Interlock RAT Strikes Now Globally Interlock RAT strikes now with a new PHP variant since July 2025. Researchers detected this threat targeting multiple industries. For example, it uses FileFix to spread malware widely. This endangers systems worldwide. How the Attack Begins Attackers inject hidden scripts into compromised websites. They deploy a traffic distribution system to …
eSIM Flaw Hits Devices Worldwide eSIM flaw hits devices with a new hacking risk in July 2025. Researchers found vulnerabilities in eUICC cards. For example, it affects over two billion IoT devices. This threat exposes users to serious attacks. How the Vulnerability Works The flaw lies in eSIM technology used in smartphones. Attackers exploit weak …
DoNot Hits New Targets Globally DoNot hits new targets with a cunning malware attack in July 2025. Researchers linked it to an APT group active since 2016. For example, it targets European foreign ministries with LoptikMod. This threat endangers sensitive data worldwide. How the Attack Starts Attackers send spear-phishing emails to trick users. They use …
Fake Firms Trap Crypto Users Globally Fake firms trap crypto users with malware scams since July 2025. Researchers uncovered this social engineering plot. For example, it targets Windows and macOS with stealer malware. This threat endangers digital assets worldwide. How the Scam Works Attackers impersonate AI and gaming startups. They use spoofed social media accounts …
TapTrap Tricks Android Users Globally TapTrap tricks Android users with a sneaky UI attack. Researchers revealed this flaw in July 2025. For example, it bypasses permissions on Android 15 and 16. This threat risks sensitive data worldwide. How the Attack Works The attack uses custom animations to hide prompts. A malicious app launches a transparent …
SEO Poisoning Traps Users Worldwide SEO poisoning traps users with malware disguised as AI tools. Researchers uncovered this campaign in July 2025. For example, it targets over 8,500 SMBs with fake downloads. This threat jeopardizes online safety globally. How the Attack Works Attackers manipulate search results with black hat SEO. They promote fake sites hosting …
Android Malware Anatsa Resurfaces in Google Play Android malware Anatsa has once again managed to infiltrate Google Play. This time, it disguised itself as a PDF viewer app. The malicious app, called Document Viewer – File Reader, was published by a developer using a misleading name. Before it was discovered, the app had already surpassed …
Android Malware Anatsa Targets US Bank Users Again Read More »
Spyware Threat Looms Over Russian Firms Spyware is a type of malicious software that secretly collects user data. It can steal browsing history, personal files, login credentials, and even keystrokes. Often, it hides in fake or bundled software, making it hard to detect. Once installed, it sends stolen data to cybercriminals without the user’s consent. …
Malicious Extensions Threaten Browser Safety Malicious extensions create major risks for Chrome users. These dangerous add-ons, downloaded 1.7 million times, lurk in the Chrome Web Store. They disguise themselves as trusted tools, such as VPNs, emoji keyboards, or color pickers. However, they can steal personal data, track online activity, or redirect users to harmful websites. …
Hunters International Ends Era on July Hunters International, a notorious ransomware group, ends its era this month, July 2025. It shuts down and offers free decryptors to victims. For example, it targets companies with data recovery tools. This shift impacts global cybersecurity. How the Shutdown Happened The group announced closure on its dark web site. …
TA829 Strikes with Malware Globally TA829 strikes with malware, targeting users with sophisticated tactics since June 2025. It teams up with UNK_GreenSec for advanced attacks. For example, it delivers RomCom RAT and TransferLoader. This threat endangers systems worldwide. How the Attack Begins Attackers send phishing emails with links or PDFs. Victims click to reach fake …
GIFTEDCROOK Malware Spies on Users Globally GIFTEDCROOK, a crafty malware, spies on users with upgraded features since June 2025. It shifts from stealing browser data to gathering intelligence. For example, it targets Ukrainian military and government bodies. This threat endangers sensitive information worldwide. How the Attack Starts Attackers send phishing emails with macro-laced Excel files. …
Godfather Hijacks Banking Apps Worldwide Godfather, a cunning Android malware, hijacks banking apps using virtualization. It emerged with a new version in 2025. For example, it targets over 500 apps across regions. This threat endangers financial security for users globally. How the Attack Works The malware creates isolated virtual environments on devices. It launches legit …
XDigo Hits Government Targets in Region XDigo, a sneaky Go-based malware, targets Eastern European governments since March 2025. Attackers use it to steal sensitive data from agencies. For example, it exploits Windows LNK flaws. This threat jeopardizes regional cybersecurity. How the Attack Unfolds The malware spreads via crafted LNK files in ZIP archives. It triggers …
