Chinese Hackers Target European Organizations Chinese hackers have expanded their cyberattack campaigns into Europe. Researchers observed a sharp increase in activity during recent months. The group focuses on financial gain through cybercrime operations. However, some of its tools also support surveillance activities. Therefore, security experts continue monitoring the threat closely. The attackers previously focused on …
Google DoubleClick Used in New Malware Campaign Google DoubleClick has been abused in a new phishing campaign. Researchers discovered that attackers use the platform to hide malicious activity. The campaign ultimately delivers a remote access trojan called DesckVB RAT. Therefore, attackers can avoid early detection mechanisms. As a result, victims face a greater risk of …
HTTP/2 Bomb Creates a New DoS Threat HTTP/2 Bomb is a newly identified denial-of-service attack. Researchers found that it can crash web servers quickly. The attack requires only a single machine to operate. Therefore, threat actors do not need large botnets. As a result, the barrier to launching disruptive attacks becomes much lower. Researchers discovered …
Malicious Sicoob NuGet Targets Developers Malicious Sicoob NuGet packages have emerged as a serious threat. Researchers recently uncovered a package that steals sensitive banking data. The package pretends to be a legitimate software development toolkit. However, it secretly collects authentication information from developers. Therefore, organizations using the package face significant security risks. The malicious package …
AI Chatbot Recommendations Fuel New Threats AI chatbot recommendations are helping attackers spread malware. Researchers recently uncovered a cryptojacking campaign using this method. Instead of relying only on search engines, attackers now exploit AI-generated responses. Therefore, malicious websites gain greater visibility. As a result, more users may unknowingly download harmful software. Researchers observed users asking …
Grandoreiro Malware Expands Across Regions Grandoreiro malware continues to target users across Europe and Latin America. Researchers recently identified new campaigns affecting multiple countries. The attacks focus on both businesses and financial institutions. In addition, cybercriminals target users who rely on online banking services. Therefore, the threat remains a major concern. Researchers observed attacks in …
Malicious npm Package Targets AI User Data A malicious npm package has been discovered on a popular software repository. Researchers found that the package contains information-stealing capabilities. The threat specifically targets files linked to an AI development environment. As a result, users may unknowingly expose sensitive information. Therefore, the discovery raises concerns about software supply …
GlassWorm Malware Campaign Targets Developers GlassWorm malware has disrupted software developers since early 2025. The campaign targeted people with access to critical development systems. These systems included source code repositories and cloud platforms. In addition, attackers focused on package registries and CI/CD pipelines. Therefore, a single breach could affect many organizations. Researchers reported that developers …
GlassWorm Malware Takedown Stops Supply Chain Threats Read More »
MuddyWater DLL Side-Loading Attacks Hit 9 Nations A cyber espionage campaign linked to MuddyWater has affected organizations in nine countries. The attacks occurred during the first quarter of 2026. Several industries became targets during the operation. These included manufacturing, education, finance, and public services. Moreover, the campaign reached victims across four continents. Researchers observed attacks …
MuddyWater DLL Side-Loading Attacks Hit 9 Nations Read More »
Trapdoor Ad Fraud Scheme Spreads Through Fake Apps A new Trapdoor ad fraud scheme targets Android users through fake utility apps and hidden advertising attacks. Researchers found 455 harmful apps connected to the operation. In addition, the campaign used 183 malicious control domains to support multi-stage fraud activities. Users often downloaded simple tools, such as …
Malicious npm Packages Target Developers Cybersecurity researchers recently discovered four malicious npm packages that spread dangerous malware to developers. The infected packages appeared harmless at first. However, they secretly delivered information-stealing tools and botnet malware after installation. Researchers found that one package copied code from a previously leaked malware project. Therefore, attackers quickly reused public …
Malicious npm Packages Spread Data-Stealing Malware Read More »
New Malware Targets SMS Codes A dangerous malware campaign now targets Microsoft Phone Link users. Attackers use the tool to steal SMS codes and login data. Researchers found a new version of the CloudZ remote access tool. However, this version includes a new plugin called Pheno that targets Microsoft Phone Link connections. Microsoft Phone Link …
