News

Phishing Tactic Uses Email Checks Before Attack

Phishing tactic attackers are using real-time checks to verify victims’ emails before stealing credentials. This method improves success rates while staying hidden. A recent report highlights this new approach, called precision-validating phishing. Unlike bulk email scams, this attack targets only verified, active users. Therefore, only victims on a pre-selected list reach the fake login screen. …

Phishing Tactic Uses Email Checks Before Attack Read More »

ResolverRAT Malware Hits Global Health Sector

ResolverRAT malware is targeting the healthcare and pharmaceutical sectors in a new, sophisticated cyberattack campaign. The attack uses phishing emails to deliver its payload. These emails create urgency with topics like copyright violations or legal threats. They trick users into clicking a malicious link. Once clicked, the link directs the victim to download a file. …

ResolverRAT Malware Hits Global Health Sector Read More »

Malicious Packages Steal Data from Python Users

Malicious packages have been discovered on the Python Package Index (PyPI), putting developers and businesses at serious risk. Researchers revealed that several harmful libraries were uploaded to PyPI to steal sensitive data. They also tested stolen credit cards using e-commerce checkout systems. For example, two packages named bitcoinlibdbfix and bitcoinlib-dev posed as fixes for real …

Malicious Packages Steal Data from Python Users Read More »

Tax Scams Spread Malware Through PDFs and QR Codes

Tax scams are becoming more dangerous, with new phishing campaigns using PDF attachments and QR codes to infect devices and steal login credentials. According to a report, attackers send fake tax-related emails, often during tax season. These messages contain malicious PDFs that lead to phishing pages or install malware. Some campaigns use a phishing-as-a-service tool …

Tax Scams Spread Malware Through PDFs and QR Codes Read More »

Triada Malware Found in Fake Android Phones

Triada Malware Infects Counterfeit Android Phones Triada malware is making a comeback by infecting counterfeit Android smartphones. These fake devices are often sold at low prices and come with pre-installed malware that users don’t notice. According to a report, more than 2,600 users—mainly in Russia—were affected between March 13 and 27, 2025. The malware is …

Triada Malware Found in Fake Android Phones Read More »

Hackers Abuse WordPress mu-Plugins for Spam Attacks

Hackers Target WordPress mu-Plugins to Hide Malware Hackers are using WordPress’s mu-plugins to secretly plant malicious scripts on websites. These plugins, short for “must-use” plugins, run automatically without admin activation. Because of this, they don’t appear in the WordPress plugin dashboard, making them harder to spot during routine security checks. According to a report, this …

Hackers Abuse WordPress mu-Plugins for Spam Attacks Read More »

Phishing Platform Lucid Targets 169 Victims Globally

Phishing Attacks Are Evolving Phishing campaigns have become more sophisticated than ever. A new threat platform called Lucid has targeted 169 organizations in 88 countries. It delivers smishing messages using Apple iMessage and Android RCS, avoiding traditional SMS spam filters. Instead of relying on old-school methods, Lucid operates as a phishing-as-a-service (PhaaS) tool. This subscription-based …

Phishing Platform Lucid Targets 169 Victims Globally Read More »

Ransomware Exposes DBS & Bank of China Customer Data in Vendor Attack

Ransomware Attack Exposes DBS and BOC Customer Data Ransomware attack on a third-party printing vendor has exposed sensitive customer data from DBS and Bank of China (BOC) in Singapore. The vendor, Toppan Next Tech (TNT), reported the breach to authorities on April 6. The Cyber Security Agency (CSA) and the Monetary Authority of Singapore (MAS) …

Ransomware Exposes DBS & Bank of China Customer Data in Vendor Attack Read More »

ClearFake Malware Spreads Fast Through Fake Checks

ClearFake malware is spreading quickly by tricking users with fake security verifications. Over 9,300 websites are now infected. The attackers behind ClearFake use fake reCAPTCHA and Cloudflare Turnstile pop-ups. These appear real but are used to deliver malware like Lumma and Vidar Stealer. ClearFake first surfaced in mid-2023. It started by placing fake browser update …

ClearFake Malware Spreads Fast Through Fake Checks Read More »

GitHub Vulnerability Exposes Secrets in Workflows

GitHub vulnerability CVE-2025-30066 is now actively exploited, posing a major threat to developers and organizations using GitHub Actions. According to a recent report, attackers targeted a GitHub Action called tj-actions/changed-files to access sensitive data. They injected malicious code into workflows by exploiting a supply chain weakness. The attack allows hackers to steal secrets from action …

GitHub Vulnerability Exposes Secrets in Workflows Read More »

Rules File Backdoor Attack Targets AI Coders

Rules File Backdoor is a new attack targeting AI-powered code editors. It silently injects malicious code into projects by corrupting the tools developers rely on. This threat affects popular AI tools such as Copilot and Cursor. These editors use configuration or “rules” files to guide their code suggestions. However, attackers can secretly poison these files …

Rules File Backdoor Attack Targets AI Coders Read More »

Chinese Hackers Use Backdoors to Hijack Juniper Routers

Chinese Hackers Exploit Juniper Routers with Custom Malware Chinese hackers have been caught installing backdoors and rootkits on outdated Juniper Networks MX Series routers. A recent report revealed that cyber espionage group UNC3886 is behind the attack. Their goal is to establish long-term access and steal sensitive data from targeted networks. How Hackers Compromise Juniper …