Hackers Fake Brands with PDFs Globally Hackers fake brands like Microsoft and DocuSign with PDFs in phishing campaigns. These attacks surged between May and June 2025. For example, they trick users into calling threat-controlled numbers. This threat undermines online trust worldwide. How the Attack Works Phishing emails include PDFs with fake brand logos. They embed …
Hackers Fake Brands like Microsoft and DocuSign with PDFs Read More »
FileFix Tricks Windows Users Easily FileFix, a sly social engineering attack, tricks Windows users via File Explorer. It emerged as a ClickFix variant in recent research. For example, it executes malicious commands stealthily. This threat endangers system security worldwide. How the Attack Works Attackers use phishing pages with a fake file-sharing ruse. Users click an …
SparkKitty Steals Photos from Devices SparkKitty, a sneaky crypto-stealing malware, targets Android and iOS devices. It emerged since February 2024 on Google Play and App Store. For example, it steals photos to find wallet recovery phrases. This threat endangers user privacy and funds. How the Attack Starts The malware hides in apps like SOEX and …
APT29 Tricks Email Users with Phishing APT29, a Russian-linked threat group, tricks email users with a clever phishing campaign. It targets academics and critics since April 2025. For example, it exploits Gmail app passwords to bypass 2FA. This attack threatens secure communications globally. How the Attack Begins Attackers build rapport over weeks with tailored lures. …
Banana Squad Deceives Gamers and Devs Banana Squad, a cunning campaign, tricks gamers and developers with fake GitHub repos. It launched over 67 trojanized repositories since 2023. For example, it targets Python tools with data-stealing payloads. This threat jeopardizes software supply chains. How the Attack Unfolds Attackers post repos mimicking hacking tools and game cheats. …
AntiDot Threatens Android Users Globally AntiDot, a dangerous Android malware, threatens over 3,775 devices since May 2024. Attackers use it in 273 campaigns for financial gain. For example, it targets users via phishing and malicious ads. This Malware-as-a-Service (MaaS) poses a serious risk to mobile security. How the Attack Begins Phishing emails or ads deliver …
Massive DDoS Hits Hosting Provider Massive DDoS attacks struck a hosting provider with a record 7.3 Tbps in May 2025. Attackers overwhelmed the target with 37.4 TB in 45 seconds. For example, it targeted critical internet infrastructure. This event signals a rising threat to online services worldwide. Attack Details and Scale The attack hit 21,925 …
Serpent Cloud Spreads Malware via Phishing Serpent Cloud, a new campaign, delivers malware using Cloudflare Tunnels. It targets users with phishing emails since recent months. For example, it infects systems in the U.S., U.K., and Europe. This stealthy attack poses a growing threat to online security. How the Attack Starts Phishing emails send zipped documents …
Echo Chamber Manipulates AI Models Echo Chamber, a new jailbreak method, tricks AI models like OpenAI and Google. It bypasses safety features since recent research emerged. For example, it generates harmful content with subtle tactics. This threat challenges AI ethics and security. How the Attack Works Echo Chamber uses indirect references and multi-step reasoning. It …
JSFireTruck Spreads Across Websites JSFireTruck, a malicious JavaScript, infects over 269,000 websites since March 2025. Attackers use it to inject hidden code into legitimate pages. For example, it hit a peak of 50,000 sites in one day. This campaign threatens online users globally. How the Malware Operates The code uses JSFuck obfuscation with symbols like …
Anubis Ransomware Causes Chaos with Wiping Anubis Ransomware disrupts systems by encrypting and wiping files since December 2024. It targets healthcare, hospitality, and construction sectors globally. For example, it renders recovery impossible even after payment. This dual-threat raises serious data security concerns. How the Attack Unfolds Attackers use phishing emails to gain initial access. They …
Scattered Spider Targets Insurance Firms Scattered Spider, a cybercrime group, now targets U.S. insurance companies. It uses advanced social engineering since recent months. For example, it attacks IT support teams with cunning tactics. This threat poses a significant risk to corporate security across the industry. How the Attacks Begin The group impersonates employees to deceive …
Silver Fox Targets Users with Sneaky Malware Silver Fox, an APT group, attacks users with advanced malware since January 2025. It uses phishing emails to spread HoldingHands RAT and Gh0stCringe. For example, it mimics tax notices to trick victims. This campaign poses a serious threat to data security. How the Attack Begins Phishing emails pretend …
