News

Cybersecurity researchers uncovered a new malware-as-a-service tool. It promises malicious Chrome extensions that pass Google’s review. The tool helps attackers push phishing pages easily. How the Malware Service Works The service lets buyers create harmful browser add-ons. These extensions overlay full-screen iframes on real websites. For example, they show fake login pages while the address …

Malware Service Guarantees Chrome Phishing Extensions Read More »

Cybersecurity researchers uncovered a new Chinese-linked espionage group. Amaranth Dragon exploits a WinRAR vulnerability. They target government and law enforcement in Southeast Asia. The New Threat Actor Amaranth Dragon connects to the known APT41 operations. They show strong technical skill and careful planning. For example, they limit attacks to specific countries. Therefore, they avoid unnecessary …

Amaranth Dragon Exploits WinRAR Flaw Read More »

Cybersecurity researchers uncovered a clever malware campaign. They call it DEAD#VAX. Attackers use IPFS-hosted VHD files to sneak AsyncRAT onto systems. How the Phishing Starts Attackers send phishing emails with fake purchase orders. They disguise the attachment as a PDF file. However, the link points to a VHD hosted on IPFS. This decentralized network helps …

DEAD#VAX Malware Delivers AsyncRAT Stealthily Read More »

Cybersecurity researchers uncovered attacks by a Russian-linked group. APT28 uses a new Microsoft Office vulnerability. They target users in Ukraine, Slovakia, and Romania for espionage. The Vulnerability Details The flaw is CVE-2026-21509 with a 7.8 severity score. It allows attackers to bypass security features. For example, a crafted Office file triggers unauthorized actions. Microsoft and …

APT28 Exploits Office Flaw for Spying Read More »

Security experts uncovered a large wave of harmful add-ons. More than 230 malicious skills appeared for an open-source AI assistant. These fake tools deliver password-stealing malware to users. The Viral AI Assistant Malware The project started as ClawdBot. It quickly changed to Moltbot and now OpenClaw. This local AI helper remembers chats and connects to …

Malicious Skills Push Stealer Malware Read More »

Cybersecurity experts reported a massive DDoS attack. The Aisuru botnet hit a new peak of 31.4 Tbps. It also reached 200 million requests per second. The Record-Breaking Attack Attackers launched the assault on December 19 last year. They targeted telecom companies and IT providers. For example, the campaign flooded Cloudflare customers and infrastructure. Therefore, it …

Aisuru Botnet Unleashes Record DDoS Surge Read More »

Cybersecurity experts found a sneaky Android malware campaign. Attackers use a trusted AI platform to hide thousands of harmful app versions. These steal login details from banking and payment apps. Scare Tactics Lure Victims Attackers push fake security warnings. They show ads claiming devices face scams or viruses. For example, users see urgent alerts about …

Hugging Face Abused to Spread Android Malware Read More »

Cybersecurity experts spotted Chinese-linked hackers using an improved backdoor. They call it COOLCLIENT. Mustang Panda targets government systems in several countries for deep spying. Targets and Campaign Scope The group hits government entities hard. They focus on Myanmar, Mongolia, Malaysia, and Russia. For example, attacks ran strong in 2025. Therefore, officials face ongoing risks. Mustang …

Mustang Panda Deploys Updated COOLCLIENT Backdoor Read More »

Cybersecurity researchers uncovered harmful Chrome extensions. These add-ons hijack affiliate links and steal ChatGPT access. They also grab user data from popular shopping sites. How Affiliate Hijacking Works One extension claims to block Amazon ads. It installs easily from the Chrome store. However, it secretly replaces affiliate tags in product links. The attacker’s tag earns …

Malicious Chrome Extensions Steal Affiliate Revenue Read More »

Cybersecurity experts uncovered an active phishing campaign. It targets users in India with fake tax notices. Attackers aim to install a powerful backdoor for spying and data theft. Fake Tax Emails Start the Attack Attackers send emails pretending to come from India’s tax department. They claim victims owe penalties. For example, the subject lines look …

Tax Phishing Delivers Blackmoon Malware Read More »

Cybersecurity experts revealed a clever new campaign. Fake CAPTCHAs trick users into running malicious commands. These attacks deliver an information stealer called Amatera using trusted Microsoft tools. The Fake CAPTCHA Trick Begins Attackers show fake verification prompts on websites. They urge users to copy a command and paste it into the Windows Run box. For …

Fake CAPTCHAs Spread Amatera Stealer Read More »

Researchers uncovered a major cyber attack on Poland’s energy system. Russian-linked hackers used new wiper malware called DynoWiper. The attempt happened in late December 2025 but failed to disrupt power. The Attack Hits Critical Targets Hackers struck on December 29 and 30, 2025. They aimed at two combined heat and power plants. Additionally, they targeted …

DynoWiper Malware Targets Polish Power Read More »

