Microsoft has revealed details about a recently patched security vulnerability in macOS, which exploited a flaw in Apple’s Transparency, Consent, and Control (TCC) framework. This vulnerability, codenamed HM Surf, allowed attackers to bypass a user’s privacy settings, gaining unauthorized access to sensitive data. Tracked as CVE-2024-44133, the flaw was fixed by Apple with the release …

Apple’s macOS Flaw in Safari Privacy Controls Exposed, Now Patched Read More »

Inside Cicada3301: The Rising Ransomware Group and Its Affiliate Program

Cybersecurity researchers have uncovered new details about the ransomware-as-a-service (RaaS) operation known as Cicada3301. The group’s affiliate program, which was accessed via the dark web, sheds light on the inner workings of this emerging threat. The investigation, conducted by a research team, began after they contacted Cicada3301 through a cybercrime forum, following the group’s advertisement …

Inside Cicada3301: The Rising Ransomware Group and Its Affiliate Program Read More »

Crypt Ghouls Unleashes Ransomware Using LockBit 3.0 and Babuk

A new cybercriminal group, Crypt Ghouls, has been identified as the perpetrator behind a series of ransomware attacks targeting Russian businesses and government agencies. These attacks aim to disrupt operations and extort financial payouts. The group employs various tools to infiltrate systems, steal data, and ultimately encrypt sensitive files using the LockBit 3.0 and Babuk …

Crypt Ghouls Unleashes Ransomware Using LockBit 3.0 and Babuk Read More »

New Wave of Astaroth Banking Malware via Spear-Phishing Scams

A new spear-phishing campaign is targeting Brazilian users, delivering the notorious Astaroth (also known as Guildma) banking malware by employing obfuscated JavaScript to bypass security defenses. According to a report, this campaign has heavily impacted industries such as manufacturing, retail, and government agencies. The phishing emails often disguise themselves as official tax-related documents, using the …

New Wave of Astaroth Banking Malware via Spear-Phishing Scams Read More »

Fake Google Meet Pages Spread Infostealing Malware

Cybercriminals are using counterfeit Google Meet websites as part of an ongoing malware campaign, known as ClickFix, to deliver information-stealing malware to both Windows and macOS users. The strategy involves tricking users with fake error messages in their web browsers, prompting them to copy and run malicious PowerShell commands, ultimately leading to their systems being …

Fake Google Meet Pages Spread Infostealing Malware Read More »

Malware Campaign Uses Stolen Certificates to Spread Hijack Loader

Cybersecurity experts have uncovered a new malware campaign that deploys Hijack Loader, a malicious program signed with legitimate code-signing certificates. The attack, detected earlier this month, is aimed at distributing an information-stealing malware called Lumma. Hijack Loader, also known as DOILoader, first emerged in September 2023. Attackers often trick users into downloading this malware by …

Malware Campaign Uses Stolen Certificates to Spread Hijack Loader Read More »

New Phishing Tactics Target Finance and Insurance Sectors

A recent phishing campaign is using GitHub links to bypass security and spread Remcos RAT, targeting the insurance and finance industries. The attacks trick victims into downloading malware by embedding links in legitimate-looking repositories like tax filing software. By leveraging trusted repositories, the attackers make their phishing attempts more convincing and harder to detect. Central …

New Phishing Tactics Target Finance and Insurance Sectors Read More »

Fake Job Applications Used to Spread Malware to HR Teams

A new phishing campaign has been identified, specifically targeting HR professionals with fake job applications that deliver a malicious backdoor known as More_eggs. These attacks, which use spear-phishing tactics, disguise malware as seemingly legitimate resumes, tricking recruiters into downloading harmful files. In one case, a recruiter downloaded a resume file from a suspicious URL, unknowingly …

Fake Job Applications Used to Spread Malware to HR Teams Read More »

Linux FASTCash Malware Targets ATMs in Global Heists

Cybersecurity experts have discovered a new Linux version of the notorious FASTCash malware, which North Korean hackers have been using to steal funds in sophisticated ATM heists. This variant targets payment switches within compromised banking networks, enabling unauthorized cash withdrawals from ATMs. Originally documented by U.S. authorities in 2018, FASTCash schemes have been tied to …

Linux FASTCash Malware Targets ATMs in Global Heists Read More »

