Category: cyber-security-news

Threat Actors Adapting Android Droppers Even to Deploy Simple Malware to Stay Future-Proof Android droppers have evolved from niche installers for heavyweight banking Trojans into universal delivery frameworks, capable of deploying even rudimentary spyware or SMS stealers. Initially, droppers served banking malware families that required elevated Accessibility permissions to harvest credentials. These small applications appeared…

Hackers Sabotage Iranian Ships Using Maritime Communications Terminals in Its MySQL Database A sophisticated campaign of cyber sabotage unfolded against Iran’s maritime communications infrastructure in late August 2025, cutting off dozens of vessels from vital satellite links and navigation aids. Rather than targeting each ship individually—a logistical nightmare across international waters—the attackers infiltrated Fanava Group,…

Hackers Abuse VPS Servers To Compromise Software-as-a-service (SaaS) Accounts Cybercriminals are increasingly leveraging Virtual Private Server (VPS) infrastructure to orchestrate sophisticated attacks against Software-as-a-Service (SaaS) platforms, exploiting the anonymity and clean reputation of these hosting services to bypass traditional security controls. A coordinated campaign identified in early 2025 demonstrated how threat actors systematically abuse VPS…

Chinese MURKY PANDA Attacking Government and Professional Services Entities A sophisticated China-nexus threat actor designated MURKY PANDA has emerged as a significant cybersecurity concern, conducting extensive cyberespionage operations against government, technology, academic, legal, and professional services entities across North America since late 2024. This advanced persistent threat group demonstrates exceptional capabilities in cloud environment exploitation…

Anatsa Malware Attacking Android Devices to Steal Login Credentials and Monitor Keystrokes The Anatsa banking trojan, also known as TeaBot, continues to evolve as one of the most sophisticated Android malware threats targeting financial institutions worldwide. First discovered in 2020, this malicious software has demonstrated remarkable persistence in infiltrating Android devices through the official Google…

New Linux Malware With Weaponized RAR Archive Deploys VShell Backdoor Linux environments, long considered bastions of security, are facing a sophisticated new threat that challenges traditional assumptions about operating system safety. A recently discovered malware campaign exploits an ingenious attack vector that weaponizes RAR archive filenames to deliver the VShell backdoor, demonstrating how attackers are…

Microsoft Warns of Hackers Using ClickFix Technique to Attack Windows and macOS Devices Cybersecurity researchers have identified a sophisticated social engineering technique called ClickFix that has been rapidly gaining traction among threat actors since early 2024. This deceptive attack method targets both Windows and macOS devices, tricking users into executing malicious commands through seemingly legitimate…

New SHAMOS Malware Attacking macOS Via Fake Help Websites to Steal Login Credentials A sophisticated malware campaign targeting macOS users has emerged between June and August 2025, successfully attempting to compromise over 300 customer environments through deceptive help websites. The malicious operation deploys SHAMOS, a variant of the notorious Atomic macOS Stealer (AMOS), developed by…

Serial Hacker Jailed for Hacking and Defacing Organizations’ Websites A sophisticated cybercriminal operation targeting government institutions and private organizations across multiple continents has culminated in the sentencing of Al-Tahery Al-Mashriky, a 26-year-old hacker from Rotherham, South Yorkshire. The prolific attacker, who operated under multiple aliases within the extremist hacking collective “Yemen Cyber Army,” was sentenced…

Legitimate Chrome VPN With 100,000+ Installs Silently Captures Screenshots and Exfiltrate Sensitive Data A Chrome VPN extension with over 100,000 installations and verified badge status has been discovered operating as sophisticated spyware, continuously capturing user screenshots and exfiltrating sensitive data without consent. The extension, known as FreeVPN.One, masqueraded as a legitimate privacy tool while secretly…

Paper Werewolf Exploiting WinRAR Zero‑Day Vulnerability to Deliver Malware Cybersecurity researchers have uncovered a sophisticated campaign by the Paper Werewolf threat actor group, also known as GOFFEE, targeting Russian organizations through the exploitation of critical vulnerabilities in WinRAR archiving software. The campaign, active since July 2025, demonstrates the group’s advanced capabilities in leveraging both known…