TrickMo Variant Threat TrickMo variant now gives attackers stronger control over infected phones. However, this version goes beyond normal banking theft. It can help attackers use a victim’s device as a network pivot. Therefore, the phone may support wider attacks from inside trusted networks. The new activity targeted banking and crypto wallet users in several …
E-commerce Plugin Bug Threat E-commerce plugin bug attacks now target online checkout pages. However, this issue is more serious than a normal site error. Attackers can use the flaw without logging in first. Therefore, many stores may face risk before they notice anything. The bug affects older versions of a checkout builder plugin. The plugin …
Tycoon2FA Phishing Threat Tycoon2FA phishing now targets cloud productivity accounts through device-code tricks. However, this method feels more convincing than many fake login pages. Attackers abuse a real sign-in flow to gain user trust. Therefore, victims may think they are completing a normal login step. This makes the attack hard to notice. The phishing kit …
Hackers Used AI in New Cyberattacks Researchers recently uncovered a dangerous cybercrime campaign using artificial intelligence. The attackers reportedly developed a zero-day exploit with AI assistance. Furthermore, researchers believe this marks a major shift in cyber threats. The exploit targeted a popular web-based administration platform. However, researchers did not reveal the platform’s name publicly. The …
Fake Call History Apps Spread Across Android Cybersecurity researchers recently uncovered a large Android scam campaign. The campaign used fake apps on the official app marketplace. These apps claimed to provide call records for any phone number. However, the apps delivered fake information after users paid subscription fees. Researchers discovered 28 harmful apps connected to …
TCLBANKER Trojan Targets Financial Users Security experts recently uncovered a new banking trojan called TCLBANKER. The malware mainly targets users in Brazil. However, researchers warn that the threat could spread wider over time. The trojan attacks banking, fintech, and cryptocurrency platforms. In total, it targets 59 financial services. Furthermore, the malware spreads through messaging and …
Windows Phone Link Becomes Attack Target Windows Phone Link exploited attacks now threaten users who sync phones with computers. Researchers uncovered a campaign using a remote access trojan called CloudZ. However, the attackers also deployed a custom plugin named Pheno. Therefore, the malware gained access to sensitive synced mobile data. The attack focused on stealing …
Facebook Accounts Hacked in Large Campaign Facebook accounts hacked through phishing attacks have affected nearly 30,000 users worldwide. Researchers uncovered a large operation linked to Vietnam. However, the attackers used trusted online services to avoid detection. Therefore, many victims believed the phishing emails were legitimate. The operation focused mainly on Facebook Business account owners. Moreover, …
Facebook Accounts Hacked Through Phishing Emails Read More »
Mirai-Based Botnet Targets IoT Devices Mirai-based botnet attacks now threaten internet-connected devices worldwide. Researchers recently uncovered a new malware strain called xlabs_v1. However, the botnet mainly targets devices with exposed Android Debug Bridge services. Therefore, many smart devices face serious security risks. The malware infects Android TV boxes, smart TVs, and set-top boxes. Moreover, it …
Python Backdoor Targets Sensitive Data Python backdoor attacks now threaten users and organizations worldwide. Researchers discovered a stealthy malware framework called DEEP#DOOR. However, the campaign appears limited and targeted for now. Therefore, experts continue monitoring its activity closely. The malware uses Python to create persistent remote access. Moreover, it collects sensitive information from infected systems. …
Phishing Campaign Targets Many Organizations Phishing campaign attacks have hit more than 80 organizations since April 2025. Most victims operate in the United States. However, researchers believe the campaign may spread further. Therefore, security teams now monitor the activity closely. The attackers use legitimate remote management software during the attacks. For example, they install trusted …
MuddyWater Attack Targets Organizations MuddyWater uses Teams to steal login credentials in new cyberattacks. Researchers linked the campaign to an Iranian-backed hacking group. However, the attackers disguised the operation as ransomware activity. Therefore, many victims first believed criminals caused the breach. The campaign appeared in early 2026. Researchers observed attackers using social engineering tactics through …
Overview of the Threat New BlackFile extortion group drives a rise in vishing attacks. However, this group focuses on retail and hospitality sectors. Researchers report increased incidents since early 2026. Therefore, organizations now face higher risks of data theft. The attackers aim to steal credentials and demand large ransoms. As a result, businesses may suffer …