Rare Werewolf Targets Hundreds of Firms Rare Werewolf, an APT group, attacks enterprises in Russia and CIS countries. It uses legitimate software to infiltrate systems since 2019. For example, it hits industrial firms and schools with stealthy methods. This threat steals data and mines cryptocurrency. How the Attack Begins Phishing emails deliver password-protected archives with …
Brute-Force Attacks Target Apache Tomcat Brute-force attacks hit Apache Tomcat Manager interfaces on June 5, 2025. Attackers use 295 malicious IPs to target exposed services. For example, they attempt mass logins to breach secure systems. This coordinated effort poses a growing threat to web servers. Scale and Scope of Attacks The attacks involve 188 unique …
Myth Stealer Hits Gamers with Fake Sites Myth Stealer, a Rust-based malware, targets gamers worldwide via fake websites. Attackers spread it through fraudulent gaming platforms since late 2024. For example, it infects Chrome and Firefox users with a disguised setup window. This malware-as-a-service steals sensitive data. How the Attack Starts Phony sites, including a Google …
SmartAttack Uses Smartwatches to Steal Data SmartAttack exploits smartwatches to steal data from air-gapped systems. Attackers use ultrasonic signals to bypass isolation in secure environments. For example, it targets government and nuclear facilities worldwide. This innovative method poses a new threat to sensitive data. How the Attack Works Malware infects air-gapped computers to collect sensitive …
Malware Extensions Infect Users Worldwide Malware extensions target users globally since early 2025. Attackers use phishing emails to spread these extensions to Chromium-based browsers. For example, over 700 users in Brazil and beyond got infected. The campaign, dubbed Operation Phantom Enigma, steals authentication data from victims. How the Attack Begins Phishing emails disguise themselves as …
Supply Chain Malware Hits Millions Worldwide Supply chain malware targets users through compromised npm and PyPI packages. Attackers inject malicious code into popular libraries like GlueStack. For example, nearly 1 million weekly downloads carry risks of data theft. This attack, detected on June 6, 2025, affects global ecosystems. How the Malware Spreads The malware modifies …
Chrome Extensions Leak Sensitive Data Chrome extensions leak user data due to insecure practices. Many popular extensions send info over unencrypted HTTP. For example, they expose API keys and machine IDs to attackers. This flaw puts privacy and security at risk for millions of users. How Data Gets Exposed Some extensions transmit browsing domains and …
Spear Phishing Targets Financial Leaders Spear phishing attacks target CFOs and financial executives across six regions. Attackers use NetBird, a legitimate remote access tool, to infiltrate systems. For example, they send fake recruiter emails posing as Rothschild & Co. This campaign, detected in May 2025, aims to steal sensitive financial data. How the Attack Unfolds …
Chaos RAT Tricks Users with Fake Tools Chaos RAT, a remote access trojan, targets Windows and Linux users. Attackers disguise it as a network troubleshooting utility. For example, a file named “NetworkAnalyzer.tar.gz” lures victims into downloading it. This malware, written in Golang, supports cross-platform attacks. How the Attack Spreads Phishing emails deliver malicious links or …
Phishing Campaign Uses Trusted Platform Phishing attacks now exploit Google Apps Script to steal login credentials. Attackers create fake login pages that look legitimate. For example, they send emails posing as invoices to trick users. These pages, hosted on Google’s trusted domain, make the scam hard to detect. How the Attack Works The phishing email …
CyberLock Targets AI Tool Users CyberLock ransomware spreads through fake installers mimicking popular AI tools. These fraudulent installers impersonate software like ChatGPT and InVideo AI. For example, users download a ZIP file expecting a legitimate application. Instead, they receive malware that encrypts files or disrupts their systems entirely. How the Attack Begins Fraudulent websites like …
CyberLock Malware Hits AI Users with Fake Installers Read More »
APT41 Targets Governments with Cloud Tactics APT41, a Chinese state-sponsored group, exploits Google Calendar to control malware. Discovered in late October 2024, the malware, named TOUGHPROGRESS, targets government entities. For example, it was hosted on a compromised government website to blend in. This method allows attackers to hide among legitimate cloud activity. How the Attack …
EDDIESTEALER Targets Users with Deceptive Tactics EDDIESTEALER, a Rust-based malware, spreads through fake CAPTCHA pages. These pages trick users into running a malicious PowerShell script. For example, the script deploys the infostealer to harvest credentials and crypto wallets. The campaign uses a social engineering tactic called ClickFix to initiate attacks. How the Attack Begins Attackers …
