News

China-Linked Hackers Launch New Cyberattacks Cybersecurity researchers have discovered that China-linked hackers are exploiting a serious Windows shortcut flaw to target European diplomats. These attacks occurred between September and October 2025, focusing on government and diplomatic institutions in several European countries. The campaign highlights growing concerns about cyber espionage and geopolitical intelligence gathering. How the …

China-Linked Hackers Exploit Windows Flaw on Diplomats Read More »

Cybercriminals Target Logistics Networks Cybercriminals exploit remote monitoring tools to infiltrate logistics and freight networks, aiming to steal valuable cargo for profit. According to a recent report from researchers, these attacks have been active since June 2025. The threat actors are believed to be working with organized crime groups that specialize in large-scale cargo theft. …

Cybercriminals Exploit RMM Tools to Steal Freight Read More »

Researcher Uncover Android Trojans Steal Data Cybersecurity researchers uncovered two new Android threats, BankBot-YNRK and DeliveryRAT, that steal sensitive financial data. These malicious programs secretly harvest personal information, run hidden commands, and bypass security defenses on targeted devices. Both have been active since mid-2024, showing how mobile attacks continue to evolve rapidly. How BankBot-YNRK Works …

Researchers Uncover Android Trojans Stealing Data Read More »

Brash Exploit Threatens Chromium Browsers A serious flaw has been discovered in Chromium’s Blink rendering engine, exposing millions of users to sudden browser crashes. The newly identified Brash exploit allows attackers to crash Chromium-based browsers in seconds simply by sending a malicious URL. According to a cybersecurity researcher who analyzed the bug, Brash can cause …

Brash Exploit Crashes Chromium Browser in Seconds Read More »

PhantomRaven Malware Targets npm Developers Cybersecurity researchers have discovered a new software supply chain attack named PhantomRaven. This threat targets the npm registry and steals sensitive data from developers’ systems. It collects GitHub tokens, CI/CD secrets, and authentication credentials. The campaign began around August 2025. Since then, it has grown rapidly, spreading across 126 npm …

PhantomRaven Malware Hits npm Packages Hard Read More »

AI-Targeted Cloaking Attack Exposes Hidden Risks Cybersecurity researchers have uncovered a new online threat called AI-targeted cloaking. This technique tricks artificial intelligence (AI) crawlers used by agentic web browsers into accepting fake information as verified truth. Unlike traditional search engine cloaking, this new method focuses on AI-driven tools that retrieve and summarize online content automatically. …

AI-Targeted Cloaking Attack Spreads Fake Facts Read More »

Summary of the Threat Researchers found 10 npm packages that delivered a powerful information stealer. For example, the packages aimed at Windows, macOS, and Linux. The researcher reported the operation used heavy obfuscation and fake CAPTCHAs. Therefore, many developers did not notice the malicious behavior during install. How the Attack Works The malicious packages appeared …

10 npm Packages Steal Dev Credentials Read More »

A New Android Threat Emerges Herodotus, a newly discovered Android banking trojan, is making waves for its human-like behavior. Researchers recently found it targeting users in Italy and Brazil through active malware campaigns. The malware is designed to take over devices while imitating natural user actions, allowing it to bypass advanced anti-fraud systems. According to …

Herodotus Trojan Mimics Humans to Evade Detection Read More »

GhostCall and GhostHire Overview Threat actors linked to North Korea are running two related malware campaigns named GhostCall and GhostHire. These operations mainly target professionals in the Web3 and blockchain sectors. According to recent research, both campaigns are part of a long-running effort called SnatchCrypto. Since at least 2017, this effort has focused on stealing …

GhostCall and GhostHire: Web3 Mac Malware Read More »

Dangerous New Browser Vulnerability A new ChatGPT Atlas exploit allows cyber attackers to secretly insert hidden commands into the AI’s memory. Security researchers recently discovered that this flaw could let attackers execute arbitrary code and gain control of user systems. According to a new report, this attack uses a cross-site request forgery (CSRF) technique. It …

ChatGPT Atlas Exploit Plants Hidden Malicious Code Read More »

Smishing Operation Expands The Smishing Triad has launched a massive phishing operation using more than 194,000 fake domains worldwide. Since January 2024, these domains have targeted countless users across many industries, according to a recent report. The campaign uses fraudulent text messages that claim to be toll or package delivery notices. However, the real goal …

Smishing Triad Runs 194,000 Fake Phishing Domains Read More »