Chinese Hackers Use Backdoors to Hijack Juniper Routers Read More »

MassJacker Malware Hijacks Crypto from Piracy Users

Piracy Users Targeted by New Crypto-Stealing Malware MassJacker, a newly discovered malware, is stealing cryptocurrency from users searching for pirated software. A recent report found that cybercriminals use this malware to hijack copied wallet addresses and reroute funds. This attack method poses a serious threat to cryptocurrency holders. How MassJacker Infects Devices The infection starts …

MassJacker Malware Hijacks Crypto from Piracy Users Read More »

Malicious PyPI Packages Stole Cloud Tokens in 14,000+ Downloads

Malicious PyPI packages have been discovered stealing cloud tokens, compromising thousands of users. Researchers found 20 harmful packages disguised as useful tools, tricking developers into installing them. These packages, downloaded over 14,100 times, targeted cloud service credentials from major platforms A recent report identified two clusters of malicious PyPI packages. The first set included tools …

Malicious PyPI Packages Stole Cloud Tokens in 14,000+ Downloads Read More »

Cybercriminals Use CSS Tricks to Bypass Filters and Spy

Hackers Exploit CSS to Evade Spam Filters Cybercriminals are using Cascading Style Sheets (CSS) to evade spam filters and track email users. A recent report revealed that attackers exploit CSS features to bypass security measures. They can even monitor user actions without requiring JavaScript. This method threatens both privacy and security. How Attackers Use CSS …

Cybercriminals Use CSS Tricks to Bypass Filters and Spy Read More »

Malware Uses Fake CAPTCHA to Deploy Rootkit and Hide

Hackers Exploit CAPTCHA Scams to Evade Detection Malware campaigns are becoming more deceptive. Hackers now use fake CAPTCHA pages to trick users into downloading malicious files. A recent report uncovered OBSCURE#BAT, a malware that delivers the r77 rootkit. This rootkit allows attackers to remain undetected while controlling infected systems. How the Attack Works The attack …

Malware Uses Fake CAPTCHA to Deploy Rootkit and Hide Read More »

Medusa Ransomware Attacks Surge, Demanding Millions

Medusa ransomware is rapidly expanding its attacks in 2025, demanding ransoms as high as $15 million. A recent report highlights over 40 new victims this year. The ransomware group has targeted healthcare, financial, and government organizations. Researchers note a 42% rise in Medusa-related incidents between 2023 and 2024. This increase suggests the group is filling …

Medusa Ransomware Attacks Surge, Demanding Millions Read More »

EncryptHub Spreads Ransomware via Phishing and Fake Apps

EncryptHub is actively spreading ransomware and information stealers through phishing and fake apps. A recent report highlights how this threat actor deceives users. The campaign began in mid-2024 and has compromised over 600 high-value targets. Attackers use phishing, trojanized applications, and Pay-Per-Install (PPI) services to distribute malware. Their goal is to steal credentials and deploy …

EncryptHub Spreads Ransomware via Phishing and Fake Apps Read More »

SideWinder APT Targets Key Industries in Asia and Beyond

SideWinder APT is actively targeting industries across Asia, the Middle East, and Africa. Maritime, nuclear, and IT sectors are among the main victims of this cyber threat. A recent report found attacks in Bangladesh, Cambodia, Djibouti, Egypt, the UAE, and Vietnam. The group also focuses on nuclear power plants and energy infrastructure in South Asia …

SideWinder APT Targets Key Industries in Asia and Beyond Read More »

Malvertising Campaign Infects 1 Million Devices Globally

Malvertising is spreading rapidly, infecting over 1 million devices worldwide. A recent report reveals that attackers use illegal streaming sites to deliver malware. The campaign began in December 2024 and affects both individuals and businesses. Attackers use phishing, SEO poisoning, and fake ads to trick users into downloading harmful software. The malware steals sensitive data, …

Malvertising Campaign Infects 1 Million Devices Globally Read More »

WordPress Sites Hacked with JavaScript Backdoors

Hackers are targeting WordPress sites by injecting JavaScript backdoors to maintain persistent access. A recent report found over 1,000 infected websites, where malicious code delivers four different backdoors. These backdoors give attackers multiple ways to regain control, even if website owners remove one method. The compromised sites load harmful scripts from an external domain, affecting …

WordPress Sites Hacked with JavaScript Backdoors Read More »

Poco RAT Malware Targets Businesses

Poco RAT malware is being used to target Spanish-speaking businesses in Latin America. A hacker group, identified as Dark Caracal, has launched phishing attacks to infect organizations in Venezuela, Chile, Colombia, Ecuador, and the Dominican Republic. A recent report highlights how the malware operates. Poco RAT can upload files, capture screenshots, execute commands, and manipulate …

Poco RAT Malware Targets Businesses Read More »

Lumma Stealer Malware Spreading through Phishing Attack

Lumma Stealer malware has been linked to cyberattacks in Russia and Belarus. A hacker group, tracked as Sticky Werewolf, is using an undocumented implant to infect victims. Researchers found that the attackers focus on employees of large organizations, including government agencies and contractors. Reports suggest that the group communicates in fluent Russian, indicating that they …

Lumma Stealer Malware Spreading through Phishing Attack Read More »