Malware Campaign Deploys PureCrypter Loader to Spread RAT

Cybersecurity experts have uncovered a new malware campaign using a loader called PureCrypter to distribute the DarkVision remote access trojan (RAT). First detected by a researcher in July 2024, this multi-phase attack deploys the RAT through an elaborate process designed to compromise systems. DarkVision RAT uses a custom protocol to communicate with its command-and-control (C2) …

Malware Campaign Deploys PureCrypter Loader to Spread RAT Read More »

New Trojan Variant Steals Android Unlock Patterns and PINs

A newly discovered variant of the Android banking trojan TrickMo now includes capabilities to steal a device’s unlock pattern or PIN, enabling attackers to control the device even while it’s locked. First identified in 2019 and linked to the notorious TrickBot cybercrime group, TrickMo has evolved significantly, now exploiting Android’s accessibility services to capture sensitive …

New Trojan Variant Steals Android Unlock Patterns and PINs Read More »

Critical Security Flaws Found in Key Industrial MMS Protocols

Security researchers have uncovered serious vulnerabilities in two implementations of the Manufacturing Message Specification (MMS) protocol, which could pose significant risks to industrial operations. If exploited, these flaws could lead to crashes or even remote code execution, disrupting essential industrial processes. The MMS protocol plays a crucial role in enabling communication between intelligent electronic devices …

Critical Security Flaws Found in Key Industrial MMS Protocols Read More »

Gamers Tricked Into Downloading Malware Disguised as Cheat Scripts

Gamers searching for cheat scripts online are falling victim to a new malware campaign that uses Lua-based malicious code to infect their systems. This malware can maintain a presence on the targeted computers and deliver additional harmful software. A recent report by researchers highlights how cybercriminals exploit the popularity of Lua-based engines within the gaming …

Gamers Tricked Into Downloading Malware Disguised as Cheat Scripts Read More »

API Vulnerabilities and Bot Attacks Cost Businesses $186 Billion Annually

Businesses are losing between $94 billion and $186 billion every year due to vulnerabilities in APIs (Application Programming Interfaces) and automated bot attacks. According to a recent report, these threats now account for up to 11.8% of global cybersecurity incidents, posing an ever-growing risk to companies worldwide. A detailed study examined over 161,000 cybersecurity incidents, …

API Vulnerabilities and Bot Attacks Cost Businesses $186 Billion Annually Read More »

New Gorilla Botnet Launches 300,000 DDoS Attacks in Over 100 Countries

Cybersecurity experts have uncovered a new botnet malware family called Gorilla, also known as GorillaBot, which draws inspiration from the leaked source code of the infamous Mirai botnet. A recent report reveals that this powerful botnet executed over 300,000 distributed denial-of-service (DDoS) attacks between September 4 and September 27, 2024, issuing an average of 20,000 …

New Gorilla Botnet Launches 300,000 DDoS Attacks in Over 100 Countries Read More »

Hackers Lure Developers with Fake Interviews to Spread Malware

Hackers linked to North Korea have been discovered using fake job interviews to target developers in the tech industry, deploying updated malware variants known as BeaverTail and InvisibleFerret. This malicious campaign, tracked as CL-STA-0240 and dubbed “Contagious Interview,” was first disclosed in November 2023 by researchers. The attackers pose as potential employers, contacting developers through …

Hackers Lure Developers with Fake Interviews to Spread Malware Read More »

Cybercriminals Exploit File Hosting Services in Business Email Scams

Microsoft has issued a warning about cyberattack campaigns that misuse legitimate file hosting services, such as SharePoint, OneDrive, and Dropbox, to evade security measures. These services, widely used in enterprise environments, are being exploited to launch business email compromise (BEC) attacks, which can result in financial fraud, data theft, and further infiltration of corporate networks. …

Cybercriminals Exploit File Hosting Services in Business Email Scams Read More »

Hackers Target Internet Providers in Major Cyber Espionage Effort

Chinese-backed cyber attackers have infiltrated several U.S. internet service providers (ISPs) as part of a broader espionage campaign aimed at collecting sensitive information. According to a recent report, these hackers, tracked by a leading tech firm under the name Salt Typhoon—also known as FamousSparrow and GhostEmperor—are believed to be state-sponsored and linked to Beijing. Investigators …

Hackers Target Internet Providers in Major Cyber Espionage Effort Read More »

New Cyber Campaign Uses HTML Smuggling to Deliver Malware

A new cyberattack campaign is targeting Russian-speaking users with a commodity trojan called DCRat (also known as DarkCrystal RAT) using an advanced technique called HTML smuggling. This marks the first time that DCRat has been distributed via this method, differing from its usual delivery through compromised websites or phishing emails with malicious attachments, such as …