BlackFile Extortion Group Fuels Global Vishing Attacks Read More »
Overview of the Attack Threat actor uses Microsoft Teams to launch a new malware campaign. However, this attack relies heavily on social engineering tactics. Researchers discovered a custom malware suite called “Snow.” Therefore, attackers aim to steal sensitive data after gaining access. They focus on deep network compromise and credential theft. As a result, organizations …
Overview of the Issue Popular WordPress redirect plugin hid a hidden backdoor for years. However, many users remained unaware of the threat. Researchers discovered the issue after multiple sites triggered alerts. Therefore, the finding raised serious concerns about plugin security. The plugin had over 70,000 active installations. As a result, the potential impact is very …
Overview of the Scam Fake CAPTCHA IRSF scam campaigns are targeting mobile users worldwide. However, these scams use simple tricks to cause real financial damage. Researchers found that victims unknowingly send international SMS messages. Therefore, users face unexpected charges on their phone bills. The attackers earn money from these hidden fees. As a result, this …
Overview of the Threat VECT 2.0 ransomware is causing serious concern among security experts. However, it behaves more like a data wiper than true ransomware. Researchers found a major flaw in its encryption process. Therefore, victims cannot recover their files after an attack. This issue affects systems running Windows, Linux, and ESXi. As a result, …
Overview of the Threat A new wave of DPRK attacks is targeting developers through malicious software packages. Researchers recently found harmful code hidden inside an npm package. This package appeared safe at first glance. However, it secretly stole sensitive data from infected systems. Therefore, experts warn that modern attacks now rely on deception and automation. …
Overview of Harvester Activity Harvester deploys Linux GoGra backdoor in new cyber attacks. Researchers recently identified this threat in South Asia. Therefore, the campaign shows a clear regional focus. Moreover, the attacker continues to expand its tools. It now targets both Windows and Linux systems. As a result, more organizations face potential risks. In addition, …
Overview of Kyber Ransomware Gang Kyber ransomware gang activity has recently increased across networks. Researchers observed new attacks targeting Windows and virtual systems. Therefore, this threat continues to evolve quickly. Moreover, attackers use multiple versions of the ransomware in one campaign. They aim to maximize damage across different environments. As a result, both file servers …
Overview of the SystemBC C2 Server SystemBC C2 server activity has revealed a large cybercrime operation. Researchers uncovered over 1,570 infected systems worldwide. Therefore, this discovery highlights the scale of modern ransomware threats. Moreover, attackers linked this activity to a ransomware-as-a-service group. This group operates under a structured criminal model. As a result, affiliates can …
Overview of the NGate Campaign NGate campaign activity has increased with a new attack wave. Researchers recently identified a fresh Android malware variant. This version targets users in Brazil specifically. Therefore, it marks a shift toward regional targeting. Moreover, the malware uses a modified version of a legitimate app. Attackers altered the app to include …
Overview of the Supply Chain Worm Self-propagating supply chain worm attacks are rising quickly. Researchers recently found infected software packages in developer ecosystems. These packages spread malware using stolen access tokens. Therefore, the threat grows fast across multiple systems. Moreover, attackers designed the worm to move automatically between projects. It steals sensitive data during installation …
Overview of the Lotus Wiper Malware Lotus Wiper malware has emerged as a serious cyber threat. Researchers identified it during attacks in late 2025 and early 2026. Specifically, the attacks targeted Venezuela’s energy and utilities sector. Moreover, experts found that this malware focuses on destruction, not profit. Therefore, it stands out from typical ransomware threats. …
Overview of the Plugin Attack WordPress plugin suite hacked to spread malware across many websites. This attack affects over 30 plugins in one package. Moreover, these plugins run on thousands of active sites. Therefore, the impact reaches a large number of users. A malicious actor inserted hidden code into the plugins. However, the code stayed …
Overview of ZionSiphon Malware ZionSiphon malware targets water systems with harmful intent. It focuses on operational technology environments. Moreover, it aims to disrupt water treatment and desalination processes. Researchers identified this threat during a recent analysis. Therefore, experts warn about its future risks. This malware can manipulate critical system settings. For example, it may increase …