Cybersecurity experts uncovered a clever multi-stage phishing campaign. It targets people in Russia. Attackers deliver ransomware and a dangerous remote access tool called Amnesia RAT. How the Attack Begins Attackers send phishing emails with business documents. These look like normal routine files. For example, they pretend to be work tasks or reports. Therefore, victims open …

Multi-Stage Phishing Hits Email Users Read More »

Cybersecurity experts warn about a clever phishing campaign. Attackers use stolen credentials to install trusted remote tools. These tools give them lasting access to computers. The Sneaky Phishing Start Attackers send fake invitation emails. They pretend the messages come from a popular online card service. For example, the subject looks like a friendly invite. Therefore, …

Stolen Credentials Deploy RMM Backdoors Read More »

Microsoft warns of multi-stage adversary-in-the-middle (AitM) phishing and business email compromise attacks. These target energy sector organizations. Attackers use clever tricks to steal credentials and take control. How the Attack Starts Attackers begin with a phishing email. They send it from a trusted, previously compromised email address. The message pretends to be a SharePoint document-sharing …

Adversary-in-the-Middle Phishing Hits Energy Firms Read More »

Evelyn Stealer Targets VS Code Cybersecurity experts uncovered a dangerous new threat. Evelyn Stealer targets VS Code extensions to steal developer credentials and crypto. It hits software developers hard. Therefore, attackers gain access to valuable company systems. How Attackers Hide in VS Code Hackers publish fake extensions in the marketplace. These extensions look useful at …

Evelyn Stealer Targets VS Code to Steal Credentials Read More »

New Android Malware Uses AI Hackers created a smart Android threat. New Android malware uses AI to click on hidden browser ads. It tricks ad systems for profit. Therefore, it drains phone resources quietly. How the AI-Powered Click Fraud Works The malware loads a hidden browser inside the app. This browser stays invisible to users. …

New Android Malware Uses AI Read More »

LinkedIn Messages Spread RAT Malware Cybersecurity experts found a clever phishing trick. Hackers send private messages on LinkedIn. They target important people this way. Therefore, victims often trust the sender quickly. Hackers pretend to be friendly contacts. They build trust fast. Then, they trick users into downloading a fake file. For example, the file looks …

LinkedIn Messages Spread RAT Malware Read More »

Malware Targets Linux Cloud and Containers Cybersecurity experts revealed a new threat. They call it VoidLink Malware. This advanced framework targets Linux systems in the cloud. Therefore, it stays hidden for long periods. Researchers discovered it in December 2025. The malware uses custom tools. For example, it includes loaders, implants, and rootkits. Attackers can add …

VoidLink Malware Targets Linux Cloud and Containers Read More »

Malicious Extensions Steal Logins Cybersecurity experts found five bad Chrome extensions. These fake add-ons pretend to help with work tools. They target popular business platforms like HR and ERP systems. Therefore, they trick users into installing them. The extensions promise premium access. For example, they claim to simplify tasks on these platforms. However, they actually …

Malicious Chrome Extensions Steal Logins Read More »

GootLoader Malware Tricks Cybercriminals use a clever trick. They hide dangerous code inside GootLoader Malware. This loader combines 500 to 1,000 ZIP files into one broken archive. Therefore, most security tools fail to open it properly.Many unzipping programs struggle. For example, popular tools like third-party archivers cannot extract the contents reliably. However, Windows’ built-in extractor …

GootLoader Malware Tricks Detection with 500+ ZIP Files Read More »

Rising Android Malware Operations Android malware operations have grown more advanced and widespread. Threat actors now combine multiple attack techniques at scale. Therefore, mobile users face higher risks than before. Researchers observed these attacks targeting users in Central Asia. However, similar methods now appear globally. As a result, mobile security faces new pressure. Shift From …

Android Malware Operations Grow More Advanced Read More »

Discovery of Malicious Chrome Extensions Two Chrome extensions were recently found stealing user credentials. Cybersecurity researchers uncovered both add-ons during routine analysis. Therefore, the threat raises serious privacy concerns. Both extensions share the same name and developer. However, each has a different extension ID. As a result, detection became harder. Disguised as a Legitimate Tool …

Two Chrome Extensions Steal Credentials Silently Read More »

Overview of the Nomani Investment Scam Nomani investment scam activity has increased sharply in recent months. According to a researcher report, incidents rose by 62% this year. Therefore, online users face higher financial risk. The scam now spreads across multiple social platforms. However, earlier campaigns focused on a single network. As a result, detection has …

Nomani Investment Scam Jumps 62% Online Read More »

Overview of the Kimwolf Android Botnet Kimwolf Android Botnet has infected more than two million devices worldwide. According to a recent researcher report, the malware spreads quietly through proxy networks. Therefore, many users remain unaware of the compromise. The botnet has remained active since at least August 2025. However, its scale only became clear after …

Kimwolf Android Botnet Hits 2 Million Devices Read More »

