Category: cyber-security-news

Cisco Catalyst Center Vulnerability Let Attackers Escalate Priveleges A serious security flaw in Cisco Catalyst Center Virtual Appliance has been discovered that allows attackers with low-level access to gain full administrator control over affected systems. The vulnerability, tracked as CVE-2025-20341, impacts virtual appliances running on VMware ESXi and carries a high severity rating with a…

RONINGLOADER Weaponizes Signed Drivers to Disable Defender and Evade EDR Tools A new threat targeting Chinese users has appeared with a dangerous ability to shut down security tools. RONINGLOADER, a multi-stage loader spreading a modified version of the gh0st RAT, uses clever tricks to bypass antivirus protection. The malware arrives through fake software installers that…

A Multi-Stage Phishing Kit Using Telegram to Harvest Credentials and Bypass Automated Detection Phishing attacks continue to be one of the most persistent threats targeting organizations worldwide. Cybercriminals are constantly improving their methods to steal sensitive information, and a recently discovered phishing kit demonstrates just how advanced these operations have become. This particular framework was…

Formbook Malware Delivered Using Weaponized Zip Files and Multiple Scripts A new wave of Formbook malware attacks has appeared, using weaponized ZIP archives and multiple script layers to bypass security controls. The attacks begin with phishing emails containing ZIP files that hold VBS scripts disguised as payment confirmation documents. These scripts trigger a chain of…

Akira Ransomware Targets Over 250 Organizations, Extracts $42 Million in Ransom Payments – New CISA Report A new advisory from the Cybersecurity and Infrastructure Security Agency reveals that Akira ransomware has become one of the most active threats targeting businesses worldwide. Since March 2023, this ransomware group has impacted more than 250 organizations across North…

Lumma Stealer Uses Browser Fingerprinting to Collect Data and for Stealthy C&C Server Communications Lumma Stealer has emerged as a serious threat in the cybercrime world, targeting users through fake software updates and cracked applications. This information-stealing malware targets the collection on login details, payment card information, and cryptocurrency wallet data from infected systems. The…

Malicious Chrome Extension as Ethereum Wallet Enables Full Wallet Takeover A deceptive Chrome extension named Safery: Ethereum Wallet has emerged as a serious threat to cryptocurrency users. Published on the Chrome Web Store on November 12, 2024, this extension masquerades as a secure Ethereum wallet while secretly stealing user seed phrases. The malware’s sophisticated design…

New ClickFix Attack Targeting Windows and macOS Users to Deploy Infostealer Malware A growing social engineering technique called ClickFix has emerged as one of the most successful methods for distributing malware in recent months. This attack tricks users into copying and running commands directly into their operating systems command line interface, ultimately installing dangerous information-stealing…

Kraken Cross-Platform Ransomware Attacking Windows, Linux, and VMware ESXi Systems in Enterprise Environments In August 2025, a new ransomware threat emerged with capabilities that fundamentally changed how organizations should approach enterprise security. Kraken, a Russian-speaking cybercriminal group, began executing sophisticated attacks targeting large organizations across multiple continents. What makes Kraken particularly dangerous is its ability…

New KomeX Android RAT Advertised on Hacker Forums with Multiple Subscription Options A newly identified Android remote access trojan (RAT) dubbed KomeX has surfaced on underground hacker forums, generating widespread concern within the cybersecurity community. Marketed by a threat actor under the alias “Gendirector,” KomeX is built atop the infamous BTMOB RAT codebase and presents…

New Phishing Attack Targeting Meta Business Suite Users to Steal Login Credentials A large-scale phishing campaign has emerged, exploiting Meta’s Business Suite to compromise credentials across thousands of small and medium-sized businesses worldwide. Check Point security researchers identified approximately 40,000 phishing emails distributed to more than 5,000 customers, primarily targeting industries including automotive, education, real…

Threat Actors Leverage RMM Tools to Deploy Medusa & DragonForce Ransomware A sophisticated wave of ransomware attacks targeting UK organizations has emerged in 2025, exploiting vulnerabilities in the widely-used SimpleHelp Remote Monitoring and Management platform. Two prominent ransomware groups, Medusa and DragonForce, have weaponized three critical vulnerabilities (CVE-2024-57726, CVE-2024-57727, and CVE-2024-57728) to gain unauthorized access…

German ISP Aurologic GmbH has Become a Central Nexus for Hosting Malicious Infrastructure German hosting provider aurologic GmbH has emerged as a central facilitator within the global malicious infrastructure ecosystem, providing upstream transit and data center services to numerous high-risk hosting networks. Operating from its primary facility at Tornado Datacenter GmbH & Co. KG in…

ClickFix Attacks Evolved With Weaponized Videos That Tricks Users via Self-infection Process ClickFix attacks have experienced a dramatic surge over the past year, establishing themselves as a cornerstone of modern social engineering tactics. These sophisticated attacks manipulate victims into executing malicious code directly on their devices through deceptive copy-and-paste mechanisms. The threat has evolved beyond…

Herodotus Android Banking Malware Takes Full Control Of Device Evading Antivirus A sophisticated banking trojan named Herodotus has emerged as a significant threat to Android users worldwide. Operating as Malware-as-a-Service, this malicious application disguises itself as a legitimate tool to trick users into downloading and installing an APK file outside the official Play Store. Once…