API Keys and Passwords Leaked in AI Training Data

API keys and passwords have been discovered in public datasets used to train AI models. Researchers found nearly 12,000 live secrets, exposing users and organizations to security risks. These credentials allow unauthorized access to various services, leading to potential data breaches. A recent report analyzed an archive from a large web dataset, revealing 400TB of …

API Keys and Passwords Leaked in AI Training Data Read More »

AWS Misconfigurations Let Hackers Launch Phishing Attacks

AWS misconfigurations are allowing hackers to exploit Amazon Simple Email Service (SES) and WorkMail for phishing attacks. Researchers have linked this activity to a group known as TGR-UNK-0011, which has been active since 2019. Initially, the group focused on defacing websites. However, in 2022, they shifted to phishing campaigns for financial gain. These attacks do …

AWS Misconfigurations Let Hackers Launch Phishing Attacks Read More »

Fake CAPTCHA PDFs Spread Lumma Stealer Malware

Fake CAPTCHA PDFs are being used to spread Lumma Stealer malware through phishing campaigns. Researchers have found 260 domains hosting 5,000 malicious PDFs. These files redirect victims to dangerous websites, where attackers steal data or install malware. Cybercriminals use SEO techniques to make their malicious pages appear in search engine results. Many victims unknowingly click …

Fake CAPTCHA PDFs Spread Lumma Stealer Malware Read More »

Vo1d Botnet Infects 1.59M Android TVs Worldwide

Vo1d botnet has infected over 1.59 million Android TVs across 226 countries. Reports show a surge in infections, especially in India, where cases jumped from 3,901 to 217,771 within weeks. This malware evolves rapidly, improving its stealth and resilience while making detection difficult. Researchers found that Vo1d uses RSA encryption to secure communication. This prevents …

Vo1d Botnet Infects 1.59M Android TVs Worldwide Read More »

Black Basta Leak Exposes Ransomware Group’s Secrets

Black Basta Leak Exposes Ransomware Group’s Secrets Black Basta ransomware has been exposed in a major data leak, revealing internal conflicts and attack strategies. A recent report published chat logs from the cybercriminal group, offering an inside look at their operations. The leak, which includes over 200,000 messages, details tactics, leadership disputes, and security flaws …

Black Basta Leak Exposes Ransomware Group’s Secrets Read More »

Cybercriminals Use Darcula PhaaS to Clone Sites in Minutes

Cybercriminals Use Darcula PhaaS to Clone Sites in Minutes Cybercriminals now have an even easier way to create phishing websites using Darcula PhaaS v3. Researchers report that this latest version lets hackers clone any brand’s website and launch phishing attacks with minimal effort. The tool lowers the skill needed to create realistic fake sites, making …

Cybercriminals Use Darcula PhaaS to Clone Sites in Minutes Read More »

FatalRAT Malware Targets APAC Industries in Phishing Attacks

FatalRAT Malware Targets APAC Industries in Phishing Attacks FatalRAT malware is being used in phishing attacks across APAC industries. Researchers have identified a campaign that delivers this malware through Chinese cloud services to infect organizations in manufacturing, IT, healthcare, and logistics. These attacks pose a serious risk, allowing hackers to steal data, manipulate systems, and …

FatalRAT Malware Targets APAC Industries in Phishing Attacks Read More »

Linux Malware Auto-Color Gives Hackers Full Access

Linux malware called Auto-Color is targeting universities and government organizations across North America and Asia. A recent report revealed that this stealthy threat grants hackers full remote access to compromised systems. Once installed, it is difficult to remove without specialized tools. How Auto-Color Works The malware gets its name from the file name it renames …

Linux Malware Auto-Color Gives Hackers Full Access Read More »

LightSpy Malware Gains Control Over Multiple Platforms

LightSpy Malware Gains Control Over Multiple Platforms LightSpy malware has expanded its capabilities, now supporting over 100 commands across Windows, macOS, Linux, and mobile devices. According to a recent report, this advanced spyware can now extract data from Facebook and Instagram, increasing its surveillance potential. As a result, cybercriminals can access sensitive user information more …

LightSpy Malware Gains Control Over Multiple Platforms Read More »

OpenSSH Vulnerabilities May Lead to Cybersecurity Threats

OpenSSH vulnerabilities could expose users to cyber threats. Researchers have identified two flaws that could allow man-in-the-middle (MitM) attacks or denial of service (DoS). These security risks could enable attackers to steal credentials or crash systems, making it crucial for users to update their software immediately. Security experts have identified two key flaws: CVE-2025-26465 and …

OpenSSH Vulnerabilities May Lead to Cybersecurity Threats Read More »

Chinese Hackers Use MAVInject.exe to Bypass Security

Chinese Hackers Exploit MAVInject.exe to Evade Detection Chinese state-sponsored hackers, identified as Mustang Panda, have been caught using a stealthy technique to evade cybersecurity measures and maintain persistent access to infected systems. They leverage a legitimate Windows utility, Microsoft Application Virtualization Injector (MAVInject.exe), to inject malicious payloads into external processes. This tactic helps them bypass …

Chinese Hackers Use MAVInject.exe to Bypass Security Read More »

FrigidStealer Malware Targets macOS via Fake Updates

FrigidStealer malware is a new cybersecurity threat targeting macOS users through fake browser updates, a recent report warns. Attackers inject malicious scripts into compromised websites, tricking users into downloading malware. How the Attack Works The attack originates from TA2727, a cybercriminal group that uses fake update lures to spread malware. These attackers distribute multiple info-stealers, …