EDDIESTEALER Malware Steals Data via Fake CAPTCHAs Read More »
SEO Poisoning Targets Payroll Systems SEO poisoning campaigns trick employees searching for payroll portals online. First spotted in May 2025, attackers create fake login pages to steal credentials. For example, they redirect paychecks to their own accounts after gaining access. This scam poses a serious risk of payroll fraud, especially on mobile devices. How the …
Venom RAT Campaign Deceives with Fake Website Venom RAT spreads through a fake antivirus website mimicking a trusted service. The fraudulent site, bitdefender-download[.]com, lures users to download malware. For example, clicking the “Download for Windows” button retrieves a file from an Amazon S3 bucket. This campaign aims to steal credentials and crypto wallets. How the …
Venom RAT Scam Targets Users via Fake Antivirus Site Read More »
Skitnet Malware Empowers Cybercriminals Skitnet malware is becoming a powerful tool for ransomware groups. It’s being used to steal sensitive data and gain remote control over infected devices. Skitnet is a multi-stage malware built by a group tracked as LARVA-306. Its key functions include stealing files, controlling devices remotely, and maintaining long-term access. It even …
Quishing Scams Hit Parking Lots Quishing scams trick drivers using fake QR codes at parking payment spots. Fraudsters place these codes on machines or posts in car parks. For example, a driver scans the code expecting to pay for parking. Instead, they land on a fake site that steals their payment details. You park your …
Quishing Scam Targets Drivers with Fake QR Codes Read More »
Ransomware Strikes Critical Supplier Ransomware hit a logistics firm supplying major UK supermarkets on May 2025. The Somerset-based company, which delivers chilled food to regional stores, stopped order processing after the attack. For example, this disrupted supplies to large retailers, causing delays. The incident reveals serious vulnerabilities in supply chain cybersecurity. Details of the Cyberattack …
ClickFix Campaign on Social Media ClickFix, a dangerous social engineering tactic, spreads malware through TikTok videos. These videos trick users into running harmful PowerShell commands. For example, they promise to activate software like Spotify or Microsoft Office. The campaign, active in May 2025, delivers Vidar and StealC malware. How the Attack Works The videos guide …
Winos 4.0 Targets Chinese-Speaking Users Winos 4.0 malware spreads through fake software installers mimicking tools like LetsVPN. First detected in February 2025, this campaign uses a loader called Catena. For example, it targets Chinese-speaking environments with precision. The attacks show careful planning by a skilled threat actor. Deceptive NSIS Installers The infection starts with trojanized …
Winos 4.0 Malware Spreads via Fake VPN Installers Read More »
Bumblebee Malware Targets IT Professionals Bumblebee malware spreads through deceptive websites mimicking trusted IT tools. These fake sites impersonate popular tools like Zenmap and WinMTR, often used by IT staff. For example, domains such as zenmap[.]pro trick users into downloading harmful files. The campaign aims to infiltrate corporate networks and steal sensitive data. Typosquatting and …
Bumblebee Malware Tricks IT Staff with Fake Sites Read More »
SideWinder’s Ongoing Cyberespionage SideWinder, a state-sponsored hacking group, attacks South Asian government institutions. Active since 2012, they target entities in Sri Lanka, Bangladesh, and Pakistan. For example, Bangladesh’s Ministry of Finance and Sri Lanka’s Central Bank are among the victims. Researchers suggest the group likely originates from India. Spear-Phishing as the Starting Point The campaign …
Kling AI Impersonation on Social Media Kling AI, a popular AI video tool, becomes a target for cybercriminals in 2025. Fake Facebook ads and pages mimic the platform, tricking users into downloading malware. For example, these ads lead to fraudulent sites like klingaimedia[.]com. With over 22 million users, Kling AI’s fame makes it an attractive …
3AM Ransomware’s Deceptive Tactics 3AM ransomware, a rising threat since late 2023, targets organizations with cunning strategies. This Rust-coded malware encrypts files and steals data, demanding payment to avoid leaks. For example, it adds a “.threeamtime” extension to files. It also deletes backups, making recovery nearly impossible. Spoofed IT Calls and Email Bombing Attackers use …
PupkinStealer’s Rising Threat PupkinStealer, a dangerous new malware, threatens Windows users worldwide by stealing sensitive data. First detected in April 2025, this C#-based malware leverages the .NET framework. For example, it targets browser credentials, messaging sessions, and desktop files. Both individuals and organizations face significant risks from this growing threat. How It Spreads The malware …
PupkinStealer Malware Targets Windows Users’ Data Read More »