New Cyber Campaign Uses HTML Smuggling to Deliver Malware Read More »

Websites Targeted in Watering Hole Attack Distributing Spyware

Over 25 websites tied to the Kurdish community have fallen victim to a watering hole attack, which has been active for more than a year and a half, aimed at gathering sensitive data. The campaign, called “SilentSelfie,” was first detected in December 2022 and continues to operate, according to a recent report. The compromised sites, …

Websites Targeted in Watering Hole Attack Distributing Spyware Read More »

North Korean Hackers Unleash New Malware in Targeted Attacks

Cybersecurity experts have detected two new malware strains, KLogEXE and FPSpy, linked to a North Korean hacking group. The group, identified as Kimsuky (also known by several aliases), has been active for over a decade and is notorious for its spear-phishing techniques, often tricking victims into downloading malicious software. According to a recent report, these …

North Korean Hackers Unleash New Malware in Targeted Attacks Read More »

New ‘SnipBot’ Malware Variant Linked to Data Theft Attacks

A newly discovered variant of the RomCom malware, named SnipBot, has been identified in a wave of cyberattacks aimed at stealing sensitive data from compromised systems. According to a report, SnipBot infiltrates networks, allowing attackers to extract valuable information and move laterally within organizations. Researchers uncovered SnipBot during a deep analysis of a specific DLL …

New ‘SnipBot’ Malware Variant Linked to Data Theft Attacks Read More »

Storm-0501 Identified as a Key Player in Hybrid Cloud Ransomware Attacks

Storm-0501, a known cybercriminal group, has been actively targeting key sectors in the U.S., including government, manufacturing, transportation, and law enforcement, in a series of ransomware attacks This campaign, identified by researchers, aims to exploit hybrid cloud environments, moving from on-premises infrastructure to cloud platforms, leading to data theft, credential harvesting, system tampering, and ultimately, …

Storm-0501 Identified as a Key Player in Hybrid Cloud Ransomware Attacks Read More »

New Malware Targets Developers Through Infected Python Packages

A recent cyber campaign linked to North Korean threat actors is using compromised Python packages to distribute a new malware strain known as PondRAT. This malware appears to be a streamlined version of POOLRAT (also called SIMPLESEA), a previously identified macOS backdoor attributed to the Lazarus Group, which was involved in the 3CX supply chain …

New Malware Targets Developers Through Infected Python Packages Read More »

New Octo2 Android Trojan Unleashes Powerful Device Takeover Features

Cybersecurity experts have uncovered a new version of the notorious Android banking trojan, Octo, now enhanced with advanced capabilities for device takeover and fraudulent transactions. The updated malware, dubbed Octo2 by its creator, has been found in ongoing campaigns across European countries such as Italy, Poland, Moldova, and Hungary, as revealed by a recent report. …

New Octo2 Android Trojan Unleashes Powerful Device Takeover Features Read More »

Cyberattacks Hit Transportation Firms with Malware

Transportation and logistics companies across North America are facing a new wave of phishing attacks delivering information-stealing malware and remote access trojans (RATs). According to recent reports, these campaigns exploit legitimate email accounts from compromised transport and shipping companies to inject malicious content directly into ongoing email threads. So far, at least 15 breached email …

Cyberattacks Hit Transportation Firms with Malware Read More »

Chinese Hackers Exploit GeoServer Flaw to Launch Attacks

A cyber espionage group suspected to be operating from China has launched targeted attacks on a Taiwanese government organization and possibly other countries in the Asia-Pacific (APAC) region by exploiting a recently patched security vulnerability in OSGeo GeoServer GeoTools. The attack, identified by researchers in July 2024, has been attributed to an advanced persistent threat …

Chinese Hackers Exploit GeoServer Flaw to Launch Attacks Read More »

Necro Malware Hidden in Popular Play Store Camera and Browser Apps

The discovery of Necro malware in widely-used camera and browser apps on the Play Store has raised alarms, although it’s still unclear how the apps were initially compromised. Experts suspect that a malicious software development kit (SDK) used to integrate advertising features may be the source of the breach. First identified by a Russian cybersecurity …

Necro Malware Hidden in Popular Play Store Camera and Browser Apps Read More »