FrigidStealer Malware Targets macOS via Fake Updates Read More »

Xerox Printer Flaws Could Expose Windows Credentials

Xerox printer vulnerabilities could let attackers steal Windows Active Directory credentials, a recent report warns. Hackers can exploit security flaws to capture authentication data using LDAP and SMB/FTP services. How the Attack Works Researchers discovered two major vulnerabilities in Xerox VersaLink C7025 printers. These flaws allow attackers to manipulate printer settings and redirect authentication credentials …

Xerox Printer Flaws Could Expose Windows Credentials Read More »

whoAMI Attack Exploits AWS AMI Flaws for Code Execution

whoAMI attack is a new name confusion exploit that allows the hackers to gain remote code execution (RCE) within AWS accounts based on a warns from recent report. This attack relies on Amazon Machine Image (AMI) misuse. Hackers upload malicious AMIs with deceptive names, tricking misconfigured software into using them. If successful, the attacker can …

whoAMI Attack Exploits AWS AMI Flaws for Code Execution Read More »

Lazarus Group Targets Developers with New JavaScript Malware

Lazarus Group has launched a new JavaScript malware called Marstech1, targeting developers in a series of highly focused attacks based on a recent report reveals. The operation called Marstech Mayhem, began the attack in late 2024. The malware was delivered through an open-source GitHub repository under a profile with name “SuccessFriend.” This profile, active since …

Lazarus Group Targets Developers with New JavaScript Malware Read More »

Ransomware Attack Linked to Chinese Hacker’s Side Job

Ransomware linked to Chinese cyberespionage tools has surfaced in a recent attack, suggesting that an individual hacker may be using these resources for personal financial gain, a recent report reveals. The hacker used a legitimate executable to sideload a malicious DLL, which then deployed a heavily disguised PlugX backdoor. This backdoor, previously tied to a …

Ransomware Attack Linked to Chinese Hacker’s Side Job Read More »

Hackers Use CAPTCHA Tricks in Phishing Scam to Steal Data

Hackers are using fake CAPTCHA challenges in a new phishing scam to steal credit card details and other sensitive information, according to a recent report. The campaign, active since mid-2024, involves malicious PDF files hosted on a content delivery network (CDN). Attackers target users searching for documents on search engines like Google. Clicking on infected …

Hackers Use CAPTCHA Tricks in Phishing Scam to Steal Data Read More »

Aquabot Botnet Exploits Mitel Phone Flaws for DDoS Attacks

Aquabot botnet has started exploiting vulnerable in Mitel SIP phones to launch the DDoS attacks, according to a recent report. This Mirai-based malware targets CVE-2024-41710, a high-severity command injection flaw found in multiple Mitel phone series. In July 2024, Mitel released firmware updates to patch the flaw. The vulnerability allows an authenticated attacker with admin …

Aquabot Botnet Exploits Mitel Phone Flaws for DDoS Attacks Read More »

BadPilot Cyberattacks Help Hackers Target Networks

BadPilot cyberattacks have been fueling Russian hacker operations for years. A subgroup of the state-sponsored hacking group APT44, also called Sandworm, has been launching widespread network intrusions. According to a recent report, this group focuses on breaching critical infrastructure, including energy, telecommunications, and defense sectors. The hacking campaign has been active since at least 2021. …

BadPilot Cyberattacks Help Hackers Target Networks Read More »

North Korean Hackers Use forceCopy Malware to Steal Data

North Korean hackers are using forceCopy malware to steal browser-stored credentials, according to a recent report. The hacking group Kimsuky is behind a new wave of spear-phishing attacks targeting victims through malicious email attachments. The attack begins with a phishing email containing a Windows shortcut (LNK) file. This file is disguised as a Microsoft Office …

North Korean Hackers Use forceCopy Malware to Steal Data Read More »

Fake Chrome Sites Spread ValleyRAT Malware via DLL Hijacking

Fake Chrome sites are being used to distribute ValleyRAT malware through DLL hijacking. A recent report reveals that attackers trick users into downloading malicious installers disguised as legitimate Chrome downloads. The ValleyRAT malware was first discovered in 2023 and is linked to a hacking group known as Silver Fox. Their attacks mainly target Chinese-speaking users …

Fake Chrome Sites Spread ValleyRAT Malware via DLL Hijacking Read More »

FERRET Malware Targets macOS Users via Fake Job Offers

FERRET malware is being used in a deceptive cyberattack targeting macOS users through fake job interviews. A recent report revealed that North Korean hackers are behind this new campaign, tricking job seekers into installing malicious software. The attackers pose as recruiters on LinkedIn and invite victims to virtual interviews. They send a fake videoconferencing link …

FERRET Malware Targets macOS Users via Fake Job Offers Read More »

Coyote Malware Expands, Targeting More Banks and Websites

Coyote malware is spreading rapidly, now attacking over 1,000 websites and 73 financial institutions. A recent report revealed that Brazilian Windows users are its primary target. This dangerous banking Trojan is designed to steal sensitive information, including login credentials and financial data. Once installed, Coyote can record keystrokes, take screenshots, and display phishing overlays. These …

Coyote Malware Expands, Targeting More Banks and Websites Read More »