Horabot’s Sneaky Phishing Campaign Horabot malware targets Windows users in six Latin American countries, including Mexico and Colombia. Attackers send phishing emails disguised as invoices. For example, these emails trick users into opening malicious attachments. The campaign, active in April 2025, aims to steal credentials and spread banking trojans. How the Attack Begins The attack …
Defendnot’s Threat to Windows Security Defendnot, a new hacking tool, disables Windows Defender, a trusted antivirus solution. This tool tricks the Windows Security Center (WSC) into thinking another antivirus is installed. For example, it bypasses Defender’s protections without third-party code. The tool’s release raises alarms for Windows users. How Defendnot Works Defendnot exploits undocumented WSC …
RoundPress Targets Global Governments RoundPress, a sophisticated cyberespionage campaign, hacks webmail systems to steal sensitive data. Attackers exploit cross-site scripting (XSS) vulnerabilities in platforms like Roundcube and Zimbra. For example, they target governments in Greece, Ukraine, and Serbia. Active since 2023, the campaign persists with new exploits in 2024. Spear-Phishing as the Entry Point The …
RoundPress Spies Hack Webmail in Global Campaign Read More »
Scattered Spider’s Expanding Reach Scattered Spider, a notorious hacking group, now targets US retailers after attacking UK retail chains. These cybercriminals use ransomware and extortion to disrupt businesses. For example, they encrypt systems and steal sensitive data. Their shift to the US follows a year of high-profile breaches. Sophisticated Social Engineering The group excels in …
Scattered Spider Hits US Retail with Clever Hacks Read More »
Noodlophile’s Social Media Trap Noodlophile malware spreads through fake AI tools promoted on social media platforms. Cybercriminals craft convincing websites that mimic legitimate AI services. For example, they advertise video editors and image generators on Facebook groups. These deceptive posts attract over 62,000 views each, targeting users eager for AI solutions. Mechanics of the Scam …
Noodlophile Malware Lures Users with Fake AI Tools Read More »
Rand-User-Agent’s Hidden Threat Rand-user-agent, a popular npm package, fell victim to a supply chain attack in May 2025. This tool, used for generating random user-agent strings, averages 45,000 weekly downloads. However, attackers exploited its semi-abandoned status to inject malicious code. The code deploys a remote access trojan (RAT) on users’ systems. How the Attack Unfolds …
CoGUI’s Massive Phishing Surge CoGUI, a new phishing kit, unleashed over 580 million fake emails from January to April 2025. These emails trick users into sharing account credentials and payment details. For example, they mimic trusted brands like banks and tax agencies. Most attacks target Japan, but some hit the U.S., Canada, Australia, and New …
CoGUI Phishing Floods Inboxes with 580M Fake Emails Read More »
Luna Moth’s Deceptive Tactics Luna Moth hackers, also known as Silent Ransom Group, target U.S. legal and financial firms with clever scams. These cybercriminals pose as IT helpdesk staff to steal sensitive data. For example, they send fake emails urging victims to call a phony support number. When victims call, attackers trick them into installing …
Luna Moth Hackers Trick Firms as Fake IT Helpdesks Read More »
Dangerous malware hidden in a fake Python package called discordpydebug. This package was uploaded to the PyPI repository in March 2022. Since then, it has been downloaded more than 11,500 times. At first, it appeared to help developers working with Discord bots. However, it actually contained a remote access trojan (RAT). The malware connects to …
Malware in Magento Store Plugins Malware campaign widespread affecting hundreds of Magento-powered online stores. This supply chain attack used compromised third-party plugins to quietly install backdoors. The attack impacted between 500 and 1,000 e-commerce sites. Shockingly, the malicious code had been hidden in popular extensions for years. However, the malware was only activated in April …
Uncover a new version of the StealC malware with advanced stealth features and powerful data theft tools. StealC first appeared on the dark web in early 2023, offered for \$200 per month. Since then, it has evolved rapidly. In 2024, reports showed its use in large malvertising campaigns and attacks using kiosk mode to trap …
Phishers Exploit Google Emails to Steal Logins Phishers are using a new, sophisticated trick to steal user credentials through seemingly authentic Google emails. A recent report revealed attackers are sending fake messages using Google’s infrastructure. These emails pass all authentication checks, including DKIM, SPF, and DMARC. For example, one message pretends to be from Google, …
Golden Chickens Spread Malware to Steal Credentials Golden Chickens, a known cybercrime group, has launched two new malware tools: TerraStealerV2 and TerraLogger. These tools focus on stealing sensitive user data. According to a recent report, TerraStealerV2 targets browser credentials, crypto wallets, and extension data. TerraLogger, however, logs keystrokes using a basic keyboard hook. Both tools …