YouTube Ghost Network Spreads Malware The YouTube Ghost Network is spreading fast. This massive operation uses hacked video accounts to distribute malware. Since 2021, over 3,000 infected videos have appeared, and the number has tripled in 2025. Attackers use these videos to push pirated software and game cheats, especially targeting users searching for free downloads. …

YouTube Ghost Network Spreads Hidden Malware Traps Read More »

Google Finds Three New Russian Malware Threats Google identifies three new Russian malware families linked to the COLDRIVER hacking group. According to a recent threat report, the cyber group has intensified its operations since May 2025, rapidly evolving its malware arsenal to target high-profile individuals. Researchers revealed that these malware variants named NOROBOT, YESROBOT, and …

Google Finds Three New Russian Malware Threats Read More »

Massive Spam Campaign Uncovered 131 Chrome extensions hijacked WhatsApp Web in a large-scale spam campaign targeting thousands of users. According to a cybersecurity report, the operation focused on Brazilian accounts and relied on cloned automation tools disguised as business aids. Researchers discovered that these browser extensions shared nearly identical code, design, and infrastructure. In total, …

Chrome Extensions Hijack WhatsApp for Spam Read More »

Cyberattack Overview Hackers used Snappybee malware and a Citrix security flaw to target a major European telecom network. The attack occurred in early July 2025, according to a cybersecurity report. Investigators linked the intrusion to a China-based cyber espionage group called Salt Typhoon. This group has been active since 2019 and is known for attacking …

Hackers Used Snappybee to Breach Telecom Network Read More »

Critical Risk to Enterprise Systems A newly uncovered security flaw could let attackers take full control of enterprise servers without needing a login. Researchers warned that the bug allows silent command execution, putting valuable data and operations at serious risk. Therefore, applying the latest security updates is an urgent priority for every organization. How the …

Severe Server Flaw Opens Door to Silent Takeovers Read More »

Android devices: What Pixnapping steals Android devices are vulnerable to a pixel-stealing attack. Researchers call the technique Pixnapping. It can take two-factor authentication codes without app permissions. Therefore, users should treat the threat as urgent. Who discovered it A team of academics from multiple universities found the flaw. They published a detailed paper with proofs …

Android Devices Face 2FA Theft Without Permissions Read More »

Astaroth Trojan Uses GitHub to Evade Disruption Cybersecurity researchers have discovered a new campaign delivering the Astaroth banking trojan, which cleverly remains operational even after takedowns. The malware uses GitHub as a backup control system to keep running when its main servers are blocked. Therefore, removing its infrastructure does not immediately stop the infection chain. …

Banking Trojan Stays Active After Takedowns Read More »

RondoDox Botnet Expands to 50+ Vulnerabilities Researchers have warned that the RondoDox Botnet is becoming more dangerous than ever. It now exploits over 50 security flaws across more than 30 technology vendors. This campaign uses what experts call an “exploit shotgun” approach. It targets many kinds of internet-connected devices, including routers, DVRs, NVRs, CCTV cameras, …

RondoDox Botnet Exploits 50+ Flaws in Devices Read More »

Rust-Based Malware ChaosBot Targets Financial Firms A new Rust-Based Malware, known as ChaosBot, has been discovered targeting financial organizations. Researchers found that it allows attackers to spy on victims and execute remote commands on infected computers. However, what makes ChaosBot unusual is how it communicates. Instead of using traditional control servers, it leverages Discord channels …

Rust-Based Malware ChaosBot Exploits Discord Control Read More »

Hackers Turn Velociraptor Tool Into Ransomware Weapon Hackers are abusing the Velociraptor DFIR tool to launch ransomware attacks. A new report revealed that a group called Storm-2603 has used this open-source security tool to deliver multiple ransomware strains, including LockBit, Warlock, and Babuk. However, the group didn’t exploit a flaw in Velociraptor itself. Instead, it …

Hackers Turn Velociraptor Tool Into Ransomware Weapon Read More »

Astaroth Banking Trojan resurfaces with new trick Astaroth Banking Trojan now uses a code hosting platform as backup. This lets it recover when takedown teams remove its servers. Therefore, the malware can stay active after infrastructure disruption. Researchers reported the tactic in a recent analysis. However, the campaign still relies on classic phishing. For example, …

Astaroth Banking Trojan Uses GitHub Backup Read More »

Stealit Malware Exploits Node.js Feature Stealit Malware is abusing a feature in Node.js known as the Single Executable Application (SEA) to distribute its payloads. Researchers have revealed that this malware campaign disguises itself as installers for popular games and VPN applications. However, these fake installers are actually packed with malicious code and are being shared …