Overview of Fake Booking Emails Campaign Fake Booking Emails have emerged as a new phishing campaign targeting hotel staff across Europe. According to a recent researcher report, attackers used deceptive messages to trigger malware infections. Therefore, hospitality organizations faced serious operational and security risks. The campaign appeared in late December 2025. Moreover, it relied on …

Fake Booking Emails Deliver Malware to Hotels Read More »

Overview of Chrome Extensions Steal ChatGPT Chats Chrome Extensions Steal ChatGPT Chats through malicious add-ons found in the browser marketplace. According to a researcher report, attackers designed these extensions to collect chatbot conversations and browsing data. Therefore, nearly 900,000 users faced silent data exposure. The extensions targeted conversations from popular AI chat platforms. Moreover, attackers …

Chrome Extensions Steal ChatGPT Chats from Users Read More »

Overview of VVS Stealer Malware VVS Stealer Malware has emerged as a new threat targeting Discord users worldwide. According to a recent researcher report, this Python-based malware steals login credentials and authentication tokens. Therefore, affected users risk account takeovers and data loss. The malware has circulated in underground markets since early 2025. Moreover, attackers marketed …

VVS Stealer Malware Targets Discord Accounts Read More »

Overview of the Trust Wallet Chrome Extension Hack Trust Wallet Chrome Extension Hack exposed a serious software supply chain breach in late 2025. According to an incident report, attackers compromised a browser extension update to steal user assets. Therefore, the breach quickly escalated into a large financial loss. The attack resulted in approximately $8.5 million …

Trust Wallet Chrome Extension Hack Drains $8.5M Read More »

Overview of DarkSpectre Browser Extension Campaigns DarkSpectre Browser Extension Campaigns exposed a long-running threat affecting users worldwide. According to a recent researcher report, attackers operated multiple malicious extension campaigns across major browsers. Therefore, millions of users unknowingly installed tools designed for surveillance and fraud. In total, these campaigns impacted more than 8.8 million users over …

DarkSpectre Browser Extension Campaigns Exposed Read More »

Overview of the Chrome Extension Hack Crypto Wallet Chrome Extension Hack exposed users to a large supply chain attack in late 2025. According to a public incident report, attackers used a compromised update to steal digital assets. Therefore, the breach quickly escalated into a major financial loss affecting thousands of users. The incident resulted in …

Crypto Wallet Chrome Extension Hack Drains $8.5M Read More »

Overview of the RondoDox Botnet Campaign RondoDox Botnet has driven a long-running cyber campaign that targets IoT devices and web servers across the internet. According to a recent report, attackers sustained this operation for nine months, which therefore shows careful planning and long-term intent. Moreover, the threat actors focused on quietly expanding their botnet while …

RondoDox Botnet Exploits React2Shell to Hijack Devices Read More »

Overview of the New Android Malware Campaign Kimsuky spreads DocSwap malware through deceptive QR phishing attacks. The campaign targets Android users by impersonating a delivery service. Researchers linked the activity to phishing websites hosting malicious QR codes. Therefore, mobile users face a growing risk. The attackers rely on social engineering rather than technical exploits. However, …

Kimsuky Spreads DocSwap Malware via QR Phishing Read More »

Overview of the Kimwolf Botnet Threat Kimwolf botnet has emerged as a massive DDoS threat targeting Android-based devices. Researchers discovered that the botnet controls at least 1.8 million infected systems. These devices include smart TVs, set-top boxes, and tablets. Therefore, the scale of the operation is unusually large. The botnet supports more than basic DDoS …

Kimwolf Botnet Hijacks 1.8 Million Android TVs Read More »

Overview of the ATM Jackpotting Scheme U.S. DOJ charges have revealed a large criminal operation targeting ATM machines nationwide. Authorities announced charges against 54 individuals involved in the scheme. The operation relied on malware to force ATMs to dispense cash. Therefore, the attacks caused significant financial damage across the country. Investigators described the scheme as …

U.S. DOJ Charges 54 in ATM Jackpotting Case Read More »

Overview of the Phishing Campaign Russia-linked hackers use device code phishing to hijack online accounts. The campaign targets cloud email users across several sectors. Researchers observed this activity starting in September 2025. Therefore, the threat remains active and evolving. The attackers focus on organizations in the U.S. and Europe. These include government, education, and transportation …

Hackers Use Device Code Phishing to Hijack Accounts Read More »

Overview of the Malware Distribution Campaign Cracked software has become a major delivery method for modern malware. Recently, researchers uncovered a campaign abusing piracy websites to spread CountLoader malware. However, attackers also rely on video platforms to widen their reach. Therefore, everyday users face increased risks when seeking free software. The campaign uses CountLoader as …

Cracked Software Spreads CountLoader Malware Read More »

Overview of the ForumTroll Phishing Campaign ForumTroll phishing attacks have resurfaced with a new and focused strategy. This time, the attackers targeted individuals inside Russia rather than large organizations. Since late 2025, the campaign has aimed at academic professionals. Therefore, the threat shows a clear shift in targeting priorities. Security researchers detected the new activity …

