Category: cyber-security-news

Microsoft PlayReady DRM Used by Netflix, Amazon, and Disney+ Leaked Online A significant security breach has compromised Microsoft’s PlayReady Digital Rights Management (DRM) system, exposing critical certificates that protect premium streaming content across major platforms including Netflix, Amazon Prime Video, and Disney+. The leak, which surfaced on GitHub through an account named “Widevineleak,” has triggered…

Interlock Ransomware Employs ClickFix Technique to Run Malicious Commands on Windows Machines The cybersecurity landscape continues to evolve as threat actors develop increasingly sophisticated methods to compromise Windows systems. A new ransomware variant known as Interlock has emerged as a significant threat, leveraging the deceptive ClickFix social engineering technique to execute malicious commands on victim…

Lazarus Hackers Weaponized 234 Packages Across npm and PyPI to Infect Developers A sophisticated cyber espionage campaign targeting software developers has infiltrated two of the world’s largest open source package repositories, with North Korea’s notorious Lazarus Group successfully deploying 234 malicious packages across npm and PyPI ecosystems. Between January and July 2025, this state-sponsored operation…

SafePay Ransomware Infected 260+ Victims Across Multiple Countries A new ransomware threat has emerged as one of the most aggressive cybercriminal operations of 2025, with SafePay ransomware claiming responsibility for over 265 successful attacks spanning multiple continents. The group, which first appeared in September 2024 with limited activity targeting just over 20 victims, has dramatically…

Qilin Ransomware Surging Following The Fall of dominant RansomHub RaaS The ransomware landscape experienced a significant shift in the second quarter of 2025 as Qilin ransomware emerged as the dominant threat following the unexpected collapse of RansomHub, previously the most prolific ransomware-as-a-service operation. This transition has reshaped the cybercriminal ecosystem, with Qilin capitalizing on the…

LockBit Operators Using Stealthy DLL Sideloading Technique to Load Malicious App as Legitimate One LockBit ransomware operators have adopted an increasingly sophisticated approach to evade detection by leveraging DLL sideloading techniques that exploit the inherent trust placed in legitimate applications. This stealthy method involves tricking legitimate, digitally signed applications into loading malicious Dynamic Link Libraries…

Unit 42 Unveils Attribution Framework to Classify Threat Actors Based on Activity Palo Alto Networks’ Unit 42 threat research team has introduced a groundbreaking systematic approach to threat actor attribution, addressing longstanding challenges in cybersecurity intelligence analysis. The Unit 42 Attribution Framework, unveiled on July 31, 2025, transforms what has traditionally been considered “more art…

Threat Actors Embed Malicious RMM Tools to Gain Silent Initial Access to Organizations A sophisticated cyber campaign leveraging legitimate Remote Monitoring and Management (RMM) tools has emerged as a significant threat to European organizations, particularly those in France and Luxembourg. Since November 2024, threat actors have been deploying carefully crafted PDF documents containing embedded links…

Navigating APTs – Singapore’s Cautious Response to State-Linked Cyber Attacks Singapore’s cybersecurity landscape faced a significant challenge in July 2025 when Coordinating Minister K. Shanmugam disclosed that the nation was actively defending against UNC3886, a highly sophisticated Advanced Persistent Threat (APT) group targeting critical infrastructure. The revelation, announced during the Cyber Security Agency’s 10th anniversary…

APT Hackers Attacking Maritime and Shipping Industry to Launch Ransomware Attacks The maritime industry, which facilitates approximately 90% of global trade, has emerged as a critical battleground for advanced persistent threat (APT) groups deploying sophisticated ransomware campaigns. This surge in cyber warfare represents a paradigm shift where state-sponsored hackers and financially motivated threat actors are…

Gunra Ransomware New Linux Variant Runs Up To 100 Encryption Threads With New Partial Encryption Feature A sophisticated new Linux variant of Gunra ransomware has emerged, marking a significant escalation in the threat group’s cross-platform capabilities since its initial discovery in April 2025. The ransomware, which drew inspiration from the notorious Conti ransomware techniques, has…