Brazilian Hackers Launch SambaSpy Malware Through Phishing

A new malware named SambaSpy has been discovered exclusively targeting users in Italy through a sophisticated phishing campaign. The cyberattack, attributed to a Brazilian Portuguese-speaking threat group, raises concerns as it focuses solely on Italian victims, which is unusual since most attackers tend to aim for a wider audience to maximize their gains. According to …

Brazilian Hackers Launch SambaSpy Malware Through Phishing Read More »

Hackers Target Healthcare with New INC Ransomware Attacks

Microsoft has reported that a ransomware group known as Vanilla Tempest has begun targeting healthcare organizations using a new strain of ransomware called INC Ransom. This ransomware-as-a-service (RaaS) operation has been active since July 2023, attacking various public and private entities, including Yamaha Motor Philippines and the U.S. branch of Xerox Business Solutions, as well …

Hackers Target Healthcare with New INC Ransomware Attacks Read More »

Massive ‘Raptor Train’ Botnet Hijacks Over 200,000 IoT Devices

Cybersecurity experts have uncovered a sophisticated botnet, dubbed “Raptor Train,” that has infected more than 200,000 small office/home office (SOHO) and Internet of Things (IoT) devices globally. This botnet is believed to be operated by a suspected Chinese state-sponsored group known as Flax Typhoon. It has been active since at least May 2020, with its …

Massive ‘Raptor Train’ Botnet Hijacks Over 200,000 IoT Devices Read More »

New Malware Trap Locks Your Browser to Steal Google Passwords

A new malware campaign uses an unusual technique to trap users in their browser’s kiosk mode, coercing them into entering their Google credentials. Once entered, these credentials are stolen by a piece of information-stealing malware. This attack operates by locking the user’s browser on Google’s login page and preventing them from closing the window. The …

New Malware Trap Locks Your Browser to Steal Google Passwords Read More »

Windows Flaw Exploited by Hackers: CISA Urges Immediate Action

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent directive for federal agencies to secure their systems against a recently patched zero-day vulnerability in Windows, known as MSHTML (CVE-2024-43461). This flaw was exploited by the hacking group Void Banshee in a series of infostealer malware attacks. Initially disclosed during Microsoft’s Patch Tuesday, …

Windows Flaw Exploited by Hackers: CISA Urges Immediate Action Read More »

Ransomware Gangs Exploit Microsoft Azure Tools for Data Theft

Ransomware groups, such as BianLian and Rhysida, have adopted a new technique to steal sensitive data by abusing Microsoft Azure’s tools, particularly Azure Storage Explorer and AzCopy. These tools, designed to manage cloud storage and transfer data within Microsoft’s cloud ecosystem, are now being manipulated to extract large amounts of data from breached networks and …

Ransomware Gangs Exploit Microsoft Azure Tools for Data Theft Read More »

Vo1d Malware Hits 1.3 Million Android TV Boxes in Global Cyberattack

A new malware strain known as Vo1d has infected nearly 1.3 million Android-based TV boxes worldwide, affecting users in 197 countries. The malware primarily targets devices running outdated versions of the Android operating system, spreading rapidly across Brazil, Morocco, Pakistan, Saudi Arabia, Argentina, Russia, Tunisia, Ecuador, Malaysia, Algeria, and Indonesia. According to a report by …

Vo1d Malware Hits 1.3 Million Android TV Boxes in Global Cyberattack Read More »

Malware Targets Android Users to Steals Financial Data

Since November 2023, a new Android malware called Ajina.Banker has been targeting bank customers across Central Asia, focusing on stealing financial information and intercepting two-factor authentication (2FA) messages. According to researchers, the malware is distributed via Telegram channels, disguised as legitimate apps related to banking, payment services, and even government utilities. The attackers rely on …

Malware Targets Android Users to Steals Financial Data Read More »

New Trojan Targets Android Users for Banking Fraud

Cybersecurity researchers have identified a new version of the Android banking trojan, TrickMo, which uses advanced techniques to avoid detection and steal users’ banking credentials. This malicious software tricks users into revealing sensitive information by displaying fake login screens and employing various anti-analysis mechanisms, including malformed ZIP files and a dropper app that avoids detection. …

New Trojan Targets Android Users for Banking Fraud Read More »

Cybercriminals Exploit HTTP Headers to Steal Credentials in Phishing Attacks

Cybersecurity experts have raised alarms about a wave of phishing attacks leveraging HTTP headers to deploy fake email login pages designed to steal credentials. Unlike typical phishing methods that rely on HTML content, these attacks manipulate the HTTP response header before the HTML loads. This allows the phishing page to automatically reload without user interaction, …