ForumTroll Phishing Attacks Target Scholars Using Fake eLibrary Emails Read More »

Overview of the APT28 Phishing Campaign APT28 has launched a long-running credential phishing campaign targeting users. The campaign specifically focuses on users of UKR-net, a popular webmail and news service. Since mid-2024, the activity has continued steadily without major disruption. Therefore, the operation reflects a sustained and deliberate effort. Security researchers observed this activity between …

APT28 Targets Users via Phishing Campaign Read More »

Overview of the Ink Dragon Threat Campaign Ink Dragon has intensified its cyber operations against government organizations. Since mid-2025, the group has increasingly focused on targets across Europe. However, it continues to attack entities in Southeast Asia and South America. Therefore, the campaign reflects a broad and sustained global effort. Security researchers track this activity …

Ink Dragon Targets Governments with Advanced Malware Read More »

Overview of the GhostPoster Malware Campaign GhostPoster malware has emerged as a serious browser-based threat after being discovered inside multiple Firefox add-ons. The campaign secretly abused image logo files to hide malicious JavaScript code, allowing attackers to operate unnoticed. As a result, many users installed these extensions believing they were safe and useful. Therefore, the …

GhostPoster Malware Hides Inside Popular Firefox Add-ons Read More »

A New Ransomware Emerges Cybersecurity researchers have recently documented four advanced phishing kits. The phishin kits enable large-scale credential theft by incorporating cutting-edge techniques. Some example of the techniques such as artificial intelligence and multi-factor authentication bypass methods. These kits are openly sold on underground forums, making it easier for even novice attackers to launch …

New Advanced Phishing Kits Steal Credentials Read More »

A New Ransomware Emerges Researchers uncovered a new ransomware threat in August 2025. A pro-Russian hacktivist group developed it. They named this service VolkLocker.This ransomware targets both Windows and Linux systems. Developers wrote it in Golang. However, early versions contain major security mistakes. The group offers it as a service. Therefore, other attackers can buy …

VolkLocker Ransomware Flaw Lets Victims Decrypt Files Read More »

The New Threat Emerges Researchers have spotted a sneaky campaign. Attackers use fake code repositories on a popular platform to spread a new remote access trojan. They call it PyStoreRAT. These fake repositories look like helpful tools. For example, they pretend to be OSINT utilities or AI wrappers. However, they hide simple code that downloads …

Fake OSINT Tools Hide Dangerous Malware Read More »

Overview of the Espionage Campaign WIRTE is an advanced threat group linked to long-running espionage campaigns. The group has targeted government and diplomatic organizations across the Middle East since 2020. Therefore, researchers classify the activity as persistent and strategic. Security researchers discovered a previously undocumented malware suite called AshTag. However, evidence shows the campaign likely …

WIRTE Uses AshenLoader to Deploy Espionage Malware Read More »

Overview of the Security Issue Chrome targeted by attackers through an active exploit that affects real users worldwide. A browser developer released urgent security updates to fix multiple vulnerabilities. However, one high-severity flaw already faced confirmed exploitation in the wild. Therefore, users faced immediate risk before patches became widely installed. Security researchers warned that attackers …

Chrome Targeted by Active High-Severity Exploit Read More »

Overview of the Threat NANOREMOTE malware is a newly discovered Windows backdoor with advanced capabilities. It allows attackers to remotely control infected systems by abusing cloud-based services. As a result, malicious activity blends into legitimate traffic and becomes harder to detect by traditional security tools. Security researchers explained that the malware functions as a fully …

NANOREMOTE Malware Hides Control in Cloud Read More »

Chrome Targeted by Active Exploit Chrome targeted by active in-the-wild exploit activity this week. Researchers confirmed that attackers are abusing a high-severity flaw. However, details about the vulnerability remain restricted to protect users. The issue carries an internal tracking ID and involves a still-undisclosed component. The report notes that the flaw is serious enough to …

Chrome Targeted by Hidden High-Risk Exploit Read More »

STAC6565 Targets Canada: A Growing Cyber Threat STAC6565 targets Canada in most of its recent attacks. Researchers say the campaign shows a sharp rise in focused cyber operations. Moreover, investigators observed almost 40 incidents between early 2024 and mid-2025. The group overlaps with an older cluster known as Gold Blade. However, the report notes that …

STAC6565 Major Attack Wave with Ransomware Read More »

AI Vulnerabilities Overview Researchers uncover 30+ flaws across many AI-driven coding tools. These weaknesses allow data theft and remote code execution. Therefore, security concerns around automated development environments continue to grow. The researcher behind the findings calls the flaw group “IDEsaster.” The issues impact a wide range of assistants and extensions. However, the report states …

Researchers Uncover 30+ Flaws in AI-Driven Coding Tools Read More »

