Category: cyber-security-news

Confucius Hacker Group Attacking Weaponizing Documents to Compromised Windows Systems With AnonDoor Malware The Confucius hacker group, active since 2013, has recently escalated its operations by weaponizing malicious Office documents to compromise Windows endpoints with a new Python-based backdoor, dubbed AnonDoor. Historically known for deploying document stealers such as WooperStealer, the threat actor has now…

Hundreds of Free VPN Apps for Both Android and iOS Leaks Users Personal Data Mobile VPN apps promise to protect privacy and secure communications on smartphones, but a comprehensive analysis of nearly 800 free Android and iOS VPN applications reveals a troubling reality: many of these tools expose sensitive information rather than shield it. From…

Ukraine Warns of Weaponized XLL Files Delivers CABINETRAT Malware Via Zip Files Ukrainian security agencies have issued an urgent warning regarding a sophisticated malware campaign targeting government and critical infrastructure sectors through weaponized XLL files distributed via compressed archives. The malicious campaign leverages Microsoft Excel add-in files containing the CABINETRAT backdoor, representing a significant evolution…

Hackers Posing as Google Careers Recruiter to Steal Gmail Login Details A sophisticated phishing campaign has emerged targeting job seekers through fake Google career recruitment opportunities, leveraging social engineering tactics to harvest Gmail credentials and personal information. The malicious operation exploits the trust associated with Google’s brand reputation, crafting convincing recruitment emails that direct victims…

Hackers Exploit Cellular Router’s API to Send Malicious SMS Messages With Weaponized Links Hackers have recently leveraged a vulnerability in the web-based management interfaces of certain cellular routers to co-opt their built-in SMS functionality for nefarious purposes. By targeting exposed APIs, attackers are able to dispatch large volumes of malicious SMS messages containing weaponized links…

Threat Actors Leveraging Dynamic DNS Providers to Use for Malicious Purposes Cybersecurity researchers are raising alarms about a growing threat vector as malicious actors increasingly exploit Dynamic DNS providers to establish robust command and control infrastructure. These publicly rentable subdomain services, traditionally designed for legitimate hosting purposes, have become the preferred platform for threat actors…

Hackers Weaponizing SVG Files to Deliver PureMiner Malware and Steal Sensitive Information In recent weeks, a sophisticated phishing campaign has emerged, targeting organizations in Ukraine with malicious Scalable Vector Graphics (SVG) files designed to propagate the PureMiner cryptominer and a data-stealing payload dubbed Amatera Stealer. Attackers masquerade as the Ukrainian police, sending emails that claim…

Apache Airflow Vulnerability Exposes Sensitive Details to Read-Only Users A critical security flaw has emerged in Apache Airflow 3.0.3, exposing sensitive connection information to users with only read permissions. The vulnerability, tracked as CVE-2025-54831 and classified as “important” severity, fundamentally undermines the platform’s intended security model for handling sensitive data within workflow connections. Apache Airflow…

New Botnet Loader-as-a-Service Exploiting Routers and IoT Devices to Deploy Mirai Payloads A sophisticated botnet operation has emerged, employing a Loader-as-a-Service model to systematically weaponize internet-connected devices across the globe. The campaign exploits SOHO routers, IoT devices, and enterprise applications through command injection vulnerabilities in web interfaces, demonstrating an alarming evolution in cybercriminal tactics. The…

Malware Operators Collaborate With Covert North Korean IT Workers to Attack Corporate Organizations A sophisticated cybercriminal alliance between malware operators and covert North Korean IT workers has emerged as a significant threat to corporate organizations worldwide. This hybrid operation, known as DeceptiveDevelopment, represents a dangerous convergence of traditional cybercrime and state-sponsored activities, targeting software developers…

LummaStealer Technical Details Uncovered Using ML-Based Detection Approach LummaStealer has emerged as one of the most prolific information-stealing malware families in recent years, targeting victims across multiple industry verticals including telecommunications, healthcare, banking, and marketing. The sophisticated malware gained widespread notoriety in early 2025 when cybercriminals extensively deployed it in coordinated campaigns worldwide. Although law…

Researchers Uncovered Connections Between LAPSUS$, Scattered Spider, and ShinyHunters Hacker Groups The cybersecurity landscape continues to evolve as three of the most notorious English-speaking cybercrime groups—LAPSUS$, Scattered Spider, and ShinyHunters—have been found to share significant operational connections, tactical overlaps, and direct collaboration since 2023. These relationships have created what security experts now describe as a…

LLM-Based LAMEHUG Malware Dynamically Generate Commands for Reconnaissance and Data Theft A sophisticated new threat has emerged in the cybersecurity landscape that represents a significant evolution in malware development. The LAMEHUG malware family, first identified by CERT-UA in July 2025, marks a concerning advancement in cyber attack methodology by integrating artificial intelligence directly into its…