Stealit Malware Hides in Game and VPN Installers Read More »

Payroll Pirates Target Employee Salaries Payroll Pirates are hijacking HR software accounts to steal salaries from employees. A recent report from researchers revealed that the group, also known as Storm-2657, is attacking U.S.-based organizations, especially universities and other large employers. However, experts warn that any company using online HR or payroll systems could be at …

Payroll Pirates Steal Salaries via HR Account Hacks Read More »

Deceptive Campaign Targets Android Users A fast-evolving Android spyware called ClayRat is targeting users through fake versions of popular apps. The campaign mainly spreads through messaging channels and phishing websites, luring users with counterfeit WhatsApp, TikTok, YouTube, and Google Photos apps. Once installed, ClayRat secretly collects private data such as SMS messages, call logs, and …

ClayRat Spyware Tricks Android Users with Fake Apps Read More »

BatShadow Group’s New Campaign A recent report revealed that BatShadow Group is running a new cyber campaign targeting job seekers and digital marketing professionals. The attackers use social engineering tricks to pose as recruiters, sending malicious files disguised as job descriptions or company documents. When opened, these files trigger a hidden infection chain that installs …

BatShadow Group Targets Job Seekers with Vampire Bot Read More »

Chinese Cybercrime Group Runs New Wave Attacks Cybersecurity experts recently exposed a Chinese-speaking cybercrime group called UAT-8099. The group engages in large-scale SEO fraud and data theft targeting Microsoft IIS servers. Most attacks have been reported in India, Thailand, Vietnam, Canada, and Brazil. The hackers mainly focus on universities, telecom firms, and technology companies. UAT-8099 …

Chinese Cybercrime Group Runs Global SEO Scam Read More »

XWorm Malware the Resurfacing Threat XWorm malware has resurfaced with new ransomware features and more than 35 plugins. After its original developer abandoned the project, several cybercriminals began spreading new versions through phishing campaigns. Researchers discovered versions 6.0, 6.4, and 6.5 circulating widely. These versions can steal sensitive data, control infected devices, and encrypt files. …

XWorm Malware Returns with 35 Dangerous Plugins Read More »

Cavalry Werewolf attacks with cyber campaign Cavalry Werewolf has targeted public agencies and firms. Researchers tracked the campaign recently. For example, the attackers used phishing to gain access. Therefore, many victims were state and critical-sector organizations. How the attackers operated The group sent targeted emails that looked official. In some cases they used addresses tied …

Cavalry Werewolf Strikes with FoalShell & RAT Read More »

Self-Spreading New Malware Target WhatsApp Users Self-spreading WhatsApp malware is attacking users in Brazil, spreading fast through phishing messages with ZIP attachments. Researchers discovered that this campaign, called SORVEPOTEL, aims for speed and reach rather than stealing data or locking systems. However, its quick spread still poses serious risks to users and organizations. The malware …

Self-Spreading WhatsApp Malware Hits Users Read More »

Phantom Taurus’s Espionage Campaign China-aligned Phantom Taurus targets governments in Africa, Asia, and the Middle East. It uses stealthy NET-STAR malware. For example, it focuses on ministries and embassies. Attacks began in 2022. The group seeks diplomatic and military data. It aligns with geopolitical events. Consequently, it prioritizes intelligence collection. This serves China’s interests. Custom …

Phantom Taurus Targets Governments with NET-STAR Malware Read More »

Vane Viper’s Malicious Ad Network Vane Viper runs a hidden adtech empire. It powers malvertising and fraud. For example, it generates 1 trillion DNS queries yearly. The network evades detection for a decade. Attackers use tangled shell companies. They obscure ownership structures. Consequently, they avoid responsibility. This enables widespread cyberthreats. Compromised WordPress Sites Vane Viper …

Vane Viper’s 1 Trillion DNS Queries Fuel Malware Network Read More »

EvilAI’s Global Reach EvilAI malware targets organizations worldwide. It disguises as AI and productivity tools. For example, it hits manufacturing and healthcare. The campaign spans Europe, Americas, and AMEA. The malware mimics legitimate apps. It uses valid digital signatures. Consequently, it appears trustworthy. This fools users and security tools. Targeted Sectors Top sectors include government …

EvilAI Malware Poses as AI Tools to Target Global Firms Read More »

Oyster Malware Campaign Hackers use fake Microsoft Teams installers to deliver Oyster malware. This backdoor targets corporate networks. For example, it enables remote access. The campaign uses SEO poisoning. Malvertising Tactics Attackers promote fake sites via search ads. These mimic Teams download pages. Consequently, users download malicious files. The campaign was spotted in 2025. The …