Google Blocks 158,000 Malicious App Developers in 2024

Google has taken strong action against harmful Android apps in 2024. The company blocked over 2.36 million policy-violating apps from entering the Google Play Store. Additionally, it banned 158,000 developer accounts that attempted to upload malicious apps. By collaborating with third-party developers, Google also prevented 1.3 million apps from gaining unnecessary access to user data. …

Google Blocks 158,000 Malicious App Developers in 2024 Read More »

Malvertising Scam Uses Fake Ads to Steal Microsoft Logins

Malvertising scams are on the rise, with cybercriminals using fake ads to steal login credentials. A recent report uncovered a campaign targeting Microsoft advertisers through fraudulent Google ads. These deceptive ads lead users to phishing sites designed to harvest sensitive information. According to the report, attackers aim to trick users searching for “Microsoft Ads” on …

Malvertising Scam Uses Fake Ads to Steal Microsoft Logins Read More »

Lazarus Group Uses Hidden Admin Panel for Cyber Attacks

Lazarus Group is using a hidden web-based admin panel to control its global cyber attacks. A recent report reveals that this platform helps manage stolen data and oversee operations. The group built its system using a React-based application with a Node.js API. Researchers found that each command-and-control (C2) server hosted the same admin interface, despite …

Lazarus Group Uses Hidden Admin Panel for Cyber Attacks Read More »

DeepSeek AI Data Leak Exposes Secret Keys and Logs

DeepSeek AI suffered a major security breach, exposing over a million log entries, secret keys, and sensitive database details. The leaked information could have allowed unauthorized access to its internal systems. A security report revealed that DeepSeek left its ClickHouse database open online. This database permitted full control over its operations, allowing attackers to access …

DeepSeek AI Data Leak Exposes Secret Keys and Logs Read More »

MintsLoader Malware Spreads via Fake CAPTCHA Pages

MintsLoader malware is being used in cyberattacks targeting businesses in the U.S. and Europe. A recent report reveals that hackers distribute MintsLoader through fake CAPTCHA pages and spam emails. The malware acts as a loader, delivering harmful payloads like StealC, an information stealer, and BOINC, an open-source computing tool. Attackers trick victims into downloading MintsLoader …

MintsLoader Malware Spreads via Fake CAPTCHA Pages Read More »

PNGPlug Malware Targets Users with Fake Installers

PNGPlug malware is spreading through fake software installers, targeting Chinese-speaking users in Hong Kong, Taiwan, and Mainland China. A recent report highlights how cybercriminals use a phishing campaign to trick victims into downloading a malicious Microsoft Installer (MSI) package. Once executed, the installer deploys a legitimate application to avoid suspicion. However, in the background, it …

PNGPlug Malware Targets Users with Fake Installers Read More »

13,000 MikroTik Routers Hijacked for Cyberattacks

MikroTik routers are at the center of a new cyber threat, with 13,000 devices hijacked and turned into a botnet. This botnet spreads malware through email spam, bypassing security measures by exploiting misconfigured DNS records. According to a recent report, attackers use these compromised routers to send malicious emails disguised as legitimate messages. The campaign, …

13,000 MikroTik Routers Hijacked for Cyberattacks Read More »

Morpheus and HellCat Ransomware Found Sharing Code

Morpheus and HellCat, two new ransomware groups, have been discovered sharing identical code in their payloads. This revelation highlights the interconnected nature of emerging ransomware operations. A detailed analysis by researchers found that both ransomware types use the same codebase, differing only in victim-specific data and attacker contact details. These ransomware families first appeared in …

Morpheus and HellCat Ransomware Found Sharing Code Read More »

QakBot-Linked Malware Gains Enhanced Remote Access Tools

QakBot, a notorious malware originally designed as a banking trojan, has evolved into a sophisticated threat. Researchers have revealed a new BackConnect (BC) malware linked to QakBot, equipped with enhanced capabilities for remote access and data gathering. This development highlights the persistence of QakBot-associated threat actors, despite previous law enforcement takedowns. The BC malware, which …

QakBot-Linked Malware Gains Enhanced Remote Access Tools Read More »

Mirai Botnet Hits Record DDoS Attack Linked to Indonesia

The Mirai botnet has launched a record-breaking distributed denial-of-service (DDoS) attack, reaching a staggering 5.6 terabits per second (Tbps). This massive assault, detected on October 29, 2024, targeted an internet service provider (ISP) in Eastern Asia. The attack was facilitated by over 13,000 compromised Internet of Things (IoT) devices, including some linked to Indonesia. Reports …

Mirai Botnet Hits Record DDoS Attack Linked to Indonesia Read More »

PlushDaemon APT Targets VPN Provider in Cyber Attack

PlushDaemon, a China-linked advanced persistent threat (APT) group, has launched a supply chain attack against a South Korean VPN provider. Reports reveal that this attack involved replacing the legitimate VPN installer with a compromised version. This altered installer deployed SlowStepper, a backdoor featuring over 30 components designed for data collection and espionage. PlushDaemon, active since …

PlushDaemon APT Targets VPN Provider in Cyber Attack Read More »

Fake CAPTCHA Malware Targets Multiple Industries

Fake CAPTCHA campaigns are being used to spread the Lumma information stealer globally, targeting industries such as healthcare, banking, and telecommunications. The campaign affects countries including Argentina, Colombia, the U.S., and the Philippines, according to a recent report. The attack begins when users visit compromised websites. These sites redirect visitors to a fake CAPTCHA page …

Fake CAPTCHA Malware Targets Multiple Industries Read More »