False Flag Operations in China Silver Fox continues to expand its malware activity across China. Therefore, researchers warn that the threat actor is attempting to confuse attribution by imitating a Russian group. The operation uses search-engine manipulation and social engineering to push a fake messaging installer. The attackers rely on a modified loader for ValleyRAT, …

Silver Fox Spreads Fake Teams Malware Read More »

Ongoing Expansion of the Malware Campaign North Korean hackers continue to expand their attacks through the npm ecosystem. Therefore, many researchers warn that the threat is growing fast. The attackers have released 197 additional malicious packages tied to the Contagious Interview operation. These packages have already been downloaded more than 31,000 times. They deliver an …

North Korean Hackers Launch 197 npm Attacks Read More »

Albiriox Malware Overview New Albiriox malware now threatens Android users with broad fraud capabilities. Therefore, many researchers warn that its rapid spread demands urgent attention. The malware appears under a subscription-based criminal service that offers sophisticated on-device fraud tools. The malware includes a hard-coded list of more than 400 targeted apps. These apps cover banking, …

New Albiriox Malware Hits 400+ Apps Read More »

WordPress King Addons flaw is now under heavy exploitation. The issue affects a popular plugin used with a page-building tool. Researchers warned that attackers can gain full control of vulnerable sites. Therefore, site owners must act quickly to secure their systems. The flaw is tracked as CVE-2025-8489. It carries a critical score because attackers do …

WordPress King Addons Flaw Draws Active Attacks Read More »

AISURU Botnet’s Record-Breaking DDoS Impact AISURU botnet activity has reached historic levels this year. The latest incident involved a massive 29.7 Tbps DDoS attack. Researchers confirmed that the strike lasted only 69 seconds. However, its scale showed how quickly modern attacks can escalate. The report noted that the attack came from a botnet-for-hire. Therefore, even …

AISURU Botnet Drives Record 29.7 Tbps DDoS Hit Read More »

GoldFactory’s Expanding Threat in Southeast Asia GoldFactory has launched new attacks across Indonesia, Thailand, and Vietnam. The group targets mobile users by posing as government services. Moreover, it distributes modified banking apps to deliver malware. These attacks have grown steadily since late 2024. Researchers have linked GoldFactory to earlier threats. They first noticed the group …

GoldFactory Strikes SE Asia with Fake Banking Apps Read More »

Overview of the New Albiriox Threat New Albiriox MaaS malware introduces a broad threat to mobile users. The tool offers a wide range of on-device fraud features. However, it also delivers strong screen control and real-time device interaction. The malware includes a hard-coded list of more than 400 financial and trading apps. Therefore, it targets …

New Albiriox MaaS Malware Hits 400+ Mobile Apps Read More »

ShadyPanda’s Long Campaign A threat actor called ShadyPanda has operated a seven-year campaign that misused popular browser add-ons. The group used once-trusted tools to collect sensitive data from millions of users. However, the danger grew sharply in mid-2024 when several legitimate extensions received hidden malicious updates. Researchers reported that five of these add-ons began as …

ShadyPanda Turns Browser Add-Ons Into Stealthy Spies Read More »

CISA Warns of Rising Spyware Hijacks CISA warns of rising spyware campaigns targeting high-value users. The agency notes that attackers now use advanced tools to infiltrate messaging apps. Moreover, they rely on social engineering to deliver hidden malware. The alert highlights the growing danger to mobile devices worldwide. How Attackers Infiltrate Messaging Apps Attackers use …

CISA Warns of Rising Spyware Hijacks Read More »

ToddyCat’s New Hacking Tools ToddyCat’s new hacking tools give attackers deeper access to corporate email systems. The group uses custom scripts and advanced techniques to steal sensitive information. Moreover, these tools help the attackers collect tokens and mail files from compromised networks. The activity shows continued evolution in their operations. Stealing OAuth Tokens The attackers …

ToddyCat’s New Hacking Tools Target Email Data Read More »

FBI Reports Rising ATO Fraud FBI Reports rising account takeover fraud across many sectors. The report warns that criminals impersonate financial institutions to steal money. Moreover, the schemes continue to grow as attackers refine social engineering methods. The warning highlights more than $262 million in losses this year. How ATO Fraud Works Account takeover fraud …

FBI Reports Rising ATO Fraud Driven by Scams Read More »

Introduction: RomCom Uses SocGholish RomCom uses SocGholish to deliver a dangerous remote access tool. This tactic targets organizations through fake update alerts. Moreover, the method blends deception with rapid infection. The incident shows how quickly modern threats can evolve. How the Attack Began RomCom threat actors focused on a civil engineering group in the United …

RomCom Uses SocGholish in New Malware Strike Read More »

Overview of the Exploited WSUS Flaw ShadowPad Malware activity is increasing due to a severe WSUS vulnerability. Threat actors now use this flaw to gain full control of Windows systems. The vulnerability, known as CVE-2025-59287, enables remote code execution with system privileges. Therefore, attackers can enter networks with minimal resistance. Researchers recently confirmed that attackers …