Fake Microsoft Teams Installers Spread Oyster Malware Read More »

Phishing Campaign A new phishing campaign hits agencies. It uses SVG files to deliver CountLoader. For example, it drops Amatera Stealer. The attacks began in 2025. Emails pose as official notices. They contain malicious SVG attachments. Consequently, users open ZIP archives. This triggers the infection chain. The ZIP file holds a CHM file. It launches …

CountLoader and PureRAT Spread via Phishing SVG Attacks Read More »

Datzbro Targets Elderly Users A new Android trojan, Datzbro, preys on seniors. It uses AI-generated Facebook events. For example, it promotes travel trips. The campaign hit Australia in August 2025. Scammers create groups for active seniors. They share AI content about meetings. Consequently, victims seek social connections. This builds trust fast. Attackers reach out via …

Datzbro Trojan Tricks Seniors with Fake AI Travel Events Read More »

PhaaS Campaign Surge Lighthouse and Lucid PhaaS platforms fuel phishing attacks. They target 316 brands across 74 countries. For example, they hit financial and postal sectors. Over 17,500 domains are involved. Lucid’s Capabilities Lucid, linked to the XinXin group, sends smishing via iMessage. It uses customizable templates. Consequently, it targets specific users. This ensures high …

Lighthouse and Lucid PhaaS Target 316 Brands Globally Read More »

UNC1549’s Telecom Attacks Iran-linked UNC1549 targets telecom firms. It compromises 34 devices across 11 companies. For example, it uses LinkedIn job lures. The campaign began in 2022. Attackers pose as HR on LinkedIn. They offer fake job opportunities. Consequently, they trick employees into clicking links. This delivers malware. The campaign deploys MINIBIKE backdoor. It uses …

UNC1549 Targets Telecoms with MINIBIKE Malware via LinkedIn Read More »

RedNovember’s Global Campaign Chinese hackers, RedNovember, target governments worldwide. They use Pantegana and Cobalt Strike. For example, they hit defense and aerospace sectors. Attacks began in June 2024. The group breaches high-profile organizations. It targets ministries and security agencies. Consequently, it focuses on the U.S. and Asia. This shows broad espionage goals. RedNovember exploits known …

RedNovember Hackers Target Global Governments with Pantegana Read More »

ComicForm Targets Eurasia A new group, ComicForm, attacks Belarus, Kazakhstan, and Russia. It uses phishing emails since April 2025. For example, it targets finance and biotech. The campaign deploys Formbook malware. Emails mimic official documents. They urge users to open archives. Consequently, victims run malicious executables. These pose as PDFs. The executable launches a .NET …

ComicForm and SectorJ149 Deploy Formbook in Cyber Attacks Read More »

Malicious PyPI Packages Found Two fake Python packages deliver SilentSync RAT. They target Windows systems. For example, they steal browser data. The packages were removed from PyPI. The packages mimic legitimate tools. One poses as a health system API. Consequently, developers trust and install them. They were uploaded in 2025. The packages run malicious code …

SilentSync RAT Targets Python Devs via Malicious PyPI Packages Read More »

TA558 Targets Hotels The TA558 group, also known as RevengeHotels, attacks hotels in Brazil. It uses AI-generated phishing emails. For example, it deploys Venom RAT. The campaign started in summer 2025. Attackers use AI to craft phishing emails. These emails mimic invoices and job offers. Consequently, they appear legitimate. This tricks hotel staff into clicking …

TA558 Deploys Venom RAT via AI-Generated Phishing Targeting Hotels Read More »

SEO Poisoning Campaign Chinese users face a new SEO poisoning attack. Fake sites mimic software downloads. For example, they rank high in searches. This tricks users into malware. Attackers register similar domain names. They use subtle character changes. Consequently, sites seem legitimate. Victims download trojanized installers. The campaign deploys HiddenGh0st and Winos. Both are Gh0st …

HiddenGh0st, Winos Exploit SEO for Chinese Malware Attacks Read More »

HybridPetya Targets UEFI Systems A new ransomware, HybridPetya, mimics Petya/NotPetya. It bypasses UEFI Secure Boot. For example, it encrypts critical file data. It was detected in February 2025. HybridPetya exploits a patched UEFI flaw. This allows unauthorized code execution. Consequently, it compromises modern systems. The flaw was fixed in January 2025. Two Main Components The …

HybridPetya Ransomware Bypasses UEFI Secure Boot Read More »