Qilin Ransomware Leverages TPwSav.sys Driver to Disable EDR Security Measures Cybercriminals have once again demonstrated their evolving sophistication by weaponizing an obscure Toshiba laptop driver to bypass endpoint detection and response systems. The Qilin ransomware operation, active since July 2022, has incorporated a previously unknown vulnerable driver called TPwSav.sys into their attack arsenal, enabling them…

Lionishackers Threat Actors Exfiltrating and Selling Corporate Databases on Dark Web A financially motivated threat actor known as Lionishackers has emerged as a significant player in the illicit marketplace for corporate data in recent months. Leveraging opportunistic targeting and a preference for Asian-based victims, the group employs automated SQL injection tools to breach database servers,…

Malicious Android Apps Mimic as Popular Indian Banking Apps Steal Login Credentials Attackers are weaponizing India’s appetite for mobile banking by circulating counterfeit Android apps that mimic the interfaces and icons of public-sector and private banks. Surfacing in telemetry logs on 3 April 2025, the impostors travel through smishing texts, QR codes and search-engine poisoning,…

New Malware Attack Leverages YouTube Channels and Discord to Harvest Credentials from Computer A newly uncovered campaign is exploiting gamers’ enthusiasm for off-beat indie titles to plant credential-stealing malware on machines. Branded installers for nonexistent games such as “Baruda Quest,” “Warstorm Fire,” and “Dire Talon” are pushed through slick YouTube trailers and Discord download links…

GLOBAL GROUP’s Golang Ransomware Attacks Windows, Linux, and macOS Environments A sophisticated new ransomware threat has emerged from the cybercriminal underground, targeting organizations across multiple operating systems with advanced cross-platform capabilities. In June 2025, a ransomware actor operating under the alias “Dollar Dollar Dollar” introduced GLOBAL GROUP on the Ramp4u cybercrime forum, marketing it as…

Greedy Sponge Hackers Attacking Financial Institutions With Modified Version of AllaKore RAT A financially motivated threat group dubbed Greedy Sponge has been systematically targeting Mexican financial institutions and organizations since 2021 with a heavily modified version of the AllaKore remote access trojan (RAT). The campaign represents a sophisticated evolution of cybercriminal tactics, combining traditional social…

New Veeam Themed Phishing Attack Using Weaponized Wav File to Attack users A sophisticated phishing campaign targeting organizations has emerged, exploiting the trusted reputation of Veeam Software through weaponized WAV audio files delivered via email. The attack represents an evolution in social engineering tactics, combining traditional phishing techniques with audio-based deception to bypass conventional security…

Chinese Threat Actors Using 2,800 Malicious Domains to Deliver Windows-Specific Malware A sophisticated Chinese threat actor campaign has emerged as one of the most persistent malware distribution operations targeting Chinese-speaking communities worldwide. Since June 2023, this ongoing campaign has established an extensive infrastructure comprising more than 2,800 malicious domains specifically designed to deliver Windows-targeted malware…

Snake Keylogger Evades Windows Defender and Scheduled Tasks to Harvest Login Credentials A sophisticated phishing campaign targeting Turkish defense and aerospace enterprises has emerged, delivering a highly evasive variant of the Snake Keylogger malware through fraudulent emails impersonating TUSAŞ (Turkish Aerospace Industries). The malicious campaign distributes files disguised as contractual documents, specifically using the filename…

Lumma Infostealer Steal All Data Stored in Browsers and Selling Them in Underground Markets as Logs The cybersecurity landscape continues to face significant threats from sophisticated information stealers, with Lumma emerging as one of the most prevalent and dangerous malware families targeting both consumer and enterprise environments. This malicious software systematically harvests enormous volumes of…

Google Sued BadBox 2.0 Malware Botnet Operators That Infects 10 Million+ Devices Google has filed a lawsuit in New York federal court against the operators of the BadBox 2.0 botnet, marking a significant escalation in the tech giant’s fight against cybercriminal networks. The malware campaign represents the largest known botnet of internet-connected television devices, compromising…