Hackers Use Images to Deploy Keyloggers and Stealers

Hackers are increasingly using images to conceal malware, including VIP Keylogger and 0bj3ctivity Stealer, in separate but similar campaigns. According to a report, these attackers hide malicious code in images uploaded to file-hosting platforms and employ a .NET loader to install the malware. The attack begins with phishing emails disguised as invoices or purchase orders. …

Hackers Use Images to Deploy Keyloggers and Stealers Read More »

Google Ads Users Hit by Malvertising Phishing Scam

Google Ads users are the target of a sophisticated malvertising scam designed to steal credentials and bypass two-factor authentication (2FA). Cybersecurity researchers report that attackers are using fraudulent ads to redirect victims to phishing sites. These fake ads impersonate legitimate Google Ads, tricking users into sharing sensitive account details. The goal of the campaign is …

Google Ads Users Hit by Malvertising Phishing Scam Read More »

Python Malware Fuels RansomHub Ransomware Attacks

Python-based malware is powering a new wave of ransomware attacks, researchers report. The malware facilitates persistent access to networks, enabling the deployment of RansomHub ransomware across compromised systems. The attack begins with SocGholish, a JavaScript-based malware, delivered through drive-by campaigns. Victims unknowingly download it via fake web browser update alerts on compromised websites. SocGholish communicates …

Python Malware Fuels RansomHub Ransomware Attacks Read More »

Banshee Malware Threatens macOS Users with New Tactics

Banshee Stealer, a macOS-focused malware, has re-emerged with a stealthier version, according to researchers. This updated malware uses advanced encryption techniques inspired by Apple’s XProtect to bypass antivirus systems, putting millions of macOS users at risk. Initially uncovered in 2024, Banshee Stealer was thought to be inactive after its source code was leaked. However, a …

Banshee Malware Threatens macOS Users with New Tactics Read More »

WordPress Skimmer Targets E-commerce Checkout Pages

WordPress e-commerce websites are the latest target of a stealthy credit card skimmer campaign, according to researchers. The malware uses malicious JavaScript code injected into WordPress database tables to steal sensitive payment information. This skimmer specifically attacks checkout pages by hijacking payment fields or generating fake credit card forms. The malicious code, hidden within the …

WordPress Skimmer Targets E-commerce Checkout Pages Read More »

Phishing Scam Targets iMessage Users

Phishing scams are increasingly targeting Apple iMessage users, exploiting a trick that disables the app’s built-in phishing protection. This manipulation aims to re-enable disabled links, putting users at risk. Mobile devices have become central to daily activities such as paying bills, shopping, and staying connected. As a result, cybercriminals are escalating SMS phishing (smishing) attacks …

Phishing Scam Targets iMessage Users Read More »

Malware Exploits Windows UI Tools to Bypass Security

Malware creators have discovered a way to exploit Windows UI Automation (UIA), a framework initially designed to help users with accessibility needs. This new technique enables attackers to perform malicious activities while avoiding detection by endpoint detection and response (EDR) tools. To execute this attack, users must run a program that uses UI Automation. Once …

Malware Exploits Windows UI Tools to Bypass Security Read More »

Mask APT Strikes Again with Advanced Multi-Platform Malware

Mask APT, also known as Careto, has resurfaced with a new wave of sophisticated attacks targeting an organization in Latin America. This notorious cyber espionage group has a long history of infiltrating high-profile entities, including governments, research institutions, and diplomatic bodies, since at least 2007. First documented in 2014, the group’s origins remain a mystery. …

Mask APT Strikes Again with Advanced Multi-Platform Malware Read More »

3 Million Mail Servers at Risk Due to Missing Encryption

Over three million mail servers lack TLS encryption, leaving them vulnerable to network sniffing attacks. These servers, which run IMAP or POP3 protocols, expose users’ sensitive data such as usernames and passwords when accessed over unsecured networks. IMAP and POP3 are protocols used to access emails from servers. IMAP is popular for synchronizing messages across …

3 Million Mail Servers at Risk Due to Missing Encryption Read More »

EAGERBEE Malware Targets ISPs and Governments

EAGERBEE, an advanced malware variant, is targeting ISPs and government systems across the Middle East and East Asia. Researchers have identified its enhanced capabilities, which include deploying payloads, exploring processes, and manipulating files. This malware also uses sophisticated backdoor functions to maintain persistent access. The EAGERBEE framework includes plugins for managing files, network connections, and …

EAGERBEE Malware Targets ISPs and Governments Read More »

DoubleClickjacking Exploit Threatens Major Websites’ Security

A new exploit named DoubleClickjacking exposes vulnerabilities in major websites, allowing attackers to bypass existing clickjacking protections. This attack uses a double-click sequence to perform malicious actions, including account takeovers, with minimal user interaction. Unlike traditional clickjacking, which tricks users into clicking deceptive elements, DoubleClickjacking exploits the gap between the first and second clicks. This …

DoubleClickjacking Exploit Threatens Major Websites’ Security Read More »

FireScam Malware Masquerades as Telegram to Steal Data

FireScam, a new Android malware, disguises itself as a Telegram Premium app to steal sensitive data and control infected devices. Distributed through phishing websites, it poses as a legitimate application from RuStore, a trusted app store in Russia. The malware uses a sophisticated infection process starting with a dropper APK. Once installed, it exfiltrates data …