Mustang Panda’s New Campaign Mustang Panda targets Thailand with new malware. It uses a USB worm called SnakeDisk. For example, it drops the Yokai backdoor. The group aligns with China. Hive0154, also known as Mustang Panda, acts since 2012. It focuses on espionage. Consequently, it evolves its tools often. This keeps attacks effective. Updated TONESHELL …

Mustang Panda’s SnakeDisk Worm Hits Systems Read More »

RatOn’s Advanced Evolution RatOn Android malware now includes sophisticated features. It evolved from NFC relay attacks. For example, it performs automated money transfers. This makes it a powerful threat. RatOn uses overlay attacks on financial apps. It automates transfers via banking systems. Consequently, it steals funds without user knowledge. Attackers control it remotely. Targeting Crypto …

RatOn Malware Evolves with NFC Relay and Banking Fraud Read More »

Axios in Phishing Attacks Threat actors exploit Axios for phishing. It surges in use by 241% recently. For example, it aids Microsoft 365 attacks. This creates efficient pipelines. Attackers misuse Microsoft’s Direct Send. It spoofs trusted emails. Consequently, messages bypass security gateways. This lands in user inboxes. High Success Rates Axios with Direct Send achieves …

Axios Abuse Powers M365 Phishing Campaigns Read More »

New Malware Threats Emerge Two new malware families target multiple platforms. CHILLYHELL attacks macOS, while ZynorRAT hits Windows and Linux. For example, they steal data and enable remote control. The campaigns are highly sophisticated. CHILLYHELL is a macOS backdoor. It targets Intel-based systems. Consequently, it compromises government websites. The malware has been active since October …

CHILLYHELL and ZynorRAT Malware Target macOS, Windows Read More »

GhostRedirector’s Server Attacks A new threat group, GhostRedirector, has compromised 65 Windows servers. It targets multiple countries. For example, Brazil and Thailand are hit hardest. The attacks started in August 2024. Rungan and Gamshen Malware GhostRedirector deploys two main tools. Rungan is a passive C++ backdoor. Gamshen is an IIS module for SEO fraud. Consequently, …

GhostRedirector Hacks 65 Servers with Rungan Backdoor Read More »

Noisy Bear Attacks Energy Sector A new threat group, Noisy Bear, targets Kazakhstan’s energy sector. The campaign, Operation BarrelFire, began in April 2025. For example, it focuses on KazMunaiGas employees. It uses phishing to deliver malware. Tactics and Attachments The attack starts with phishing emails. These emails mimic internal KMG communications. Consequently, they trick employees …

Noisy Bear Targets Energy Sector with Phishing Read More »

TamperedChef Targets Users A new malware, TamperedChef, spreads through fake PDF editors. It uses malvertising to trick users. For example, it mimics legitimate software. The campaign steals sensitive data. Malvertising Campaign Tactics Attackers promote fake PDF editors via ads. These ads lead to fraudulent websites. Consequently, users download malicious installers. The campaign started in June …

TamperedChef Malware Poses as PDF Editors to Steal Data Read More »

Shift in Android Malware Android dropper apps now deliver more than banking trojans. They spread SMS stealers and spyware. For example, they mimic government apps in Asia. This marks a new trend. Evading Google’s Defenses Google’s security blocks risky app installations. Attackers adapt with droppers that avoid detection. Consequently, they bypass permission checks. This keeps …

Android Droppers Now Spread SMS Stealers, Spyware Read More »

Silver Fox Targets Security Systems The Silver Fox group uses a new attack method. It exploits a vulnerable driver to disable security tools. For example, it deploys ValleyRAT malware. The campaign targets critical firms. Vulnerable WatchDog Driver The attack uses a Microsoft-signed driver. This driver has multiple flaws. Consequently, it allows attackers to gain high-level …

Silver Fox Uses Microsoft-Signed Driver to Spread ValleyRAT Read More »

Lazarus Group’s New Campaign North Korean hackers, Lazarus Group, target DeFi firms. They use three new malware types. For example, PondRAT and ThemeForestRAT steal data. The attacks began in 2024. Social Engineering Tactics Attackers impersonate company employees. They use fake meeting scheduler websites. Consequently, victims trust the communication. This leads to system compromise. Initial Access …

Lazarus Group Deploys PondRAT, ThemeForestRAT in Attacks Read More »

QuirkyLoader Targets Global Firms A new malware loader, QuirkyLoader, spreads harmful payloads. It uses email spam campaigns. For example, it delivers data stealers and trojans. The attacks began in November 2024. Malicious Email Tactics Attackers send spam from trusted email services. Some use self-hosted servers. Consequently, emails seem legitimate to users. This tricks them into …