New Malicious Rust Crates Impersonating fast_log to Steal Solana and Ethereum Wallet Keys Cybercriminals have launched a sophisticated supply chain attack targeting cryptocurrency developers through malicious Rust crates designed to steal digital wallet keys. Two fraudulent packages, faster_log and async_println, have infiltrated the Rust package registry by impersonating the legitimate fast_log logging library, embedding malicious…

Numerous Applications Using Google’s Firebase Platform Leaking Highly Sensitive Data Numerous mobile applications have been found to expose critical user information through misconfigured Firebase services, allowing unauthenticated attackers to access databases, storage buckets, Firestore collections, and Remote Config secrets. This widespread issue first came to light when security researcher Mike Oude Reimer published findings on…

New Russian Disinformation Campaign Targeting Upcoming Moldova’s Elections On the eve of Moldova’s parliamentary elections scheduled for September 28, 2025, cybersecurity researchers have uncovered a sophisticated Russian-backed disinformation campaign designed to undermine public confidence in Moldova’s pro-European leadership. The campaign began surfacing in April 2025, when analysts first observed a cluster of newly registered domains publishing…

BlockBlasters Steam Game Downloads Malware to Computer Disguised as Patch A seemingly innocent patch update for the popular 2D platformer game BlockBlasters has transformed into a sophisticated malware campaign, exposing hundreds of Steam users to data theft and system compromise. The malicious patch, deployed on August 30, 2025, demonstrates how threat actors are increasingly exploiting…

Nokia CBIS/NCS Manager API Vulnerability Let Attackers Bypass Authentication A critical authentication bypass vulnerability has emerged in Nokia’s CloudBand Infrastructure Software (CBIS) and Nokia Container Service (NCS) Manager API, designated as CVE-2023-49564. This high-severity flaw, scoring 9.6 on the CVSS v3.1 scale, enables unauthorized attackers to circumvent authentication mechanisms through specially crafted HTTP headers, potentially…

Phishing Attacks Using AI-Powered Platforms to Misleads Users and Evades Security Tools Phishing campaigns have long relied on social engineering to dupe unsuspecting users, but recent developments have elevated these attacks to a new level of sophistication. Attackers now harness advanced content-generation platforms to craft highly personalized emails and webpages, blending genuine corporate branding with…

Threat Actors Selling New Undetectable RAT as ’ScreenConnect FUD Alternative’ A threat actor has been observed advertising a new Remote Access Trojan (RAT) on underground forums, marketing it as a fully undetectable (FUD) alternative to the legitimate remote access tool, ScreenConnect. The malware is being sold with a suite of advanced features designed to bypass…

New Phishing Attack Targets Facebook Users to Steal Login Credentials A sophisticated phishing campaign has recently emerged, targeting Facebook users with carefully crafted emails designed to harvest login credentials. Attackers leverage the platform’s own external URL warning system to cloak malicious links, presenting URLs that appear legitimate while redirecting victims to counterfeit Facebook login pages.…

Global Spyware Markets to Identify New Entities Entering The Market The global spyware market continues its alarming expansion, with new research revealing the emergence of 130 additional entities spanning 46 countries between 1992 and 2024. This shadowy ecosystem of surveillance technologies has grown from 435 documented entities in the initial assessment to 561 organizations, fundamentally…

Splunk Releases Guide to Detect Remote Employment Fraud Within Your Organization Detecting remote employment fraud has become a critical priority for organizations striving to secure their digital onboarding processes and safeguard sensitive systems. In recent months, threat actors posing as legitimate hires have leveraged sophisticated tactics to bypass pre-hire screenings and embed themselves within corporate…

Raven Stealer Attacking Google Chrome Users to Steal Sensitive Data Raven Stealer has emerged as a potent information‐stealing threat targeting users of Chromium‐based browsers, most notably Google Chrome. First observed in mid-2025, this lightweight malware distinguishes itself through a modular architecture and stealthy design, allowing it to harvest sensitive information without alerting victims. Delivered predominantly…

Beware of Typosquatted Malicious PyPI Packages That Delivers SilentSync RAT Python developers face a growing threat from typosquatted packages in the Python Package Index (PyPI), with malicious actors increasingly targeting this trusted repository to distribute sophisticated malware. Recent discoveries have exposed a concerning trend where threat actors create packages that closely mimic legitimate libraries, using…

SmokeLoader Utilizes Optional Plugins To Perform Tasks Such as Stealing Data and DoS Attacks SmokeLoader, first seen on criminal forums in 2011, has evolved into a highly modular malware loader designed to deliver a variety of second-stage payloads, including trojans, ransomware, and credential stealers. After Operation Endgame disrupted numerous campaigns in mid-2024, the loader reemerged…

New Maranhão Stealer Via Pirated Software Leveraging Cloud-Hosted Platforms to Steal Login Credentials Since May 2025, a novel credential stealer dubbed Maranhão Stealer has emerged as a significant threat to users of pirated gaming software. Distributed through deceptive websites hosting cracked launchers and cheats, the malware leverages cloud-hosted platforms to deliver trojanized installers that appear…