Crypto Developers Attacked With Malicious npm Packages to Steal Login Details A sophisticated new threat campaign has emerged targeting cryptocurrency developers through malicious npm packages designed to steal sensitive credentials and wallet information. The attack, dubbed “Solana-Scan” by researchers, specifically targets the Solana cryptocurrency ecosystem by masquerading as legitimate software development kits and scanning tools.…

North Korean Hackers Stealthy Linux Malware Leaked Online In a significant breach of both cybersecurity defenses and secrecy, a trove of sensitive hacking tools and technical documentation, believed to originate from a North Korean threat actor, has recently been leaked online. The dump, revealed through an extensive article in Phrack Magazine, includes advanced exploit tactics,…

Palo Alto Networks Released A Mega Malware Analysis Tutorials Useful for Every Malware Analyst Palo Alto Networks has published an extensive malware analysis tutorial detailing the dissection of a sophisticated .NET-based threat that delivers the Remcos remote access trojan (RAT). The malware’s emergence highlights a trend in which threat actors increasingly abuse legitimate development environments…

Ransomware Actors Blending Legitimate Tools with Custom Malware to Evade Detection The cybersecurity landscape faces a new sophisticated threat as the Crypto24 ransomware group demonstrates an alarming evolution in attack methodology, seamlessly blending legitimate administrative tools with custom-developed malware to execute precision strikes against high-value targets. This emerging ransomware operation has successfully compromised organizations across…

Google Requires Crypto App Developers to Have License or Certification From Relevant Authorities Google Play has implemented comprehensive licensing requirements for cryptocurrency exchanges and software wallets, fundamentally reshaping the mobile app ecosystem for digital asset services. The policy mandates that developers seeking to publish cryptocurrency applications must obtain specific licenses and certifications from relevant financial…

Threat Actors Using CrossC2 Tool to Expand Cobalt Strike to Operate on Linux and macOS A sophisticated threat campaign has emerged that leverages CrossC2, an unofficial extension tool that expands Cobalt Strike’s notorious capabilities beyond Windows systems to target Linux and macOS environments. Between September and December 2024, cybersecurity incidents involving this cross-platform malware have…

Threat Actors Attacking Windows Systems With New Multi-Stage Malware Framework PS1Bot A sophisticated new malware campaign targeting Windows systems has emerged, employing a multi-stage framework dubbed “PS1Bot” that combines PowerShell and C# components to conduct extensive information theft operations. The malware represents a significant evolution in attack methodologies, utilizing modular architecture and in-memory execution techniques…

ShinyHunters Possibly Collaborates With Scattered Spider in Salesforce Attack Campaigns The notorious ShinyHunters cybercriminal group has emerged from a year-long hiatus with a sophisticated new wave of attacks targeting Salesforce platforms across major organizations, including high-profile victims like Google. This resurgence marks a significant tactical evolution for the financially motivated threat actors, who have traditionally…

Web DDoS, App Exploitation Attacks Saw a Huge Surge in First Half of 2025 The cybersecurity landscape experienced an unprecedented escalation in digital threats during the first half of 2025, with Web Distributed Denial of Service (DDoS) attacks surging by 39% compared to the second half of 2024. The second quarter alone witnessed a staggering…

VexTrio Hackers Attacking Users via Fake CAPTCHA Robots and Malicious Apps into Google Play and App Store A sophisticated cybercriminal organization known as VexTrio has been orchestrating a massive fraud empire through deceptive CAPTCHA robots and malicious applications distributed across Google Play and the App Store. This criminal network, operating for over 15 years, has…

Ukrainian Web3team Weaponizing NPM Package to Attack Job Seekers and Steal Sensitive Data A sophisticated cybercriminal operation disguised as a Ukrainian Web3 development team has been targeting job seekers through weaponized NPM packages, security researchers warn. The attack leverages fake interview processes to trick unsuspecting candidates into downloading and executing malicious code that steals cryptocurrency…