Golden Chickens Spread Malware to Steal Credentials Read More »
Fake plugin attacks are targeting WordPress sites again. Hackers are disguising malware as a security plugin to hijack admin control and spread threats. Researchers found the plugin named WP-antymalwary-bot.php. It grants attackers full access, hides from the dashboard, and executes remote commands. Therefore, it allows them to control the site without detection. The plugin connects …
Fake Plugin Grants Hackers Admin Access to WordPress Read More »
ToyMaker, a financially driven cybercriminal group, is selling access to corporate networks to ransomware gangs like CACTUS. The group acts as an initial access broker (IAB), targeting vulnerable systems using custom malware called LAGTOY. LAGTOY, also known as HOLERUN, creates reverse shells and executes remote commands on infected computers. Therefore, it gives attackers control without …
ToyMaker Malware Opens Doors to Ransomware Gangs Read More »
Darcula, a phishing-as-a-service (PhaaS) platform, has introduced powerful GenAI features to its toolkit. This major update lowers the barrier for cybercrime. Now, attackers with little or no coding experience can build phishing sites in just minutes. The AI tools help create multi-language pages with custom forms. Therefore, even unskilled actors can launch scams at scale. …
Earth Kurma APT Uses Rootkits to Target Southeast Asia Earth Kurma, a new advanced persistent threat group, has launched cyberattacks across Southeast Asia. Since mid-2024, it has targeted government and telecom sectors. The attackers use powerful rootkits and custom malware to steal sensitive data. They also hide their tracks using trusted platforms like Dropbox and …
Earth Kurma APT Uses Rootkits to Target Southeast Asia Read More »
OttoKit, a WordPress automation plugin, is under active attack after a major security flaw was disclosed. Hackers are exploiting the bug to gain admin access. The vulnerability, tracked as CVE-2025-3102, received a high CVSS score of 8.1. It allows attackers to bypass authentication and create administrator accounts without permission. Therefore, a hacker can take full …
Phishing emails are getting smarter and more dangerous. A new campaign uses Google services to fool users into sharing their credentials. These emails appear real, with valid signatures and no alerts from Gmail. According to a report, attackers sent fake messages from the address no-reply@google.com. These emails passed all security checks, including SPF, DKIM, and …
Phishing Emails Use Google Tricks to Steal Logins Read More »
Spyware campaign operators known as Lotus Panda have launched a wave of cyberattacks across Southeast Asia. Active between August 2024 and February 2025, the group infiltrated government and private organizations. Targets included a ministry, air traffic control, telecoms, and even a construction firm. A separate news agency and air freight company in nearby countries were …
Spyware Campaign Targets Southeast Asia Governments Read More »
Spyware apps have been discovered on budget Android smartphones, preloaded before reaching customers. These apps impersonate popular messengers like WhatsApp and Telegram. Researchers found that these malicious apps specifically target cryptocurrency users. The spyware can swap wallet addresses in messages, rerouting funds to cybercriminals. This campaign, active since June 2024, focuses on low-end Chinese smartphones. …
Spyware Apps Pre-Installed on Budget Android Phones Read More »
Spyware apps are back in the spotlight. A new report reveals that malware like SpyNote, BadBazaar, and MOONSHINE are being spread through fake websites and apps. These apps pretend to be real software like browsers or antivirus tools. However, once installed, they steal data and give hackers remote access to your phone. Researchers found that …
Phishing Trojan Exploits Windows Zero-Day Bug Phishing trojan campaigns are evolving fast. A recent report shows that a new threat called PipeMagic is abusing a Windows zero-day flaw. The exploit targets a vulnerability in the Windows Common Log File System (CLFS). The flaw allows attackers to gain full SYSTEM privileges. Researchers say the attackers used …
Phishing Bot Targets Sites With AI Spam Messages Phishing bot campaigns are now using AI-generated messages to spam websites at scale. These bots exploit contact forms, chats, and comment sections. A recent report reveals a tool called AkiraBot has sent spam to over 420,000 websites. It successfully targeted at least 80,000 sites since late 2024. …
Phishing Bot Targets Sites With AI Spam Messages Read More »
Phishing tactic attackers are using real-time checks to verify victims’ emails before stealing credentials. This method improves success rates while staying hidden. A recent report highlights this new approach, called precision-validating phishing. Unlike bulk email scams, this attack targets only verified, active users. Therefore, only victims on a pre-selected list reach the fake login screen. …