ShadowPad Malware Exploits WSUS for Full Access Read More »

Dragon Breath’s Expanding Malware Strategy Dragon Breath continues to evolve its tactics. Therefore, the group now relies on a multi-stage loader called RONINGLOADER to deliver a modified Gh0st RAT variant. The operation mainly targets Chinese-speaking users. However, it spreads through installers disguised as trusted tools. Researchers report that the infection chain uses many layers. These …

Threat Actor Dragon Breath Unleashes New Stealth Attack Chain Read More »

Overview of the New Campaign Python-Based WhatsApp Worm activity continues to grow across Brazil. Researchers recently uncovered a social-engineering campaign that uses WhatsApp hijacking to spread a Delphi-based banking stealer called Eternidade Stealer. The attackers rely on a Python script to automate the spread. Therefore, the threat now moves faster than earlier PowerShell-based versions. The …

Python-Based WhatsApp Worm Spreads New Stealer Read More »

Sneaky 2FA Kit Evolves Again Sneaky 2FA continues to grow more advanced, according to a recent report. The Phishing-as-a-Service kit now includes Browser-in-the-Browser (BitB) features. Therefore, attackers with limited skills can launch convincing phishing attacks at scale. Researchers say this trend shows how quickly phishing tools are evolving. How BitB Tricks Victims with Fake Pop-ups …

Sneaky 2FA Kit Uses Fake Browser Pop-ups Read More »

Botnet Targets Windows Users Cybersecurity researchers report that Tsundere is an expanding botnet aimed at Windows systems. They note that it has grown quickly since mid-2025. Moreover, the botnet executes JavaScript code sent from a remote server. Therefore, it gives attackers a flexible way to run harmful commands. Suspicious Installation Paths and Game-Themed Lures Researchers …

Tsundere Botnet Spreads Through Game Lures Read More »

Introduction: How Sturnus Threatens Android Users Cybersecurity researchers warn that Sturnus, a new Android banking trojan, poses a serious risk. They note that it steals credentials and takes full control of devices. Moreover, it uses advanced tricks to commit financial fraud. Therefore, experts consider it a rising threat that requires quick attention. Bypassing Encrypted Chats …

Sturnus Trojan Steals Chats and Seizes Phones Read More »

GootLoader Is Back With New Stealth Features GootLoader is back and continues to evolve. Recent findings from a new report show a surge in activity. The researchers observed several infections in late October 2025. Moreover, two cases escalated quickly and reached domain controller compromise within hours. The malicious loader now uses custom fonts to hide …

GootLoader Is Back With a New Font-Hiding Trick Read More »

Fantasy Hub Trojan Expands on Telegram Fantasy Hub Trojan continues to grow across Telegram channels. It appears as a rented service that attackers can purchase. Therefore, even inexperienced criminals can launch advanced attacks. This rise increases risks for users and organizations. Researchers note that the malware supports remote device control. It gathers messages, images, contacts, …

Fantasy Hub Trojan Turns Telegram Into Hacker Tool Read More »

Konni Hackers Expand Their Attacks Konni Hackers continue to widen their operations. They now target Android and Windows devices with new tools. They aim to steal data and gain remote control. Moreover, they use social engineering to reach unsuspecting users. Konni actors pretend to be counselors or human rights experts. They spread malware disguised as …

Konni Hackers Turn Find Hub Into a Data-Wipe Threat Read More »

Introduction to the New Threat Whisper Leak attack reveals how encrypted AI chat traffic can still expose user topics. Researchers warn that passive observers can infer sensitive subjects even when communications use HTTPS encryption. Therefore, this discovery raises major privacy concerns for both individuals and organizations. However, many users remain unaware of these hidden risks. …

Whisper Leak Attack Exposes Encrypted AI Topics Read More »

Introduction to the Expanding Threat GlassWorm malware continues to evolve and now hides inside three new VS Code extensions. Researchers say the add-ons remain available for download, which increases the risk for thousands of developers. Therefore, the campaign shows no signs of slowing. However, many users still do not realize their tools may be compromised. …

GlassWorm Malware Found in Risky VS Code Add-ons Read More »

Overview of the Expanding Threat Large-Scale ClickFix Phishing Attacks now threaten hotel systems worldwide. These attacks rely on fake login pages and harmful tools like PureRAT to harvest credentials. Therefore, hotel managers face growing risks as criminals refine their methods. However, many victims still fall for the deceptive tactics. Attackers often use hijacked email accounts …

Large-Scale ClickFix Phishing Attacks Hit Hotels Read More »

China-Linked Hackers Launch New Cyberattacks Cybersecurity researchers have discovered that China-linked hackers are exploiting a serious Windows shortcut flaw to target European diplomats. These attacks occurred between September and October 2025, focusing on government and diplomatic institutions in several European countries. The campaign highlights growing concerns about cyber espionage and geopolitical intelligence gathering. How the …

China-Linked Hackers Exploit Windows Flaw on Diplomats Read More »