QuirkyLoader Malware Spreads Trojans via Email Spam Read More »

VShell Malware Targets Linux A new attack delivers VShell malware via phishing emails. It hides in RAR archive filenames. For example, it exploits Linux systems’ weaknesses. The campaign evades antivirus detection. Malicious Filename Trick The malware uses a clever technique. It encodes harmful code in filenames. Consequently, simple file operations trigger execution. This bypasses traditional …

VShell Malware Hides in RAR Filenames to Evade Detection Read More »

HOOK Trojan’s New Features A new Android trojan, HOOK, now includes ransomware. It displays full-screen extortion messages. For example, it demands payments via crypto wallets. The trojan evolves rapidly. Ransomware Overlay Tactics HOOK shows alarming warning screens. These overlays demand ransom payments. Consequently, victims face pressure to pay. Attackers control these screens remotely. Expanded Command …

HOOK Trojan Adds Ransomware Overlays to Android Attacks Read More »

ShadowCaptcha Targets WordPress Sites A new campaign, ShadowCaptcha, exploits over 100 WordPress sites. It spreads ransomware and data stealers. For example, it uses fake CAPTCHA pages. The attacks began in August 2025. Social Engineering Tactics Attackers trick users with fake verification pages. These pages mimic trusted services. Consequently, users download harmful files. This relies on …

ShadowCaptcha Exploits WordPress to Spread Malware Read More »

MixShell Targets Supply Chain A new malware, MixShell, targets U.S. manufacturers. It uses company contact forms for attacks. For example, it hits industrial and biotech firms. The campaign, ZipLine, is highly sophisticated. Social Engineering Tactics Attackers avoid traditional phishing emails. They use contact forms to start conversations. Consequently, employees trust the exchanges. This leads to …

MixShell Malware Targets Firms via Contact Forms Read More »

New Sni5Gect Attack Emerges A new attack, Sni5Gect, targets 5G phone connections. It crashes devices and downgrades networks. For example, it forces 5G to 4G. This exposes users to vulnerabilities. No Rogue Base Station Needed Sni5Gect doesn’t require fake base stations. It sniffs unencrypted 5G messages. Consequently, attackers manipulate phone connections. This makes the attack …

Sni5Gect Attack Downgrades 5G to 4G, Crashes Phones Read More »

Kimsuky’s Diplomatic Cyberattacks North Korean hackers target South Korean diplomats. They send spear-phishing emails to embassy staff. For example, emails mimic trusted contacts. The campaign ran from March to July 2025. Using GitHub for Control Attackers use GitHub as a hidden control channel. They host malicious files on cloud services. Consequently, they deliver a powerful …

Kimsuky Targets Diplomats with GitHub-Powered Malware Read More »

Malicious Packages Uncovered New malicious packages target software developers. They hide in trusted code repositories. For example, a harmful Python package was found. It triggers multi-stage attacks. How the Attack Starts The Python package depends on another malicious one. This dependency loads harmful code. Consequently, it runs without user knowledge. The packages were downloaded hundreds …

Malicious PyPI Packages Target Developers in Supply Chain Attacks Read More »

PipeMagic Targets Windows Systems A new ransomware campaign deploys PipeMagic malware. It exploits a Windows security flaw. For example, it targets industrial firms. The attacks aim to encrypt systems. Exploiting Windows Vulnerability The campaign uses a patched Windows flaw. This flaw allows privilege escalation. Consequently, attackers gain high-level system access. This helps them deploy malicious …

PipeMagic Malware Exploits Windows Flaw for Ransomware Read More »

Noodlophile’s Global Expansion Noodlophile malware targets businesses worldwide. It uses spear-phishing emails to spread. For example, it hits firms in the U.S. and Europe. The campaign grows rapidly. Fake Copyright Notices Attackers send emails posing as copyright violation alerts. These emails include specific company details. Consequently, they seem legitimate to employees. This tricks users into …

Noodlophile Malware Targets Firms with Fake Copyright Lures Read More »

PS1Bot’s Stealthy Campaign A new malware, PS1Bot, spreads through malvertising. It infects systems with a modular design. For example, it steals data and logs keystrokes. The campaign has been active since early 2025. Malvertising as a Weapon Malvertising hides malware in online ads. Attackers inject harmful code into legitimate networks. Consequently, users visit malicious sites …

PS1Bot Malware Strikes via Malvertising Attacks Read More »