Introduction to the ATHR Vishing Platform The ATHR vishing platform uses AI to run automated voice scams. It targets users through clever social engineering tactics. Moreover, it combines human input with AI-driven voice agents. As a result, attackers can scale their operations quickly. This platform simplifies complex cybercrime processes. Therefore, even less skilled attackers can …
Overview of Mirax Android RAT Mirax Android RAT is a new mobile threat targeting users. It mainly affects Spanish-speaking regions. Researchers observed campaigns reaching over 220,000 users through ads. Moreover, attackers spread the malware using social media promotions. These ads appear on popular platforms and look legitimate. Therefore, many users trust and click them. However, …
Overview of JanelaRAT Malware JanelaRAT malware continues to target banks in Latin America. It mainly affects countries like Brazil and Mexico. This threat focuses on stealing financial and cryptocurrency data. Moreover, security researchers report a sharp rise in attacks. In 2025, attackers launched 14,739 attacks in Brazil alone. Meanwhile, they recorded over 11,000 attacks in …
JanelaRAT Malware Hits Banks with 14,739 Attacks Read More »
Overview of the Threat Cybersecurity experts have uncovered a serious online threat. They identified 108 harmful Chrome extensions targeting users. These extensions aim to steal sensitive personal data. They also enable browser abuse through hidden scripts. Moreover, the extensions connect to a shared command system. This system collects data from all infected users. Therefore, attackers …
108 Malicious Chrome Extensions Hit 20,000 Users Read More »
Overview of VENOM Phishing Attacks VENOM phishing attacks now target senior executives across industries. Attackers aim to steal login credentials from high-level staff. Therefore, CEOs, CFOs, and VPs face higher risk. This campaign started around last November. However, it remains hidden from public forums. As a result, researchers have limited visibility into its spread. Experts …
Overview of the LucidRook Threat LucidRook malware has emerged as a new cyber threat. It targets NGOs and universities in Taiwan. Attackers use spear-phishing emails to spread it. These emails often include password-protected files. As a result, victims may trust and open them. Researchers linked this malware to a skilled threat group. They describe the …
Overview of the Threat Security researchers have uncovered 36 malicious npm packages targeting developers. These packages pretend to be legitimate plugins for a popular content system. However, they contain harmful code designed to exploit systems. These fake packages use simple naming tricks to appear trustworthy. For example, they include terms like “server” or “database.” Therefore, …
Overview of the Ransomware Threat Qilin and Warlock ransomware disable security tools using advanced methods. These groups target systems to weaken defenses before attacks. Moreover, they use a technique called vulnerable driver abuse. Therefore, they can bypass many modern protections. Researchers recently uncovered this dangerous activity. They found that attackers use trusted drivers with known …
Qilin and Warlock Ransomware Disable Security Tools Read More »
Overview of the Supply Chain Attack N. Korean hackers spread malicious packages across developer platforms. They target ecosystems like npm, PyPI, Go, and Rust. Moreover, they disguise malware as useful development tools. Therefore, developers may install them without suspicion. Researchers link this activity to an ongoing campaign. This campaign focuses on supply chain attacks. In …
Overview of the Masjesu Botnet Masjesu botnet powers a growing DDoS-for-hire service. It targets IoT devices across the world. Moreover, attackers promote it through messaging platforms. Therefore, more users can access this illegal service easily. Researchers first observed this botnet in 2023. It focuses on stealth and long-term survival. However, it avoids high-profile targets to …
Overview of the Phishing Campaign Casbaneiro phishing targets users across Latin America and Europe. It mainly focuses on Spanish-speaking organizations and individuals. Moreover, attackers use multiple methods to spread malware. Therefore, the campaign has a wide reach and impact. Researchers link this activity to a cybercrime group from Brazil. This group uses a mix of …
Casbaneiro Phishing Uses PDF Lures to Spread Malware Read More »
Overview of the Impersonation Campaign CERT-UA impersonation spreads malware through a large phishing campaign. Attackers pretended to be a trusted cybersecurity agency. Moreover, they sent fake emails to trick users into downloading malicious files. Therefore, many organizations became potential targets. Researchers identified this activity in late March 2026. The attackers targeted various sectors across the …
CERT-UA Impersonation Spreads Malware via Emails Read More »