Sandworm Hackers Attacking Ukranian Organizations with Data Wiper Malwares The Russia-aligned Sandworm threat group has intensified its destructive cyberattacks against Ukrainian organizations, deploying sophisticated data wiper malware designed to cripple critical infrastructure and economic operations. Unlike traditional cyberespionage campaigns, Sandworm’s recent operations focus exclusively on destruction, targeting governmental entities, energy providers, logistics companies, and the…

AI Browsers Bypass Content PayWall Mimicking as a Human-User The emergence of advanced AI browsing platforms such as OpenAI’s Atlas and Perplexity’s Comet has created a sophisticated challenge for digital publishers worldwide. These tools leverage agentic capabilities designed to execute complex, multistep tasks that fundamentally transform how content is accessed and consumed online. Unlike traditional…

APT-C-60 Attacking Job Seekers to Download Weaponized VHDX File from Google Drive to Steal Sensitive Data A sophisticated espionage campaign targeting recruitment professionals has emerged, with the APT-C-60 threat group weaponizing VHDX files to compromise organizations. The threat actors impersonate job seekers in spear-phishing emails sent to recruitment staff, exploiting trust relationships to deliver malicious…

Ransomware Attack on European Organizations Surge as Hackers Leveraging AI-Tools for Attacks European organizations are facing an unprecedented wave of ransomware attacks as cybercriminals increasingly integrate artificial intelligence tools into their operations. Since January 2024, big game hunting threat actors have named approximately 2,100 Europe-based victims on more than 100 dedicated leak sites, representing a…

Silent Lynx APT New Attack Targeting Governmental Employees Posing as Officials Silent Lynx, a sophisticated threat group that has been tracked since 2024, continues its relentless espionage campaign against government entities across Central Asia. Seqrite analysts identified the group as the first to assign this nomenclature, distinguishing it from multiple overlapping aliases including YoroTrooper, Sturgeon…

Stolen Credentials and Valid Account Abuse Fuel the Financially Motivated Attacks Throughout the first half of 2025, financially motivated threat actors have shifted their approach to intrusions, abandoning traditional implant-heavy methods in favor of a more cost-effective strategy. Rather than deploying sophisticated malware payloads, attackers are leveraging stolen credentials and valid account access to establish…

Hackers Weaponizing Windows LNK File UI Misrepresentation Remote Code Execution Vulnerability Chinese-affiliated threat actor UNC6384 has been actively leveraging a critical Windows shortcut vulnerability to target European diplomatic entities across Hungary, Belgium, Serbia, Italy, and the Netherlands. Arctic Wolf researchers identified this sophisticated cyber espionage campaign operating throughout September and October 2025, representing a significant…

Threat Actors Using Multilingual ZIP File to Attack Financial and Government Organizations Sophisticated threat actors have orchestrated a coordinated multilingual phishing campaign targeting financial and government organizations across East and Southeast Asia. The campaign leverages carefully crafted ZIP file lures combined with region-specific web templates to deceive users into downloading staged malware droppers. Recent analysis…

Kimsuky and Lazarus Hacker Groups Unveil New Tools That Enable Backdoor and Remote Access Threat actors operating under the control of North Korea’s regime have demonstrated continued technical sophistication by introducing advanced malware toolsets designed to establish persistent backdoor access and remote control over compromised systems. Recent findings have revealed that Kimsuky, known for orchestrating…

Threat Actors Weaponizes Judicial Documents to Deliver PureHVNC RAT Between August and October 2025, a sophisticated phishing campaign has emerged targeting Colombian and Spanish-speaking users through deceptive emails masquerading as official communications from Colombia’s Attorney General’s office. The campaign employs a carefully crafted social engineering strategy, luring victims with notifications about supposed lawsuits processed through…

Russian Hackers Attacking Government Entity Using Stealthy Living-Off-the-Land Tactics Ukrainian government organizations continue facing relentless cyber threats from Russian-backed threat actors employing sophisticated evasion techniques to maintain persistent network access. Recent investigations have uncovered coordinated campaigns targeting critical infrastructure and government entities, with attackers deploying advanced tactics that circumvent traditional security defenses. These operations represent…

New Beast Ransomware Actively Scans for Active SMB Port from Breached System to Spread Across Network The Beast ransomware group has emerged as a significant threat in the cybersecurity landscape, evolving from the Monster ransomware strain to establish itself as a formidable Ransomware-as-a-Service operation. Officially launched in February 2025, the group rapidly expanded their infrastructure…

81% Router Usres Have Not Changed Default Admin Passwords, Exposing Devices to Hackers In late 2025, a staggering 81% of broadband users were found to have never changed their router’s default administrative password, opening the door to significant malware risk. This widespread negligence was revealed in Broadband Genie’s fourth major router security survey, where 3,242…

iOS 26 Deletes Pegasus and Predator Spyware Infection Evidence by Overwriting The ‘shutdown.log’ file on Reboot The emergence of Pegasus and Predator spyware over the past several years has transformed the landscape of mobile device security. These advanced malware strains—deployed by sophisticated threat actors for surveillance and espionage—have repeatedly demonstrated their ability to exploit zero-click…