Cybercriminals Target Logistics Networks Cybercriminals exploit remote monitoring tools to infiltrate logistics and freight networks, aiming to steal valuable cargo for profit. According to a recent report from researchers, these attacks have been active since June 2025. The threat actors are believed to be working with organized crime groups that specialize in large-scale cargo theft. …

Cybercriminals Exploit RMM Tools to Steal Freight Read More »

Researcher Uncover Android Trojans Steal Data Cybersecurity researchers uncovered two new Android threats, BankBot-YNRK and DeliveryRAT, that steal sensitive financial data. These malicious programs secretly harvest personal information, run hidden commands, and bypass security defenses on targeted devices. Both have been active since mid-2024, showing how mobile attacks continue to evolve rapidly. How BankBot-YNRK Works …

Researchers Uncover Android Trojans Stealing Data Read More »

Brash Exploit Threatens Chromium Browsers A serious flaw has been discovered in Chromium’s Blink rendering engine, exposing millions of users to sudden browser crashes. The newly identified Brash exploit allows attackers to crash Chromium-based browsers in seconds simply by sending a malicious URL. According to a cybersecurity researcher who analyzed the bug, Brash can cause …

Brash Exploit Crashes Chromium Browser in Seconds Read More »

PhantomRaven Malware Targets npm Developers Cybersecurity researchers have discovered a new software supply chain attack named PhantomRaven. This threat targets the npm registry and steals sensitive data from developers’ systems. It collects GitHub tokens, CI/CD secrets, and authentication credentials. The campaign began around August 2025. Since then, it has grown rapidly, spreading across 126 npm …

PhantomRaven Malware Hits npm Packages Hard Read More »

AI-Targeted Cloaking Attack Exposes Hidden Risks Cybersecurity researchers have uncovered a new online threat called AI-targeted cloaking. This technique tricks artificial intelligence (AI) crawlers used by agentic web browsers into accepting fake information as verified truth. Unlike traditional search engine cloaking, this new method focuses on AI-driven tools that retrieve and summarize online content automatically. …

AI-Targeted Cloaking Attack Spreads Fake Facts Read More »

Summary of the Threat Researchers found 10 npm packages that delivered a powerful information stealer. For example, the packages aimed at Windows, macOS, and Linux. The researcher reported the operation used heavy obfuscation and fake CAPTCHAs. Therefore, many developers did not notice the malicious behavior during install. How the Attack Works The malicious packages appeared …

10 npm Packages Steal Dev Credentials Read More »

A New Android Threat Emerges Herodotus, a newly discovered Android banking trojan, is making waves for its human-like behavior. Researchers recently found it targeting users in Italy and Brazil through active malware campaigns. The malware is designed to take over devices while imitating natural user actions, allowing it to bypass advanced anti-fraud systems. According to …

Herodotus Trojan Mimics Humans to Evade Detection Read More »

GhostCall and GhostHire Overview Threat actors linked to North Korea are running two related malware campaigns named GhostCall and GhostHire. These operations mainly target professionals in the Web3 and blockchain sectors. According to recent research, both campaigns are part of a long-running effort called SnatchCrypto. Since at least 2017, this effort has focused on stealing …

GhostCall and GhostHire: Web3 Mac Malware Read More »

Dangerous New Browser Vulnerability A new ChatGPT Atlas exploit allows cyber attackers to secretly insert hidden commands into the AI’s memory. Security researchers recently discovered that this flaw could let attackers execute arbitrary code and gain control of user systems. According to a new report, this attack uses a cross-site request forgery (CSRF) technique. It …

ChatGPT Atlas Exploit Plants Hidden Malicious Code Read More »

Smishing Operation Expands The Smishing Triad has launched a massive phishing operation using more than 194,000 fake domains worldwide. Since January 2024, these domains have targeted countless users across many industries, according to a recent report. The campaign uses fraudulent text messages that claim to be toll or package delivery notices. However, the real goal …

Smishing Triad Runs 194,000 Fake Phishing Domains Read More »

YouTube Ghost Network Spreads Malware The YouTube Ghost Network is spreading fast. This massive operation uses hacked video accounts to distribute malware. Since 2021, over 3,000 infected videos have appeared, and the number has tripled in 2025. Attackers use these videos to push pirated software and game cheats, especially targeting users searching for free downloads. …

YouTube Ghost Network Spreads Hidden Malware Traps Read More »

Google Finds Three New Russian Malware Threats Google identifies three new Russian malware families linked to the COLDRIVER hacking group. According to a recent threat report, the cyber group has intensified its operations since May 2025, rapidly evolving its malware arsenal to target high-profile individuals. Researchers revealed that these malware variants named NOROBOT, YESROBOT, and …

Google Finds Three New Russian Malware Threats Read More »