Overview of the WhatsApp Malware Campaign Microsoft warns of a new malware campaign spreading through WhatsApp messages. Attackers send harmful Visual Basic Script files to users. Moreover, these files start a complex infection process. Therefore, victims may lose control of their systems quickly. Researchers first observed this activity in early 2026. The campaign uses social …
Microsoft Warns of WhatsApp Malware Hijacking Windows Read More »
Overview of the Targeted Attack Campaign TA446 deploys DarkSword in a new spear-phishing campaign. This campaign targets iPhone users with advanced exploits. Moreover, the attackers send fake emails to trick victims. Therefore, users may unknowingly expose sensitive data. Researchers link this activity to a Russia-backed threat group. The group has a history of targeting high-value …
Overview of the Espionage Campaign China-linked hackers are running a long-term cyber espionage campaign. They target telecom networks to access sensitive government data. Moreover, they embed hidden tools inside critical systems. Therefore, they can maintain access for long periods. Researchers have tracked this group under several different names. The group has attacked telecom providers across …
Overview of the WebRTC Skimmer Threat WebRTC skimmer is a new malware targeting online stores. It steals payment data using advanced techniques. Moreover, it avoids traditional detection methods used by security systems. Therefore, many websites may remain vulnerable without knowing. Researchers recently identified this new attack method in active use. This malware uses WebRTC data …
Overview of the Global Botnet Disruption The DoJ has disrupted several large IoT botnets used in global cyberattacks. These botnets controlled millions of infected devices worldwide. Moreover, they launched powerful distributed denial-of-service attacks against many targets. Therefore, authorities acted quickly to stop the growing threat. The operation focused on shutting down command-and-control infrastructure. Authorities from …
Overview of the Espionage Campaign A China-linked hacking group has launched a long-term cyber campaign. It targets telecom networks to spy on government systems. Moreover, the attackers maintain hidden access inside critical infrastructure. Therefore, they can monitor sensitive communications over time. Researchers have tracked this group under several different names. This group has attacked telecom …
China-Linked Hackers Use BPFDoor for Telecom Spying Read More »
Overview of the Speagle Malware Threat Cybersecurity experts have identified a new malware called Speagle. It targets a document protection tool to steal sensitive data. Specifically, it abuses trusted software functions to hide its activity. As a result, victims may not notice the attack quickly. Moreover, the malware sends stolen data through compromised servers. Therefore, …
Overview of the Ghost Campaign Cybersecurity researchers have uncovered a new threat called the Ghost campaign. It uses malicious npm packages to steal sensitive data. These packages target developers and crypto users. Therefore, the campaign poses a serious risk to modern software environments. The attackers designed the packages to appear helpful and legitimate. However, they …
Ghost Campaign Tricks Developers Into Data Theft Read More »
Hackers use fake resumes to steal credentials in a new phishing campaign. Researchers found the attack targeting French-speaking corporate environments. However, the attackers designed the campaign to appear harmless. The emails contain fake resume attachments. For example, they pretend to be job applications. Therefore, HR teams often open them without suspicion. Once opened, the files …
Tax Search Ads Deliver ScreenConnect Malware through a large malvertising campaign. Researchers observed the activity starting in early 2026. However, the attackers specifically targeted users searching for tax forms. The campaign used sponsored search results to lure victims. For example, users searching for “W-2 tax form” saw malicious ads. Therefore, many users clicked without suspecting …
Malicious npm Package Steals macOS Credentials Malicious npm Package Steals macOS Credentials through a disguised developer tool. Researchers recently discovered the threat in a public code registry. However, the package pretended to install a popular software tool. The package used the name “@openclaw-ai/openclawai.” Attackers uploaded it on March 3, 2026. Although downloads were limited, the …
KadNap Malware Infects 14,000 Edge Devices KadNap Malware Infects 14,000 Edge Devices in a growing cyber campaign. Researchers recently uncovered this new malware threat. However, the attack mainly targets network edge devices. Most infections involve routers used in homes and small offices. Therefore, many victims may not notice the compromise. Reports show that more than …
BlackSanta EDR Killer Targets HR Teams BlackSanta EDR Killer Targets HR Teams in a long-running cyber campaign. Researchers discovered the activity after months of investigation. However, the attackers remained hidden for over a year. The campaign focuses on human resources departments. These teams often handle resumes and personal data. Therefore, attackers exploit this workflow to …