Cybercriminals Exploit HTTP Headers to Steal Credentials in Phishing Attacks Read More »

PEAKLIGHT Downloader Targets Windows Users with Fake Movie Downloads

Cybersecurity experts have identified a new malware dropper called PEAKLIGHT that is being used in cyberattacks targeting Windows users through malicious movie downloads. This newly discovered dropper functions as a stealthy vehicle, enabling the launch of various harmful software, such as information stealers and other types of malware loaders. The dropper is designed to operate …

PEAKLIGHT Downloader Targets Windows Users with Fake Movie Downloads Read More »

New Phishing Attack on Insurance Firms with Modified Quasar RAT

The Colombian insurance sector has come under attack by a threat actor known as Blind Eagle, who has been using a customized version of the Quasar Remote Access Trojan (RAT) since June 2024. This group, also referred to as AguilaCiega, APT-C-36, and APT-Q-98, has a history of targeting organizations and individuals in South America, with …

New Phishing Attack on Insurance Firms with Modified Quasar RAT Read More »

Hackers Unleash New Data Theft Malware in Attacks on Government Networks

A China-based cyber espionage group, known as Mustang Panda, has been identified using new malware tools, FDMTP and PTSOCKET, in recent attacks to infiltrate government networks and steal sensitive data. The group, also referred to as HoneyMyte, Bronze President, Earth Preta, Polaris, or Stately Taurus, has shifted to new strategies, focusing primarily on cyber-espionage against …

Hackers Unleash New Data Theft Malware in Attacks on Government Networks Read More »

New Malware Uses Google Sheets to Steal Sensitive Data

A new malware campaign, featuring a previously unknown backdoor named “Voldemort,” is targeting organizations worldwide by posing as tax authorities from various countries, including the U.S., Europe, and Asia. According to a recent report, this campaign began on August 5, 2024, and has already sent over 20,000 phishing emails to more than 70 different organizations, …

New Malware Uses Google Sheets to Steal Sensitive Data Read More »

North Korean Hackers Exploit LinkedIn Job Offers to Spread Malware

North Korean cybercriminals have been using LinkedIn to target developers through fake job recruitment schemes, according to a recent report. These attackers leverage LinkedIn’s job posting platform to lure victims, often developers in the Web3 sector, into a false sense of security by pretending to offer coding challenges as part of a job application process. …

North Korean Hackers Exploit LinkedIn Job Offers to Spread Malware Read More »

New Malware Impersonates VPN to Target Users

Cybersecurity experts have identified a new malware campaign targeting users by disguising itself as the Palo Alto Networks GlobalProtect VPN tool. The malware poses a significant threat by executing remote PowerShell commands, downloading and exfiltrating files, encrypting communications, and evading sandbox detection, according to a recent report. The malware employs a sophisticated two-stage process that …

New Malware Impersonates VPN to Target Users Read More »

New Android Trojan ‘Rocinante’ Masquerades as Banking Apps to Steal User Data

Android users are currently under attack by a new malware campaign featuring a banking trojan named Rocinante. This malware disguises itself as legitimate banking applications to steal sensitive information from unsuspecting victims. The malware, identified by cybersecurity researchers, uses Android’s Accessibility Service to perform keylogging and display phishing screens that mimic various banks to steal …

New Android Trojan ‘Rocinante’ Masquerades as Banking Apps to Steal User Data Read More »

New Rust-Based Ransomware ‘Cicada3301’ Hits Windows and Linux Systems

Cybersecurity experts have discovered a new ransomware strain named Cicada3301, bearing similarities to the now inactive BlackCat (also known as ALPHV) operation. The ransomware primarily targets small and medium-sized businesses (SMBs) through opportunistic attacks that exploit system vulnerabilities, according to a report from a cybersecurity researcher. Cicada3301, written in the Rust programming language, is capable …

New Rust-Based Ransomware ‘Cicada3301’ Hits Windows and Linux Systems Read More »

New Phishing Attack Uses QR Codes and Microsoft Sway to Steal Login Details

Cybersecurity experts are sounding the alarm on a new phishing campaign that uses QR codes—referred to as quishing—to steal user credentials by exploiting Microsoft Sway. The campaign takes advantage of the platform’s infrastructure to host fake login pages, once again showcasing how legitimate cloud services can be misused for malicious purposes. “Attackers use trustworthy cloud …