New Threat to Password Managers A new attack targets popular password manager plugins. It steals credentials and sensitive data. For example, it exposes login details and credit card information. The attack uses a clever technique. DOM-Based Clickjacking Explained The attack, called DOM-based clickjacking, manipulates web page elements. Attackers hide auto-fill prompts from plugins. Consequently, users …

DOM-Based Clickjacking Hits Password Managers Hard Read More »

New EDR Killer Emerges A new tool disables security software. Eight ransomware groups use it. For example, it evolved from an earlier version. It targets systems to deploy malicious payloads. Ransomware Groups Involved The tool aids multiple ransomware gangs. These include well-known cybercrime groups. Consequently, it spreads across different attack campaigns. This shows a growing …

EDR Killer Tool Boosts Eight Ransomware Gangs’ Attacks Read More »

FraudOnTok Targets TikTok Shop A new scam, FraudOnTok, targets TikTok Shop users. It uses fake websites to trick users. For example, over 15,000 fake domains mimic the platform. These sites aim to steal credentials and crypto. AI-Driven Deceptive Ads Attackers use AI-generated videos for scams. These videos mimic real influencers. Consequently, users trust fake ads. …

FraudOnTok Scams TikTok Shop with 15,000 Fake Domains Read More »

SocGholish’s Deceptive Spread SocGholish malware tricks users with fake software updates. It infects devices through compromised websites. For example, it mimics browser or app updates. This delivers malicious payloads to victims. Malware-as-a-Service Model Attackers use a Malware-as-a-Service system. They sell infected systems to other criminals. Consequently, groups like ransomware operators gain access. This fuels widespread …

SocGholish Malware Fuels Cybercrime via Fake Updates Read More »

Who Is Mimo and What’s the Motive? Mimo, also known as Hezb, is a financially motivated threat actor long associated with cryptocurrency mining and proxyware abuse. While previously focused on exploiting Craft CMS, Mimo has now shifted attention to Magento CMS and misconfigured Docker instances. Security researchers at Datadog have reported that Mimo’s new tactics …

Threat Actor Mimo Exploits Magento and Docker to Spread Proxyware Read More »

Who Is Behind the Attacks? A well-known Chinese cyber espionage group, APT41, has launched a new campaign in Africa, targeting government IT infrastructure. Researchers linked to the discovery said the hackers embedded hardcoded IPs, service names, and proxy paths into their malware. They even hijacked internal SharePoint servers as command-and-control (C2) hubs to issue commands. …

China-Linked Hackers Target IT Systems in Espionage Campaign Read More »

A New Player in the Ransomware Scene A new ransomware-as-a-service (RaaS) group, GLOBAL GROUP, is expanding fast. Since June 2025, it has attacked organizations in Australia, Brazil, Europe, and the United States. Researchers link the group to a threat actor called “$$$.” This individual also managed previous schemes like BlackLock and Mamona. Notably, GLOBAL GROUP …

GLOBAL GROUP RaaS Uses AI Chatbots to Target Global Firms Read More »

What Is DCHSpy? A new Android spyware called DCHSpy has been discovered by cybersecurity researchers. It collects personal data from mobile devices and targets specific individuals in the Middle East. The malware pretends to be VPN apps or Starlink-related services. Once installed, it secretly steals sensitive information like call logs, photos, WhatsApp chats, and audio …

Android Malware Disguises as VPN to Spy on Middle East Users Read More »

Who Is UNG0002? UNG0002 is a cyber threat group. It has launched espionage campaigns against several countries in Asia. Since May 2024, this group has targeted China, Hong Kong, and Pakistan. The attackers use shortcut (LNK) files and Remote Access Trojans (RATs) to break into systems. Experts believe the group is based in Southeast Asia. …

UNG0002 Targets Asia with LNK Files and Remote Access Tools Read More »

What Is Matanbuchus 3.0? Matanbuchus 3.0 is a dangerous malware loader. It belongs to a growing Malware-as-a-Service (MaaS) trend. Cybercriminals use this loader to install more harmful tools like ransomware or data stealers. First seen in 2021, Matanbuchus was sold on underground forums. Now, version 3.0 has become more advanced and harder to detect. This …

Hackers Leverage Microsoft Teams to Deploy Matanbuchus Read More »

WinRAR Flaw Endangers PCs Worldwide WinRAR flaw endangers PCs with a critical bug in July 2025. Researchers uncovered a directory traversal issue. For example, it lets malware launch from archives. This threatens user security globally. How the Vulnerability Works The flaw, CVE-2025-6218, affects older WinRAR versions. It tricks the software into extracting files to startup …