ResolverRAT malware is targeting the healthcare and pharmaceutical sectors in a new, sophisticated cyberattack campaign. The attack uses phishing emails to deliver its payload. These emails create urgency with topics like copyright violations or legal threats. They trick users into clicking a malicious link. Once clicked, the link directs the victim to download a file. …
Job scams are evolving fast, especially for professionals in the crypto world. A new report reveals that fake interviews are being used to spread malware called GolangGhost. These scams target job seekers in centralized finance roles, luring them with fake offers from known crypto companies. Attackers pretend to be recruiters and reach out on platforms …
Job Scams Target Crypto Pros With Malware Tricks Read More »
Malicious packages have been discovered on the Python Package Index (PyPI), putting developers and businesses at serious risk. Researchers revealed that several harmful libraries were uploaded to PyPI to steal sensitive data. They also tested stolen credit cards using e-commerce checkout systems. For example, two packages named bitcoinlibdbfix and bitcoinlib-dev posed as fixes for real …
Tax scams are becoming more dangerous, with new phishing campaigns using PDF attachments and QR codes to infect devices and steal login credentials. According to a report, attackers send fake tax-related emails, often during tax season. These messages contain malicious PDFs that lead to phishing pages or install malware. Some campaigns use a phishing-as-a-service tool …
Tax Scams Spread Malware Through PDFs and QR Codes Read More »
Triada Malware Infects Counterfeit Android Phones Triada malware is making a comeback by infecting counterfeit Android smartphones. These fake devices are often sold at low prices and come with pre-installed malware that users don’t notice. According to a report, more than 2,600 users—mainly in Russia—were affected between March 13 and 27, 2025. The malware is …
Hackers Target WordPress mu-Plugins to Hide Malware Hackers are using WordPress’s mu-plugins to secretly plant malicious scripts on websites. These plugins, short for “must-use” plugins, run automatically without admin activation. Because of this, they don’t appear in the WordPress plugin dashboard, making them harder to spot during routine security checks. According to a report, this …
Hackers Abuse WordPress mu-Plugins for Spam Attacks Read More »
Phishing Attacks Are Evolving Phishing campaigns have become more sophisticated than ever. A new threat platform called Lucid has targeted 169 organizations in 88 countries. It delivers smishing messages using Apple iMessage and Android RCS, avoiding traditional SMS spam filters. Instead of relying on old-school methods, Lucid operates as a phishing-as-a-service (PhaaS) tool. This subscription-based …
Phishing Platform Lucid Targets 169 Victims Globally Read More »
Ransomware Attack Exposes DBS and BOC Customer Data Ransomware attack on a third-party printing vendor has exposed sensitive customer data from DBS and Bank of China (BOC) in Singapore. The vendor, Toppan Next Tech (TNT), reported the breach to authorities on April 6. The Cyber Security Agency (CSA) and the Monetary Authority of Singapore (MAS) …
Ransomware Exposes DBS & Bank of China Customer Data in Vendor Attack Read More »
ClearFake malware is spreading quickly by tricking users with fake security verifications. Over 9,300 websites are now infected. The attackers behind ClearFake use fake reCAPTCHA and Cloudflare Turnstile pop-ups. These appear real but are used to deliver malware like Lumma and Vidar Stealer. ClearFake first surfaced in mid-2023. It started by placing fake browser update …
ClearFake Malware Spreads Fast Through Fake Checks Read More »
GitHub vulnerability CVE-2025-30066 is now actively exploited, posing a major threat to developers and organizations using GitHub Actions. According to a recent report, attackers targeted a GitHub Action called tj-actions/changed-files to access sensitive data. They injected malicious code into workflows by exploiting a supply chain weakness. The attack allows hackers to steal secrets from action …
GitHub Vulnerability Exposes Secrets in Workflows Read More »
Rules File Backdoor is a new attack targeting AI-powered code editors. It silently injects malicious code into projects by corrupting the tools developers rely on. This threat affects popular AI tools such as Copilot and Cursor. These editors use configuration or “rules” files to guide their code suggestions. However, attackers can secretly poison these files …
Chinese Hackers Exploit Juniper Routers with Custom Malware Chinese hackers have been caught installing backdoors and rootkits on outdated Juniper Networks MX Series routers. A recent report revealed that cyber espionage group UNC3886 is behind the attack. Their goal is to establish long-term access and steal sensitive data from targeted networks. How Hackers Compromise Juniper …