FireScam Malware Masquerades as Telegram to Steal Data Read More »

Malicious NPM Package Deploys Quasar RAT on Developer Systems

Malicious software targeting developers has surfaced in the form of an npm package named ethereumvulncontracthandler. Disguised as a tool for detecting Ethereum vulnerabilities, it secretly delivers a powerful remote access trojan (RAT) called Quasar RAT. This threat, first released publicly in 2014, is notorious for enabling cybercrime and espionage campaigns. The package, uploaded on December …

Malicious NPM Package Deploys Quasar RAT on Developer Systems Read More »

AI Jailbreak ‘Bad Likert Judge’ Raises Security Risks

A new AI jailbreak method, called Bad Likert Judge, poses significant challenges to large language models (LLMs). Researchers revealed that this technique bypasses safety measures, enabling harmful or malicious outputs. By exploiting LLMs’ advanced capabilities, the approach raises concerns about AI security and responsible use. The method uses a psychological tool called the Likert scale, …

AI Jailbreak ‘Bad Likert Judge’ Raises Security Risks Read More »

PLAYFULGHOST Malware Targets Users via Phishing and SEO

Researchers have identified a new threat called PLAYFULGHOST. This malware has numerous spying capabilities, such as logging keystrokes, capturing screens and audio, running remote shells, and managing file operations. Moreover, PLAYFULGHOST shares similarities with an old tool known as Gh0st RAT, which became public in 2008. The malware enters systems through phishing emails or SEO …

PLAYFULGHOST Malware Targets Users via Phishing and SEO Read More »

Iran’s Charming Kitten Adopts New BellaCPP Malware Variant

Iran’s hacking group Charming Kitten is deploying a new malware variant called BellaCPP. This variant is a C++ adaptation of the previously documented BellaCiao malware. A recent investigation uncovered BellaCPP on a compromised machine in Asia. Researchers noted that BellaCiao, first identified in April 2023, is a custom dropper used to deliver malicious payloads. This …

Iran’s Charming Kitten Adopts New BellaCPP Malware Variant Read More »

North Korean Hackers Unleash OtterCookie Malware in New Attack

North Korean hackers are using new OtterCookie malware to target job seekers. The malware is part of the ongoing Contagious Interview campaign, which relies on social engineering tricks. Hackers pose as recruiters and trick individuals into downloading malicious software disguised as job-related tools. The attackers use malware-laden videoconferencing apps or npm packages. These are often …

North Korean Hackers Unleash OtterCookie Malware in New Attack Read More »

Chrome Extensions Hacked: Data of 600K Users Exposed

Chrome extensions hacked, putting over 600,000 users at risk. A targeted attack has compromised 16 extensions, allowing hackers to steal sensitive data like cookies and access tokens. This attack started with phishing emails sent to developers. These emails, pretending to be from Chrome Web Store Developer Support, falsely warned of policy violations. They urged recipients …

Chrome Extensions Hacked: Data of 600K Users Exposed Read More »

Malicious npm Packages Trick Developers and Spread Trojan

Researchers have uncovered a campaign involving malicious npm packages impersonating legitimate tools. These counterfeit packages, like @typescript_eslinter/eslint and types-node, have been downloaded thousands of times, compromising developers’ systems. The fraudulent packages mimic popular libraries to gain trust. For example, @typescript_eslinter/eslint uses a fake GitHub repository created in late November 2024. This library contains a file …

Malicious npm Packages Trick Developers and Spread Trojan Read More »

HubPhish Targets Microsoft Cloud with Phishing Scams

Cybersecurity researchers have uncovered a phishing campaign called HubPhish. This scheme aims to steal account credentials and take over Microsoft Azure cloud systems. The attack targeted over 20,000 individuals working in the automotive, chemical, and industrial manufacturing sectors across Europe. The phishing attacks peaked in June 2024. Attackers sent emails mimicking Docusign, enticing users to …

HubPhish Targets Microsoft Cloud with Phishing Scams Read More »

BadBox Malware Infects 192K Android Devices Despite Crackdown

The BadBox Android malware botnet has now infected over 192,000 devices globally, despite recent attempts to disrupt its operations in Germany. Researchers report that this a sophisticated malware is targeting not just obscure Chinese devices. This malware also well-known brands such as Yandex TVs and Hisense smartphones. BadBox, linked to the notorious Triada malware family, …

BadBox Malware Infects 192K Android Devices Despite Crackdown Read More »

Fake Job Offers Lead to Banking Trojan in New Phishing Scam

Cybersecurity experts have uncovered a new phishing scam targeting mobile users, using fake job offers to spread a banking trojan. The attackers pose as recruiters and lure victims with offers of high-paying jobs, such as customer service positions. Once a victim engages with the fake recruiter, they are prompted to download a malicious app disguised …

Fake Job Offers Lead to Banking Trojan in New Phishing Scam Read More »

AI-Powered Investment Scam Targets Through Social Media Ads

A sophisticated investment scam is spreading across the globe, using artificial intelligence (AI) and social media ads to deceive victims. This alarming scheme combines fake endorsements, phishing websites, and AI-generated video testimonials featuring celebrity likenesses to steal both money and sensitive personal data. Cybersecurity researchers report that the scam, known as “Nomani” (a play on …

AI-Powered Investment Scam Targets Through Social Media Ads Read More »