New Phishing Attack Uses QR Codes and Microsoft Sway to Steal Login Details Read More »

BlackSuit Ransomware Breach Exposes Data of Nearly 1 Million from Software Provider

A recent ransomware attack by BlackSuit has compromised the personal data of 954,177 individuals, prompting a mass notification effort by the affected software vendor, now known as Connexure. The Atlanta-based firm, which specializes in software solutions for the employer stop-loss insurance market, is informing nearly a million people about the breach, which occurred on April …

BlackSuit Ransomware Breach Exposes Data of Nearly 1 Million from Software Provider Read More »

Ransomware Payments Soar to Nearly $460 Million in First Half of 2024

In the first half of 2024, ransomware payments have surged to an astonishing $459.8 million, setting the stage for a potential record-breaking year if the current pace continues. This marks a slight increase from the same period in 2023, where ransomware payments totaled $449.1 million, leading to a record $1.1 billion by year’s end. Despite …

Ransomware Payments Soar to Nearly $460 Million in First Half of 2024 Read More »

NGate Malware Clones Contactless Payment Cards via NFC Data Theft

Cybersecurity experts have identified a new strain of Android malware, known as NGate, designed to siphon contactless payment data from victims’ physical credit and debit cards. The stolen data is relayed to a device controlled by attackers, enabling them to carry out fraudulent transactions. This new threat, dubbed NGate by researchers, has been observed targeting …

NGate Malware Clones Contactless Payment Cards via NFC Data Theft Read More »

New macOS Malware ‘Cthulhu Stealer’ Targets User Data

Cybersecurity experts have identified a new piece of malware targeting Apple macOS systems, emphasizing the growing interest of cybercriminals in Apple’s operating system. Named ‘Cthulhu Stealer,’ this malware is designed to harvest a wide array of user data from macOS devices, showcasing how threat actors are increasingly focusing on Apple users. Launched in late 2023, …

New macOS Malware ‘Cthulhu Stealer’ Targets User Data Read More »

New ‘Sedexp’ Linux Malware Conceals Credit Card Skimmers

Cybersecurity experts have discovered a new, stealthy Linux malware that uses an unusual technique to establish persistence on infected systems while concealing credit card skimmer code. The malware, named ‘sedexp’ by a cybersecurity incident response team, is attributed to a financially motivated group and has been active since 2022. The researchers highlighted that ‘sedexp’ is …

New ‘Sedexp’ Linux Malware Conceals Credit Card Skimmers Read More »

New Msupedge Backdoor Exploits PHP Vulnerability

A newly discovered backdoor named Msupedge has been deployed in a cyber attack against an unnamed university in Taiwan. The backdoor is notable for its use of DNS traffic to communicate with its command-and-control (C&C) server, according to the report. The attack likely began by exploiting a critical vulnerability in PHP (CVE-2024-4577, CVSS score: 9.8), …

New Msupedge Backdoor Exploits PHP Vulnerability Read More »

Hackers Use Fake Brand Sites to Spread DanaBot and StealC Malware

Cybersecurity researchers have uncovered a sophisticated campaign where cybercriminals are mimicking legitimate brands to spread malware such as DanaBot and StealC. This operation, led by Russian-speaking hackers and known as Tusk, involves several sub-campaigns that exploit the credibility of well-known brands. By creating fake websites and social media profiles, these hackers trick users into downloading …

Hackers Use Fake Brand Sites to Spread DanaBot and StealC Malware Read More »

Banshee Stealer Malware Targets Over 100 Browser Extensions on macOS

Cybersecurity researchers have discovered a new stealer malware specifically designed for Apple macOS systems. Named Banshee Stealer, this malware is being sold on the cybercrime market for $3,000 per month and is compatible with both x86_64 and ARM64 architectures. “Banshee Stealer is highly versatile, targeting numerous browsers, cryptocurrency wallets, and about 100 browser extensions,” reported …

Banshee Stealer Malware Targets Over 100 Browser Extensions on macOS Read More »

Attackers Linked to Black Basta Use SystemBC Malware

A new social engineering campaign connected to the Black Basta ransomware group has been identified, targeting users with credential theft attempts and deploying a malware dropper known as SystemBC. According to researchers, the attackers use a consistent tactic: sending an initial email bomb followed by phone calls pretending to offer a fake solution. These calls …

Attackers Linked to Black Basta Use SystemBC Malware Read More »