MuddyWater Hackers Target Networks MuddyWater Hackers Target U.S. Networks in a new cyber campaign. Researchers recently found signs of intrusion in several organizations. These include banks, airports, and non-profit institutions. However, the attackers also reached a technology supplier. Experts attribute the activity to MuddyWater. This group is also known as Seedworm. It reportedly links to …
MuddyWater Hackers Target Networks in Cyber Campaign Read More »
Malicious NuGet Packages Stole ASP.NET Data Malicious NuGet Packages Stole ASP.NET Data in a recent supply chain attack. Researchers discovered four harmful packages targeting developers. These packages aimed at ASP.NET web application projects. However, the real goal was to compromise deployed applications. A security report revealed that the campaign stole ASP.NET Identity data. For example, …
UAC-0050 Targets Financial Institution UAC-0050 Targets Financial Institution in a new cyber campaign. Researchers observed the attack against a European organization. However, the group usually focuses on Ukrainian entities. Therefore, this shift may signal broader targeting. The threat actor aligns with Russian interests. Experts also link the group to intelligence gathering and financial theft. In …
Microsoft Warns OAuth Redirect Abuse Campaign Microsoft Warns OAuth Redirect Abuse in new phishing attacks. Researchers observed campaigns targeting government and public-sector groups. However, these attacks do not exploit software flaws. Instead, they misuse built-in OAuth features. The researchers described this as an identity-based threat. Therefore, attackers rely on normal OAuth behavior. They do not …
Starkiller Phishing Suite Targets MFA Starkiller Phishing Suite is a new tool that bypasses multi-factor authentication. Researchers recently revealed its advanced capabilities. However, this phishing platform does more than steal passwords. It uses a reverse proxy method to intercept live login sessions. A threat group calling itself Jinkusu promotes the platform online. The group markets …
Introduction to Fake Laravel Packages Fake Laravel Packages are spreading a dangerous remote access trojan. Security experts recently uncovered this serious threat. These malicious tools target developers who use popular PHP resources. However, many users install them without noticing the hidden risk. Researchers found the harmful packages on Packagist. The packages pretend to offer Laravel …
Cybersecurity researchers uncovered North Korea-linked Lazarus Group using Medusa ransomware. They attacked an entity in the Middle East and tried a U.S. healthcare organization. This shows a shift to off-the-shelf ransomware for financial gain. Ransomware Deployment Details Lazarus deployed Medusa in a Middle East attack successfully. They also launched an unsuccessful attempt against a U.S. …
Lazarus Group Uses Medusa Ransomware Targets Healthcare Sector Read More »
Cybersecurity researchers uncovered a new espionage campaign. UnsolicitedBooker attacked telecom companies in Kyrgyzstan and Tajikistan. They deployed two distinct backdoors called LuciDoor and MarsSnake. Shift in Targeting Focus The group changed its focus recently. Earlier attacks hit Saudi Arabian organizations. Now they target telecoms in Central Asia. This marks a clear shift in victim selection. …
UnsolicitedBooker Targets Central Asian Telecoms Read More »
Cybersecurity researchers uncovered a new espionage campaign by a Russia-linked group. APT28 attacked specific organizations in Western and Central Europe. They used simple yet effective macro malware in targeted phishing emails. Campaign Timeline and Name The operation lasted from September 2025 to January 2026. Researchers named it Operation MacroMaze. Attackers focused on basic tools and …
Microsoft researchers discovered companies gaming AI chatbots. They abuse “Summarize with AI” buttons to bias recommendations. This new technique poisons AI memory for unfair advantage. How AI Recommendation Poisoning Works Companies embed hidden instructions in clickable buttons. These buttons appear on websites as “Summarize with AI.” When users click them, the link sends special prompts …
AI Recommendation Poisoning Manipulates Chatbots Read More »
Cybersecurity researchers uncovered a clever new ClickFix attack. Attackers hijack legitimate websites to deliver MIMICRAT malware. This previously unknown RAT gives full remote control to criminals. How the Campaign Starts The attack begins on compromised legitimate sites. One example is a BIN validation service that attackers breached. They inject malicious JavaScript code. This code loads …
The FBI warns of a sharp rise in ATM jackpotting attacks. Criminals use malware to force machines to spit out cash. Since 2020, they recorded 1,900 incidents. In 2025 alone, losses topped $20 million. How Criminals Gain Access Attackers target ATMs with weak physical security. They use generic keys to open the front panel. These …