DeceptionAds Campaign Exploits Ad Networks to Steal Data

Cybersecurity experts have exposed a major malvertising campaign called DeceptionAds, which delivers over 1 million ad impressions daily. This campaign targets thousands of victims each day, using more than 3,000 websites to spread malicious content. The attack relies on a single ad network to redirect users from pirated content sites to fake CAPTCHA pages. These …

DeceptionAds Campaign Exploits Ad Networks to Steal Data Read More »

Botnet Exploits 85,000+ Devices for Illegal Proxy Service

The Socks5Systemz botnet is exploiting over 85,000 compromised devices to fuel an illegal proxy service called PROXY.AM. According to a recent report, the botnet converts infected systems into proxy exit nodes, enabling cybercriminals to mask the origins of their attacks. The botnet has been active since 2016 but saw significant changes in December 2023. Its …

Botnet Exploits 85,000+ Devices for Illegal Proxy Service Read More »

Black Basta Ramps Up Attacks Using Email Bombing

Black Basta ransomware is evolving, leveraging new tactics to target victims. Since October 2024, attackers have adopted email bombing and social engineering to distribute malware payloads such as Zbot and DarkGate. In one strategy, threat actors overwhelm victims’ inboxes by signing them up for numerous mailing lists. This “email bombing” technique not only disrupts communication …

Black Basta Ramps Up Attacks Using Email Bombing Read More »

CISA and FBI Warn About Exploited Vulnerabilities

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has flagged two newly exploited vulnerabilities in its Known Exploited Vulnerabilities (KEV) catalog. Both flaws are under active attack, putting systems at risk. Although the details of these exploits remain limited, proof-of-concept exploits for both are publicly available. CISA urges Federal Civilian Executive Branch (FCEB) agencies to …

CISA and FBI Warn About Exploited Vulnerabilities Read More »

390,000+ WordPress Accounts Compromised in New GitHub Scam

Hackers have stolen over 390,000 WordPress credentials by exploiting a malicious GitHub repository posing as a tool for publishing posts. The repository, which has since been removed, was part of a larger cyberattack campaign targeting security researchers and threat actors alike. This breach exposed sensitive data, including SSH private keys and cloud access credentials, to …

390,000+ WordPress Accounts Compromised in New GitHub Scam Read More »

Bashe Ransomware: A New Threat to Critical Industries

Bashe ransomware, an emerging cyber threat, has been targeting critical industries worldwide since mid-April 2024. This group, formerly known as APT73 and Eraleig, uses tactics similar to LockBit, leveraging a Tor-based Data Leak Site (DLS) for data extortion. Their approach has quickly gained attention due to its sophistication and widespread impact. The Origins of Bashe …

Bashe Ransomware: A New Threat to Critical Industries Read More »

Fake Video Apps Steal Sensitive Data

Hackers are using fake video conferencing apps to target Web3 professionals in a sophisticated scam campaign. The malicious apps, disguised as business meeting tools, deploy an information-stealing malware called Realst to compromise sensitive data. According to cybersecurity researchers, the attackers create fake companies using AI-generated content to appear legitimate. The attackers reach out to victims …

Fake Video Apps Steal Sensitive Data Read More »

New $3,000 Android Trojan Targets Banks

A newly discovered Android remote access trojan (RAT), called DroidBot, is targeting banks, cryptocurrency exchanges, and government organizations. This sophisticated malware affects 77 institutions and employs advanced techniques to steal sensitive information. DroidBot combines hidden Virtual Network Computing (VNC) and overlay attack strategies with spyware-like capabilities. For example, it can monitor user activity and log …

New $3,000 Android Trojan Targets Banks Read More »

Hackers Use Corrupted Files to Evade Email Security Systems

Hackers are leveraging corrupted ZIP files and Microsoft Office documents in a new phishing campaign designed to bypass email security defenses. This technique exploits built-in recovery features in common software, making it difficult for antivirus programs and email filters to detect. The phishing emails often include corrupted ZIP archives or Office attachments that appear harmless …

Hackers Use Corrupted Files to Evade Email Security Systems Read More »

SmokeLoader Malware Targets Key Industries

A new campaign targeting Taiwan’s manufacturing, healthcare, and IT sectors has been distributing SmokeLoader malware. This malware is known for its versatility and advanced evasion capabilities, making it a significant threat. First appearing on cybercrime forums in 2011, SmokeLoader primarily functions as a downloader for other malware. However, it can also carry out direct attacks …

SmokeLoader Malware Targets Key Industries Read More »

Fake Emails Spread Malware in Retail Sector

A sophisticated malware campaign, dubbed Horns&Hooves, is targeting private users, retailers, and service businesses in Russia. This attack delivers Remote Access Trojans (RATs), including NetSupport RAT and BurnsRAT, using fake email attachments and malicious JavaScript payloads. Since its discovery in March 2023, the campaign has impacted over 1,000 victims. Cybercriminals exploit these RATs to gain …

Fake Emails Spread Malware in Retail Sector Read More »

SpyLoan Malware Hits 8 Million Android Users via Loan Apps

A new wave of malicious Android apps has been discovered, targeting users in multiple countries through fraudulent loan services. These apps, collectively downloaded over 8 million times from the Google Play Store, harbor a dangerous malware known as SpyLoan. According to a recent report, these apps exploit social engineering to trick users into granting intrusive …

SpyLoan Malware Hits 8 Million Android Users via Loan Apps Read More »