Fancy Bear Hackers Attacking Governments, Military Entities With New Sophisticated Tools The notorious Russian cyberespionage group Fancy Bear, also known as APT28, has intensified its operations against governments and military entities worldwide using an arsenal of sophisticated new tools and techniques. Active since 2007, this state-sponsored threat actor has established itself as one of the…

New Wave of Crypto-Hijacking Infects 3,500+ Websites A stealth Monero-mining campaign has quietly compromised more than 3,500 websites by embedding an innocuous-looking JavaScript file called karma.js. The operation leverages WebAssembly, Web Workers, and WebSockets to siphon CPU cycles while keeping resource usage low enough to avoid user suspicion. Cside.dev analysts first noted the anomaly after…

Chinese State-Sponsored Hackers Attacking Semiconductor Industry with Weaponized Cobalt Strike A sophisticated Chinese state-sponsored cyber espionage campaign has emerged targeting Taiwan’s critical semiconductor industry, employing weaponized Cobalt Strike beacons and advanced social engineering tactics. Between March and June 2025, multiple threat actors launched coordinated attacks against semiconductor manufacturing, design, and supply chain organizations, reflecting China’s…

Ukraine Hackers Claimed Cyberattack on Major Russian Drone Supplier Last week, Ukraine’s Main Intelligence Directorate (GUR) orchestrated a sophisticated cyberattack against Gaskar Integration, a leading Russian drone manufacturer. The operation began with reconnaissance of the company’s public-facing infrastructure, where threat actors identified vulnerable remote desktop services and outdated VPN gateways. Leveraging a zero-day in a…

H2Miner Attacking Linux, Windows, and Containers to Mine Monero The H2Miner botnet, first observed in late 2019, has resurfaced with an expanded arsenal that blurs the line between cryptojacking and ransomware. The latest campaign leverages inexpensive virtual private servers (VPS) and a grab-bag of commodity malware to compromise Linux hosts, Windows workstations, and container workloads…

Researchers Uncover on How Hacktivist Groups Gaining Attention and Selecting Targets The global hacktivist landscape has undergone a dramatic transformation since 2022, evolving from primarily ideologically motivated actors into a complex ecosystem where attention-seeking behavior and monetization strategies drive operational decisions. This shift has fundamentally altered how these groups select targets and conduct campaigns, creating…

Threat Actors Weaponizing SVG Files to Embed Malicious JavaScript Threat actors are quietly turning Scalable Vector Graphics (SVG) files into precision-guided malware. In a surge of phishing campaigns, seemingly innocuous .svg attachments slip past secure email gateways because mail filters regard them as static images. Once the recipient merely previews the file, hidden JavaScript executes…

Infostealers Distributed with Crack Apps Emerges as Top Attack Vector For June 2025 The cybersecurity landscape in June 2025 was dominated by a surge of Infostealer malware masked as cracked or key-generated software, catapulting this tactic to the month’s most prevalent attack vector. Fraudulent download portals advertising “free” versions of popular tools lured victims through…

Microsoft Details on How Security Copilot in Intune and Entra Helps Security and IT Teams Microsoft has announced significant enhancements to its AI-powered security platform, marking the general availability of Microsoft Security Copilot capabilities within Microsoft Intune and Microsoft Entra. This development represents a critical milestone in the evolution of enterprise security management, as organizations…

Dark 101 Ransomware With Weaponized .NET Binary Disables Recovery Mode and Task Manager A sophisticated new ransomware strain has emerged in the cybersecurity landscape, demonstrating advanced evasion techniques and destructive capabilities that pose significant risks to organizations worldwide. The Dark 101 ransomware represents a concerning evolution in malware design, utilizing an obfuscated .NET binary to…

Albemarle County Hit By Ransomware Attack – Hackers Accessed Residents Personal Details Albemarle County, Virginia, has fallen victim to a sophisticated ransomware attack that compromised the personal information of county residents, local government employees, and public school staff. The cybercriminal operation successfully infiltrated the county’s network infrastructure, forcing officials to launch an extensive incident response…