Massive Spam Campaign Uncovered 131 Chrome extensions hijacked WhatsApp Web in a large-scale spam campaign targeting thousands of users. According to a cybersecurity report, the operation focused on Brazilian accounts and relied on cloned automation tools disguised as business aids. Researchers discovered that these browser extensions shared nearly identical code, design, and infrastructure. In total, …

Chrome Extensions Hijack WhatsApp for Spam Read More »

Cyberattack Overview Hackers used Snappybee malware and a Citrix security flaw to target a major European telecom network. The attack occurred in early July 2025, according to a cybersecurity report. Investigators linked the intrusion to a China-based cyber espionage group called Salt Typhoon. This group has been active since 2019 and is known for attacking …

Hackers Used Snappybee to Breach Telecom Network Read More »

Critical Risk to Enterprise Systems A newly uncovered security flaw could let attackers take full control of enterprise servers without needing a login. Researchers warned that the bug allows silent command execution, putting valuable data and operations at serious risk. Therefore, applying the latest security updates is an urgent priority for every organization. How the …

Severe Server Flaw Opens Door to Silent Takeovers Read More »

Android devices: What Pixnapping steals Android devices are vulnerable to a pixel-stealing attack. Researchers call the technique Pixnapping. It can take two-factor authentication codes without app permissions. Therefore, users should treat the threat as urgent. Who discovered it A team of academics from multiple universities found the flaw. They published a detailed paper with proofs …

Android Devices Face 2FA Theft Without Permissions Read More »

Astaroth Trojan Uses GitHub to Evade Disruption Cybersecurity researchers have discovered a new campaign delivering the Astaroth banking trojan, which cleverly remains operational even after takedowns. The malware uses GitHub as a backup control system to keep running when its main servers are blocked. Therefore, removing its infrastructure does not immediately stop the infection chain. …

Banking Trojan Stays Active After Takedowns Read More »

RondoDox Botnet Expands to 50+ Vulnerabilities Researchers have warned that the RondoDox Botnet is becoming more dangerous than ever. It now exploits over 50 security flaws across more than 30 technology vendors. This campaign uses what experts call an “exploit shotgun” approach. It targets many kinds of internet-connected devices, including routers, DVRs, NVRs, CCTV cameras, …

RondoDox Botnet Exploits 50+ Flaws in Devices Read More »

Rust-Based Malware ChaosBot Targets Financial Firms A new Rust-Based Malware, known as ChaosBot, has been discovered targeting financial organizations. Researchers found that it allows attackers to spy on victims and execute remote commands on infected computers. However, what makes ChaosBot unusual is how it communicates. Instead of using traditional control servers, it leverages Discord channels …

Rust-Based Malware ChaosBot Exploits Discord Control Read More »

Hackers Turn Velociraptor Tool Into Ransomware Weapon Hackers are abusing the Velociraptor DFIR tool to launch ransomware attacks. A new report revealed that a group called Storm-2603 has used this open-source security tool to deliver multiple ransomware strains, including LockBit, Warlock, and Babuk. However, the group didn’t exploit a flaw in Velociraptor itself. Instead, it …

Hackers Turn Velociraptor Tool Into Ransomware Weapon Read More »

Astaroth Banking Trojan resurfaces with new trick Astaroth Banking Trojan now uses a code hosting platform as backup. This lets it recover when takedown teams remove its servers. Therefore, the malware can stay active after infrastructure disruption. Researchers reported the tactic in a recent analysis. However, the campaign still relies on classic phishing. For example, …

Astaroth Banking Trojan Uses GitHub Backup Read More »

Stealit Malware Exploits Node.js Feature Stealit Malware is abusing a feature in Node.js known as the Single Executable Application (SEA) to distribute its payloads. Researchers have revealed that this malware campaign disguises itself as installers for popular games and VPN applications. However, these fake installers are actually packed with malicious code and are being shared …

Stealit Malware Hides in Game and VPN Installers Read More »

Payroll Pirates Target Employee Salaries Payroll Pirates are hijacking HR software accounts to steal salaries from employees. A recent report from researchers revealed that the group, also known as Storm-2657, is attacking U.S.-based organizations, especially universities and other large employers. However, experts warn that any company using online HR or payroll systems could be at …

Payroll Pirates Steal Salaries via HR Account Hacks Read More »

Deceptive Campaign Targets Android Users A fast-evolving Android spyware called ClayRat is targeting users through fake versions of popular apps. The campaign mainly spreads through messaging channels and phishing websites, luring users with counterfeit WhatsApp, TikTok, YouTube, and Google Photos apps. Once installed, ClayRat secretly collects private data such as SMS messages, call logs, and …

ClayRat Spyware Tricks Android Users with Fake Apps Read More »

BatShadow Group’s New Campaign A recent report revealed that BatShadow Group is running a new cyber campaign targeting job seekers and digital marketing professionals. The attackers use social engineering tricks to pose as recruiters, sending malicious files disguised as job descriptions or company documents. When opened, these files trigger a hidden infection chain that installs …

BatShadow Group Targets Job Seekers with Vampire Bot Read More »