Cybersecurity researchers uncovered a powerful new spyware platform. They call it ZeroDayRAT. Sellers advertise it on Telegram to steal data and watch victims live on Android and iOS. How ZeroDayRAT Works Buyers get a builder tool. They create custom malicious apps. The spyware runs on Android 5 to 16 and iOS up to 26. Operators …
ZeroDayRAT Mobile Spyware Enables Real-Time Surveillance Read More »
Cybersecurity researchers uncovered a dangerous new Android trojan. They call it Massiv. Fake IPTV apps deliver this malware to steal banking credentials and take over devices. How the Malware Spreads Attackers send SMS phishing messages. These messages push fake IPTV apps. Victims download and install the dropper. It looks like a normal TV streaming tool. …
Cybersecurity researchers uncovered a clever supply-chain attack. North Korea-linked Lazarus Group plants malicious packages in npm and PyPI. They trick developers with fake blockchain job offers. Fake Recruitment Tactics Attackers create a phony company called Veltrix Capital. They focus on blockchain and cryptocurrency trading. Recruiters contact people on LinkedIn, Facebook, and Reddit. They offer coding …
Cybersecurity researchers discovered a dangerous backdoor hidden in Android tablet firmware. They named it Keenadu. This malware sneaks in during the build process and survives OTA updates. Deep Firmware Infection Keenadu embeds inside libandroid_runtime.so. This critical library loads at boot. It injects into the Zygote process. Therefore, every app runs with the backdoor active. The …
Keenadu Firmware Backdoor Infects Android Tablets Read More »
Cybersecurity researchers uncovered a previously unknown threat actor. They track it as UAT-9921. This group deploys a new modular malware framework called VoidLink against tech and finance sectors. Threat Actor Background UAT-9921 has operated since 2019. They recently added VoidLink to their toolkit. The actor shows knowledge of Chinese language in code comments. Researchers believe …
Cybersecurity researchers discovered a clever Android malware. It abuses Google’s Gemini AI for persistence. PromptSpy keeps itself pinned in recent apps automatically. How PromptSpy Uses Gemini The malware sends the current screen XML dump to Gemini. It includes every UI element with text and position. Gemini acts as an “Android automation assistant.” It returns JSON …
Cybersecurity researchers uncovered ongoing espionage campaigns. APT36 and SideCopy target Indian defense and government entities. They use cross-platform remote access trojans to steal data and maintain access. Targeted Sectors and Goals Attackers focus on defense, government, and strategic organizations. They also hit policy, research, and critical infrastructure groups. For example, they use defense-themed lures to …
Cybersecurity researchers uncovered a sophisticated operation by North Korea-linked hackers. Lazarus Group plants malicious packages in npm and PyPI. They use fake job offers to infect developers. Fake Company Setup Attackers create a fake blockchain firm called Veltrix Capital. They register domains and build GitHub organizations. For example, they host Python and JavaScript projects. These …
Google reports state-backed hackers using its Gemini AI. North Korea-linked UNC2970 employs the tool for target profiling. Other groups also misuse it to speed up attacks. North Korean Group Targets Defense UNC2970 overlaps with Lazarus Group activities. They run long campaigns called Operation Dream Job. For example, they pose as recruiters in aerospace and defense. …
Cybersecurity researchers uncovered a new malware-as-a-service tool. It promises malicious Chrome extensions that pass Google’s review. The tool helps attackers push phishing pages easily. How the Malware Service Works The service lets buyers create harmful browser add-ons. These extensions overlay full-screen iframes on real websites. For example, they show fake login pages while the address …
Malware Service Guarantees Chrome Phishing Extensions Read More »
Cybersecurity researchers uncovered a new Chinese-linked espionage group. Amaranth Dragon exploits a WinRAR vulnerability. They target government and law enforcement in Southeast Asia. The New Threat Actor Amaranth Dragon connects to the known APT41 operations. They show strong technical skill and careful planning. For example, they limit attacks to specific countries. Therefore, they avoid unnecessary …
Cybersecurity researchers uncovered a clever malware campaign. They call it DEAD#VAX. Attackers use IPFS-hosted VHD files to sneak AsyncRAT onto systems. How the Phishing Starts Attackers send phishing emails with fake purchase orders. They disguise the attachment as a PDF file. However, the link points to a VHD hosted on IPFS. This decentralized network helps …