Chinese Hackers Use Backdoors to Hijack Juniper Routers Read More »
Piracy Users Targeted by New Crypto-Stealing Malware MassJacker, a newly discovered malware, is stealing cryptocurrency from users searching for pirated software. A recent report found that cybercriminals use this malware to hijack copied wallet addresses and reroute funds. This attack method poses a serious threat to cryptocurrency holders. How MassJacker Infects Devices The infection starts …
MassJacker Malware Hijacks Crypto from Piracy Users Read More »
Malicious PyPI packages have been discovered stealing cloud tokens, compromising thousands of users. Researchers found 20 harmful packages disguised as useful tools, tricking developers into installing them. These packages, downloaded over 14,100 times, targeted cloud service credentials from major platforms A recent report identified two clusters of malicious PyPI packages. The first set included tools …
Malicious PyPI Packages Stole Cloud Tokens in 14,000+ Downloads Read More »
Hackers Exploit CSS to Evade Spam Filters Cybercriminals are using Cascading Style Sheets (CSS) to evade spam filters and track email users. A recent report revealed that attackers exploit CSS features to bypass security measures. They can even monitor user actions without requiring JavaScript. This method threatens both privacy and security. How Attackers Use CSS …
Cybercriminals Use CSS Tricks to Bypass Filters and Spy Read More »
Hackers Exploit CAPTCHA Scams to Evade Detection Malware campaigns are becoming more deceptive. Hackers now use fake CAPTCHA pages to trick users into downloading malicious files. A recent report uncovered OBSCURE#BAT, a malware that delivers the r77 rootkit. This rootkit allows attackers to remain undetected while controlling infected systems. How the Attack Works The attack …
Malware Uses Fake CAPTCHA to Deploy Rootkit and Hide Read More »
Medusa ransomware is rapidly expanding its attacks in 2025, demanding ransoms as high as $15 million. A recent report highlights over 40 new victims this year. The ransomware group has targeted healthcare, financial, and government organizations. Researchers note a 42% rise in Medusa-related incidents between 2023 and 2024. This increase suggests the group is filling …
Medusa Ransomware Attacks Surge, Demanding Millions Read More »
EncryptHub is actively spreading ransomware and information stealers through phishing and fake apps. A recent report highlights how this threat actor deceives users. The campaign began in mid-2024 and has compromised over 600 high-value targets. Attackers use phishing, trojanized applications, and Pay-Per-Install (PPI) services to distribute malware. Their goal is to steal credentials and deploy …
EncryptHub Spreads Ransomware via Phishing and Fake Apps Read More »
SideWinder APT is actively targeting industries across Asia, the Middle East, and Africa. Maritime, nuclear, and IT sectors are among the main victims of this cyber threat. A recent report found attacks in Bangladesh, Cambodia, Djibouti, Egypt, the UAE, and Vietnam. The group also focuses on nuclear power plants and energy infrastructure in South Asia …
SideWinder APT Targets Key Industries in Asia and Beyond Read More »
Malvertising is spreading rapidly, infecting over 1 million devices worldwide. A recent report reveals that attackers use illegal streaming sites to deliver malware. The campaign began in December 2024 and affects both individuals and businesses. Attackers use phishing, SEO poisoning, and fake ads to trick users into downloading harmful software. The malware steals sensitive data, …
Malvertising Campaign Infects 1 Million Devices Globally Read More »
Hackers are targeting WordPress sites by injecting JavaScript backdoors to maintain persistent access. A recent report found over 1,000 infected websites, where malicious code delivers four different backdoors. These backdoors give attackers multiple ways to regain control, even if website owners remove one method. The compromised sites load harmful scripts from an external domain, affecting …
WordPress Sites Hacked with JavaScript Backdoors Read More »
Desert Dexter is targeting users in the Middle East and North Africa with a new malware campaign. The attackers use Facebook ads and Telegram links to spread a modified version of AsyncRAT. A recent report found nearly 900 victims since September 2024. Most cases have been identified in Libya, Saudi Arabia, Egypt, Turkey, the UAE, …
Desert Dexter Spreads Malware Through Facebook Ads Read More »
Poco RAT malware is being used to target Spanish-speaking businesses in Latin America. A hacker group, identified as Dark Caracal, has launched phishing attacks to infect organizations in Venezuela, Chile, Colombia, Ecuador, and the Dominican Republic. A recent report highlights how the malware operates. Poco RAT can upload files, capture screenshots, execute commands, and manipulate …
Copyright © 2026 PT PROTERGO SIBER SEKURITI