Wikipedia Lost Legal Battle Against The UK’s Online Safety ACT Regulations Wikipedia has suffered a significant legal defeat in its attempt to avoid being classified under the UK’s stringent Online Safety Act regulations. The High Court ruled against the Wikimedia Foundation and a Wikipedia user, known only as “BLN,” who challenged the Secretary of State’s…

Scattered Spider With New Telegram Channel List Organizations It Attacked In early August 2025, a previously quiet cybercrime collective known as Scattered Spider resurfaced with a striking new Telegram channel that aggregates proof of its intrusions and data exfiltration operations. The channel name fuses ShinyHunters, Scattered Spider, and Lapsus$, signaling a collaboration—or at least a…

Threat Actors Using Typosquatted PyPI Packages to Steal Cryptocurrency from Bittensor Wallets A sophisticated cryptocurrency theft campaign has emerged targeting the Bittensor ecosystem through malicious Python packages distributed via the Python Package Index (PyPI). The attack leverages typosquatting techniques to deceive developers and users into installing compromised versions of legitimate Bittensor packages, ultimately resulting in…

Huge Wave of Malicious Efimer Malicious Script Attack Users via WordPress Sites, Malicious Torrents, and Email A sophisticated malware campaign dubbed “Efimer” has emerged as a significant threat to cryptocurrency users worldwide, employing a multi-vector approach that combines compromised WordPress websites, malicious torrents, and deceptive email campaigns. First detected in October 2024, this ClipBanker-type Trojan…

5,000+ Fake Online Pharmacies Websites Selling Counterfeit Medicines A sophisticated cybercriminal enterprise operating over 5,000 fraudulent online pharmacy websites has been exposed in a comprehensive investigation, revealing one of the largest pharmaceutical fraud networks ever documented. This massive operation, orchestrated by a single threat actor group, targets vulnerable individuals seeking prescription medications through deceptive digital…

DarkCloud Stealer Employs New Infection Chain and ConfuserEx-Based Obfuscation A sophisticated information-stealing malware campaign has emerged, utilizing advanced obfuscation techniques and multiple infection vectors to evade traditional security controls. The DarkCloud Stealer, first documented in recent threat intelligence reports, represents a significant evolution in cybercriminal tactics, employing a complex multi-stage delivery mechanism that begins with…

Biggest Ever GreedyBear Attack With 650 Hacking Tools Stolen $1 Million from Victims A sophisticated cybercriminal operation known as GreedyBear has orchestrated one of the most extensive cryptocurrency theft campaigns to date, deploying over 650 malicious tools across multiple attack vectors to steal more than $1 million from unsuspecting victims. Unlike traditional threat groups that…

HashiCorp Vault 0-Day Vulnerabilities Let Attackers Execute Remote Code Security researchers uncovered a series of critical zero-day vulnerabilities in HashiCorp Vault in early August 2025, the widely adopted secrets management solution. These flaws, spanning authentication bypasses, policy enforcement inconsistencies, and audit-log abuse, create end-to-end attack paths that culminate in remote code execution (RCE) on Vault…

Threat Actors Weaponizing RMM Tools to Take Control of The Machine and Steal Data Cybercriminals are increasingly exploiting Remote Monitoring and Management (RMM) software to gain unauthorized access to corporate systems, with a sophisticated new attack campaign demonstrating how legitimate IT tools can become powerful weapons in the wrong hands. This emerging threat leverages the…

Bing Search Poisoned to Deliver Bumblebee Malware for ‘ManageEngine OpManager’ Searches A sophisticated search engine optimization (SEO) poisoning campaign that exploited Bing search results to distribute Bumblebee malware, ultimately leading to devastating Akira ransomware attacks. The campaign, active throughout July 2025, specifically targeted users searching for legitimate IT management software, demonstrating how threat actors continue…

New Android Malware Mimics as SBI Card, Axis Bank Apps to Steal Users Financial Data A sophisticated new Android malware campaign has emerged targeting Indian banking customers through convincing impersonations of popular financial applications. The malicious software masquerades as legitimate apps from major Indian financial institutions, including SBI Card, Axis Bank, Indusind Bank, ICICI, and…