New Phishing Scheme Targets Mobile Banking Users

Mobile users in the Czech Republic are being targeted by a new phishing campaign that uses a Progressive Web Application (PWA) to steal banking credentials. The attacks have specifically targeted customers of Československá obchodní banka (CSOB) in the Czech Republic, OTP Bank in Hungary, and TBC Bank in Georgia, according to cybersecurity firm. The phishing …

New Phishing Scheme Targets Mobile Banking Users Read More »

Major WordPress Plugin Flaw Puts 100,000+ Sites at Risk

A severe security vulnerability has been identified in the GiveWP donation and fundraising plugin for WordPress, which puts more than 100,000 websites at risk of remote code execution attacks. This flaw, officially tracked as CVE-2024-5932 with a perfect CVSS score of 10.0, affects all plugin versions prior to 3.14.2. The vulnerability was reported by a …

Major WordPress Plugin Flaw Puts 100,000+ Sites at Risk Read More »

Cybercriminals Use Fake Websites to Spread DanaBot and StealC Malware

Cybersecurity experts have uncovered a sophisticated malware campaign in which attackers mimic well-known brands to distribute harmful software like DanaBot and StealC. This campaign, orchestrated by Russian-speaking cybercriminals under the codename “Tusk,” includes multiple sub-campaigns that exploit the trust users place in reputable platforms. These attackers lure victims into downloading malware through fake websites and …

Cybercriminals Use Fake Websites to Spread DanaBot and StealC Malware Read More »

Mandrake Spyware Resurfaces in Google Play Store Apps After 2 Years

A sophisticated Android spyware known as Mandrake has reappeared, hidden within five apps that were available on the Google Play Store for two years without detection. According to the report, these applications garnered over 32,000 installations before they were finally removed from the platform. The majority of these downloads occurred in countries such as Canada, …

Mandrake Spyware Resurfaces in Google Play Store Apps After 2 Years Read More »

New Go-Based Backdoor GoGra Targets South Asian Media Outlet

A previously unknown Go-based backdoor called GoGra was used in a cyberattack against a media organization in South Asia. According to a report, GoGra is written in the Go programming language and utilizes the Microsoft Graph API to communicate with a command-and-control (C&C) server hosted on Microsoft mail services. The exact method of delivery for …

New Go-Based Backdoor GoGra Targets South Asian Media Outlet Read More »

FBI and CISA Alert on BlackSuit Ransomware Demanding Up to $500 Million

The FBI and the U.S. Cybersecurity and Infrastructure Security Agency (CISA) have issued an updated warning about a dangerous ransomware strain known as BlackSuit, which has reportedly demanded ransoms as high as $500 million. In one instance, a single ransom demand reached a staggering $60 million. According to the advisory, BlackSuit ransomware attackers are open …

FBI and CISA Alert on BlackSuit Ransomware Demanding Up to $500 Million Read More »

New Phishing Scam Exploits Google Drawings and WhatsApp Links

Cybersecurity experts have uncovered a new phishing campaign that cleverly utilizes Google Drawings and shortened links generated through WhatsApp to evade detection and deceive users into clicking on fraudulent links designed to steal sensitive information. According to the report, the attackers have carefully chosen widely trusted platforms like Google and WhatsApp to host and deliver …

New Phishing Scam Exploits Google Drawings and WhatsApp Links Read More »

New Malware Targets 300,000 Users with Malicious Extensions

A widespread malware campaign has recently been detected, affecting over 300,000 users by installing rogue extensions in Google Chrome and Microsoft Edge browsers. This malware is being distributed through trojan software, which users unwittingly download from fake websites that mimic popular software platforms. According to report, the trojan carries a variety of harmful components. These …

New Malware Targets 300,000 Users with Malicious Extensions Read More »

New Android Trojan BingoMod Drains Funds and Erases Devices

Cybersecurity experts have identified a newly emerging Android remote access trojan (RAT) named BingoMod. This malicious software is capable of not only stealing money from infected devices but also wiping them clean to cover its tracks. The researcher noted that the malware is still being actively developed. Evidence suggests that the trojan may be the …

New Android Trojan BingoMod Drains Funds and Erases Devices Read More »

SideWinder Cyber Attacks Target Maritime Sites

The nation-state cyber threat actor known as SideWinder has been linked to a new espionage campaign aimed at maritime facilities and ports located in the Indian Ocean and Mediterranean Sea regions. This campaign has been uncovered which identified that the spear-phishing attacks are targeting several countries, including Pakistan, Egypt, Sri Lanka, Bangladesh, Myanmar, Nepal, and …