Cybersecurity researchers uncovered attacks by a Russian-linked group. APT28 uses a new Microsoft Office vulnerability. They target users in Ukraine, Slovakia, and Romania for espionage. The Vulnerability Details The flaw is CVE-2026-21509 with a 7.8 severity score. It allows attackers to bypass security features. For example, a crafted Office file triggers unauthorized actions. Microsoft and …
Security experts uncovered a large wave of harmful add-ons. More than 230 malicious skills appeared for an open-source AI assistant. These fake tools deliver password-stealing malware to users. The Viral AI Assistant Malware The project started as ClawdBot. It quickly changed to Moltbot and now OpenClaw. This local AI helper remembers chats and connects to …
Cybersecurity experts reported a massive DDoS attack. The Aisuru botnet hit a new peak of 31.4 Tbps. It also reached 200 million requests per second. The Record-Breaking Attack Attackers launched the assault on December 19 last year. They targeted telecom companies and IT providers. For example, the campaign flooded Cloudflare customers and infrastructure. Therefore, it …
Cybersecurity experts found a sneaky Android malware campaign. Attackers use a trusted AI platform to hide thousands of harmful app versions. These steal login details from banking and payment apps. Scare Tactics Lure Victims Attackers push fake security warnings. They show ads claiming devices face scams or viruses. For example, users see urgent alerts about …
Cybersecurity experts spotted Chinese-linked hackers using an improved backdoor. They call it COOLCLIENT. Mustang Panda targets government systems in several countries for deep spying. Targets and Campaign Scope The group hits government entities hard. They focus on Myanmar, Mongolia, Malaysia, and Russia. For example, attacks ran strong in 2025. Therefore, officials face ongoing risks. Mustang …
Mustang Panda Deploys Updated COOLCLIENT Backdoor Read More »
Cybersecurity researchers uncovered harmful Chrome extensions. These add-ons hijack affiliate links and steal ChatGPT access. They also grab user data from popular shopping sites. How Affiliate Hijacking Works One extension claims to block Amazon ads. It installs easily from the Chrome store. However, it secretly replaces affiliate tags in product links. The attacker’s tag earns …
Malicious Chrome Extensions Steal Affiliate Revenue Read More »
Cybersecurity experts uncovered an active phishing campaign. It targets users in India with fake tax notices. Attackers aim to install a powerful backdoor for spying and data theft. Fake Tax Emails Start the Attack Attackers send emails pretending to come from India’s tax department. They claim victims owe penalties. For example, the subject lines look …
Cybersecurity experts revealed a clever new campaign. Fake CAPTCHAs trick users into running malicious commands. These attacks deliver an information stealer called Amatera using trusted Microsoft tools. The Fake CAPTCHA Trick Begins Attackers show fake verification prompts on websites. They urge users to copy a command and paste it into the Windows Run box. For …
Researchers uncovered a major cyber attack on Poland’s energy system. Russian-linked hackers used new wiper malware called DynoWiper. The attempt happened in late December 2025 but failed to disrupt power. The Attack Hits Critical Targets Hackers struck on December 29 and 30, 2025. They aimed at two combined heat and power plants. Additionally, they targeted …
Cybersecurity experts uncovered a clever multi-stage phishing campaign. It targets people in Russia. Attackers deliver ransomware and a dangerous remote access tool called Amnesia RAT. How the Attack Begins Attackers send phishing emails with business documents. These look like normal routine files. For example, they pretend to be work tasks or reports. Therefore, victims open …
Cybersecurity experts warn about a clever phishing campaign. Attackers use stolen credentials to install trusted remote tools. These tools give them lasting access to computers. The Sneaky Phishing Start Attackers send fake invitation emails. They pretend the messages come from a popular online card service. For example, the subject looks like a friendly invite. Therefore, …
Microsoft warns of multi-stage adversary-in-the-middle (AitM) phishing and business email compromise attacks. These target energy sector organizations. Attackers use clever tricks to steal credentials and take control. How the Attack Starts Attackers begin with a phishing email. They send it from a trusted, previously compromised email address. The message pretends to be a SharePoint document-sharing …
Adversary-in-the-Middle Phishing Hits Energy Firms Read More »
Evelyn Stealer Targets VS Code Cybersecurity experts uncovered a dangerous new threat. Evelyn Stealer targets VS Code extensions to steal developer credentials and crypto. It hits software developers hard. Therefore, attackers gain access to valuable company systems. How Attackers Hide in VS Code Hackers publish fake extensions in the marketplace. These extensions look useful at …
Evelyn Stealer Targets VS Code to Steal Credentials Read More »
Copyright © 2026 PT PROTERGO SIBER SEKURITI