WinRAR Flaw Endangers PCs Read More »

Konfety Tricks Android Users Globally Konfety tricks Android users with a sneaky malware variant in July 2025. Researchers uncovered its malformed APKs. For example, it mimics legit apps to evade detection. This threat endangers millions of devices. How the Attack Works The malware hides in fake app copies on third-party stores. It uses a malformed …

Konfety Tricks Android Users with Malware Read More »

ZuRu Threatens Mac Users Worldwide ZuRu threatens Mac users with a new malware variant since July 2025. Researchers spotted it in trojanized Termius apps. For example, it targets developers with fake downloads. This endangers macOS security globally. How the Attack Starts Attackers disguise ZuRu as legit SSH tools. They hijack web searches to lure victims. …

ZuRu Malware Threatens Mac Users Read More »

Interlock RAT Strikes Now Globally Interlock RAT strikes now with a new PHP variant since July 2025. Researchers detected this threat targeting multiple industries. For example, it uses FileFix to spread malware widely. This endangers systems worldwide. How the Attack Begins Attackers inject hidden scripts into compromised websites. They deploy a traffic distribution system to …

Interlock RAT Strikes Now with a New Variant Read More »

eSIM Flaw Hits Devices Worldwide eSIM flaw hits devices with a new hacking risk in July 2025. Researchers found vulnerabilities in eUICC cards. For example, it affects over two billion IoT devices. This threat exposes users to serious attacks. How the Vulnerability Works The flaw lies in eSIM technology used in smartphones. Attackers exploit weak …

eSIM Flaw Hits Devices Read More »

DoNot Hits New Targets Globally DoNot hits new targets with a cunning malware attack in July 2025. Researchers linked it to an APT group active since 2016. For example, it targets European foreign ministries with LoptikMod. This threat endangers sensitive data worldwide. How the Attack Starts Attackers send spear-phishing emails to trick users. They use …

DoNot Malware Hits New Targets Globally Read More »

Fake Firms Trap Crypto Users Globally Fake firms trap crypto users with malware scams since July 2025. Researchers uncovered this social engineering plot. For example, it targets Windows and macOS with stealer malware. This threat endangers digital assets worldwide. How the Scam Works Attackers impersonate AI and gaming startups. They use spoofed social media accounts …

Fake Firms Trap Crypto Users Read More »

TapTrap Tricks Android Users Globally TapTrap tricks Android users with a sneaky UI attack. Researchers revealed this flaw in July 2025. For example, it bypasses permissions on Android 15 and 16. This threat risks sensitive data worldwide. How the Attack Works The attack uses custom animations to hide prompts. A malicious app launches a transparent …

TapTrap Malware Tricks Android Users Read More »

SEO Poisoning Traps Users Worldwide SEO poisoning traps users with malware disguised as AI tools. Researchers uncovered this campaign in July 2025. For example, it targets over 8,500 SMBs with fake downloads. This threat jeopardizes online safety globally. How the Attack Works Attackers manipulate search results with black hat SEO. They promote fake sites hosting …

SEO Poisoning Traps Users Read More »

Android Malware Anatsa Resurfaces in Google Play Android malware Anatsa has once again managed to infiltrate Google Play. This time, it disguised itself as a PDF viewer app. The malicious app, called Document Viewer – File Reader, was published by a developer using a misleading name. Before it was discovered, the app had already surpassed …

Android Malware Anatsa Targets US Bank Users Again Read More »

Spyware Threat Looms Over Russian Firms Spyware is a type of malicious software that secretly collects user data. It can steal browsing history, personal files, login credentials, and even keystrokes. Often, it hides in fake or bundled software, making it hard to detect. Once installed, it sends stolen data to cybercriminals without the user’s consent. …

Batavia Windows Spyware Hits Industries Hard Read More »

Malicious Extensions Threaten Browser Safety Malicious extensions create major risks for Chrome users. These dangerous add-ons, downloaded 1.7 million times, lurk in the Chrome Web Store. They disguise themselves as trusted tools, such as VPNs, emoji keyboards, or color pickers. However, they can steal personal data, track online activity, or redirect users to harmful websites. …

Malicious Extensions Target 1.7M Chrome Users Read More »

Hunters International Ends Era on July Hunters International, a notorious ransomware group, ends its era this month, July 2025. It shuts down and offers free decryptors to victims. For example, it targets companies with data recovery tools. This shift impacts global cybersecurity. How the Shutdown Happened The group announced closure on its dark web site. …

Hunters International Ends Ransomware Era Read More »