SideWinder Cyber Attacks Target Maritime Sites Read More »

Facebook Ads Lead Users to Fake Sites Stealing Credit Card Data

Facebook users have become targets of an extensive scam e-commerce network that employs hundreds of fraudulent websites to steal personal and financial information. These fake sites are designed to impersonate well-known brands and use deceptive advertising techniques to lure victims. The researhcer uncovered the campaign on April 17, 2024, and dubbed it “ERIAKOS” due to …

Facebook Ads Lead Users to Fake Sites Stealing Credit Card Data Read More »

Chameleon Trojan Masquerades as CRM App to Steal Banking Data

Cybersecurity researchers have uncovered a new technique used by the Chameleon Android banking trojan, which targets users in Canada by posing as a Customer Relationship Management (CRM) app. Researcher reported on Monday that Chameleon was seen disguising itself as a CRM app, specifically targeting a Canadian restaurant chain with international operations. This campaign, detected in …

Chameleon Trojan Masquerades as CRM App to Steal Banking Data Read More »

Hackers Exploit ISP to Spread Malicious Updates

In mid-2023, the China-linked cyber espionage group Evasive Panda compromised an unnamed internet service provider (ISP) to distribute malicious software updates to target companies. This attack demonstrates the increasing sophistication of the group. Evasive Panda, also known as Bronze Highland, Daggerfly, and StormBamboo, has been active since at least 2012. The group is known for …

Hackers Exploit ISP to Spread Malicious Updates Read More »

New Android Trojan BlankBot Steals Financial Data

Cybersecurity researchers have uncovered a new Android banking trojan called BlankBot, targeting Turkish users to steal their financial information. According to the analysis published last week, BlankBot possesses several malicious capabilities, including customer injections, keylogging, screen recording, and communication with a control server via a WebSocket connection. Discovered on July 24, 2024, BlankBot is currently …

New Android Trojan BlankBot Steals Financial Data Read More »

AI Cybercrime Service Bundles Phishing Kits with Malicious Apps

A Spanish-speaking cybercrime group named GXC Team has been observed bundling phishing kits with malicious Android applications, enhancing their malware-as-a-service (MaaS) offerings. Researcher has been tracking this e-crime actor since January 2023. They describe the crimeware solution as a “sophisticated AI-powered phishing-as-a-service platform” that targets users of more than 36 Spanish banks, government bodies, and …

AI Cybercrime Service Bundles Phishing Kits with Malicious Apps Read More »

Stargazer Goblin Creates 3,000 Fake GitHub Accounts to Spread Malware

A threat actor known as Stargazer Goblin has established a network of fake GitHub accounts to run a Distribution-as-a-Service (DaaS) operation, spreading various information-stealing malware and earning $100,000 in illicit profits over the past year. This network, dubbed “Stargazers Ghost Network”, comprises over 3,000 accounts on GitHub. These accounts manage thousands of repositories used to …

Stargazer Goblin Creates 3,000 Fake GitHub Accounts to Spread Malware Read More »

New Phishing Scam Targets OneDrive Users with Malicious Script

Cybersecurity researchers are alerting the public about a new phishing campaign aimed at Microsoft OneDrive users, intending to execute a harmful PowerShell script. “This campaign relies heavily on social engineering tactics to trick users into running a PowerShell script, which compromises their systems,” said security researcher. The cybersecurity firm is monitoring this clever phishing and …

New Phishing Scam Targets OneDrive Users with Malicious Script Read More »

Gh0st RAT Trojan Targets Users Through Fake Chrome Site

The remote access trojan known as Gh0st RAT has been detected being delivered by an “evasive dropper” called Gh0stGambit. This is part of a drive-by download scheme specifically targeting Chinese-speaking Windows users. These infections originate from a fake website, “chrome-web[.]com,” which serves malicious installer packages disguised as Google’s Chrome browser. This indicates that users searching …

Gh0st RAT Trojan Targets Users Through Fake Chrome Site Read More »

New Malware ‘FrostyGoop’ Targets Energy Company

Cybersecurity researchers have discovered what they identify as the ninth Industrial Control Systems (ICS)-focused malware. This malware was used in a disruptive cyber attack targeting an energy company. Industrial cybersecurity firm has named the malware FrostyGoop. They describe it as the first malware to directly use Modbus TCP communications to sabotage operational technology (OT) networks. …

New Malware ‘FrostyGoop’ Targets Energy Company Read More »